Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Google Redirect


(!)

Bertie Bott's Avatar
Bertie Bott Bertie Bott is offline
Member with 33 posts.
THREAD STARTER
 
Join Date: Dec 2006
21-May-2012, 08:20 AM #1
Google Redirect
I'm using Google Chrome. Whenever I do a search, when I click on a result, it redirects me to some sort of "ad site". For example, a search for tech guy and clicking on the first result (Leo Laporte's labs) redirects me via I believe click.scour.com to http://www.eanswer.com/computer/?r=p...&JPCD=20120425 However, if I click back to go to the search results page and click that same result, it will go to the correct website. I've run both MBAM and Spybot S&D in safe mode and deleted whatever it detected but whatever is happening is still occurring.

Thanks for your help in advance!

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i3 CPU 530 @ 2.93GHz, Intel64 Family 6 Model 37 Stepping 2
Processor Count: 4
RAM: 3834 Mb
Graphics Card: NVIDIA GeForce 8400 GS (Microsoft Corporation - WDDM v1.1), 512 Mb
Hard Drives: C: Total - 114470 MB, Free - 65263 MB; D: Total - 5122 MB, Free - 2963 MB; E: Total - 953867 MB, Free - 581829 MB; F: Total - 474372 MB, Free - 457372 MB; G: Total - 474372 MB, Free - 433516 MB;
Motherboard: ASUSTeK Computer INC., P7H55-M PRO
Antivirus: ESET NOD32 Antivirus 4.2, Updated and Enabled


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:14:42 AM, on 5/21/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Users\Mommy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mommy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mommy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mommy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mommy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mommy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mommy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mommy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Mommy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mommy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mommy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mommy\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Apple Computer] rundll32.exe "C:\Users\Mommy\AppData\Local\Badger I.T\Apple Computer\elbmwb.dll",DllRegisterServer
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Update] rundll32.exe "C:\Users\Mommy\AppData\Roaming\Adobe\Adobe\yvfpemrj.dll",DllRegisterSe rver (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Apple Computer] rundll32.exe "C:\Users\Mommy\AppData\Local\Badger I.T\Apple Computer\elbmwb.dll",DllRegisterServer (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Update] rundll32.exe "C:\Users\Mommy\AppData\Roaming\Adobe\Adobe\yvfpemrj.dll",DllRegisterSe rver (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Update] rundll32.exe "C:\Users\Mommy\AppData\Roaming\Adobe\Adobe\yvfpemrj.dll",DllRegisterSe rver (User 'Default user')
O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=724
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: AirPrint - Apple Inc. - C:\Program Files (x86)\AirPrint\airprint.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 11928 bytes


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Mommy at 8:16:06 on 2012-05-21
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3834.1548 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AirPrint\airprint.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\splwow64.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeNotify.exe
C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Users\Mommy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mommy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mommy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mommy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mommy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mommy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mommy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mommy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Mommy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Mommy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://news.google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
uRun: [Apple Computer] rundll32.exe "C:\Users\Mommy\AppData\Local\Badger I.T\Apple Computer\elbmwb.dll",DllRegisterServer
mRun: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
dRun: [Update] rundll32.exe "C:\Users\Mommy\AppData\Roaming\Adobe\Adobe\yvfpemrj.dll",DllRegisterSe rver
dRun: [Apple Computer] rundll32.exe "C:\Users\Mommy\AppData\Local\Badger I.T\Apple Computer\elbmwb.dll",DllRegisterServer
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
Trusted Zone: intuit.com\ttlc
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=724
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5F7C169B-A6FF-430A-B6C6-3E2C31117A07} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
mRun-x64: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
mRun-x64: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys --> C:\Windows\system32\DRIVERS\tdrpm273.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-5-21 3246040]
R2 AirPrint;AirPrint;C:\Program Files (x86)\AirPrint\airprint.exe -R _ipp._tcp,_universal -s --> C:\Program Files (x86)\AirPrint\airprint.exe -R _ipp._tcp,_universal -s [?]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-1-12 810144]
R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-2-6 13672]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-3-1 375176]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-21 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-21 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
S4 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe --> C:\Program Files\Tablet\Pen\Pen_Tablet.exe [?]
S4 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe --> C:\Program Files\Tablet\Pen\Pen_TouchService.exe [?]
.
=============== Created Last 30 ================
.
2012-05-21 09:41:06 -------- d-----w- C:\Users\Mommy\AppData\Local\{408B167A-06DF-4DC0-B819-1EFA9BFA3468}
2012-05-21 09:40:32 -------- d-----w- C:\Users\Mommy\AppData\Local\{7347979E-73A3-48A7-808C-64D142720021}
2012-05-20 13:41:43 -------- d-----w- C:\Users\Mommy\AppData\Local\{F5057857-69D6-4BF6-BC77-7F49ADB0AEDB}
2012-05-20 13:41:26 -------- d-----w- C:\Users\Mommy\AppData\Local\{965B6C62-9C0F-4247-B535-603613788709}
2012-05-20 09:09:43 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9C5B6D25-77DD-47F9-866B-CAE2FF10139D}\mpengine.dll
2012-05-19 16:42:28 -------- d-----w- C:\Users\Mommy\AppData\Local\{267DFD35-CCA8-4415-92BA-5FFEAB03E3DC}
2012-05-19 16:41:53 -------- d-----w- C:\Users\Mommy\AppData\Local\{EAF59185-925E-40AE-A4FB-AE6D3EB2C1C2}
2012-05-19 12:30:53 -------- d-----w- C:\Program Files\HitmanPro
2012-05-19 12:28:37 -------- d-----w- C:\ProgramData\HitmanPro
2012-05-19 12:28:35 -------- d-----w- C:\sh4ldr
2012-05-19 12:28:35 -------- d-----w- C:\Program Files\Enigma Software Group
2012-05-19 12:28:33 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2012-05-19 12:28:33 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-05-18 12:22:03 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-18 12:21:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-18 10:42:04 -------- d-----w- C:\Users\Mommy\AppData\Local\{157BDFA9-3651-46E9-A643-F1AB801D4B6F}
2012-05-18 10:41:30 -------- d-----w- C:\Users\Mommy\AppData\Local\{7E700812-0B99-4EBA-8569-1C2CDD377340}
2012-05-18 10:09:41 163048 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-17 22:41:06 -------- d-----w- C:\Users\Mommy\AppData\Local\{5512053B-6D99-4632-8FD9-74844690D30C}
2012-05-17 22:40:32 -------- d-----w- C:\Users\Mommy\AppData\Local\{CFA72DB3-DE0A-43EB-B699-4745DE4519A2}
2012-05-17 10:40:20 -------- d-----w- C:\Users\Mommy\AppData\Local\{544C0804-9B56-4629-9159-DFC2E1B309E0}
2012-05-17 10:39:46 -------- d-----w- C:\Users\Mommy\AppData\Local\{14EBD774-6196-426E-9564-05B1C6DECE7A}
2012-05-16 22:39:22 -------- d-----w- C:\Users\Mommy\AppData\Local\{E3FC68B1-2F7B-42A0-8EF5-F33B9DD00B04}
2012-05-16 22:38:49 -------- d-----w- C:\Users\Mommy\AppData\Local\{C1050068-2669-4D11-9D37-1B5BD31F6CB7}
2012-05-16 10:38:36 -------- d-----w- C:\Users\Mommy\AppData\Local\{503A5660-33B9-4EB1-80BE-AAD81760E0C6}
2012-05-16 10:38:02 -------- d-----w- C:\Users\Mommy\AppData\Local\{C41A3936-CD63-455A-803F-DA684079018F}
2012-05-15 22:37:39 -------- d-----w- C:\Users\Mommy\AppData\Local\{26612FA1-5B26-47AC-B9A1-D47AC687F2D8}
2012-05-15 22:37:06 -------- d-----w- C:\Users\Mommy\AppData\Local\{54E6EB9C-656E-4497-9258-C4037366EDA7}
2012-05-15 10:36:41 -------- d-----w- C:\Users\Mommy\AppData\Local\{D450AAC6-86A7-4309-B55E-0A74159BFFCE}
2012-05-15 10:36:08 -------- d-----w- C:\Users\Mommy\AppData\Local\{771BEF3E-5344-4772-B3A4-C348A332B211}
2012-05-14 22:35:43 -------- d-----w- C:\Users\Mommy\AppData\Local\{28DAB4D6-870B-4C41-BE82-7CEDEFFAC5BC}
2012-05-14 22:35:11 -------- d-----w- C:\Users\Mommy\AppData\Local\{12AC217F-C298-456E-BAFF-3D4AA3984DD3}
2012-05-14 10:34:59 -------- d-----w- C:\Users\Mommy\AppData\Local\{B91689F2-8830-4AC7-90C7-7F206D15B7CB}
2012-05-14 10:34:38 -------- d-----w- C:\Users\Mommy\AppData\Local\{B5A1E473-D33A-4268-8D32-5A0F815CDB7E}
2012-05-13 22:34:13 -------- d-----w- C:\Users\Mommy\AppData\Local\{4848310A-9040-47D0-A894-B55759F1E03D}
2012-05-13 22:33:40 -------- d-----w- C:\Users\Mommy\AppData\Local\{B441EDF7-39C3-4758-B62A-8EC6B1973B87}
2012-05-13 10:33:16 -------- d-----w- C:\Users\Mommy\AppData\Local\{21A4337E-FDF9-4FCB-9256-A87B106470B4}
2012-05-13 10:32:45 -------- d-----w- C:\Users\Mommy\AppData\Local\{A8857549-CBBD-4383-9E4B-003703865ABD}
2012-05-12 22:32:11 -------- d-----w- C:\Users\Mommy\AppData\Local\{0F7EB7AC-4D7C-4639-AE23-0F277E91979B}
2012-05-12 22:31:37 -------- d-----w- C:\Users\Mommy\AppData\Local\{AD7909DE-912B-4672-A3D3-18CF849041CD}
2012-05-12 10:31:12 -------- d-----w- C:\Users\Mommy\AppData\Local\{34E2A0E9-C911-4140-8C7B-EF912B240F9B}
2012-05-12 10:30:39 -------- d-----w- C:\Users\Mommy\AppData\Local\{2BC7F0B9-B892-4A58-9FCD-CB42B71C2947}
2012-05-12 09:52:05 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-12 09:52:05 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-12 09:52:02 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-12 09:52:01 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-12 09:52:00 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-12 09:51:59 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-12 09:51:30 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-12 09:51:14 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-12 09:51:10 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 09:51:10 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 22:30:15 -------- d-----w- C:\Users\Mommy\AppData\Local\{E3EB078C-78FC-4083-B83F-D9345D5ED75B}
2012-05-11 22:29:41 -------- d-----w- C:\Users\Mommy\AppData\Local\{A3387600-02BE-4D62-B783-0EBD99E12DAA}
2012-05-11 10:29:27 -------- d-----w- C:\Users\Mommy\AppData\Local\{58A80750-731B-4C77-BCE7-167895604EC8}
2012-05-11 10:28:53 -------- d-----w- C:\Users\Mommy\AppData\Local\{63E4A05D-B502-4BBB-A9C4-6F1935400704}
2012-05-10 22:28:29 -------- d-----w- C:\Users\Mommy\AppData\Local\{BEE6C9E3-52A2-473A-9434-161FD3D325B6}
2012-05-10 22:27:55 -------- d-----w- C:\Users\Mommy\AppData\Local\{2B4185D6-35D0-4BFE-9B7B-A85924B78D31}
2012-05-10 10:27:43 -------- d-----w- C:\Users\Mommy\AppData\Local\{0FA87FEF-2E50-4DB5-ACC1-7A8E2197C23C}
2012-05-10 10:27:10 -------- d-----w- C:\Users\Mommy\AppData\Local\{9D3A6858-D96D-4A19-9067-EDC121A38C54}
2012-05-09 22:26:46 -------- d-----w- C:\Users\Mommy\AppData\Local\{B888D1C2-FAF5-4CD7-9C95-7F99E695AF4F}
2012-05-09 22:26:12 -------- d-----w- C:\Users\Mommy\AppData\Local\{DC50BB4A-34DB-4841-A4E5-A710D0CAEBE5}
2012-05-09 10:25:59 -------- d-----w- C:\Users\Mommy\AppData\Local\{11619B06-CF65-4BE1-B271-126176403779}
2012-05-09 10:25:13 -------- d-----w- C:\Users\Mommy\AppData\Local\{0E77B4FB-9F67-485F-A7C1-300BE1B7DFFE}
2012-05-08 22:24:48 -------- d-----w- C:\Users\Mommy\AppData\Local\{0E55DA59-4A2A-4077-A70F-2D3CBF5529D2}
2012-05-08 22:24:14 -------- d-----w- C:\Users\Mommy\AppData\Local\{F401AA26-08AA-4699-94BF-AA0C7172B315}
2012-05-08 10:24:01 -------- d-----w- C:\Users\Mommy\AppData\Local\{3CCE23E8-7C4B-4C9E-AC80-C0BD99ADB7A6}
2012-05-08 10:23:27 -------- d-----w- C:\Users\Mommy\AppData\Local\{271D61ED-E265-436E-9768-43C8F64FBD79}
2012-05-07 22:23:03 -------- d-----w- C:\Users\Mommy\AppData\Local\{219D12BB-F487-43D7-8BF2-6800CA33F783}
2012-05-07 22:22:29 -------- d-----w- C:\Users\Mommy\AppData\Local\{DD38BF37-402D-43BE-A9C8-AB989E3D4220}
2012-05-07 10:22:17 -------- d-----w- C:\Users\Mommy\AppData\Local\{55E93DD2-2187-43B4-8755-F1ACBC16F35C}
2012-05-07 10:21:43 -------- d-----w- C:\Users\Mommy\AppData\Local\{D554F264-1740-4EDB-A195-145CBDF0CE5F}
2012-05-06 22:21:19 -------- d-----w- C:\Users\Mommy\AppData\Local\{D394AF2A-E4F5-4D72-B2EB-01E7C04277AB}
2012-05-06 22:20:45 -------- d-----w- C:\Users\Mommy\AppData\Local\{0160FBD3-6C41-4C6C-8603-BE402D6B930F}
2012-05-06 10:20:19 -------- d-----w- C:\Users\Mommy\AppData\Local\{15EA6FEA-120B-48F3-A481-9788BED23E03}
2012-05-06 10:19:45 -------- d-----w- C:\Users\Mommy\AppData\Local\{2CEA2B8E-50F5-43B7-AF47-2BB30D1BF91F}
2012-05-05 22:19:20 -------- d-----w- C:\Users\Mommy\AppData\Local\{300CD5C2-6035-4A16-8AAB-E058E2FDF65E}
2012-05-05 22:18:46 -------- d-----w- C:\Users\Mommy\AppData\Local\{2FBE049E-1010-4BB5-8216-DEFF45D85566}
2012-05-05 13:10:52 -------- d-----w- C:\Program Files (x86)\AirPrint
2012-05-05 10:18:09 -------- d-----w- C:\Users\Mommy\AppData\Local\{ED516F05-5FDD-4DF6-9153-90DD4258726A}
2012-05-05 10:17:55 -------- d-----w- C:\Users\Mommy\AppData\Local\{E8C39802-82A9-4B4C-97A5-C00A33E0C7AB}
2012-05-04 21:56:16 -------- d-----w- C:\Users\Mommy\AppData\Local\{EA43DB20-E69F-415C-9294-AB9AA6618803}
2012-05-04 21:55:42 -------- d-----w- C:\Users\Mommy\AppData\Local\{D72DA7A5-0ECF-4A54-8894-628947395117}
2012-05-04 09:55:30 -------- d-----w- C:\Users\Mommy\AppData\Local\{E0ABE040-5130-4A57-A2B6-97AB64A3D954}
2012-05-04 09:54:57 -------- d-----w- C:\Users\Mommy\AppData\Local\{71321B04-4426-474E-82F4-E7BC89B0F39D}
2012-05-03 21:54:32 -------- d-----w- C:\Users\Mommy\AppData\Local\{9F76E19A-0BB7-4475-B8FF-AB2745FFA028}
2012-05-03 21:53:58 -------- d-----w- C:\Users\Mommy\AppData\Local\{06E4581E-AC2F-4A30-AED2-84722CCB1C4D}
2012-05-03 09:53:33 -------- d-----w- C:\Users\Mommy\AppData\Local\{FE189180-B784-4A0B-9EF6-A61C1371D64D}
2012-05-03 09:53:00 -------- d-----w- C:\Users\Mommy\AppData\Local\{142EA8FD-95DE-4561-881E-F320A966940D}
2012-05-02 21:52:35 -------- d-----w- C:\Users\Mommy\AppData\Local\{A19F689F-9859-4560-A03C-B04DCAB329A8}
2012-05-02 21:52:03 -------- d-----w- C:\Users\Mommy\AppData\Local\{B80565F3-B5D6-4634-9E37-93A2469FF7E1}
2012-05-02 09:51:38 -------- d-----w- C:\Users\Mommy\AppData\Local\{1EFB86FE-2530-491F-9790-ABBFCF2F2202}
2012-05-02 09:51:04 -------- d-----w- C:\Users\Mommy\AppData\Local\{1D3B95D3-ACF1-413E-9845-34D4FEC13859}
2012-05-01 21:50:41 -------- d-----w- C:\Users\Mommy\AppData\Local\{DDD57F29-7B62-49A1-B23C-AE0B61F170E1}
2012-05-01 21:50:07 -------- d-----w- C:\Users\Mommy\AppData\Local\{3B523641-6123-4D15-913D-5C1C3D183DE2}
2012-05-01 09:49:42 -------- d-----w- C:\Users\Mommy\AppData\Local\{28A8FB97-EF58-4296-AB94-EB20CE30F2D8}
2012-05-01 09:49:07 -------- d-----w- C:\Users\Mommy\AppData\Local\{89940AB8-C31E-4DC3-BDA5-327789B06D25}
2012-04-30 21:38:27 -------- d-----w- C:\Users\Mommy\AppData\Local\{E131F31F-F901-4280-B102-BBBA4DF0CE18}
2012-04-30 21:37:53 -------- d-----w- C:\Users\Mommy\AppData\Local\{EC7EB028-F311-4EBE-ADB7-8D5F2C147EA4}
2012-04-30 09:37:28 -------- d-----w- C:\Users\Mommy\AppData\Local\{F26632E3-40F8-4974-95D2-88C3EB994166}
2012-04-30 09:36:56 -------- d-----w- C:\Users\Mommy\AppData\Local\{5769996F-E222-437B-8152-CDB70BD2CBC7}
2012-04-29 21:36:31 -------- d-----w- C:\Users\Mommy\AppData\Local\{A52F927B-BA20-4AEF-900F-3AA3D1BF5DC2}
2012-04-29 21:35:57 -------- d-----w- C:\Users\Mommy\AppData\Local\{323861D2-EE0A-4136-8BFA-594F580CD42D}
2012-04-29 09:35:29 -------- d-----w- C:\Users\Mommy\AppData\Local\{1E39C11A-6ED6-45AA-AA47-0A7B8CD5B1BA}
2012-04-29 09:34:42 -------- d-----w- C:\Users\Mommy\AppData\Local\{F35041F0-A229-4971-BBB6-D953C9363C42}
2012-04-28 21:56:06 -------- d-----w- C:\Program Files\iTunes
2012-04-28 21:56:06 -------- d-----w- C:\Program Files\iPod
2012-04-28 21:30:00 -------- d-----w- C:\Intel
2012-04-28 21:27:19 955848 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-04-28 21:26:52 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2012-04-28 21:26:52 452200 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2012-04-28 21:25:50 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-04-28 21:25:40 3128320 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2012-04-28 21:25:34 7592960 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2012-04-28 21:25:30 4326912 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2012-04-28 21:25:24 9443840 ----a-w- C:\Windows\System32\nvd3dumx.dll
2012-04-28 21:25:20 11572512 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2012-04-28 21:25:19 -------- d-----w- C:\Program Files\NVIDIA Corporation
2012-04-28 21:22:23 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-28 21:17:55 -------- d-----w- C:\Users\Mommy\AppData\Local\{62334EA3-A8E6-4E38-A73F-C9CABBA6B242}
2012-04-28 21:17:39 -------- d-----w- C:\Users\Mommy\AppData\Local\{E240C6CF-A169-4675-8D62-73BEDC9C7D7B}
2012-04-28 10:18:25 -------- d-----w- C:\Users\Mommy\AppData\Local\{3CE8A9B2-D36E-43A1-B1C1-FDA98E8734AC}
2012-04-28 10:17:50 -------- d-----w- C:\Users\Mommy\AppData\Local\{A34E6302-51A4-4003-975E-F893954C8995}
2012-04-27 09:38:22 -------- d-----w- C:\Users\Mommy\AppData\Local\{DAB533D0-2729-4DA0-B78B-EC5F18A3D7B4}
2012-04-27 09:37:48 -------- d-----w- C:\Users\Mommy\AppData\Local\{A628E3A6-065E-4C87-8F84-BC5D6AEE21DC}
2012-04-26 09:59:17 -------- d-----w- C:\Users\Mommy\AppData\Local\{53F2BDFF-3662-45B1-908F-1DD183B8E4F2}
2012-04-26 09:59:06 -------- d-----w- C:\Users\Mommy\AppData\Local\{68328563-2B8E-46DC-A251-077D983F40D7}
2012-04-25 15:41:56 -------- d-----w- C:\Users\Mommy\AppData\Local\{1BD003B4-9750-4A4F-8110-E0A3F76F2AE3}
2012-04-25 15:41:23 -------- d-----w- C:\Users\Mommy\AppData\Local\{DF552480-EB7A-4AFB-9D9F-A854E489227B}
2012-04-25 13:18:43 -------- d-----w- C:\Users\Mommy\AppData\Local\{EC47A6D0-B979-4582-B63C-34CEB39DDFCE}
2012-04-25 13:18:04 -------- d-----w- C:\Users\Mommy\AppData\Local\{BBA81E31-0A61-4BDA-B2F4-A7188EFA1409}
2012-04-25 09:28:05 -------- d-----w- C:\Users\Mommy\AppData\Local\{09ABCA27-ABFB-4BA9-8AEF-2165158EE980}
2012-04-25 09:27:31 -------- d-----w- C:\Users\Mommy\AppData\Local\{DB3637B8-CF72-48FE-B352-C86C3A7A2D5C}
2012-04-24 09:27:00 -------- d-----w- C:\Users\Mommy\AppData\Local\{7E554F27-8255-42AB-B398-708820599A7A}
2012-04-24 09:26:43 -------- d-----w- C:\Users\Mommy\AppData\Local\{90AFEE6D-7CFD-4BE4-9691-7EEDF887CD79}
2012-04-23 09:56:05 -------- d-----w- C:\Users\Mommy\AppData\Local\{A5E7985C-45AA-4306-87F3-78BC628808E9}
2012-04-23 09:55:31 -------- d-----w- C:\Users\Mommy\AppData\Local\{8D4D5F7D-E066-4781-9D0B-79334C6944E2}
2012-04-22 15:01:18 -------- d-----w- C:\Users\Mommy\AppData\Local\{1563BD6E-3DC9-4B7D-82BC-F330C408AB4F}
2012-04-22 15:00:34 -------- d-----w- C:\Users\Mommy\AppData\Local\{F80C8711-09D2-4980-97FA-5B02E5D43DB5}
2012-04-22 09:15:29 -------- d-----w- C:\Users\Mommy\AppData\Local\{34632601-0294-452F-BC0E-B14EA575B381}
2012-04-22 09:14:53 -------- d-----w- C:\Users\Mommy\AppData\Local\{0A2ED9F6-3D1A-4E60-B839-0CCDFEEDE354}
.
==================== Find3M ====================
.
2012-04-28 21:26:43 839112 ----a-w- C:\Windows\System32\deployJava1.dll
2012-04-28 21:22:22 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 8:18:27.95 ===============
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.

Last edited by eddie5659; 23-May-2012 at 05:18 PM..
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,323 posts.
 
Join Date: Mar 2001
Location: Bradford, England
23-May-2012, 05:20 PM #2
Hiya

With regards to the redirects, are you searching in Google first, and then get redirected to the above link? Don't click on it again, I'll remove it if that's the case, and look at the site deeper later

Okay, onto your infection:

P2P Warning!
  • IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    µTorrent

    Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
    Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

    I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

    Please read these short reports on the dangers of peer-2-peer programs and file sharing.

    I would recommend that you uninstall the above, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

    If you decide to keep the program in spite of the risks involved, do not use it until I have finished cleaning your computer and have given you the all clear.


----------------------------
Now that's out of the way, lets get started

You say you've run MBAM in SafeMode. Can you update it and run it in Normal mode and post the log? Also, can you run the following program:

Download and scan with SUPERAntiSpyware Free Edition for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Home" button to leave the control center screen.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click Scan your computer.
  • On the left, select all fixed drives.
  • Click "Start Complete Scan" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "Continue".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "Remove Threats" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • [i][color=green]Click View Scan Logs.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Please include the MBAM log and, SUPERAntiSpyware Scan Log and a fresh HijackThis log in your next reply

eddie
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

MVP in Consumer Security
Bertie Bott's Avatar
Bertie Bott Bertie Bott is offline
Member with 33 posts.
THREAD STARTER
 
Join Date: Dec 2006
23-May-2012, 07:45 PM #3
Yes, I'm searching on Google and would get redirected to links such as those. Of course, it redirects to different sites, not the same site constantly and it is usually semi relevant to the search I was performing. Here are my logs:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:43:22 PM, on 5/23/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Users\Mommy\Desktop\HijackThis.exe
C:\Users\Mommy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mommy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mommy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mommy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mommy\AppData\Local\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=724
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: AirPrint - Apple Inc. - C:\Program Files (x86)\AirPrint\airprint.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 10014 bytes



Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.23.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mommy :: UPSTAIRS [administrator]

5/23/2012 5:25:14 PM
mbam-log-2012-05-23 (18-29-58).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 403192
Time elapsed: 57 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Qoobox\Quarantine\C\Users\Mommy\AppData\Local\Badger I.T\Apple Computer\elbmwb.dll.vir (Trojan.Happili.XGen) -> No action taken.

(end)



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/23/2012 at 07:29 PM

Application Version : 5.0.1150

Core Rules Database Version : 8639
Trace Rules Database Version: 6451

Scan type : Complete Scan
Total Scan Time : 00:59:13

Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 585
Memory threats detected : 0
Registry items scanned : 68803
Registry threats detected : 0
File items scanned : 56824
File threats detected : 716

Adware.Tracking Cookie
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\41VDW404.txt [ /advertising.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\DWC4ZX16.txt [ /irishtimesgroup.112.2o7.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\5880H2YF.txt [ /bs.serving-sys.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\I0JYMRBL.txt [ /kontera.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\OBNQJS1K.txt [ /doubleclick.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\B9V8RVBJ.txt [ /pointroll.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\BE144O1Z.txt [ /www.burstbeacon.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\F0D904R2.txt [ /ads.livenation.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\WNZHYWGK.txt [ /adtech.de ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\EAWC0OQD.txt [ /liveperson.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\OVMXTH4G.txt [ /www.clickorlando.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\79Z29VL1.txt [ /112.2o7.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\M34PZO9K.txt [ /hearstmagazines.112.2o7.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\MUGVCQ4G.txt [ /ghmedia.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\1OYCNZG2.txt [ /media6degrees.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\JSB1126L.txt [ /ads.pubmatic.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\CF1TYR6D.txt [ /imrworldwide.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\UOOURMUF.txt [ /interclick.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\Y10I1ABZ.txt [ /steelhousemedia.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\X4AGZEMH.txt [ /ru4.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\JD9733JG.txt [ /clickorlando.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\RBEBBYQ3.txt [ /traveladvertising.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\UVIV5Q13.txt [ /247realmedia.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\CTISKIOQ.txt [ /a1.interclick.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\NUSHF3KR.txt [ /realmedia.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\I3PG4COO.txt [ /adxpose.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\M003M9NV.txt [ /carfax.112.2o7.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\81SF5FLS.txt [ /ads.collegeconfidential.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\X14U8J92.txt [ /mars.112.2o7.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\WR4CH9YE.txt [ /rotator.adjuggler.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\SOTL87CZ.txt [ /overture.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\J79UMX7F.txt [ /serving-sys.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\NDDNX1KI.txt [ /adfarm1.adition.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\5VETW6MR.txt [ /accounts.google.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\JIRU91FY.txt [ /ads.peoplespharmacy.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\GN5R5YSI.txt [ /specificclick.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\ONPGO2AW.txt [ /mediaservices-d.openxenterprise.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\IR732JNV.txt [ /ads.undertone.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\8ASYPAFK.txt [ /akamai.interclickproxy.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\OUY34HXZ.txt [ /solvemedia.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\O088ZNF3.txt [ /beacon.dmsinsights.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\0X7GNTGL.txt [ /burstbeacon.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\RTO4CSUQ.txt [ /ads.bloodhorse.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\ZT8MI90J.txt [ /atdmt.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\EXD21DVR.txt [ /ads.pointroll.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\ILQGP3SB.txt [ /lucidmedia.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\MB9NNO0R.txt [ /ar.atwola.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\4DR7SO1S.txt [ /adserv.drf.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\XSPIY3UX.txt [ /cmpmedica.112.2o7.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\J5F6DFER.txt [ /insightexpressai.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\ZC5YMTM9.txt [ /tribalfusion.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\QDIN3JKB.txt [ /maxmedia.educationworld.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\0XM9EQB6.txt [ /uol.realmedia.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\FMW0Y9IB.txt [ /invitemedia.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\8Y3Q14O5.txt [ /amazon-adsystem.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\87QEHBN4.txt [ /ad.360yield.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\J4XFW68R.txt [ /azjmp.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\34BKXGI7.txt [ /mallimages.mallfinder.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\8ZWEF9A3.txt [ /yieldmanager.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\4F6311Y0.txt [ /adserver.adtechus.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\59KH7DE1.txt [ /collective-media.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\JWQLUZ60.txt [ /webservices.evolvemediacorp.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\SIOMVUXT.txt [ /at.atwola.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\8N2571JA.txt [ /ads.shorttail.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\ODGT3R76.txt [ /pro-market.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\DEJS8SHB.txt [ /2o7.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\4VOS9ZY0.txt [ /thefind.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\3TLUH9EB.txt [ /adbrite.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\OF5VGEF7.txt [ /ads.foodbuzz.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\RLNGSM7K.txt [ /eyeviewads.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\3PH25L5U.txt [ /liveperson.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\H05AUECA.txt [ /legolas-media.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\K5BXZN9J.txt [ /liveperson.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\2VRPZ16T.txt [ /ads.saymedia.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\E1S0MC9A.txt [ /click.get-answers-fast.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\SS2DG74T.txt [ /liveperson.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\I0J3F1KP.txt [ /ads.adacado.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\8W3ILUNS.txt [ /ads.bridgetrack.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\Y8MSVJDQ.txt [ /liveperson.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\FQ2BRJNF.txt [ /ads.masslive.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\AB0HGCPP.txt [ /www.googleadservices.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\J18BZ2PD.txt [ /ad.adbull.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\H5LB7MKE.txt [ /backbeatmedia.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\E9LZKFZF.txt [ /liveperson.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\WSSI34K6.txt [ /atwola.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\PTNEVA6G.txt [ /lfstmedia.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\DKDFT00C.txt [ /revsci.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\A90ADJQB.txt [ /citi.bridgetrack.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\TRQ3W0KM.txt [ /tracking.hearthstoneonline.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\45GY35N3.txt [ /advertising.sheknows.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\6B3M2QDA.txt [ /in.getclicky.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\4YRG799P.txt [ /questionmarket.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\2RILRHIJ.txt [ /trafficmp.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\HB8M3V0Z.txt [ /affwisetracker.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\P5H5LWAO.txt [ /clickbooth.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\CXGVPQVD.txt [ /accountsetup.fidelity.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\X6MFS724.txt [ /eas.apm.emediate.eu ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\CQLV6QSL.txt [ /newsday.122.2o7.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\W2GQ61ZE.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\OM6ACLSP.txt [ /liveperson.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\1G4WHYX9.txt [ /paypal.112.2o7.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\J27R4260.txt [ /intermundomedia.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\X5Q29V8N.txt [ /adinterax.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\SQESXMWU.txt [ /s.clickability.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\D31K0CQS.txt [ /ad.wsod.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\CG3BDO98.txt [ /ads.nascar.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\53Z4PH7N.txt [ /usatoday1.112.2o7.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\RV1HY7NK.txt [ /demandwarecrocs.112.2o7.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\W4FTHXV5.txt [ /service.liveperson.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\3UM5PKJQ.txt [ /gntbcstglobal.112.2o7.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\GT22EX8R.txt [ /ads.oregonlive.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\EKQJCWIO.txt [ /eyewonder.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\1VYEH7Q9.txt [ /choicemediainc.112.2o7.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\2UP9B4HF.txt [ /bridge2.admarketplace.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\76T1XV1N.txt [ /admarketplace.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\6Y20V1ZW.txt [ /nextag.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\SOCAOT0D.txt [ /peoplefinders.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\GMT8Z9JJ.txt [ /premiumtv.122.2o7.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\WCQYMJJ5.txt [ /click.findsearchengineresults.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\VZT3B7S0.txt [ /dc.tremormedia.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\YGLJ2T8B.txt [ /ads.alliancehealth.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\5NA90J04.txt [ /cbsdigitalmedia.112.2o7.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\0JTGEOYW.txt [ /www.googleadservices.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\FIG4ZNB2.txt [ /socialmediagraphics.posterous.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\ZVRN10U6.txt [ /www.googleadservices.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\Z5PQE1KJ.txt [ /www.crackerbarrel.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\T9MYIGVT.txt [ /www.googleadservices.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\N9II6KNJ.txt [ /mediafire.com. ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\LW8XD788.txt [ /gamersmedia.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\S4YDX5WV.txt [ /ads.as4x.tmcs.ticketmaster.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\21KQ6VQS.txt [ /caloriecount.about.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\H2HDTNH7.txt [ /sales.liveperson.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\M850DBIM.txt [ /americancancersocietyinc.112.2o7.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\RTSWTG7D.txt [ /dmtracker.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\FC76HB2O.txt [ /vermontcountrystore.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\YS6FVEGE.txt [ /liveperson.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\5YL79R7J.txt [ /ussearch.122.2o7.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\3DIMO8RF.txt [ /cbi.122.2o7.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\QDX94C3F.txt [ /healthgrades.112.2o7.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\STHCA2XO.txt [ /wpni.112.2o7.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\JCPB9ZFJ.txt [ /c.atdmt.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\XX3MFHTY.txt [ /bizrate.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\F8A1NORI.txt [ /ie-stat.bmmetrix.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\YD5TPJCV.txt [ /statsadv.dadapro.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\7SBNX178.txt [ /brighthouse.122.2o7.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\YU3XRL9O.txt [ /www.googleadservices.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\BB3JYNGE.txt [ /warnerbros.112.2o7.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\ARSFRM7X.txt [ /www.mediafire.com. ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\OGJGP1FO.txt [ /media2.legacy.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\CNH33KC2.txt [ /homestore.122.2o7.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\T8K9SGCA.txt [ /cbs.112.2o7.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\6JK0B9QW.txt [ /ads.cnn.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\GTY4OHFD.txt [ /timeinc.122.2o7.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\MBXUD8XO.txt [ /ads.gamersmedia.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\SRCTF8ZP.txt [ /www.googleadservices.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\Q7UOOBZ2.txt [ /www.belstat.be ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\4RN0S7VO.txt [ /traditionalhome.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\XNWH5IX3.txt [ /adlegend.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\5WRRY3DU.txt [ /broadwaycom.122.2o7.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\TWFA7CO7.txt [ /stats.townnews.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\9JM4NQH6.txt [ /d.mediaforge.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\WO5VU6S8.txt [ /liveperson.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\JQDZ7OT5.txt [ /superstats.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\OZDTZ7ND.txt [ /kanoodle.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\90EOLW6E.txt [ /mm.chitika.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\ZCYYQXKL.txt [ /stats-newyork1.bloxcms.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\MXE55BRA.txt [ /www.spafinder.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\MWW6PRG0.txt [ /pcworldcommunication.122.2o7.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\EUQQE7A5.txt [ /www.peoplefinders.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\HFE9B2BZ.txt [ /f.blogads.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\RSYDEUXM.txt [ /ads.mlive.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\LHCWZ1WQ.txt [ /www.googleadservices.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\S06T3I7Q.txt [ /www.traditionalhome.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\UTB3ON88.txt [ /www.googleadservices.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\VUVSNNS7.txt [ /www.vermontcountrystore.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\RJEL4M1X.txt [ /dannon.122.2o7.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\M4XBM2CO.txt [ /www.googleadservices.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\N8U8R3D7.txt [ /www.googleadservices.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\M4WKMBY0.txt [ /nakedsecurity.sophos.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\EB2A8MRM.txt [ /ads.glispa.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\AD4ASOQS.txt [ /cn.clickable.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\8G3I7H3F.txt [ /medhelpinternational.112.2o7.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\MDGJ099D.txt [ /e-2dj6wjnycjcpcdo.stats.esomniture.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\26K1GAIP.txt [ /evite.112.2o7.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\J1Y3195O.txt [ /ads.us.e-planning.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\MMZDETW2.txt [ /spafinder.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\BWLWP8MC.txt [ /tacoda.at.atwola.com ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\1TCBWCHY.txt [ /msnbc.112.2o7.net ]
C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Cookies\K90ALOT5.txt [ /www.googleadservices.com ]
C:\USERS\MOMMY\AppData\Roaming\Microsoft\Windows\Cookies\ZBDR7GOA.txt [ Cookie:mommy@www.planethondanj.com/carfinder/ ]
C:\USERS\MOMMY\AppData\Roaming\Microsoft\Windows\Cookies\GE8SZ6LB.txt [ Cookie:mommy@adsonar.com/adserving ]
C:\USERS\MOMMY\Cookies\41VDW404.txt [ Cookie:mommy@advertising.com/ ]
C:\USERS\MOMMY\Cookies\DWC4ZX16.txt [ Cookie:mommy@irishtimesgroup.112.2o7.net/ ]
C:\USERS\MOMMY\Cookies\5880H2YF.txt [ Cookie:mommy@bs.serving-sys.com/ ]
C:\USERS\MOMMY\Cookies\B9V8RVBJ.txt [ Cookie:mommy@pointroll.com/ ]
C:\USERS\MOMMY\Cookies\BE144O1Z.txt [ Cookie:mommy@www.burstbeacon.com/ ]
C:\USERS\MOMMY\Cookies\EAWC0OQD.txt [ Cookie:mommy@liveperson.net/hc/84524632 ]
C:\USERS\MOMMY\Cookies\OVMXTH4G.txt [ Cookie:mommy@www.clickorlando.com/ ]
C:\USERS\MOMMY\Cookies\79Z29VL1.txt [ Cookie:mommy@112.2o7.net/ ]
C:\USERS\MOMMY\Cookies\M34PZO9K.txt [ Cookie:mommy@hearstmagazines.112.2o7.net/ ]
C:\USERS\MOMMY\Cookies\MUGVCQ4G.txt [ Cookie:mommy@ghmedia.com/ ]
C:\USERS\MOMMY\Cookies\CF1TYR6D.txt [ Cookie:mommy@imrworldwide.com/cgi-bin ]
C:\USERS\MOMMY\Cookies\UOOURMUF.txt [ Cookie:mommy@interclick.com/ ]
C:\USERS\MOMMY\Cookies\Y10I1ABZ.txt [ Cookie:mommy@steelhousemedia.com/ ]
C:\USERS\MOMMY\Cookies\JD9733JG.txt [ Cookie:mommy@clickorlando.com/ ]
C:\USERS\MOMMY\Cookies\RBEBBYQ3.txt [ Cookie:mommy@traveladvertising.com/ ]
C:\USERS\MOMMY\Cookies\UVIV5Q13.txt [ Cookie:mommy@247realmedia.com/ ]
C:\USERS\MOMMY\Cookies\CTISKIOQ.txt [ Cookie:mommy@a1.interclick.com/ ]
C:\USERS\MOMMY\Cookies\M003M9NV.txt [ Cookie:mommy@carfax.112.2o7.net/ ]
C:\USERS\MOMMY\Cookies\X14U8J92.txt [ Cookie:mommy@mars.112.2o7.net/ ]
C:\USERS\MOMMY\Cookies\WR4CH9YE.txt [ Cookie:mommy@rotator.adjuggler.com/ ]
C:\USERS\MOMMY\Cookies\SOTL87CZ.txt [ Cookie:mommy@overture.com/ ]
C:\USERS\MOMMY\Cookies\J79UMX7F.txt [ Cookie:mommy@serving-sys.com/ ]
C:\USERS\MOMMY\Cookies\NDDNX1KI.txt [ Cookie:mommy@adfarm1.adition.com/ ]
C:\USERS\MOMMY\Cookies\GN5R5YSI.txt [ Cookie:mommy@specificclick.net/ ]
C:\USERS\MOMMY\Cookies\ONPGO2AW.txt [ Cookie:mommy@mediaservices-d.openxenterprise.com/ ]
C:\USERS\MOMMY\Cookies\8ASYPAFK.txt [ Cookie:mommy@akamai.interclickproxy.com/ ]
C:\USERS\MOMMY\Cookies\OUY34HXZ.txt [ Cookie:mommy@solvemedia.com/ ]
C:\USERS\MOMMY\Cookies\O088ZNF3.txt [ Cookie:mommy@beacon.dmsinsights.com/ ]
C:\USERS\MOMMY\Cookies\ZT8MI90J.txt [ Cookie:mommy@atdmt.com/ ]
C:\USERS\MOMMY\Cookies\ILQGP3SB.txt [ Cookie:mommy@lucidmedia.com/ ]
C:\USERS\MOMMY\Cookies\MB9NNO0R.txt [ Cookie:mommy@ar.atwola.com/ ]
C:\USERS\MOMMY\Cookies\4DR7SO1S.txt [ Cookie:mommy@adserv.drf.com/ ]
C:\USERS\MOMMY\Cookies\J5F6DFER.txt [ Cookie:mommy@insightexpressai.com/ ]
C:\USERS\MOMMY\Cookies\ZC5YMTM9.txt [ Cookie:mommy@tribalfusion.com/ ]
C:\USERS\MOMMY\Cookies\QDIN3JKB.txt [ Cookie:mommy@maxmedia.educationworld.com/ ]
C:\USERS\MOMMY\Cookies\ZBDR7GOA.txt [ Cookie:mommy@www.planethondanj.com/carfinder/ ]
C:\USERS\MOMMY\Cookies\0XM9EQB6.txt [ Cookie:mommy@uol.realmedia.com/ ]
C:\USERS\MOMMY\Cookies\8Y3Q14O5.txt [ Cookie:mommy@amazon-adsystem.com/ ]
C:\USERS\MOMMY\Cookies\J4XFW68R.txt [ Cookie:mommy@azjmp.com/ ]
C:\USERS\MOMMY\Cookies\34BKXGI7.txt [ Cookie:mommy@mallimages.mallfinder.com/ ]
C:\USERS\MOMMY\Cookies\8ZWEF9A3.txt [ Cookie:mommy@yieldmanager.net/ ]
C:\USERS\MOMMY\Cookies\4F6311Y0.txt [ Cookie:mommy@adserver.adtechus.com/ ]
C:\USERS\MOMMY\Cookies\JWQLUZ60.txt [ Cookie:mommy@webservices.evolvemediacorp.com/ ]
C:\USERS\MOMMY\Cookies\ODGT3R76.txt [ Cookie:mommy@pro-market.net/ ]
C:\USERS\MOMMY\Cookies\DEJS8SHB.txt [ Cookie:mommy@2o7.net/ ]
C:\USERS\MOMMY\Cookies\4VOS9ZY0.txt [ Cookie:mommy@thefind.com/ ]
C:\USERS\MOMMY\Cookies\3TLUH9EB.txt [ Cookie:mommy@adbrite.com/ ]
C:\USERS\MOMMY\Cookies\RLNGSM7K.txt [ Cookie:mommy@eyeviewads.com/ ]
C:\USERS\MOMMY\Cookies\3PH25L5U.txt [ Cookie:mommy@liveperson.net/hc/46802304 ]
C:\USERS\MOMMY\Cookies\H05AUECA.txt [ Cookie:mommy@legolas-media.com/ ]
C:\USERS\MOMMY\Cookies\K5BXZN9J.txt [ Cookie:mommy@liveperson.net/ ]
C:\USERS\MOMMY\Cookies\2VRPZ16T.txt [ Cookie:mommy@ads.saymedia.com/ ]
C:\USERS\MOMMY\Cookies\SS2DG74T.txt [ Cookie:mommy@liveperson.net/hc/20688223 ]
C:\USERS\MOMMY\Cookies\8W3ILUNS.txt [ Cookie:mommy@ads.bridgetrack.com/ ]
C:\USERS\MOMMY\Cookies\AB0HGCPP.txt [ Cookie:mommy@www.googleadservices.com/pagead/conversion/1071426767/ ]
C:\USERS\MOMMY\Cookies\H5LB7MKE.txt [ Cookie:mommy@backbeatmedia.com/ ]
C:\USERS\MOMMY\Cookies\GE8SZ6LB.txt [ Cookie:mommy@adsonar.com/adserving ]
C:\USERS\MOMMY\Cookies\E9LZKFZF.txt [ Cookie:mommy@liveperson.net/hc/17192251 ]
C:\USERS\MOMMY\Cookies\WSSI34K6.txt [ Cookie:mommy@atwola.com/ ]
C:\USERS\MOMMY\Cookies\PTNEVA6G.txt [ Cookie:mommy@lfstmedia.com/ ]
C:\USERS\MOMMY\Cookies\DKDFT00C.txt [ Cookie:mommy@revsci.net/ ]
C:\USERS\MOMMY\Cookies\A90ADJQB.txt [ Cookie:mommy@citi.bridgetrack.com/ ]
C:\USERS\MOMMY\Cookies\TRQ3W0KM.txt [ Cookie:mommy@tracking.hearthstoneonline.com/ ]
C:\USERS\MOMMY\Cookies\45GY35N3.txt [ Cookie:mommy@advertising.sheknows.com/ ]
C:\USERS\MOMMY\Cookies\4YRG799P.txt [ Cookie:mommy@questionmarket.com/ ]
C:\USERS\MOMMY\Cookies\2RILRHIJ.txt [ Cookie:mommy@trafficmp.com/ ]
C:\USERS\MOMMY\Cookies\HB8M3V0Z.txt [ Cookie:mommy@affwisetracker.com/ ]
C:\USERS\MOMMY\Cookies\P5H5LWAO.txt [ Cookie:mommy@clickbooth.com/ ]
C:\USERS\MOMMY\Cookies\CXGVPQVD.txt [ Cookie:mommy@accountsetup.fidelity.com/ftgw/aong/aongapp/joint/ ]
C:\USERS\MOMMY\Cookies\X6MFS724.txt [ Cookie:mommy@eas.apm.emediate.eu/ ]
C:\USERS\MOMMY\Cookies\CQLV6QSL.txt [ Cookie:mommy@newsday.122.2o7.net/ ]
C:\USERS\MOMMY\Cookies\W2GQ61ZE.txt [ Cookie:mommy@ad2.adfarm1.adition.com/ ]
C:\USERS\MOMMY\Cookies\J27R4260.txt [ Cookie:mommy@intermundomedia.com/ ]
C:\USERS\MOMMY\Cookies\X5Q29V8N.txt [ Cookie:mommy@adinterax.com/ ]
C:\USERS\MOMMY\Cookies\SQESXMWU.txt [ Cookie:mommy@s.clickability.com/ ]
C:\USERS\MOMMY\Cookies\RV1HY7NK.txt [ Cookie:mommy@demandwarecrocs.112.2o7.net/ ]
C:\USERS\MOMMY\Cookies\3UM5PKJQ.txt [ Cookie:mommy@gntbcstglobal.112.2o7.net/ ]
C:\USERS\MOMMY\Cookies\EKQJCWIO.txt [ Cookie:mommy@eyewonder.com/ ]
C:\USERS\MOMMY\Cookies\1VYEH7Q9.txt [ Cookie:mommy@choicemediainc.112.2o7.net/ ]
C:\USERS\MOMMY\Cookies\2UP9B4HF.txt [ Cookie:mommy@bridge2.admarketplace.net/ ]
C:\USERS\MOMMY\Cookies\76T1XV1N.txt [ Cookie:mommy@admarketplace.net/ ]
C:\USERS\MOMMY\Cookies\6Y20V1ZW.txt [ Cookie:mommy@nextag.com/ ]
C:\USERS\MOMMY\Cookies\SOCAOT0D.txt [ Cookie:mommy@peoplefinders.com/ ]
C:\USERS\MOMMY\Cookies\GMT8Z9JJ.txt [ Cookie:mommy@premiumtv.122.2o7.net/ ]
C:\USERS\MOMMY\Cookies\WCQYMJJ5.txt [ Cookie:mommy@click.findsearchengineresults.com/ads-clicktrack/click/ ]
C:\USERS\MOMMY\Cookies\VZT3B7S0.txt [ Cookie:mommy@dc.tremormedia.com/ ]
C:\USERS\MOMMY\Cookies\5NA90J04.txt [ Cookie:mommy@cbsdigitalmedia.112.2o7.net/ ]
C:\USERS\MOMMY\Cookies\FIG4ZNB2.txt [ Cookie:mommy@socialmediagraphics.posterous.com/ ]
C:\USERS\MOMMY\Cookies\ZVRN10U6.txt [ Cookie:mommy@www.googleadservices.com/pagead/conversion/1012840371/ ]
C:\USERS\MOMMY\Cookies\Z5PQE1KJ.txt [ Cookie:mommy@www.crackerbarrel.com/ ]
C:\USERS\MOMMY\Cookies\T9MYIGVT.txt [ Cookie:mommy@www.googleadservices.com/pagead/conversion/1064990302/ ]
C:\USERS\MOMMY\Cookies\N9II6KNJ.txt [ Cookie:mommy@mediafire.com./ ]
C:\USERS\MOMMY\Cookies\LW8XD788.txt [ Cookie:mommy@gamersmedia.com/servlet/ajrotator/track/pt1193884 ]
C:\USERS\MOMMY\Cookies\21KQ6VQS.txt [ Cookie:mommy@caloriecount.about.com/ ]
C:\USERS\MOMMY\Cookies\H2HDTNH7.txt [ Cookie:mommy@sales.liveperson.net/ ]
C:\USERS\MOMMY\Cookies\M850DBIM.txt [ Cookie:mommy@americancancersocietyinc.112.2o7.net/ ]
C:\USERS\MOMMY\Cookies\RTSWTG7D.txt [ Cookie:mommy@dmtracker.com/ ]
C:\USERS\MOMMY\Cookies\FC76HB2O.txt [ Cookie:mommy@vermontcountrystore.com/ ]
C:\USERS\MOMMY\Cookies\YS6FVEGE.txt [ Cookie:mommy@liveperson.net/hc/56376279 ]
C:\USERS\MOMMY\Cookies\5YL79R7J.txt [ Cookie:mommy@ussearch.122.2o7.net/ ]
C:\USERS\MOMMY\Cookies\3DIMO8RF.txt [ Cookie:mommy@cbi.122.2o7.net/ ]
C:\USERS\MOMMY\Cookies\QDX94C3F.txt [ Cookie:mommy@healthgrades.112.2o7.net/ ]
C:\USERS\MOMMY\Cookies\STHCA2XO.txt [ Cookie:mommy@wpni.112.2o7.net/ ]
C:\USERS\MOMMY\Cookies\JCPB9ZFJ.txt [ Cookie:mommy@c.atdmt.com/ ]
C:\USERS\MOMMY\Cookies\YD5TPJCV.txt [ Cookie:mommy@statsadv.dadapro.com/ ]
C:\USERS\MOMMY\Cookies\7SBNX178.txt [ Cookie:mommy@brighthouse.122.2o7.net/ ]
C:\USERS\MOMMY\Cookies\ARSFRM7X.txt [ Cookie:mommy@www.mediafire.com./ ]
C:\USERS\MOMMY\Cookies\OGJGP1FO.txt [ Cookie:mommy@media2.legacy.com/ ]
C:\USERS\MOMMY\Cookies\GTY4OHFD.txt [ Cookie:mommy@timeinc.122.2o7.net/ ]
C:\USERS\MOMMY\Cookies\MBXUD8XO.txt [ Cookie:mommy@ads.gamersmedia.com/ ]
C:\USERS\MOMMY\Cookies\SRCTF8ZP.txt [ Cookie:mommy@www.googleadservices.com/pagead/conversion/1059407509/ ]
C:\USERS\MOMMY\Cookies\Q7UOOBZ2.txt [ Cookie:mommy@www.belstat.be/ ]
C:\USERS\MOMMY\Cookies\4RN0S7VO.txt [ Cookie:mommy@traditionalhome.com/ ]
C:\USERS\MOMMY\Cookies\5WRRY3DU.txt [ Cookie:mommy@broadwaycom.122.2o7.net/ ]
C:\USERS\MOMMY\Cookies\TWFA7CO7.txt [ Cookie:mommy@stats.townnews.com/pressofatlanticcity.com/ ]
C:\USERS\MOMMY\Cookies\9JM4NQH6.txt [ Cookie:mommy@d.mediaforge.com/ ]
C:\USERS\MOMMY\Cookies\WO5VU6S8.txt [ Cookie:mommy@liveperson.net/hc/88287119 ]
C:\USERS\MOMMY\Cookies\JQDZ7OT5.txt [ Cookie:mommy@superstats.com/ ]
C:\USERS\MOMMY\Cookies\90EOLW6E.txt [ Cookie:mommy@mm.chitika.net/ ]
C:\USERS\MOMMY\Cookies\ZCYYQXKL.txt [ Cookie:mommy@stats-newyork1.bloxcms.com/dailytargum.com/ ]
C:\USERS\MOMMY\Cookies\MXE55BRA.txt [ Cookie:mommy@www.spafinder.com/ ]
C:\USERS\MOMMY\Cookies\MWW6PRG0.txt [ Cookie:mommy@pcworldcommunication.122.2o7.net/ ]
C:\USERS\MOMMY\Cookies\LHCWZ1WQ.txt [ Cookie:mommy@www.googleadservices.com/pagead/conversion/1051976992/ ]
C:\USERS\MOMMY\Cookies\S06T3I7Q.txt [ Cookie:mommy@www.traditionalhome.com/ ]
C:\USERS\MOMMY\Cookies\RJEL4M1X.txt [ Cookie:mommy@dannon.122.2o7.net/ ]
C:\USERS\MOMMY\Cookies\M4XBM2CO.txt [ Cookie:mommy@www.googleadservices.com/pagead/conversion/1071431512/ ]
C:\USERS\MOMMY\Cookies\N8U8R3D7.txt [ Cookie:mommy@www.googleadservices.com/pagead/conversion/1063569542/ ]
C:\USERS\MOMMY\Cookies\AD4ASOQS.txt [ Cookie:mommy@cn.clickable.net/ ]
C:\USERS\MOMMY\Cookies\8G3I7H3F.txt [ Cookie:mommy@medhelpinternational.112.2o7.net/ ]
C:\USERS\MOMMY\Cookies\MDGJ099D.txt [ Cookie:mommy@e-2dj6wjnycjcpcdo.stats.esomniture.com/ ]
C:\USERS\MOMMY\Cookies\26K1GAIP.txt [ Cookie:mommy@evite.112.2o7.net/ ]
C:\USERS\MOMMY\Cookies\MMZDETW2.txt [ Cookie:mommy@spafinder.com/ ]
C:\USERS\MOMMY\Cookies\BWLWP8MC.txt [ Cookie:mommy@tacoda.at.atwola.com/ ]
C:\USERS\MOMMY\Cookies\1TCBWCHY.txt [ Cookie:mommy@msnbc.112.2o7.net/ ]
C:\USERS\MOMMY\Cookies\K90ALOT5.txt [ Cookie:mommy@www.googleadservices.com/pagead/conversion/1071582936/ ]
.atdmt.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hearstmagazines.112.2o7.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpose.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media2.legacy.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickbooth.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.technoratimedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.technoratimedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
wstat.wibiya.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.solvemedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.solvemedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.solvemedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.usatoday1.112.2o7.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gntbcstglobal.112.2o7.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserv.drf.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserv.drf.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.msnbc.112.2o7.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kanoodle.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stat.dealtime.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ipadinsight.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ipadinsight.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ipadinsight.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ipadinsight.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ipadinsight.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.bridgetrack.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.myvacationcountdown.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.myvacationcountdown.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.medhelpinternational.112.2o7.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mm.chitika.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
link.mercent.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.cbi.122.2o7.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.premiumtv.122.2o7.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.verizontelecom.112.2o7.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.bridgetrack.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.bridgetrack.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.bridgetrack.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
network.alluremedia.com.au [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.getclicky.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.static.getclicky.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
in.getclicky.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intermundomedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intermundomedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.oggifinogi.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
theclicker.today.msnbc.msn.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
theclicker.today.msnbc.msn.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
theclicker.today.msnbc.msn.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bizrate.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bizrate.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bizrate.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.steelhousemedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.steelhousemedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.timeinc.122.2o7.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ewstv.112.2o7.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.grapeshot-media.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.mediafire.com. [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.mediafire.com. [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.mediafire.com. [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com. [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com. [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com. [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dsw.112.2o7.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
click.get-answers-fast.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atwola.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.linksynergy.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.myroitracking.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
click.scour.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
click.scour.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad2.adfarm1.adition.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.callmeasurement.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.callmeasurement.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
statse.webtrendslive.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
insight.torbit.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
click.findsearchengineresults.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
click.findsearchengineresults.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pcworldcommunication.122.2o7.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserver1.backbeatmedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.backbeatmedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kaspersky.122.2o7.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atwola.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yieldmanager.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
mediaservices-d.openxenterprise.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
a.visualrevenue.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ewscripps.112.2o7.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.burstnet.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
advertising.sheknows.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.googleads.g.doubleclick.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
sales.liveperson.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
network.realmedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
server.iad.liveperson.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dmtracker.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adknowledge.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adknowledge.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adknowledge.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adknowledge.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.citygridmedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.citygridmedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.citygridmedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.citygridmedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.citygridmedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.citygridmedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.saymedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xiti.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eset.122.2o7.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c1.atdmt.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\MOMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.adlegend.com [ C:\USERS\MOMMY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RUP5RFKR ]
ad.insightexpressai.com [ C:\USERS\MOMMY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RUP5RFKR ]
cdn.media.abc.com [ C:\USERS\MOMMY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RUP5RFKR ]
convoad.technoratimedia.com [ C:\USERS\MOMMY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RUP5RFKR ]
core.insightexpressai.com [ C:\USERS\MOMMY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RUP5RFKR ]
dlr1.wdpromedia.com [ C:\USERS\MOMMY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RUP5RFKR ]
ds.serving-sys.com [ C:\USERS\MOMMY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RUP5RFKR ]
ia.media-imdb.com [ C:\USERS\MOMMY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RUP5RFKR ]
media.easy2.com [ C:\USERS\MOMMY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RUP5RFKR ]
media.pcadvisor.co.uk [ C:\USERS\MOMMY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RUP5RFKR ]
media.rachaelrayshow.com [ C:\USERS\MOMMY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RUP5RFKR ]
media4.pcadvisor.co.uk [ C:\USERS\MOMMY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RUP5RFKR ]
msnbcmedia.msn.com [ C:\USERS\MOMMY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RUP5RFKR ]
objects.tremormedia.com [ C:\USERS\MOMMY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RUP5RFKR ]
parksandresorts.wdpromedia.com [ C:\USERS\MOMMY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RUP5RFKR ]
richmedia247.com [ C:\USERS\MOMMY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RUP5RFKR ]
s0.2mdn.net [ C:\USERS\MOMMY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RUP5RFKR ]
secure-uk.imrworldwide.com [ C:\USERS\MOMMY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RUP5RFKR ]
secure-us.imrworldwide.com [ C:\USERS\MOMMY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RUP5RFKR ]
sftrack.searchforce.net [ C:\USERS\MOMMY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RUP5RFKR ]
wdw1.wdpromedia.com [ C:\USERS\MOMMY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RUP5RFKR ]

Heur.Agent/Gen-Whitebox
C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\A57765D93F393A44082948E08362ED03\ 15.4.3502\MAILLANGDLL
C:\WINDOWS\INSTALLER\$PATCHCACHE$\MANAGED\4E42866C3BBC1584BBF38EFC6D539032\ 15.4.3502\MAILLANGDLLMUI
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,323 posts.
 
Join Date: Mar 2001
Location: Bradford, England
24-May-2012, 02:26 PM #4
Okay, can you now delete any copies of ComboFix that you have, and download a fresh one as follows:

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re-enable the protection again afterwards before connecting to the Internet.
  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

eddie
Bertie Bott's Avatar
Bertie Bott Bertie Bott is offline
Member with 33 posts.
THREAD STARTER
 
Join Date: Dec 2006
25-May-2012, 09:24 AM #5
ComboFix 12-05-25.02 - Mommy 05/25/2012 8:46.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3834.2484 [GMT -4:00]
Running from: c:\users\Mommy\Desktop\username123.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mommy\AppData\Roaming\vso_ts_preview.xml
.
.
((((((((((((((((((((((((( Files Created from 2012-04-25 to 2012-05-25 )))))))))))))))))))))))))))))))
.
.
2012-05-25 12:56 . 2012-05-25 12:56 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2012-05-25 12:56 . 2012-05-25 12:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-23 21:25 . 2012-05-23 21:25 -------- d-----w- c:\users\Mommy\AppData\Roaming\SUPERAntiSpyware.com
2012-05-23 21:25 . 2012-05-23 21:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-23 21:25 . 2012-05-23 21:25 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-23 21:24 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-22 09:34 . 2012-05-15 05:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{40832F7B-0440-4697-AC64-652BA2C193DE}\mpengine.dll
2012-05-19 12:30 . 2012-05-19 12:30 -------- d-----w- c:\program files\HitmanPro
2012-05-19 12:28 . 2012-05-19 13:16 -------- d-----w- c:\programdata\HitmanPro
2012-05-19 12:28 . 2012-05-19 13:20 -------- d-----w- C:\sh4ldr
2012-05-19 12:28 . 2012-05-19 12:28 -------- d-----w- c:\program files\Enigma Software Group
2012-05-19 12:28 . 2012-05-19 15:56 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-05-19 12:28 . 2012-05-19 15:55 -------- d-----w- c:\program files (x86)\PC Tools Security
2012-05-18 12:22 . 2012-05-19 15:55 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-05-18 12:21 . 2012-05-23 21:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-18 10:09 . 2012-05-19 18:53 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-12 09:52 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-12 09:52 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-12 09:52 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-12 09:52 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 09:52 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-12 09:51 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-12 09:51 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 09:51 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-12 09:51 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 09:51 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-05 13:10 . 2012-05-05 13:10 -------- d-----w- c:\program files (x86)\AirPrint
2012-04-28 21:56 . 2012-04-28 21:56 -------- d-----w- c:\program files\iTunes
2012-04-28 21:56 . 2012-04-28 21:56 -------- d-----w- c:\program files\iPod
2012-04-28 21:30 . 2012-04-28 21:30 -------- d-----w- C:\Intel
2012-04-28 21:27 . 2012-04-28 21:26 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-04-28 21:26 . 2011-03-21 20:22 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-04-28 21:26 . 2011-03-21 20:22 452200 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-04-28 21:25 . 2012-04-28 21:25 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-04-28 21:25 . 2009-07-14 01:41 3128320 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-04-28 21:25 . 2009-07-14 01:41 7592960 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-04-28 21:25 . 2009-07-14 01:41 4326912 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-04-28 21:25 . 2009-07-14 01:41 9443840 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-04-28 21:25 . 2009-06-10 20:37 11572512 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-04-28 21:25 . 2012-04-28 21:26 -------- d-----w- c:\program files\NVIDIA Corporation
2012-04-28 21:22 . 2012-04-28 21:22 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-28 20:32 . 2012-04-28 20:32 -------- d-----w- c:\program files\Windows Live
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-21 15:57 . 2011-05-21 18:05 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-05-21 15:57 . 2011-05-21 18:05 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-05-21 15:57 . 2011-05-21 18:05 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-04-28 21:26 . 2011-05-21 15:24 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-28 21:22 . 2011-05-21 19:13 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-01 06:46 . 2012-04-12 02:14 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 02:14 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 02:14 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 02:14 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 02:14 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 02:14 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 02:14 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-12 02:20 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-12 02:20 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-12 02:20 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-12 02:20 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-12 02:20 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-12 02:20 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 02:20 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-12 02:20 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-22_13.12.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-21 14:20 . 2012-05-25 13:06 41352 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-25 09:39 28600 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-21 19:42 . 2012-05-25 09:39 11590 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4065330535-165493440-3738457496-1000_UserData.bin
+ 2011-05-21 12:06 . 2012-05-25 13:03 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2011-05-21 12:06 . 2012-05-22 13:11 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2011-05-21 12:06 . 2012-05-25 13:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2011-05-21 12:06 . 2012-05-22 13:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-22 13:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-25 13:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
- 2012-05-22 13:11 . 2012-05-22 13:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-25 13:02 . 2012-05-25 13:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-25 13:02 . 2012-05-25 13:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-22 13:11 . 2012-05-22 13:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-05-17 00:37 625774 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-23 13:44 625774 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-23 13:44 107140 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-17 00:37 107140 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-05-22 13:09 387920 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-25 12:57 387920 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-05-21 19:30 . 2012-05-22 13:09 40878774 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4065330535-165493440-3738457496-1000-12288.dat
+ 2011-05-21 19:30 . 2012-05-25 12:57 40878774 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4065330535-165493440-3738457496-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"SAOB Monitor"="c:\program files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-11-16 2536448]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-02-01 5546376]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-21 136176]
R3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-21 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
R4 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [x]
R4 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-05-21 3246040]
S2 AirPrint;AirPrint;c:\program files (x86)\AirPrint\airprint.exe [2012-05-05 234784]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-02-06 13672]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-05-21 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 21:22]
.
2012-05-25 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-01-04 14:17]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-21 15:27]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-21 15:27]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4065330535-165493440-3738457496-1000Core.job
- c:\users\Mommy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-02 16:31]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4065330535-165493440-3738457496-1000UA.job
- c:\users\Mommy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-02 16:31]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-02-01 390720]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://news.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
Trusted Zone: intuit.com\ttlc
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4065330535-165493440-3738457496-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserC hoice]
@Denied: (2) (S-1-5-21-4065330535-165493440-3738457496-1000)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4065330535-165493440-3738457496-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserC hoice]
@Denied: (2) (S-1-5-21-4065330535-165493440-3738457496-1000)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{50E9E32F-063A-412A-9627-553D5DA57C17}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.2.71.2"
"UniqueId"="00CD27AF4DD8061A"
"ScannerBuild"=dword:000025d2
"ScannerVersionId"=dword:000018b9
"ScannerVersion"="Locked/open ESET for status."
"ei2"=hex(b):70,98,b7,e3,b3,11,24,ce
"ei1"=hex(b):e0,cb,4e,d5,f7,ca,00,00
"ei3"=hex(b):09,84,73,4e,00,00,00,00
"ei4"=dword:00000003
"FixId"=dword:00000009
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-05-25 09:10:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-25 13:10
.
Pre-Run: 66,860,348,416 bytes free
Post-Run: 72,703,457,280 bytes free
.
- - End Of File - - 5111491F584AA463022C7F4C43D06A4C
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,323 posts.
 
Join Date: Mar 2001
Location: Bradford, England
26-May-2012, 03:21 PM #6
Thanks

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Please copy the text in the code box below and paste it in the Custom Scans/Fixes box in OTL:

    Code:
    netsvcs
    activex
    msconfig
    %SYSTEMDRIVE%\*.
    %PROGRAMFILES%\*.exe
    %LOCALAPPDATA%\*.exe
    %windir%\system32\tasks\*.* /64
    %systemroot%\Fonts\*.exe
    %systemroot%\*. /mp /s
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    regedit.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
Bertie Bott's Avatar
Bertie Bott Bertie Bott is offline
Member with 33 posts.
THREAD STARTER
 
Join Date: Dec 2006
28-May-2012, 05:44 PM #7
OTL logfile created on: 5/28/2012 5:31:32 PM - Run 1
OTL by OldTimer - Version 3.2.43.2 Folder = C:\Users\Mommy\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.74 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 55.58% Memory free
7.49 Gb Paging File | 5.57 Gb Available in Paging File | 74.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.79 Gb Total Space | 61.71 Gb Free Space | 55.20% Space Free | Partition Type: NTFS
Drive D: | 5.00 Gb Total Space | 2.89 Gb Free Space | 57.85% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 619.21 Gb Free Space | 66.47% Space Free | Partition Type: NTFS
Drive F: | 463.25 Gb Total Space | 446.44 Gb Free Space | 96.37% Space Free | Partition Type: NTFS
Drive G: | 463.25 Gb Total Space | 422.29 Gb Free Space | 91.16% Space Free | Partition Type: NTFS

Computer Name: UPSTAIRS | User Name: Mommy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/28 17:30:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Mommy\Desktop\OTL.exe
PRC - [2012/05/05 09:10:52 | 000,234,784 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\AirPrint\airprint.exe
PRC - [2012/02/28 18:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/02/15 11:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/02/06 17:25:08 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/21 16:13:43 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011/02/01 19:53:32 | 000,390,720 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011/02/01 19:52:40 | 005,546,376 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2010/11/16 03:52:28 | 002,536,448 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/22 21:56:50 | 000,441,880 | ---- | M] () -- C:\Users\Mommy\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppgoogl enaclpluginchrome.dll
MOD - [2012/05/22 21:56:49 | 003,922,456 | ---- | M] () -- C:\Users\Mommy\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
MOD - [2012/05/22 21:55:35 | 000,553,496 | ---- | M] () -- C:\Users\Mommy\AppData\Local\Google\Chrome\Application\19.0.1084.52\libgles v2.dll
MOD - [2012/05/22 21:55:33 | 000,117,784 | ---- | M] () -- C:\Users\Mommy\AppData\Local\Google\Chrome\Application\19.0.1084.52\libegl. dll
MOD - [2012/05/22 21:55:24 | 000,134,696 | ---- | M] () -- C:\Users\Mommy\AppData\Local\Google\Chrome\Application\19.0.1084.52\avutil-51.dll
MOD - [2012/05/22 21:55:23 | 000,250,408 | ---- | M] () -- C:\Users\Mommy\AppData\Local\Google\Chrome\Application\19.0.1084.52\avforma t-54.dll
MOD - [2012/05/22 21:55:21 | 002,375,720 | ---- | M] () -- C:\Users\Mommy\AppData\Local\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll
MOD - [2012/05/22 21:06:23 | 008,743,584 | ---- | M] () -- C:\Users\Mommy\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32 .dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/01/12 16:44:02 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/05/21 11:57:54 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2012/05/21 11:57:46 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/05/05 09:10:52 | 000,234,784 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\AirPrint\airprint.exe -- (AirPrint)
SRV - [2012/02/28 18:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/02/06 17:25:08 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/21 16:13:43 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011/02/01 19:55:24 | 001,112,240 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/11/08 12:04:20 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [1999/12/13 10:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Disabled | Stopped] -- C:\Windows\SysWOW64\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/21 11:57:46 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/21 16:13:46 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2011/05/21 16:13:35 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV:64bit: - [2011/05/21 16:13:33 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011/05/21 16:13:23 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011/05/21 14:34:04 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/03/21 16:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 22:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/12/21 15:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/12/21 15:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/12/21 13:47:38 | 000,125,296 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2010/11/20 09:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 09:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 07:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/09/17 15:40:06 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/09/17 15:39:58 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2005/03/29 04:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010/09/17 15:40:06 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4065330535-165493440-3738457496-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Mommy\Desktop
IE - HKU\S-1-5-21-4065330535-165493440-3738457496-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
IE - HKU\S-1-5-21-4065330535-165493440-3738457496-1000\..\SearchScopes,DefaultScope = {0B91581D-79FE-42A3-A348-E8730642574D}
IE - HKU\S-1-5-21-4065330535-165493440-3738457496-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4065330535-165493440-3738457496-1000\..\SearchScopes\{0B91581D-79FE-42A3-A348-E8730642574D}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer: source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=
IE - HKU\S-1-5-21-4065330535-165493440-3738457496-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4065330535-165493440-3738457496-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mommy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mommy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com : C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2011/05/21 14:34:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com : C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/05/21 14:34:48 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googlerigi nalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:ins tantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mommy\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogl eNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mommy\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mommy\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32 .dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: RoboForm Plugin for Google Chrome/Opera/etc. (Enabled) = C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\plugin/rf-np-plugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Mommy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/25 09:03:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3:64bit: - HKU\S-1-5-21-4065330535-165493440-3738457496-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-4065330535-165493440-3738457496-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-4065330535-165493440-3738457496-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4065330535-165493440-3738457496-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4065330535-165493440-3738457496-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4065330535-165493440-3738457496-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-4065330535-165493440-3738457496-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.4.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=724 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F7C169B-A6FF-430A-B6C6-3E2C31117A07}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/04 16:36:04 | 000,000,347 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Bamboo Dock - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: BambooCore - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: CTSyncU.exe - hkey= - key= - C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe ()
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: Garmin Lifetime Updater - hkey= - key= - C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Mommy\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: HotKeysCmds - hkey= - key= - C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: IgfxTray - hkey= - key= - C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
MsConfig:64bit - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Persistence - hkey= - key= - C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: Update - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/28 17:30:58 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Mommy\Desktop\OTL.exe
[2012/05/28 13:17:07 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\libimobiledevice
[2012/05/28 07:09:21 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{FF482B80-27E2-4A7A-9C31-21EA2D56C313}
[2012/05/28 07:08:42 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{81A5A3E6-77E1-4F4E-9ED7-7947BBAFDB18}
[2012/05/27 19:08:12 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{5BF9576B-255F-4EFE-A916-E0411EE871EE}
[2012/05/27 19:07:36 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{2F166D38-CD37-4B40-9CD0-E57A8CD00840}
[2012/05/26 06:26:49 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{1A363342-A361-4FD5-A43A-648149E84FED}
[2012/05/26 06:26:17 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{DADDF442-B997-4EB5-AA35-33BD2792542E}
[2012/05/25 09:10:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/25 09:03:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/25 05:53:04 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{032D257A-F13C-4A43-8CDF-66850D16D50D}
[2012/05/25 05:52:31 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{F8F93C73-E9C3-446C-9452-51F964EAE856}
[2012/05/24 17:22:54 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{EECC42BC-AFD4-45C8-B413-92BA2784D3F3}
[2012/05/24 17:22:20 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{7DB61F13-F11B-4E49-8063-9A6E2559265A}
[2012/05/24 05:22:08 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{F600D76F-283B-4BD2-95E9-8A67BB0A8832}
[2012/05/24 05:21:57 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{6ED1F0FA-7F21-4809-9CC8-7E806F305F0A}
[2012/05/23 19:37:17 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Mommy\Desktop\HijackThis.exe
[2012/05/23 17:25:58 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Roaming\SUPERAntiSpyware.com
[2012/05/23 17:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/05/23 17:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/05/23 17:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/05/23 17:24:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/23 17:24:51 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/23 06:17:46 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{3FF0DD77-C9F5-4FAF-B948-4535BA958E43}
[2012/05/23 06:17:12 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{FB230FDA-2D96-4C70-AFF6-99423BC2CDEA}
[2012/05/22 17:43:45 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{DDE8AF95-D4A9-4C8D-BB22-A6E1FCB89A24}
[2012/05/22 17:43:13 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{097407A2-53A6-4208-AD6E-9CE29C31B5EC}
[2012/05/22 08:31:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/22 08:31:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/22 08:31:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/22 08:31:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/22 08:31:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/22 05:42:48 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{E0FE014E-45DB-4072-9FA9-3B274459781F}
[2012/05/22 05:42:17 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{D40528AE-E026-49C1-8CD1-BDE12D8F6CF9}
[2012/05/21 17:41:53 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{5288FF88-64D8-4611-BF2C-056F9CD9FE55}
[2012/05/21 17:41:19 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{797FBE29-52A5-41A1-A46B-563735E85979}
[2012/05/21 05:41:06 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{408B167A-06DF-4DC0-B819-1EFA9BFA3468}
[2012/05/21 05:40:32 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{7347979E-73A3-48A7-808C-64D142720021}
[2012/05/20 09:41:43 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{F5057857-69D6-4BF6-BC77-7F49ADB0AEDB}
[2012/05/20 09:41:26 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{965B6C62-9C0F-4247-B535-603613788709}
[2012/05/19 12:42:28 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{267DFD35-CCA8-4415-92BA-5FFEAB03E3DC}
[2012/05/19 12:41:53 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{EAF59185-925E-40AE-A4FB-AE6D3EB2C1C2}
[2012/05/19 08:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/05/19 08:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/05/19 08:28:35 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/05/19 08:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/05/19 08:28:33 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/05/19 08:28:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2012/05/19 08:28:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/05/18 08:22:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/05/18 08:21:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/18 06:42:04 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{157BDFA9-3651-46E9-A643-F1AB801D4B6F}
[2012/05/18 06:41:30 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{7E700812-0B99-4EBA-8569-1C2CDD377340}
[2012/05/17 18:41:06 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{5512053B-6D99-4632-8FD9-74844690D30C}
[2012/05/17 18:40:32 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{CFA72DB3-DE0A-43EB-B699-4745DE4519A2}
[2012/05/17 06:40:20 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{544C0804-9B56-4629-9159-DFC2E1B309E0}
[2012/05/17 06:39:46 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{14EBD774-6196-426E-9564-05B1C6DECE7A}
[2012/05/16 18:39:22 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{E3FC68B1-2F7B-42A0-8EF5-F33B9DD00B04}
[2012/05/16 18:38:49 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{C1050068-2669-4D11-9D37-1B5BD31F6CB7}
[2012/05/16 06:38:36 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{503A5660-33B9-4EB1-80BE-AAD81760E0C6}
[2012/05/16 06:38:02 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{C41A3936-CD63-455A-803F-DA684079018F}
[2012/05/15 18:37:39 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{26612FA1-5B26-47AC-B9A1-D47AC687F2D8}
[2012/05/15 18:37:06 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{54E6EB9C-656E-4497-9258-C4037366EDA7}
[2012/05/15 06:36:41 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{D450AAC6-86A7-4309-B55E-0A74159BFFCE}
[2012/05/15 06:36:08 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{771BEF3E-5344-4772-B3A4-C348A332B211}
[2012/05/14 18:35:43 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{28DAB4D6-870B-4C41-BE82-7CEDEFFAC5BC}
[2012/05/14 18:35:11 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{12AC217F-C298-456E-BAFF-3D4AA3984DD3}
[2012/05/14 06:34:59 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{B91689F2-8830-4AC7-90C7-7F206D15B7CB}
[2012/05/14 06:34:38 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{B5A1E473-D33A-4268-8D32-5A0F815CDB7E}
[2012/05/13 18:34:13 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{4848310A-9040-47D0-A894-B55759F1E03D}
[2012/05/13 18:33:40 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{B441EDF7-39C3-4758-B62A-8EC6B1973B87}
[2012/05/13 06:33:16 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{21A4337E-FDF9-4FCB-9256-A87B106470B4}
[2012/05/13 06:32:45 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{A8857549-CBBD-4383-9E4B-003703865ABD}
[2012/05/12 19:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/12 18:32:11 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{0F7EB7AC-4D7C-4639-AE23-0F277E91979B}
[2012/05/12 18:31:37 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{AD7909DE-912B-4672-A3D3-18CF849041CD}
[2012/05/12 06:31:12 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{34E2A0E9-C911-4140-8C7B-EF912B240F9B}
[2012/05/12 06:30:39 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{2BC7F0B9-B892-4A58-9FCD-CB42B71C2947}
[2012/05/11 18:30:15 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{E3EB078C-78FC-4083-B83F-D9345D5ED75B}
[2012/05/11 18:29:41 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{A3387600-02BE-4D62-B783-0EBD99E12DAA}
[2012/05/11 06:29:27 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{58A80750-731B-4C77-BCE7-167895604EC8}
[2012/05/11 06:28:53 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{63E4A05D-B502-4BBB-A9C4-6F1935400704}
[2012/05/10 18:28:29 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{BEE6C9E3-52A2-473A-9434-161FD3D325B6}
[2012/05/10 18:27:55 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{2B4185D6-35D0-4BFE-9B7B-A85924B78D31}
[2012/05/10 06:27:43 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{0FA87FEF-2E50-4DB5-ACC1-7A8E2197C23C}
[2012/05/10 06:27:10 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{9D3A6858-D96D-4A19-9067-EDC121A38C54}
[2012/05/09 18:26:46 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{B888D1C2-FAF5-4CD7-9C95-7F99E695AF4F}
[2012/05/09 18:26:12 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{DC50BB4A-34DB-4841-A4E5-A710D0CAEBE5}
[2012/05/09 06:25:59 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{11619B06-CF65-4BE1-B271-126176403779}
[2012/05/09 06:25:13 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{0E77B4FB-9F67-485F-A7C1-300BE1B7DFFE}
[2012/05/08 18:24:48 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{0E55DA59-4A2A-4077-A70F-2D3CBF5529D2}
[2012/05/08 18:24:14 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{F401AA26-08AA-4699-94BF-AA0C7172B315}
[2012/05/08 06:24:01 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{3CCE23E8-7C4B-4C9E-AC80-C0BD99ADB7A6}
[2012/05/08 06:23:27 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{271D61ED-E265-436E-9768-43C8F64FBD79}
[2012/05/07 18:23:03 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{219D12BB-F487-43D7-8BF2-6800CA33F783}
[2012/05/07 18:22:29 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{DD38BF37-402D-43BE-A9C8-AB989E3D4220}
[2012/05/07 06:22:17 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{55E93DD2-2187-43B4-8755-F1ACBC16F35C}
[2012/05/07 06:21:43 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{D554F264-1740-4EDB-A195-145CBDF0CE5F}
[2012/05/06 18:21:19 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{D394AF2A-E4F5-4D72-B2EB-01E7C04277AB}
[2012/05/06 18:20:45 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{0160FBD3-6C41-4C6C-8603-BE402D6B930F}
[2012/05/06 06:20:19 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{15EA6FEA-120B-48F3-A481-9788BED23E03}
[2012/05/06 06:19:45 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{2CEA2B8E-50F5-43B7-AF47-2BB30D1BF91F}
[2012/05/05 18:19:20 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{300CD5C2-6035-4A16-8AAB-E058E2FDF65E}
[2012/05/05 18:18:46 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{2FBE049E-1010-4BB5-8216-DEFF45D85566}
[2012/05/05 09:10:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AirPrint
[2012/05/05 06:18:09 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{ED516F05-5FDD-4DF6-9153-90DD4258726A}
[2012/05/05 06:17:55 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{E8C39802-82A9-4B4C-97A5-C00A33E0C7AB}
[2012/05/04 17:56:16 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{EA43DB20-E69F-415C-9294-AB9AA6618803}
[2012/05/04 17:55:42 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{D72DA7A5-0ECF-4A54-8894-628947395117}
[2012/05/04 05:55:30 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{E0ABE040-5130-4A57-A2B6-97AB64A3D954}
[2012/05/04 05:54:57 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{71321B04-4426-474E-82F4-E7BC89B0F39D}
[2012/05/03 17:54:32 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{9F76E19A-0BB7-4475-B8FF-AB2745FFA028}
[2012/05/03 17:53:58 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{06E4581E-AC2F-4A30-AED2-84722CCB1C4D}
[2012/05/03 05:53:33 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{FE189180-B784-4A0B-9EF6-A61C1371D64D}
[2012/05/03 05:53:00 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{142EA8FD-95DE-4561-881E-F320A966940D}
[2012/05/02 17:52:35 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{A19F689F-9859-4560-A03C-B04DCAB329A8}
[2012/05/02 17:52:03 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{B80565F3-B5D6-4634-9E37-93A2469FF7E1}
[2012/05/02 07:27:29 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/05/02 05:51:38 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{1EFB86FE-2530-491F-9790-ABBFCF2F2202}
[2012/05/02 05:51:04 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{1D3B95D3-ACF1-413E-9845-34D4FEC13859}
[2012/05/01 17:50:41 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{DDD57F29-7B62-49A1-B23C-AE0B61F170E1}
[2012/05/01 17:50:07 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{3B523641-6123-4D15-913D-5C1C3D183DE2}
[2012/05/01 05:49:42 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{28A8FB97-EF58-4296-AB94-EB20CE30F2D8}
[2012/05/01 05:49:07 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{89940AB8-C31E-4DC3-BDA5-327789B06D25}
[2012/04/30 17:38:27 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{E131F31F-F901-4280-B102-BBBA4DF0CE18}
[2012/04/30 17:37:53 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{EC7EB028-F311-4EBE-ADB7-8D5F2C147EA4}
[2012/04/30 05:37:28 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{F26632E3-40F8-4974-95D2-88C3EB994166}
[2012/04/30 05:36:56 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{5769996F-E222-437B-8152-CDB70BD2CBC7}
[2012/04/29 17:36:31 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{A52F927B-BA20-4AEF-900F-3AA3D1BF5DC2}
[2012/04/29 17:35:57 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{323861D2-EE0A-4136-8BFA-594F580CD42D}
[2012/04/29 05:35:29 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{1E39C11A-6ED6-45AA-AA47-0A7B8CD5B1BA}
[2012/04/29 05:34:42 | 000,000,000 | ---D | C] -- C:\Users\Mommy\AppData\Local\{F35041F0-A229-4971-BBB6-D953C9363C42}
[2012/04/28 17:56:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/04/28 17:56:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

========== Files - Modified Within 30 Days ==========

[2012/05/28 17:36:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/28 17:32:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4065330535-165493440-3738457496-1000UA.job
[2012/05/28 17:30:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Mommy\Desktop\OTL.exe
[2012/05/28 17:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/28 13:11:48 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/28 13:11:48 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/28 12:51:28 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012/05/28 12:49:37 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/28 12:49:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/28 12:49:16 | 3015,221,248 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/28 07:32:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4065330535-165493440-3738457496-1000Core.job
[2012/05/25 09:03:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/25 06:20:48 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/23 19:37:16 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Mommy\Desktop\HijackThis.exe
[2012/05/23 09:44:03 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/23 09:44:03 | 000,625,774 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/23 09:44:03 | 000,107,140 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/21 11:57:46 | 000,087,456 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2012/05/21 11:57:46 | 000,080,768 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2012/05/21 11:57:46 | 000,034,688 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2012/05/13 05:43:31 | 000,409,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/28 17:56:40 | 000,001,823 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2012/05/23 17:25:47 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/22 08:31:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/22 08:31:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/22 08:31:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/22 08:31:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/22 08:31:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/02 07:27:06 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4065330535-165493440-3738457496-1000UA.job
[2012/05/02 07:27:06 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4065330535-165493440-3738457496-1000Core.job
[2012/04/28 17:56:40 | 000,001,823 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/28 17:29:15 | 000,874,048 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012/04/28 17:29:15 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012/04/28 17:29:15 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012/04/04 15:26:35 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/03/03 11:42:35 | 000,000,614 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/05/21 16:06:53 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2011/05/21 11:07:39 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/05/21 11:07:39 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2140.DAT
[2011/05/16 13:31:44 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll

========== LOP Check ==========

[2011/05/21 16:05:02 | 000,000,000 | ---D | M] -- C:\Users\Mommy\AppData\Roaming\Acronis
[2012/01/20 10:20:29 | 000,000,000 | ---D | M] -- C:\Users\Mommy\AppData\Roaming\Atari
[2011/05/26 12:18:03 | 000,000,000 | ---D | M] -- C:\Users\Mommy\AppData\Roaming\Canon
[2011/05/21 16:00:52 | 000,000,000 | ---D | M] -- C:\Users\Mommy\AppData\Roaming\DAEMON Tools Lite
[2011/05/21 16:13:46 | 000,000,000 | ---D | M] -- C:\Users\Mommy\AppData\Roaming\FDAEED01-7C45-4A70-AD09-0D4D909E34B3
[2011/12/20 11:17:56 | 000,000,000 | ---D | M] -- C:\Users\Mommy\AppData\Roaming\FreeAudioPack
[2011/12/30 09:48:27 | 000,000,000 | ---D | M] -- C:\Users\Mommy\AppData\Roaming\Garmin
[2012/03/10 09:15:04 | 000,000,000 | ---D | M] -- C:\Users\Mommy\AppData\Roaming\HandBrake
[2011/08/28 15:51:19 | 000,000,000 | ---D | M] -- C:\Users\Mommy\AppData\Roaming\Leadertech
[2011/12/30 20:05:54 | 000,000,000 | ---D | M] -- C:\Users\Mommy\AppData\Roaming\redsn0w
[2011/12/23 11:44:41 | 000,000,000 | ---D | M] -- C:\Users\Mommy\AppData\Roaming\Thinstall
[2011/05/21 16:01:02 | 000,000,000 | ---D | M] -- C:\Users\Mommy\AppData\Roaming\UBitMenu
[2012/05/20 19:32:27 | 000,000,000 | ---D | M] -- C:\Users\Mommy\AppData\Roaming\uTorrent
[2011/12/23 11:42:12 | 000,000,000 | ---D | M] -- C:\Users\Mommy\AppData\Roaming\Vso
[2011/05/23 08:12:23 | 000,000,000 | ---D | M] -- C:\Users\Mommy\AppData\Roaming\Windows Live Writer
[2011/08/22 09:54:04 | 000,000,000 | ---D | M] -- C:\Users\Mommy\AppData\Roaming\WindSolutions
[2012/05/28 12:51:28 | 000,000,266 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2012/04/09 05:35:18 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2012/05/25 09:03:45 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011/02/05 16:41:55 | 000,000,000 | ---D | M] -- C:\BJPrinter
[2011/05/21 19:07:20 | 000,000,000 | ---D | M] -- C:\Boot
[2012/05/13 05:41:15 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012/04/28 17:30:00 | 000,000,000 | ---D | M] -- C:\Intel
[2011/05/21 12:16:44 | 000,000,000 | R--D | M] -- C:\MSOCache
[2004/06/01 16:58:00 | 000,000,000 | ---D | M] -- C:\My RoboForm Data
[2009/07/13 23:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/05/23 17:25:39 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/05/19 11:54:58 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012/05/23 17:25:57 | 000,000,000 | ---D | M] -- C:\ProgramData
[2012/05/25 09:10:57 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011/05/21 08:07:32 | 000,000,000 | ---D | M] -- C:\Recovery
[2012/05/19 09:20:20 | 000,000,000 | ---D | M] -- C:\sh4ldr
[2012/05/28 17:34:20 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/06/09 14:02:16 | 000,000,000 | R--D | M] -- C:\Users
[2012/05/25 09:10:56 | 000,000,000 | ---D | M] -- C:\Windows
[2011/06/07 11:33:52 | 000,000,000 | ---D | M] -- C:\Windows.old

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %windir%\system32\tasks\*.* /64 >
[2012/04/28 17:22:41 | 000,003,768 | ---- | M] () -- C:\Windows\SysNative\tasks\Adobe Flash Player Updater
[2012/05/28 12:51:24 | 000,002,896 | ---- | M] () -- C:\Windows\SysNative\tasks\AutoKMS
[2012/03/24 12:31:45 | 000,003,640 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore
[2012/03/24 12:31:47 | 000,003,892 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA
[2012/05/02 07:27:06 | 000,003,486 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-4065330535-165493440-3738457496-1000Core
[2012/05/02 07:27:07 | 000,003,882 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-4065330535-165493440-3738457496-1000UA

< %systemroot%\Fonts\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: REGEDIT.EXE >
[2009/07/13 21:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\ERDNT\cache86\regedit.exe
[2009/07/13 21:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009/07/13 21:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009/07/13 21:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009/07/13 21:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: UPSTAIRS
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 H DVD-ROM 0 B No Media
Volume 1 I DVD-ROM 0 B No Media
Volume 2 C OP SYS NTFS Partition 111 GB Healthy System
Volume 3 E BACKUP NTFS Partition 931 GB Healthy
Volume 4 D SYSTEM NTFS Partition 5122 MB Healthy
Volume 5 F PROGRAMS NTFS Partition 463 GB Healthy
Volume 6 G STORAGE NTFS Partition 463 GB Healthy

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMPFC5A2B2

< End of report >


OTL Extras logfile created on: 5/28/2012 5:31:32 PM - Run 1
OTL by OldTimer - Version 3.2.43.2 Folder = C:\Users\Mommy\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.74 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 55.58% Memory free
7.49 Gb Paging File | 5.57 Gb Available in Paging File | 74.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.79 Gb Total Space | 61.71 Gb Free Space | 55.20% Space Free | Partition Type: NTFS
Drive D: | 5.00 Gb Total Space | 2.89 Gb Free Space | 57.85% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 619.21 Gb Free Space | 66.47% Space Free | Partition Type: NTFS
Drive F: | 463.25 Gb Total Space | 446.44 Gb Free Space | 96.37% Space Free | Partition Type: NTFS
Drive G: | 463.25 Gb Total Space | 422.29 Gb Free Space | 91.16% Space Free | Partition Type: NTFS

Computer Name: UPSTAIRS | User Name: Mommy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-4065330535-165493440-3738457496-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfil e]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProf ile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfil e]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProf ile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{00F7E8B7-D15B-44D1-8F6F-97CF3CBF527A}" = rport=1701 | protocol=17 | dir=out | app=system |
"{0236ABA2-70CD-475E-A1E6-49A40C5744D3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{03FF9EB8-BBBF-4D81-9649-9C9710A88497}" = lport=445 | protocol=6 | dir=in | app=system |
"{05D72834-230D-4306-A545-E32B08392589}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{07DB41D6-1E38-4CF5-A585-B92363048F13}" = lport=137 | protocol=17 | dir=in | app=system |
"{084D96A1-E766-4503-89AD-0B9C99729740}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{08683772-5D32-4243-AC15-AD9B7F6E8110}" = rport=1723 | protocol=6 | dir=out | app=system |
"{0B09994E-2483-4B1A-8289-6CF4DD6E0115}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0C86A7A8-63C0-4D49-98BB-0C81490D09DF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0FC60B19-D079-46FA-8EBA-AA13FD1DC912}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{13DE5535-6F19-4D66-8951-864F8D9486E0}" = lport=rpc | protocol=6 | dir=in | app=%systemroot%\system32\services.exe |
"{14A85807-9D6E-43B1-9DF1-CC6817390A1D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{14C0F59C-8DED-4C78-A3C2-C046DC07F82C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{180ADE6B-A999-4064-B6E5-59C760F067B1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{19DF244F-ED6D-4654-BACA-A0AF79576BC2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1C25C4E4-B7EC-4775-85DC-D23D268908D4}" = lport=3389 | protocol=6 | dir=in | app=system |
"{1CEE1B6C-B887-4E18-B300-4BBA9FCD47B3}" = lport=1723 | protocol=6 | dir=in | app=system |
"{1DC2E337-4E2F-427A-B372-97EE202851DE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{20FEFDD1-505F-4589-892A-1E88CE7B03A0}" = lport=3702 | protocol=17 | dir=in | svc=peerdistsvc | app=%systemroot%\system32\svchost.exe |
"{25A7C455-E217-4373-A60A-1407408B459D}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=%systemroot%\system32\vds.exe |
"{26A7E80B-45C0-4B15-95E9-C97442D7C2D2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{27BCF0F0-A09D-49EC-8976-603860A3FF86}" = rport=443 | protocol=6 | dir=out | app=system |
"{2B6F71F9-DE5B-460B-9434-0747E159E7BB}" = lport=80 | protocol=6 | dir=in | app=system |
"{2DDA4D09-F406-4BB4-8A86-F3FBD3808BED}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{30DD60D1-39FF-4813-B7A4-64E3B37D7F5F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{36992E43-F1D7-46D6-A742-EAA6DF28F6AE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{3A510B6E-6443-4FC6-8663-7F8652BA3BFD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3FF4C314-5F8E-4B1B-B339-065F2C92ED2F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{41E1E3FB-28AD-4138-8D2E-FBA3937E6497}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |
"{4586EC2C-7085-47F5-BECE-84E1D5481EF0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{48E197E4-D4FF-4469-BE9B-A2FB7F08A91D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B1125BE-B1AB-45F0-9A0C-86B2AB6B849F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4BE1BC6E-FF2D-45DA-A2DF-1EE371797035}" = lport=10244 | protocol=6 | dir=in | app=system |
"{4E1941CB-5042-4597-B527-B27D06DA2A02}" = lport=10243 | protocol=6 | dir=in | app=system |
"{56AE29FB-BC08-44CF-A677-CAE7D7588A4E}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{56DD179D-42D7-46B8-A0DF-78623B952FCD}" = lport=443 | protocol=6 | dir=in | app=system |
"{57EF8280-F868-4CEF-A2A4-08073EC4ADDC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{588ECE54-09B1-4539-8381-C7FBC5F25602}" = lport=445 | protocol=6 | dir=in | app=system |
"{58CBF404-D5F4-4987-A202-BBEE20D3087F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{59327A83-56DF-4CD3-8307-3E6F11189AEF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{62680AF1-ADC7-422D-BCE7-0CF39F1E6E3C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6CAF61E9-D138-4C11-ABB1-58CFE74637DD}" = lport=139 | protocol=6 | dir=in | app=system |
"{6F77D8B1-A46B-4F96-8DB1-1189D6C0665F}" = rport=445 | protocol=6 | dir=out | app=system |
"{7174A76F-EDB3-4FA4-9D68-21752BAE6669}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7242336A-64A5-4FBC-970C-56BA2571CD73}" = lport=10245 | protocol=6 | dir=in | app=system |
"{727F0504-4A44-49D9-9310-E0A6C34FEC37}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7992D38C-D7F0-4E5B-8DCB-E3D234C3B423}" = lport=rpc | protocol=6 | dir=in | svc=ktmrm | app=%systemroot%\system32\svchost.exe |
"{7CE357F4-CAB2-4328-8608-487190D14163}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=%systemroot%\system32\svchost.exe |
"{7DBBC8A5-0526-454E-9A9C-980CAD0F440B}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{80E9A2F9-A39D-4EC6-B1F9-CA407EA95381}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{81EC778E-7A3B-403A-90B6-A759B17C8B25}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=%systemroot%\system32\svchost.exe |
"{85AF80AC-1CBF-48CB-8BB3-1C431486B3D7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{87A026BA-E71B-47E6-870D-FE8DD496D420}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8B476CC5-B98E-4971-BC67-8EB4F947FB0C}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{8DCD8469-AD4C-46E6-9909-B6E641DBE1F7}" = rport=80 | protocol=6 | dir=out | app=system |
"{8E6BCEE6-B596-4F4D-9254-3BCAA0CED688}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8EFCDA29-5699-4EB9-95D7-EE2D8ABC20AF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{94FF91E2-F18F-4639-87C1-BECBF2E95685}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{9845170F-9C88-49D9-812F-D2A2FE42FEA8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{98FD69C0-9039-40E3-9DC2-30EBE4B40039}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9A324374-8522-4BF3-AE69-703A5C5334A0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9BFFF8E3-E384-48DE-96CC-D12278E456A3}" = lport=1701 | protocol=17 | dir=in | app=system |
"{9E4A48A9-7E4E-4FF8-A965-58B1C10A836F}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{A01D19FE-9A3D-43E1-9670-7AB73C38A6C1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A196A7D6-9422-4C37-8FD3-E3D726670D4D}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{A30232F9-A9FA-41B3-ACF5-98A126940787}" = rport=138 | protocol=17 | dir=out | app=system |
"{A4141D50-51E4-4894-B367-E3A056B21211}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |
"{A5846B94-E031-4EA6-A487-0A3334E7793C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A5C8CFCD-CF0D-4037-8509-95032A48DA16}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A949B490-9A8F-4CBD-A9F3-117AF06EAEB7}" = lport=445 | protocol=6 | dir=in | app=system |
"{B1C8008C-2155-4F9A-B163-89EBB7F48B09}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{B68B6050-41E9-43E6-B429-13F83F03D2DF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BC3F91EE-F91D-4E37-B498-6B1D8D319F37}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BE060D0D-196E-4B7B-B5A7-80F105F718B5}" = rport=139 | protocol=6 | dir=out | app=system |
"{BF586BBC-C902-4429-AA76-1A8A6FC26E82}" = lport=138 | protocol=17 | dir=in | app=system |
"{C059D6FF-D7B8-4C52-AB8E-6C99C7A8250E}" = lport=445 | protocol=6 | dir=in | app=system |
"{C4227755-6772-415C-A35A-7343365CC0D8}" = lport=162 | protocol=17 | dir=in | svc=snmptrap | app=%systemroot%\system32\snmptrap.exe |
"{C432996B-D4CC-4423-9F62-D8BBA8A08487}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{C5AE5F22-D521-4392-82BA-5AF70BAD6D93}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=%systemroot%\system32\svchost.exe |
"{CC5999F5-ECD6-450C-933D-811290061B5D}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{CECEA448-8188-4E8C-BB22-30E2F090AE62}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CFA6DF97-25F9-4D00-96D1-77D16C619D4D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D73DA95E-E960-4E00-A0C4-57EE6E78A3FA}" = lport=5358 | protocol=6 | dir=in | app=system |
"{DC38B5D8-7657-4F20-9944-0C6558373F90}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E064FBBB-0850-4387-91AE-F316315AB252}" = rport=3702 | protocol=17 | dir=out | svc=peerdistsvc | app=%systemroot%\system32\svchost.exe |
"{E28462C0-F143-40E7-B4E5-508E2A730C62}" = lport=rpc | protocol=6 | dir=in | app=%systemroot%\system32\vdsldr.exe |
"{EBC26F4E-4E5B-4E1C-A993-41503EECE8C7}" = rport=5357 | protocol=6 | dir=out | app=system |
"{ECC0AB49-2528-4F4A-A766-C34531E4141D}" = rport=5358 | protocol=6 | dir=out | app=system |
"{EF588869-4421-42A3-BF17-5A8B5067E6EA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EFFFD851-01F3-4658-AEAA-20CF47AF2C3E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F0079D02-CDB3-4A20-8158-E60FCA069FC1}" = lport=3390 | protocol=6 | dir=in | app=system |
"{F00C2553-4961-48FC-BB91-F7C698C235CC}" = rport=137 | protocol=17 | dir=out | app=system |
"{F0D80614-3FB3-4E26-9C9C-38587BDCB851}" = lport=80 | protocol=6 | dir=in | app=system |
"{F48BE4BC-A080-47FC-9F56-E9459AB0B6A8}" = lport=5985 | protocol=6 | dir=in | app=system |
"{F4E51319-10F4-4BB2-BC5B-4798BA7F56B5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{F6052416-CA3D-4277-A665-36C20801C1DF}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{F750405C-AA47-4A4F-921B-401795DD95A1}" = lport=443 | protocol=6 | dir=in | app=system |
"{F75E0777-773F-4B8B-B3AE-4607E4B88258}" = lport=443 | protocol=6 | dir=out | app=system |
"{F84BE4B1-2C8C-46CC-8211-0742E2F96929}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF394502-3483-4E80-A993-1E20F0416F2F}" = lport=5357 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{03B7EB03-0851-46A9-A971-94C20538AEA8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0A1FE5B6-0CFF-4B52-BF6A-EA2267892B2F}" = protocol=6 | dir=out | app=system |
"{0DF9261A-27A0-4E75-99F5-9AA326CC16AC}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{0EBFBCF0-543D-4E46-948A-E61D2A2EA286}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{1142D5CA-777D-4FBF-9E39-2A485508B1F4}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{1984E27D-6513-4005-821C-61330B3831F3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1CEC7DFE-72E3-4C22-811B-F68708B94E9C}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{1F1DC4FE-FE1E-4EC8-ABA9-C5B62B266F9D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1FBBBF8A-43F9-4A0A-93C5-84AE082ADD90}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{23CCCD4C-44F0-4BC1-9105-109C32770B35}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{329348E8-7B15-4C9B-A8AF-62BDD223F904}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{36EE96F8-0A19-4A8D-BA9C-65E6F11100F3}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{374CA92D-5BA4-463D-9E41-28829EE1EB4A}" = protocol=6 | dir=in | app=%systemroot%\system32\msdtc.exe |
"{3D72AF40-3E05-48BE-9B57-C9D639CAAA86}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4099E6F8-690D-46E1-83A1-0AC977160E2F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{41837767-6503-4C55-8A22-13D656EB6464}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4196C6CD-BFAB-4D71-B9F7-99D01AFEC6DC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4B216BAA-B261-4165-9101-3E267EADC789}" = protocol=6 | dir=out | svc=winmgmt | app=%systemroot%\system32\svchost.exe |
"{656E4980-2178-4891-9D8E-DB1DFB5283A1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{65B9A323-4449-4D51-9165-BD40B6C47F2E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6894B64D-991A-4C92-8937-914742674890}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6989F830-89F9-4E4A-9FF1-B31BA1FF053C}" = protocol=6 | dir=in | app=%systemroot%\system32\wbem\unsecapp.exe |
"{6A7FF199-0B2D-441A-973A-0EC498494DDE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{789FA7DC-12D3-4053-9EF6-4FAEE5457E5D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{7A6F1927-0220-44F8-8C6F-39E5AFDE4011}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8257FB9F-127C-48CF-8315-01385A4C7E56}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{86D3EE4D-F681-4A9F-A42C-85E72B633850}" = protocol=6 | dir=out | svc=msiscsi | app=%systemroot%\system32\svchost.exe |
"{8BE8CD80-5700-44EF-9BCC-01CB9029C078}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{904C480E-88E8-4C6F-9499-007F577A4E95}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{93204441-A33F-4E1A-9EB4-9C9F4E7641AC}" = dir=in | app=c:\program files (x86)\airprint\airprint.exe |
"{9F61C526-F870-4785-BB17-536F125372B3}" = protocol=6 | dir=in | svc=winmgmt | app=%systemroot%\system32\svchost.exe |
"{A6C3DE41-C063-4C4D-8F73-8ECB8F8199F2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A7D9A62B-9AEC-47EE-9107-35E965EF63AB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ADD7E658-5F3A-4EDF-91C5-99AD9F95EE3D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{AF34F0AD-C6BB-49D3-9224-8E4D5EC5C622}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B1A16D96-9A6E-4E23-8212-6228E4B8FF2D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B5ACF078-4FA3-4A53-A20F-850E93EA3E31}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{B701D63E-9F7C-4790-8432-E79C6CD15E34}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BD3C2F03-8A45-4423-81CC-9DC9BA6E999C}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{BD93CFF8-76E8-4500-B604-9BCAF85F28B2}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C1E79FEE-11A7-4CF9-A013-132AFE36C3BD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C23A2867-494C-47DD-8E9D-6B7640596809}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{C395E0C8-6A88-4021-8C91-E3A27C5414BC}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{CF00F5BD-51F6-4D24-A6C6-9EA5BB339380}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{CFEB7555-0FB1-43D7-85F7-6157DAF86E2F}" = protocol=6 | dir=in | app=%systemroot%\system32\plasrv.exe |
"{D0E895DA-651B-4102-807A-B4DEA0A90DE9}" = protocol=47 | dir=in | app=system |
"{E3983F2C-D028-4978-9225-8AAC8E7EFB75}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{E4FE3570-8C1C-4D9B-A8E1-B088B1A7B9A8}" = protocol=6 | dir=in | svc=msiscsi | app=%systemroot%\system32\svchost.exe |
"{E945901F-3C6E-4921-9627-87734D2BC3C9}" = protocol=58 | dir=in | app=system |
"{EBC12A49-0535-4620-8685-616EEB881BF0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ED1E8655-0582-4F77-8CE2-1B6A8BC17ABC}" = protocol=6 | dir=out | app=%systemroot%\system32\msdtc.exe |
"{EEC28170-DDC3-45CE-B63F-D71C9ECA1DFB}" = protocol=47 | dir=out | app=system |
"{FC0E8AF4-5363-4231-9D9E-B4AAE795DD8A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FFCF5F19-2923-4EA0-8352-40F813394BFF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{9D79A9E9-CC99-4B84-8D74-6896612E180F}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe |
"TCP Query User{B6DB89EB-FF2E-4631-8090-25296E4C97F0}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{BB9B7D2D-0556-4B28-A7FB-89B81F6DA160}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{409D69A1-1AE8-40A5-A051-D3BC3CEE056C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{E1C1EA77-3392-410B-B8C1-0488F19F2E96}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe |
"UDP Query User{FC15D04D-7147-4424-AC72-AD41EB45DADC}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java(TM) 6 Update 25 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{50E9E32F-063A-412A-9627-553D5DA57C17}" = ESET NOD32 Antivirus
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR 4.11 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028BB5A9-6385-4CF6-A6FF-D512D5015DBA}" = Garmin Lifetime Updater
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65179FD8-04C0-40A7-87FC-007F2CD5BF1E}" = LogMeIn
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AD9E6AC8-27B4-326A-69D1-C8A3549DAC22}" = Bamboo Dock
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8748FFB-1713-4e95-B3DF-4F1622D96F93}_is1" = UBitMenu UK
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DCED0AD4-784D-4667-B4A0-6FE953FAC4BB}" = TurboTax 2011 wnjiper
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"DAEMON Tools Lite" = DAEMON Tools Lite
"FileHippo.com" = FileHippo.com Update Checker
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Pen Tablet Driver" = Bamboo
"TurboTax 2011" = TurboTax 2011
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.9
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"WinLiveSuite" = Windows Live Essentials
"ZEN Vision:M Series Media Explorer" = ZEN Vision:M Series Media Explorer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4065330535-165493440-3738457496-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AI RoboForm" = RoboForm 7-7-6
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,323 posts.
 
Join Date: Mar 2001
Location: Bradford, England
30-May-2012, 03:44 PM #8
P2P Warning!
  • IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    µTorrent

    Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
    Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

    I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

    Please read these short reports on the dangers of peer-2-peer programs and file sharing.

    I would recommend that you uninstall the above, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

    If you decide to keep the program in spite of the risks involved, do not use it until I have finished cleaning your computer and have given you the all clear.

----------------------------
Now that's out of the way, lets carry on

Can you run the following, and post the logs they produce. If it has to be a few posts, thats fine

Can you run the following tools, and copy/paste the logs that they produce here:


Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.


  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.


  • Click the Start Scan button.


  • If a suspicious object is detected, the default action will be Skip, click on Continue.


  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.


  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply


--------------------------

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply


-------------

Please run the MGA Diagnostic Tool and post back the report it shall produce:
  1. Download MGADiag to your desktop.
  2. Double-click on MGADiag.exe to launch the program
  3. Click "Continue"
  4. Ensure that the "Windows" tab is selected (it should be by default).
  5. Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  6. Paste the MGA Diagnostic Report back here in your next reply.


---------

Then, run the following:


Please download and run WVCheck.
  • Double-click WVCheck.exe.
  • As indicated by the prompt, this program can take a while depending on your hard drive space.
  • Once the program is done, copy the contents of the Notepad file as a reply.

----------

And finally:

Download CKScanner from here

Important : Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

eddie
Bertie Bott's Avatar
Bertie Bott Bertie Bott is offline
Member with 33 posts.
THREAD STARTER
 
Join Date: Dec 2006
31-May-2012, 08:27 AM #9
Why did you want me to run the Windows genuine tests? Could that have been the cause of my issue had my Windows not been genuine?


07:19:30.0161 3880 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
07:19:30.0551 3880 ============================================================
07:19:30.0551 3880 Current date / time: 2012/05/31 07:19:30.0551
07:19:30.0551 3880 SystemInfo:
07:19:30.0551 3880
07:19:30.0551 3880 OS Version: 6.1.7601 ServicePack: 1.0
07:19:30.0551 3880 Product type: Workstation
07:19:30.0551 3880 ComputerName: UPSTAIRS
07:19:30.0551 3880 UserName: Mommy
07:19:30.0551 3880 Windows directory: C:\Windows
07:19:30.0551 3880 System windows directory: C:\Windows
07:19:30.0551 3880 Running under WOW64
07:19:30.0551 3880 Processor architecture: Intel x64
07:19:30.0551 3880 Number of processors: 4
07:19:30.0551 3880 Page size: 0x1000
07:19:30.0551 3880 Boot type: Normal boot
07:19:30.0551 3880 ============================================================
07:19:32.0329 3880 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:19:32.0360 3880 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:19:38.0398 3880 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:19:38.0413 3880 ============================================================
07:19:38.0413 3880 \Device\Harddisk0\DR0:
07:19:38.0429 3880 MBR partitions:
07:19:38.0429 3880 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782
07:19:38.0429 3880 \Device\Harddisk1\DR1:
07:19:38.0429 3880 MBR partitions:
07:19:38.0429 3880 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xA0120E
07:19:38.0429 3880 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0xA0124D, BlocksNum 0x39E823BA
07:19:38.0429 3880 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x3A883607, BlocksNum 0x39E823BA
07:19:38.0429 3880 \Device\Harddisk2\DR2:
07:19:38.0429 3880 MBR partitions:
07:19:38.0429 3880 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
07:19:38.0429 3880 ============================================================
07:19:38.0522 3880 C: <-> \Device\Harddisk0\DR0\Partition0
07:19:38.0554 3880 D: <-> \Device\Harddisk1\DR1\Partition0
07:19:38.0569 3880 E: <-> \Device\Harddisk2\DR2\Partition0
07:19:38.0585 3880 F: <-> \Device\Harddisk1\DR1\Partition1
07:19:38.0616 3880 G: <-> \Device\Harddisk1\DR1\Partition2
07:19:38.0616 3880 ============================================================
07:19:38.0616 3880 Initialize success
07:19:38.0616 3880 ============================================================
07:19:43.0358 3844 ============================================================
07:19:43.0358 3844 Scan started
07:19:43.0358 3844 Mode: Manual; SigCheck; TDLFS;
07:19:43.0358 3844 ============================================================
07:19:46.0260 3844 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
07:19:46.0380 3844 1394ohci - ok
07:19:46.0452 3844 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
07:19:46.0490 3844 ACPI - ok
07:19:46.0524 3844 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
07:19:46.0585 3844 AcpiPmi - ok
07:19:46.0743 3844 AcrSch2Svc (2fa64c2e62f1b30e2ff70578b9babdcd) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
07:19:46.0802 3844 AcrSch2Svc - ok
07:19:46.0898 3844 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
07:19:46.0917 3844 AdobeARMservice - ok
07:19:46.0974 3844 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
07:19:47.0039 3844 adp94xx - ok
07:19:47.0075 3844 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
07:19:47.0124 3844 adpahci - ok
07:19:47.0139 3844 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
07:19:47.0171 3844 adpu320 - ok
07:19:47.0221 3844 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
07:19:47.0310 3844 AeLookupSvc - ok
07:19:47.0377 3844 afcdp (ae1fce2cd1e99bea89183ba8cd320872) C:\Windows\system32\DRIVERS\afcdp.sys
07:19:47.0428 3844 afcdp - ok
07:19:47.0691 3844 afcdpsrv (af44f7e027037628f1fac3c13cde73e6) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
07:19:47.0856 3844 afcdpsrv - ok
07:19:48.0039 3844 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
07:19:48.0128 3844 AFD - ok
07:19:48.0153 3844 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
07:19:48.0210 3844 agp440 - ok
07:19:48.0261 3844 AirPrint - ok
07:19:48.0324 3844 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
07:19:48.0402 3844 ALG - ok
07:19:48.0402 3844 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
07:19:48.0433 3844 aliide - ok
07:19:48.0433 3844 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
07:19:48.0464 3844 amdide - ok
07:19:48.0495 3844 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
07:19:48.0558 3844 AmdK8 - ok
07:19:48.0589 3844 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
07:19:48.0683 3844 AmdPPM - ok
07:19:48.0776 3844 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
07:19:48.0854 3844 amdsata - ok
07:19:48.0870 3844 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
07:19:48.0901 3844 amdsbs - ok
07:19:48.0917 3844 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
07:19:48.0932 3844 amdxata - ok
07:19:48.0963 3844 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
07:19:49.0088 3844 AppID - ok
07:19:49.0119 3844 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
07:19:49.0197 3844 AppIDSvc - ok
07:19:49.0229 3844 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
07:19:49.0322 3844 Appinfo - ok
07:19:49.0400 3844 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:19:49.0431 3844 Apple Mobile Device - ok
07:19:49.0463 3844 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
07:19:49.0525 3844 AppMgmt - ok
07:19:49.0572 3844 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
07:19:49.0634 3844 arc - ok
07:19:49.0650 3844 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
07:19:49.0681 3844 arcsas - ok
07:19:49.0712 3844 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
07:19:49.0806 3844 AsyncMac - ok
07:19:49.0821 3844 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
07:19:49.0837 3844 atapi - ok
07:19:49.0899 3844 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
07:19:50.0009 3844 AudioEndpointBuilder - ok
07:19:50.0024 3844 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
07:19:50.0055 3844 AudioSrv - ok
07:19:50.0102 3844 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
07:19:50.0227 3844 AxInstSV - ok
07:19:50.0274 3844 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
07:19:50.0305 3844 b06bdrv - ok
07:19:50.0336 3844 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
07:19:50.0414 3844 b57nd60a - ok
07:19:50.0445 3844 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
07:19:50.0508 3844 BDESVC - ok
07:19:50.0523 3844 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
07:19:50.0601 3844 Beep - ok
07:19:50.0664 3844 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
07:19:50.0757 3844 BFE - ok
07:19:50.0835 3844 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
07:19:50.0976 3844 BITS - ok
07:19:51.0241 3844 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
07:19:51.0335 3844 blbdrive - ok
07:19:51.0428 3844 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
07:19:51.0459 3844 Bonjour Service - ok
07:19:51.0537 3844 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
07:19:51.0569 3844 bowser - ok
07:19:51.0584 3844 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:19:51.0631 3844 BrFiltLo - ok
07:19:51.0647 3844 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:19:51.0678 3844 BrFiltUp - ok
07:19:51.0740 3844 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
07:19:51.0834 3844 BridgeMP - ok
07:19:51.0865 3844 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
07:19:51.0927 3844 Browser - ok
07:19:51.0959 3844 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
07:19:52.0037 3844 Brserid - ok
07:19:52.0068 3844 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
07:19:52.0115 3844 BrSerWdm - ok
07:19:52.0130 3844 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:19:52.0177 3844 BrUsbMdm - ok
07:19:52.0193 3844 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
07:19:52.0224 3844 BrUsbSer - ok
07:19:52.0239 3844 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
07:19:52.0286 3844 BTHMODEM - ok
07:19:52.0317 3844 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
07:19:52.0364 3844 bthserv - ok
07:19:52.0411 3844 catchme - ok
07:19:52.0442 3844 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
07:19:52.0505 3844 cdfs - ok
07:19:52.0536 3844 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
07:19:52.0583 3844 cdrom - ok
07:19:52.0614 3844 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
07:19:52.0707 3844 CertPropSvc - ok
07:19:52.0723 3844 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
07:19:52.0770 3844 circlass - ok
07:19:52.0832 3844 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
07:19:52.0879 3844 CLFS - ok
07:19:52.0973 3844 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:19:53.0019 3844 clr_optimization_v2.0.50727_32 - ok
07:19:53.0097 3844 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:19:53.0144 3844 clr_optimization_v2.0.50727_64 - ok
07:19:53.0238 3844 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:19:53.0253 3844 clr_optimization_v4.0.30319_32 - ok
07:19:53.0347 3844 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:19:53.0363 3844 clr_optimization_v4.0.30319_64 - ok
07:19:53.0394 3844 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
07:19:53.0441 3844 CmBatt - ok
07:19:53.0456 3844 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
07:19:53.0487 3844 cmdide - ok
07:19:53.0565 3844 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
07:19:53.0643 3844 CNG - ok
07:19:53.0659 3844 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
07:19:53.0675 3844 Compbatt - ok
07:19:53.0721 3844 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
07:19:53.0768 3844 CompositeBus - ok
07:19:53.0768 3844 COMSysApp - ok
07:19:53.0784 3844 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
07:19:53.0799 3844 crcdisk - ok
07:19:53.0924 3844 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\Windows\SysWOW64\CTsvcCDA.exe
07:19:53.0955 3844 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning
07:19:53.0955 3844 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)
07:19:53.0987 3844 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
07:19:54.0065 3844 CryptSvc - ok
07:19:54.0143 3844 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
07:19:54.0189 3844 CSC - ok
07:19:54.0267 3844 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
07:19:54.0330 3844 CscService - ok
07:19:54.0377 3844 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
07:19:54.0455 3844 DcomLaunch - ok
07:19:54.0486 3844 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
07:19:54.0564 3844 defragsvc - ok
07:19:54.0657 3844 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
07:19:54.0751 3844 DfsC - ok
07:19:54.0782 3844 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
07:19:54.0860 3844 Dhcp - ok
07:19:54.0907 3844 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
07:19:55.0001 3844 discache - ok
07:19:55.0032 3844 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
07:19:55.0079 3844 Disk - ok
07:19:55.0125 3844 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
07:19:55.0188 3844 Dnscache - ok
07:19:55.0235 3844 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
07:19:55.0297 3844 dot3svc - ok
07:19:55.0344 3844 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
07:19:55.0422 3844 DPS - ok
07:19:55.0453 3844 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
07:19:55.0484 3844 drmkaud - ok
07:19:55.0547 3844 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
07:19:55.0578 3844 dtsoftbus01 - ok
07:19:55.0687 3844 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
07:19:55.0765 3844 DXGKrnl - ok
07:19:55.0812 3844 eamonm (aca3fe4f18a945b7bf2618a79f6f670b) C:\Windows\system32\DRIVERS\eamonm.sys
07:19:55.0843 3844 eamonm - ok
07:19:55.0874 3844 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
07:19:55.0952 3844 EapHost - ok
07:19:56.0139 3844 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
07:19:56.0327 3844 ebdrv - ok
07:19:56.0467 3844 efavdrv - ok
07:19:56.0514 3844 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
07:19:56.0561 3844 EFS - ok
07:19:56.0623 3844 ehdrv (6672438bdcbfd87250d22112d458294d) C:\Windows\system32\DRIVERS\ehdrv.sys
07:19:56.0685 3844 ehdrv - ok
07:19:56.0795 3844 EhttpSrv (deb2b067745d92ff17a5068dfd2360bc) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
07:19:56.0810 3844 EhttpSrv - ok
07:19:56.0904 3844 ekrn (191d8eccc40f05b52fac0513f35ba01d) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
07:19:56.0951 3844 ekrn - ok
07:19:57.0013 3844 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
07:19:57.0060 3844 elxstor - ok
07:19:57.0122 3844 epfwwfpr (954fade8e59f159b0a71d0cfcc99a76e) C:\Windows\system32\DRIVERS\epfwwfpr.sys
07:19:57.0169 3844 epfwwfpr - ok
07:19:57.0200 3844 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
07:19:57.0247 3844 ErrDev - ok
07:19:57.0309 3844 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
07:19:57.0387 3844 EventSystem - ok
07:19:57.0403 3844 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
07:19:57.0497 3844 exfat - ok
07:19:57.0512 3844 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
07:19:57.0606 3844 fastfat - ok
07:19:57.0653 3844 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
07:19:57.0715 3844 Fax - ok
07:19:57.0731 3844 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
07:19:57.0777 3844 fdc - ok
07:19:57.0793 3844 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
07:19:57.0840 3844 fdPHost - ok
07:19:57.0840 3844 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
07:19:57.0887 3844 FDResPub - ok
07:19:57.0933 3844 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
07:19:57.0965 3844 FileInfo - ok
07:19:57.0980 3844 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
07:19:58.0043 3844 Filetrace - ok
07:19:58.0074 3844 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
07:19:58.0074 3844 flpydisk - ok
07:19:58.0121 3844 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
07:19:58.0152 3844 FltMgr - ok
07:19:58.0230 3844 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
07:19:58.0339 3844 FontCache - ok
07:19:58.0448 3844 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:19:58.0464 3844 FontCache3.0.0.0 - ok
07:19:58.0542 3844 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
07:19:58.0589 3844 FsDepends - ok
07:19:58.0651 3844 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
07:19:58.0682 3844 Fs_Rec - ok
07:19:58.0745 3844 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
07:19:58.0776 3844 fvevol - ok
07:19:58.0791 3844 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
07:19:58.0854 3844 gagp30kx - ok
07:19:58.0885 3844 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:19:58.0885 3844 GEARAspiWDM - ok
07:19:58.0963 3844 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
07:19:59.0041 3844 gpsvc - ok
07:19:59.0181 3844 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:19:59.0181 3844 gupdate - ok
07:19:59.0213 3844 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:19:59.0213 3844 gupdatem - ok
07:19:59.0291 3844 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
07:19:59.0337 3844 hamachi - ok
07:19:59.0525 3844 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
07:19:59.0634 3844 Hamachi2Svc - ok
07:19:59.0774 3844 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
07:19:59.0821 3844 hcw85cir - ok
07:19:59.0899 3844 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
07:19:59.0930 3844 HdAudAddService - ok
07:20:00.0008 3844 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
07:20:00.0055 3844 HDAudBus - ok
07:20:00.0071 3844 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
07:20:00.0133 3844 HidBatt - ok
07:20:00.0149 3844 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
07:20:00.0227 3844 HidBth - ok
07:20:00.0258 3844 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
07:20:00.0320 3844 HidIr - ok
07:20:00.0383 3844 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
07:20:00.0461 3844 hidserv - ok
07:20:00.0476 3844 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
07:20:00.0507 3844 HidUsb - ok
07:20:00.0539 3844 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
07:20:00.0601 3844 hkmsvc - ok
07:20:00.0632 3844 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
07:20:00.0695 3844 HomeGroupListener - ok
07:20:00.0741 3844 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
07:20:00.0788 3844 HomeGroupProvider - ok
07:20:00.0819 3844 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
07:20:00.0851 3844 HpSAMD - ok
07:20:00.0929 3844 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
07:20:01.0022 3844 HTTP - ok
07:20:01.0085 3844 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
07:20:01.0131 3844 hwpolicy - ok
07:20:01.0163 3844 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
07:20:01.0225 3844 i8042prt - ok
07:20:01.0272 3844 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
07:20:01.0319 3844 iaStorV - ok
07:20:01.0459 3844 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:20:01.0521 3844 idsvc - ok
07:20:02.0067 3844 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
07:20:02.0520 3844 igfx - ok
07:20:02.0676 3844 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
07:20:02.0691 3844 iirsp - ok
07:20:02.0785 3844 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
07:20:02.0879 3844 IKEEXT - ok
07:20:02.0894 3844 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
07:20:02.0910 3844 intelide - ok
07:20:02.0925 3844 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
07:20:02.0988 3844 intelppm - ok
07:20:03.0113 3844 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
07:20:03.0128 3844 IntuitUpdateServiceV4 - ok
07:20:03.0159 3844 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
07:20:03.0253 3844 IPBusEnum - ok
07:20:03.0269 3844 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:20:03.0347 3844 IpFilterDriver - ok
07:20:03.0409 3844 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
07:20:03.0487 3844 iphlpsvc - ok
07:20:03.0518 3844 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
07:20:03.0565 3844 IPMIDRV - ok
07:20:03.0596 3844 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
07:20:03.0690 3844 IPNAT - ok
07:20:03.0815 3844 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
07:20:03.0861 3844 iPod Service - ok
07:20:03.0877 3844 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
07:20:03.0908 3844 IRENUM - ok
07:20:03.0939 3844 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
07:20:03.0955 3844 isapnp - ok
07:20:03.0986 3844 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
07:20:04.0017 3844 iScsiPrt - ok
07:20:04.0033 3844 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
07:20:04.0064 3844 kbdclass - ok
07:20:04.0095 3844 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
07:20:04.0142 3844 kbdhid - ok
07:20:04.0158 3844 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:20:04.0173 3844 KeyIso - ok
07:20:04.0220 3844 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
07:20:04.0251 3844 KSecDD - ok
07:20:04.0283 3844 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
07:20:04.0345 3844 KSecPkg - ok
07:20:04.0376 3844 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
07:20:04.0439 3844 ksthunk - ok
07:20:04.0485 3844 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
07:20:04.0563 3844 KtmRm - ok
07:20:04.0595 3844 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
07:20:04.0657 3844 LanmanServer - ok
07:20:04.0688 3844 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
07:20:04.0766 3844 LanmanWorkstation - ok
07:20:04.0782 3844 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
07:20:04.0860 3844 lltdio - ok
07:20:04.0907 3844 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
07:20:04.0953 3844 lltdsvc - ok
07:20:04.0969 3844 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
07:20:05.0000 3844 lmhosts - ok
07:20:05.0078 3844 LMIGuardianSvc (d55a7d0553c7102f63872936c7a9d9db) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
07:20:05.0109 3844 LMIGuardianSvc - ok
07:20:05.0125 3844 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
07:20:05.0156 3844 LMIInfo - ok
07:20:05.0187 3844 LMIMaint (a7d256c8847df6e88bddb55f87e54f46) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
07:20:05.0203 3844 LMIMaint - ok
07:20:05.0250 3844 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
07:20:05.0281 3844 lmimirr - ok
07:20:05.0297 3844 LMIRfsClientNP - ok
07:20:05.0312 3844 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
07:20:05.0343 3844 LMIRfsDriver - ok
07:20:05.0375 3844 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
07:20:05.0390 3844 LogMeIn - ok
07:20:05.0437 3844 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
07:20:05.0484 3844 LSI_FC - ok
07:20:05.0515 3844 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
07:20:05.0546 3844 LSI_SAS - ok
07:20:05.0562 3844 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:20:05.0609 3844 LSI_SAS2 - ok
07:20:05.0624 3844 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:20:05.0671 3844 LSI_SCSI - ok
07:20:05.0702 3844 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
07:20:05.0780 3844 luafv - ok
07:20:05.0796 3844 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
07:20:05.0827 3844 megasas - ok
07:20:05.0858 3844 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
07:20:05.0889 3844 MegaSR - ok
07:20:05.0999 3844 Microsoft SharePoint Workspace Audit Service - ok
07:20:06.0030 3844 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
07:20:06.0108 3844 MMCSS - ok
07:20:06.0123 3844 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
07:20:06.0170 3844 Modem - ok
07:20:06.0201 3844 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
07:20:06.0248 3844 monitor - ok
07:20:06.0279 3844 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
07:20:06.0311 3844 mouclass - ok
07:20:06.0326 3844 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
07:20:06.0357 3844 mouhid - ok
07:20:06.0404 3844 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
07:20:06.0435 3844 mountmgr - ok
07:20:06.0467 3844 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
07:20:06.0513 3844 mpio - ok
07:20:06.0529 3844 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
07:20:06.0591 3844 mpsdrv - ok
07:20:06.0669 3844 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
07:20:06.0779 3844 MpsSvc - ok
07:20:06.0810 3844 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
07:20:06.0857 3844 MRxDAV - ok
07:20:06.0935 3844 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:20:06.0981 3844 mrxsmb - ok
07:20:07.0044 3844 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:20:07.0091 3844 mrxsmb10 - ok
07:20:07.0106 3844 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:20:07.0137 3844 mrxsmb20 - ok
07:20:07.0169 3844 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
07:20:07.0200 3844 msahci - ok
07:20:07.0231 3844 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
07:20:07.0278 3844 msdsm - ok
07:20:07.0325 3844 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
07:20:07.0371 3844 MSDTC - ok
07:20:07.0434 3844 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
07:20:07.0496 3844 Msfs - ok
07:20:07.0512 3844 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
07:20:07.0543 3844 mshidkmdf - ok
07:20:07.0574 3844 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
07:20:07.0590 3844 msisadrv - ok
07:20:07.0637 3844 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
07:20:07.0715 3844 MSiSCSI - ok
07:20:07.0715 3844 msiserver - ok
07:20:07.0730 3844 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
07:20:07.0808 3844 MSKSSRV - ok
07:20:07.0824 3844 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
07:20:07.0871 3844 MSPCLOCK - ok
07:20:07.0886 3844 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
07:20:07.0933 3844 MSPQM - ok
07:20:07.0980 3844 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
07:20:08.0011 3844 MsRPC - ok
07:20:08.0027 3844 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
07:20:08.0042 3844 mssmbios - ok
07:20:08.0058 3844 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
07:20:08.0136 3844 MSTEE - ok
07:20:08.0151 3844 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
07:20:08.0167 3844 MTConfig - ok
07:20:08.0214 3844 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
07:20:08.0276 3844 MTsensor - ok
07:20:08.0292 3844 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
07:20:08.0354 3844 Mup - ok
07:20:08.0401 3844 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
07:20:08.0479 3844 napagent - ok
07:20:08.0510 3844 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
07:20:08.0573 3844 NativeWifiP - ok
07:20:08.0682 3844 NAUpdate (e4534bccdd1ea7a7a256bb9d6688a5fc) C:\Program Files (x86)\Nero\Update\NASvc.exe
07:20:08.0713 3844 NAUpdate - ok
07:20:08.0775 3844 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
07:20:08.0853 3844 NDIS - ok
07:20:08.0853 3844 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
07:20:08.0900 3844 NdisCap - ok
07:20:08.0916 3844 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
07:20:08.0947 3844 NdisTapi - ok
07:20:08.0994 3844 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
07:20:09.0087 3844 Ndisuio - ok
07:20:09.0119 3844 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
07:20:09.0197 3844 NdisWan - ok
07:20:09.0228 3844 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
07:20:09.0321 3844 NDProxy - ok
07:20:09.0321 3844 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
07:20:09.0384 3844 NetBIOS - ok
07:20:09.0446 3844 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
07:20:09.0540 3844 NetBT - ok
07:20:09.0555 3844 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:20:09.0571 3844 Netlogon - ok
07:20:09.0618 3844 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
07:20:09.0680 3844 Netman - ok
07:20:09.0727 3844 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
07:20:09.0805 3844 netprofm - ok
07:20:09.0914 3844 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:20:09.0945 3844 NetTcpPortSharing - ok
07:20:09.0977 3844 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
07:20:10.0055 3844 nfrd960 - ok
07:20:10.0086 3844 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
07:20:10.0164 3844 NlaSvc - ok
07:20:10.0179 3844 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
07:20:10.0211 3844 Npfs - ok
07:20:10.0242 3844 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
07:20:10.0304 3844 nsi - ok
07:20:10.0320 3844 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
07:20:10.0382 3844 nsiproxy - ok
07:20:10.0507 3844 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
07:20:10.0601 3844 Ntfs - ok
07:20:10.0725 3844 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
07:20:10.0819 3844 Null - ok
07:20:11.0349 3844 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:20:11.0802 3844 nvlddmkm - ok
07:20:11.0895 3844 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
07:20:11.0942 3844 nvraid - ok
07:20:11.0989 3844 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
07:20:12.0067 3844 nvstor - ok
07:20:12.0098 3844 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
07:20:12.0161 3844 nv_agp - ok
07:20:12.0192 3844 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
07:20:12.0254 3844 ohci1394 - ok
07:20:12.0348 3844 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:20:12.0379 3844 ose - ok
07:20:12.0707 3844 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
07:20:12.0910 3844 osppsvc - ok
07:20:13.0050 3844 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
07:20:13.0112 3844 p2pimsvc - ok
07:20:13.0159 3844 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
07:20:13.0206 3844 p2psvc - ok
07:20:13.0268 3844 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
07:20:13.0331 3844 Parport - ok
07:20:13.0378 3844 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
07:20:13.0409 3844 partmgr - ok
07:20:13.0424 3844 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
07:20:13.0487 3844 PcaSvc - ok
07:20:13.0534 3844 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
07:20:13.0612 3844 pci - ok
07:20:13.0627 3844 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
07:20:13.0643 3844 pciide - ok
07:20:13.0674 3844 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
07:20:13.0705 3844 pcmcia - ok
07:20:13.0736 3844 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
07:20:13.0768 3844 pcw - ok
07:20:13.0814 3844 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
07:20:13.0924 3844 PEAUTH - ok
07:20:13.0986 3844 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
07:20:14.0095 3844 PeerDistSvc - ok
07:20:14.0189 3844 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
07:20:14.0220 3844 PerfHost - ok
07:20:14.0392 3844 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
07:20:14.0516 3844 pla - ok
07:20:14.0563 3844 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
07:20:14.0626 3844 PlugPlay - ok
07:20:14.0657 3844 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
07:20:14.0688 3844 PNRPAutoReg - ok
07:20:14.0719 3844 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
07:20:14.0750 3844 PNRPsvc - ok
07:20:14.0813 3844 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
07:20:14.0891 3844 PolicyAgent - ok
07:20:14.0922 3844 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
07:20:15.0016 3844 Power - ok
07:20:15.0125 3844 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
07:20:15.0281 3844 PptpMiniport - ok
07:20:15.0312 3844 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
07:20:15.0468 3844 Processor - ok
07:20:15.0640 3844 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
07:20:15.0718 3844 ProfSvc - ok
07:20:15.0749 3844 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:20:15.0764 3844 ProtectedStorage - ok
07:20:15.0796 3844 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
07:20:15.0842 3844 Psched - ok
07:20:15.0936 3844 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
07:20:16.0030 3844 ql2300 - ok
07:20:16.0170 3844 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
07:20:16.0217 3844 ql40xx - ok
07:20:16.0248 3844 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
07:20:16.0295 3844 QWAVE - ok
07:20:16.0310 3844 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
07:20:16.0357 3844 QWAVEdrv - ok
07:20:16.0373 3844 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
07:20:16.0435 3844 RasAcd - ok
07:20:16.0466 3844 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:20:16.0544 3844 RasAgileVpn - ok
07:20:16.0560 3844 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
07:20:16.0622 3844 RasAuto - ok
07:20:16.0669 3844 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:20:16.0794 3844 Rasl2tp - ok
07:20:16.0841 3844 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
07:20:16.0872 3844 RasMan - ok
07:20:16.0919 3844 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
07:20:16.0997 3844 RasPppoe - ok
07:20:17.0028 3844 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
07:20:17.0122 3844 RasSstp - ok
07:20:17.0184 3844 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
07:20:17.0278 3844 rdbss - ok
07:20:17.0309 3844 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
07:20:17.0356 3844 rdpbus - ok
07:20:17.0371 3844 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:20:17.0402 3844 RDPCDD - ok
07:20:17.0465 3844 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
07:20:17.0543 3844 RDPDR - ok
07:20:17.0558 3844 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
07:20:17.0605 3844 RDPENCDD - ok
07:20:17.0621 3844 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
07:20:17.0652 3844 RDPREFMP - ok
07:20:17.0699 3844 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
07:20:17.0761 3844 RdpVideoMiniport - ok
07:20:17.0808 3844 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
07:20:17.0870 3844 RDPWD - ok
07:20:17.0917 3844 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
07:20:17.0964 3844 rdyboost - ok
07:20:17.0995 3844 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
07:20:18.0104 3844 RemoteAccess - ok
07:20:18.0136 3844 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
07:20:18.0214 3844 RemoteRegistry - ok
07:20:18.0229 3844 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
07:20:18.0307 3844 RpcEptMapper - ok
07:20:18.0338 3844 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
07:20:18.0338 3844 RpcLocator - ok
07:20:18.0401 3844 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
07:20:18.0463 3844 RpcSs - ok
07:20:18.0510 3844 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
07:20:18.0588 3844 rspndr - ok
07:20:18.0635 3844 RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) C:\Windows\system32\DRIVERS\Rt64win7.sys
07:20:18.0682 3844 RTL8167 - ok
07:20:18.0713 3844 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
07:20:18.0744 3844 s3cap - ok
07:20:18.0775 3844 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:20:18.0791 3844 SamSs - ok
07:20:18.0838 3844 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
07:20:18.0900 3844 sbp2port - ok
07:20:18.0931 3844 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
07:20:18.0994 3844 SCardSvr - ok
07:20:19.0009 3844 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
07:20:19.0056 3844 scfilter - ok
07:20:19.0150 3844 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
07:20:19.0243 3844 Schedule - ok
07:20:19.0274 3844 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
07:20:19.0321 3844 SCPolicySvc - ok
07:20:19.0368 3844 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
07:20:19.0430 3844 SDRSVC - ok
07:20:19.0540 3844 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
07:20:19.0633 3844 secdrv - ok
07:20:19.0649 3844 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
07:20:19.0727 3844 seclogon - ok
07:20:19.0742 3844 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
07:20:19.0820 3844 SENS - ok
07:20:19.0836 3844 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
07:20:19.0867 3844 SensrSvc - ok
07:20:19.0883 3844 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
07:20:19.0930 3844 Serenum - ok
07:20:19.0945 3844 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
07:20:20.0023 3844 Serial - ok
07:20:20.0054 3844 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
07:20:20.0117 3844 sermouse - ok
07:20:20.0164 3844 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
07:20:20.0242 3844 SessionEnv - ok
07:20:20.0273 3844 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
07:20:20.0320 3844 sffdisk - ok
07:20:20.0351 3844 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
07:20:20.0382 3844 sffp_mmc - ok
07:20:20.0413 3844 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
07:20:20.0444 3844 sffp_sd - ok
07:20:20.0476 3844 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
07:20:20.0507 3844 sfloppy - ok
07:20:20.0569 3844 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
07:20:20.0663 3844 SharedAccess - ok
07:20:20.0725 3844 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
07:20:20.0788 3844 ShellHWDetection - ok
07:20:20.0803 3844 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:20:20.0850 3844 SiSRaid2 - ok
07:20:20.0850 3844 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
07:20:20.0897 3844 SiSRaid4 - ok
07:20:20.0912 3844 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
07:20:20.0990 3844 Smb - ok
07:20:21.0053 3844 snapman (10450f432811d7fda60a97fcc674d7b2) C:\Windows\system32\DRIVERS\snapman.sys
07:20:21.0100 3844 snapman - ok
07:20:21.0131 3844 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
07:20:21.0162 3844 SNMPTRAP - ok
07:20:21.0193 3844 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
07:20:21.0224 3844 spldr - ok
07:20:21.0287 3844 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
07:20:21.0334 3844 Spooler - ok
07:20:21.0536 3844 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
07:20:21.0692 3844 sppsvc - ok
07:20:21.0802 3844 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
07:20:21.0895 3844 sppuinotify - ok
07:20:21.0989 3844 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
07:20:22.0067 3844 srv - ok
07:20:22.0098 3844 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
07:20:22.0145 3844 srv2 - ok
07:20:22.0176 3844 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
07:20:22.0223 3844 srvnet - ok
07:20:22.0254 3844 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
07:20:22.0301 3844 SSDPSRV - ok
07:20:22.0316 3844 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
07:20:22.0363 3844 SstpSvc - ok
07:20:22.0394 3844 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
07:20:22.0394 3844 stexstor - ok
07:20:22.0457 3844 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
07:20:22.0519 3844 stisvc - ok
07:20:22.0566 3844 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
07:20:22.0597 3844 storflt - ok
07:20:22.0613 3844 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
07:20:22.0628 3844 storvsc - ok
07:20:22.0675 3844 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
07:20:22.0706 3844 swenum - ok
07:20:22.0738 3844 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
07:20:22.0816 3844 swprv - ok
07:20:22.0831 3844 Synth3dVsc - ok
07:20:22.0940 3844 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
07:20:23.0034 3844 SysMain - ok
07:20:23.0159 3844 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
07:20:23.0206 3844 TabletInputService - ok
07:20:23.0284 3844 TabletServicePen - ok
07:20:23.0330 3844 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
07:20:23.0408 3844 TapiSrv - ok
07:20:23.0440 3844 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
07:20:23.0502 3844 TBS - ok
07:20:23.0674 3844 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
07:20:23.0783 3844 Tcpip - ok
07:20:23.0970 3844 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
07:20:24.0017 3844 TCPIP6 - ok
07:20:24.0095 3844 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
07:20:24.0173 3844 tcpipreg - ok
07:20:24.0220 3844 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
07:20:24.0266 3844 TDPIPE - ok
07:20:24.0376 3844 tdrpman273 (99527d49ee0a96fc25537c61b270a372) C:\Windows\system32\DRIVERS\tdrpm273.sys
07:20:24.0438 3844 tdrpman273 - ok
07:20:24.0485 3844 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
07:20:24.0500 3844 TDTCP - ok
07:20:24.0547 3844 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
07:20:24.0625 3844 tdx - ok
07:20:24.0672 3844 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
07:20:24.0719 3844 TermDD - ok
07:20:24.0766 3844 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
07:20:24.0859 3844 TermService - ok
07:20:24.0890 3844 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
07:20:24.0922 3844 Themes - ok
07:20:24.0953 3844 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
07:20:25.0015 3844 THREADORDER - ok
07:20:25.0078 3844 timounter (ebbaea02f0095a798000c7e06b16d41b) C:\Windows\system32\DRIVERS\timntr.sys
07:20:25.0140 3844 timounter - ok
07:20:25.0171 3844 TouchServicePen - ok
07:20:25.0187 3844 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
07:20:25.0249 3844 TrkWks - ok
07:20:25.0312 3844 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
07:20:25.0390 3844 TrustedInstaller - ok
07:20:25.0421 3844 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:20:25.0468 3844 tssecsrv - ok
07:20:25.0514 3844 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
07:20:25.0624 3844 TsUsbFlt - ok
07:20:25.0624 3844 tsusbhub - ok
07:20:25.0670 3844 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
07:20:25.0764 3844 tunnel - ok
07:20:25.0795 3844 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
07:20:25.0842 3844 uagp35 - ok
07:20:25.0889 3844 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
07:20:25.0967 3844 udfs - ok
07:20:25.0982 3844 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
07:20:26.0029 3844 UI0Detect - ok
07:20:26.0060 3844 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
07:20:26.0123 3844 uliagpkx - ok
07:20:26.0154 3844 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
07:20:26.0216 3844 umbus - ok
07:20:26.0232 3844 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
07:20:26.0279 3844 UmPass - ok
07:20:26.0310 3844 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
07:20:26.0357 3844 UmRdpService - ok
07:20:26.0404 3844 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
07:20:26.0482 3844 upnphost - ok
07:20:26.0528 3844 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
07:20:26.0606 3844 USBAAPL64 - ok
07:20:26.0653 3844 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
07:20:26.0716 3844 usbccgp - ok
07:20:26.0747 3844 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
07:20:26.0778 3844 usbcir - ok
07:20:26.0840 3844 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
07:20:26.0918 3844 usbehci - ok
07:20:26.0950 3844 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
07:20:27.0012 3844 usbhub - ok
07:20:27.0028 3844 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
07:20:27.0059 3844 usbohci - ok
07:20:27.0106 3844 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
07:20:27.0152 3844 usbprint - ok
07:20:27.0184 3844 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
07:20:27.0215 3844 usbscan - ok
07:20:27.0262 3844 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:20:27.0418 3844 USBSTOR - ok
07:20:27.0496 3844 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
07:20:27.0652 3844 usbuhci - ok
07:20:27.0667 3844 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
07:20:27.0745 3844 UxSms - ok
07:20:27.0776 3844 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:20:27.0792 3844 VaultSvc - ok
07:20:27.0839 3844 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
07:20:27.0854 3844 vdrvroot - ok
07:20:27.0917 3844 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
07:20:27.0964 3844 vds - ok
07:20:28.0010 3844 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
07:20:28.0042 3844 vga - ok
07:20:28.0042 3844 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
07:20:28.0120 3844 VgaSave - ok
07:20:28.0120 3844 VGPU - ok
07:20:28.0166 3844 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
07:20:28.0229 3844 vhdmp - ok
07:20:28.0244 3844 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
07:20:28.0291 3844 viaide - ok
07:20:28.0322 3844 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
07:20:28.0354 3844 vmbus - ok
07:20:28.0369 3844 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
07:20:28.0416 3844 VMBusHID - ok
07:20:28.0432 3844 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
07:20:28.0494 3844 volmgr - ok
07:20:28.0572 3844 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
07:20:28.0603 3844 volmgrx - ok
07:20:28.0634 3844 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
07:20:28.0666 3844 volsnap - ok
07:20:28.0712 3844 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
07:20:28.0759 3844 vpcbus - ok
07:20:28.0822 3844 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
07:20:28.0884 3844 vpcnfltr - ok
07:20:28.0884 3844 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
07:20:28.0962 3844 vpcusb - ok
07:20:29.0009 3844 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
07:20:29.0040 3844 vpcvmm - ok
07:20:29.0087 3844 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
07:20:29.0118 3844 vsmraid - ok
07:20:29.0227 3844 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
07:20:29.0383 3844 VSS - ok
07:20:29.0508 3844 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
07:20:29.0555 3844 vwifibus - ok
07:20:29.0617 3844 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
07:20:29.0664 3844 W32Time - ok
07:20:29.0680 3844 wacmoumonitor - ok
07:20:29.0680 3844 wacommousefilter - ok
07:20:29.0711 3844 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
07:20:29.0726 3844 WacomPen - ok
07:20:29.0726 3844 wacomvhid - ok
07:20:29.0773 3844 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:20:29.0851 3844 WANARP - ok
07:20:29.0851 3844 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:20:29.0882 3844 Wanarpv6 - ok
07:20:29.0976 3844 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
07:20:30.0085 3844 WatAdminSvc - ok
07:20:30.0179 3844 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
07:20:30.0319 3844 wbengine - ok
07:20:30.0444 3844 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
07:20:30.0506 3844 WbioSrvc - ok
07:20:30.0553 3844 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
07:20:30.0600 3844 wcncsvc - ok
07:20:30.0600 3844 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
07:20:30.0647 3844 WcsPlugInService - ok
07:20:30.0709 3844 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
07:20:30.0725 3844 Wd - ok
07:20:30.0787 3844 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
07:20:30.0834 3844 Wdf01000 - ok
07:20:30.0850 3844 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
07:20:31.0021 3844 WdiServiceHost - ok
07:20:31.0021 3844 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
07:20:31.0037 3844 WdiSystemHost - ok
07:20:31.0084 3844 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
07:20:31.0130 3844 WebClient - ok
07:20:31.0162 3844 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
07:20:31.0240 3844 Wecsvc - ok
07:20:31.0271 3844 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
07:20:31.0349 3844 wercplsupport - ok
07:20:31.0364 3844 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
07:20:31.0396 3844 WerSvc - ok
07:20:31.0505 3844 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
07:20:31.0583 3844 WfpLwf - ok
07:20:31.0598 3844 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
07:20:31.0614 3844 WIMMount - ok
07:20:31.0645 3844 WinDefend - ok
07:20:31.0645 3844 WinHttpAutoProxySvc - ok
07:20:31.0754 3844 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
07:20:31.0848 3844 Winmgmt - ok
07:20:31.0957 3844 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
07:20:32.0082 3844 WinRM - ok
07:20:32.0254 3844 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
07:20:32.0300 3844 WinUsb - ok
07:20:32.0378 3844 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
07:20:32.0456 3844 Wlansvc - ok
07:20:32.0737 3844 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:20:32.0846 3844 wlidsvc - ok
07:20:33.0002 3844 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
07:20:33.0065 3844 WmiAcpi - ok
07:20:33.0158 3844 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
07:20:33.0190 3844 wmiApSrv - ok
07:20:33.0221 3844 WMPNetworkSvc - ok
07:20:33.0252 3844 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
07:20:33.0299 3844 WPCSvc - ok
07:20:33.0330 3844 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
07:20:33.0377 3844 WPDBusEnum - ok
07:20:33.0408 3844 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
07:20:33.0455 3844 ws2ifsl - ok
07:20:33.0486 3844 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
07:20:33.0517 3844 wscsvc - ok
07:20:33.0533 3844 WSearch - ok
07:20:33.0673 3844 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
07:20:33.0829 3844 wuauserv - ok
07:20:33.0985 3844 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
07:20:34.0094 3844 WudfPf - ok
07:20:34.0126 3844 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:20:34.0204 3844 WUDFRd - ok
07:20:34.0235 3844 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
07:20:34.0313 3844 wudfsvc - ok
07:20:34.0344 3844 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
07:20:34.0391 3844 WwanSvc - ok
07:20:34.0406 3844 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
07:20:34.0796 3844 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
07:20:34.0796 3844 \Device\Harddisk0\DR0 - detected TDSS File System (1)
07:20:34.0796 3844 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
07:20:34.0843 3844 \Device\Harddisk1\DR1 - ok
07:20:34.0843 3844 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
07:20:34.0921 3844 \Device\Harddisk2\DR2 - ok
07:20:34.0921 3844 Boot (0x1200) (7615a7af663135034c0d2ae89899d022) \Device\Harddisk0\DR0\Partition0
07:20:34.0921 3844 \Device\Harddisk0\DR0\Partition0 - ok
07:20:34.0921 3844 Boot (0x1200) (0c06356ac56fad3ecdf1dcd065c02be8) \Device\Harddisk1\DR1\Partition0
07:20:34.0921 3844 \Device\Harddisk1\DR1\Partition0 - ok
07:20:34.0937 3844 Boot (0x1200) (f41fe51333635436d35ba3e2e44726a0) \Device\Harddisk1\DR1\Partition1
07:20:34.0937 3844 \Device\Harddisk1\DR1\Partition1 - ok
07:20:34.0968 3844 Boot (0x1200) (d64e32350b8a4da731cc04d33699a813) \Device\Harddisk1\DR1\Partition2
07:20:34.0968 3844 \Device\Harddisk1\DR1\Partition2 - ok
07:20:34.0968 3844 Boot (0x1200) (a508802763d70d8bb15bcf88ae023301) \Device\Harddisk2\DR2\Partition0
07:20:34.0968 3844 \Device\Harddisk2\DR2\Partition0 - ok
07:20:34.0999 3844 ============================================================
07:20:34.0999 3844 Scan finished
07:20:34.0999 3844 ============================================================
07:20:35.0046 3348 Detected object count: 2
07:20:35.0046 3348 Actual detected object count: 2
07:20:40.0178 3348 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user
07:20:40.0178 3348 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:20:40.0178 3348 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
07:20:40.0178 3348 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
07:21:13.0959 6048 ============================================================
07:21:13.0959 6048 Scan started
07:21:13.0959 6048 Mode: Manual; SigCheck; TDLFS;
07:21:13.0959 6048 ============================================================
07:21:14.0645 6048 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
07:21:14.0677 6048 1394ohci - ok
07:21:14.0723 6048 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
07:21:14.0755 6048 ACPI - ok
07:21:14.0786 6048 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
07:21:14.0817 6048 AcpiPmi - ok
07:21:14.0957 6048 AcrSch2Svc (2fa64c2e62f1b30e2ff70578b9babdcd) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
07:21:14.0989 6048 AcrSch2Svc - ok
07:21:15.0067 6048 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
07:21:15.0082 6048 AdobeARMservice - ok
07:21:15.0129 6048 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
07:21:15.0176 6048 adp94xx - ok
07:21:15.0207 6048 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
07:21:15.0238 6048 adpahci - ok
07:21:15.0269 6048 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
07:21:15.0285 6048 adpu320 - ok
07:21:15.0316 6048 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
07:21:15.0347 6048 AeLookupSvc - ok
07:21:15.0379 6048 afcdp (ae1fce2cd1e99bea89183ba8cd320872) C:\Windows\system32\DRIVERS\afcdp.sys
07:21:15.0410 6048 afcdp - ok
07:21:15.0691 6048 afcdpsrv (af44f7e027037628f1fac3c13cde73e6) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
07:21:15.0753 6048 afcdpsrv - ok
07:21:15.0940 6048 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
07:21:15.0971 6048 AFD - ok
07:21:16.0003 6048 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
07:21:16.0018 6048 agp440 - ok
07:21:16.0034 6048 AirPrint - ok
07:21:16.0065 6048 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
07:21:16.0081 6048 ALG - ok
07:21:16.0096 6048 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
07:21:16.0096 6048 aliide - ok
07:21:16.0112 6048 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
07:21:16.0112 6048 amdide - ok
07:21:16.0143 6048 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
07:21:16.0174 6048 AmdK8 - ok
07:21:16.0190 6048 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
07:21:16.0221 6048 AmdPPM - ok
07:21:16.0252 6048 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
07:21:16.0268 6048 amdsata - ok
07:21:16.0283 6048 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
07:21:16.0299 6048 amdsbs - ok
07:21:16.0315 6048 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
07:21:16.0330 6048 amdxata - ok
07:21:16.0361 6048 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
07:21:16.0408 6048 AppID - ok
07:21:16.0424 6048 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
07:21:16.0455 6048 AppIDSvc - ok
07:21:16.0486 6048 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
07:21:16.0517 6048 Appinfo - ok
07:21:16.0595 6048 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:21:16.0611 6048 Apple Mobile Device - ok
07:21:16.0642 6048 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
07:21:16.0658 6048 AppMgmt - ok
07:21:16.0673 6048 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
07:21:16.0689 6048 arc - ok
07:21:16.0705 6048 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
07:21:16.0720 6048 arcsas - ok
07:21:16.0736 6048 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
07:21:16.0767 6048 AsyncMac - ok
07:21:16.0798 6048 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
07:21:16.0814 6048 atapi - ok
07:21:16.0876 6048 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
07:21:16.0939 6048 AudioEndpointBuilder - ok
07:21:16.0939 6048 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
07:21:16.0970 6048 AudioSrv - ok
07:21:17.0001 6048 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
07:21:17.0017 6048 AxInstSV - ok
07:21:17.0048 6048 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
07:21:17.0063 6048 b06bdrv - ok
07:21:17.0095 6048 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
07:21:17.0110 6048 b57nd60a - ok
07:21:17.0157 6048 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
07:21:17.0173 6048 BDESVC - ok
07:21:17.0204 6048 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
07:21:17.0235 6048 Beep - ok
07:21:17.0297 6048 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
07:21:17.0344 6048 BFE - ok
07:21:17.0391 6048 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
07:21:17.0438 6048 BITS - ok
07:21:17.0500 6048 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
07:21:17.0531 6048 blbdrive - ok
07:21:17.0609 6048 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
07:21:17.0641 6048 Bonjour Service - ok
07:21:17.0672 6048 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
07:21:17.0672 6048 bowser - ok
07:21:17.0703 6048 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:21:17.0719 6048 BrFiltLo - ok
07:21:17.0719 6048 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:21:17.0734 6048 BrFiltUp - ok
07:21:17.0750 6048 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
07:21:17.0781 6048 BridgeMP - ok
07:21:17.0812 6048 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
07:21:17.0843 6048 Browser - ok
07:21:17.0875 6048 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
07:21:17.0890 6048 Brserid - ok
07:21:17.0906 6048 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
07:21:17.0921 6048 BrSerWdm - ok
07:21:17.0937 6048 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:21:17.0937 6048 BrUsbMdm - ok
07:21:17.0953 6048 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
07:21:17.0968 6048 BrUsbSer - ok
07:21:17.0984 6048 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
07:21:17.0999 6048 BTHMODEM - ok
07:21:18.0031 6048 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
07:21:18.0077 6048 bthserv - ok
07:21:18.0109 6048 catchme - ok
07:21:18.0124 6048 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
07:21:18.0171 6048 cdfs - ok
07:21:18.0218 6048 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
07:21:18.0233 6048 cdrom - ok
07:21:18.0265 6048 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
07:21:18.0296 6048 CertPropSvc - ok
07:21:18.0327 6048 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
07:21:18.0343 6048 circlass - ok
07:21:18.0389 6048 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
07:21:18.0452 6048 CLFS - ok
07:21:18.0530 6048 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:21:18.0561 6048 clr_optimization_v2.0.50727_32 - ok
07:21:18.0639 6048 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:21:18.0670 6048 clr_optimization_v2.0.50727_64 - ok
07:21:18.0748 6048 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:21:18.0779 6048 clr_optimization_v4.0.30319_32 - ok
07:21:18.0857 6048 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:21:18.0873 6048 clr_optimization_v4.0.30319_64 - ok
07:21:18.0904 6048 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
07:21:18.0935 6048 CmBatt - ok
07:21:18.0951 6048 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
07:21:18.0998 6048 cmdide - ok
07:21:19.0091 6048 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
07:21:19.0138 6048 CNG - ok
07:21:19.0154 6048 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
07:21:19.0169 6048 Compbatt - ok
07:21:19.0216 6048 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
07:21:19.0232 6048 CompositeBus - ok
07:21:19.0232 6048 COMSysApp - ok
07:21:19.0263 6048 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
07:21:19.0279 6048 crcdisk - ok
07:21:19.0372 6048 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\Windows\SysWOW64\CTsvcCDA.exe
07:21:19.0372 6048 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning
07:21:19.0372 6048 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)
07:21:19.0419 6048 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
07:21:19.0497 6048 CryptSvc - ok
07:21:19.0544 6048 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
07:21:19.0559 6048 CSC - ok
07:21:19.0637 6048 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
07:21:19.0653 6048 CscService - ok
07:21:19.0715 6048 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
07:21:19.0762 6048 DcomLaunch - ok
07:21:19.0809 6048 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
07:21:19.0840 6048 defragsvc - ok
07:21:19.0949 6048 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
07:21:19.0996 6048 DfsC - ok
07:21:20.0043 6048 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
07:21:20.0090 6048 Dhcp - ok
07:21:20.0152 6048 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
07:21:20.0199 6048 discache - ok
07:21:20.0293 6048 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
07:21:20.0324 6048 Disk - ok
07:21:20.0371 6048 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
07:21:20.0386 6048 Dnscache - ok
07:21:20.0433 6048 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
07:21:20.0464 6048 dot3svc - ok
07:21:20.0511 6048 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
07:21:20.0573 6048 DPS - ok
07:21:20.0605 6048 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
07:21:20.0620 6048 drmkaud - ok
07:21:20.0667 6048 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
07:21:20.0683 6048 dtsoftbus01 - ok
07:21:20.0761 6048 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
07:21:20.0807 6048 DXGKrnl - ok
07:21:20.0854 6048 eamonm (aca3fe4f18a945b7bf2618a79f6f670b) C:\Windows\system32\DRIVERS\eamonm.sys
07:21:20.0870 6048 eamonm - ok
07:21:20.0901 6048 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
07:21:20.0932 6048 EapHost - ok
07:21:21.0119 6048 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
07:21:21.0166 6048 ebdrv - ok
07:21:21.0275 6048 efavdrv - ok
07:21:21.0307 6048 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
07:21:21.0338 6048 EFS - ok
07:21:21.0369 6048 ehdrv (6672438bdcbfd87250d22112d458294d) C:\Windows\system32\DRIVERS\ehdrv.sys
07:21:21.0385 6048 ehdrv - ok
07:21:21.0478 6048 EhttpSrv (deb2b067745d92ff17a5068dfd2360bc) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
07:21:21.0494 6048 EhttpSrv - ok
07:21:21.0587 6048 ekrn (191d8eccc40f05b52fac0513f35ba01d) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
07:21:21.0619 6048 ekrn - ok
07:21:21.0681 6048 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
07:21:21.0712 6048 elxstor - ok
07:21:21.0743 6048 epfwwfpr (954fade8e59f159b0a71d0cfcc99a76e) C:\Windows\system32\DRIVERS\epfwwfpr.sys
07:21:21.0759 6048 epfwwfpr - ok
07:21:21.0790 6048 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
07:21:21.0806 6048 ErrDev - ok
07:21:21.0853 6048 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
07:21:21.0884 6048 EventSystem - ok
07:21:21.0915 6048 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
07:21:21.0946 6048 exfat - ok
07:21:21.0977 6048 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
07:21:22.0009 6048 fastfat - ok
07:21:22.0071 6048 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
07:21:22.0087 6048 Fax - ok
07:21:22.0102 6048 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
07:21:22.0133 6048 fdc - ok
07:21:22.0149 6048 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
07:21:22.0180 6048 fdPHost - ok
07:21:22.0196 6048 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
07:21:22.0227 6048 FDResPub - ok
07:21:22.0243 6048 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
07:21:22.0243 6048 FileInfo - ok
07:21:22.0258 6048 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
07:21:22.0289 6048 Filetrace - ok
07:21:22.0305 6048 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
07:21:22.0305 6048 flpydisk - ok
07:21:22.0367 6048 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
07:21:22.0399 6048 FltMgr - ok
07:21:22.0461 6048 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
07:21:22.0492 6048 FontCache - ok
07:21:22.0570 6048 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:21:22.0586 6048 FontCache3.0.0.0 - ok
07:21:22.0664 6048 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
07:21:22.0711 6048 FsDepends - ok
07:21:22.0742 6048 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
07:21:22.0757 6048 Fs_Rec - ok
07:21:22.0789 6048 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
07:21:22.0820 6048 fvevol - ok
07:21:22.0835 6048 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
07:21:22.0898 6048 gagp30kx - ok
07:21:22.0929 6048 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:21:22.0929 6048 GEARAspiWDM - ok
07:21:23.0007 6048 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
07:21:23.0069 6048 gpsvc - ok
07:21:23.0179 6048 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:21:23.0194 6048 gupdate - ok
07:21:23.0210 6048 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:21:23.0225 6048 gupdatem - ok
07:21:23.0257 6048 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
07:21:23.0272 6048 hamachi - ok
07:21:23.0413 6048 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
07:21:23.0459 6048 Hamachi2Svc - ok
07:21:23.0600 6048 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
07:21:23.0615 6048 hcw85cir - ok
07:21:23.0678 6048 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
07:21:23.0709 6048 HdAudAddService - ok
07:21:23.0725 6048 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
07:21:23.0740 6048 HDAudBus - ok
07:21:23.0756 6048 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
07:21:23.0771 6048 HidBatt - ok
07:21:23.0787 6048 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
07:21:23.0803 6048 HidBth - ok
07:21:23.0803 6048 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
07:21:23.0818 6048 HidIr - ok
07:21:23.0865 6048 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
07:21:23.0896 6048 hidserv - ok
07:21:23.0927 6048 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
07:21:23.0959 6048 HidUsb - ok
07:21:23.0990 6048 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
07:21:24.0037 6048 hkmsvc - ok
07:21:24.0068 6048 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
07:21:24.0083 6048 HomeGroupListener - ok
07:21:24.0130 6048 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
07:21:24.0146 6048 HomeGroupProvider - ok
07:21:24.0177 6048 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
07:21:24.0193 6048 HpSAMD - ok
07:21:24.0271 6048 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
07:21:24.0317 6048 HTTP - ok
07:21:24.0364 6048 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
07:21:24.0380 6048 hwpolicy - ok
07:21:24.0411 6048 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
07:21:24.0442 6048 i8042prt - ok
07:21:24.0489 6048 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
07:21:24.0520 6048 iaStorV - ok
07:21:24.0645 6048 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:21:24.0676 6048 idsvc - ok
07:21:25.0175 6048 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
07:21:25.0285 6048 igfx - ok
07:21:25.0456 6048 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
07:21:25.0472 6048 iirsp - ok
07:21:25.0550 6048 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
07:21:25.0597 6048 IKEEXT - ok
07:21:25.0628 6048 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
07:21:25.0628 6048 intelide - ok
07:21:25.0659 6048 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
07:21:25.0659 6048 intelppm - ok
07:21:25.0753 6048 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
07:21:25.0768 6048 IntuitUpdateServiceV4 - ok
07:21:25.0815 6048 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
07:21:25.0862 6048 IPBusEnum - ok
07:21:25.0909 6048 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:21:25.0955 6048 IpFilterDriver - ok
07:21:26.0002 6048 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
07:21:26.0049 6048 iphlpsvc - ok
07:21:26.0096 6048 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
07:21:26.0111 6048 IPMIDRV - ok
07:21:26.0143 6048 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
07:21:26.0189 6048 IPNAT - ok
07:21:26.0314 6048 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
07:21:26.0330 6048 iPod Service - ok
07:21:26.0345 6048 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
07:21:26.0361 6048 IRENUM - ok
07:21:26.0392 6048 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
07:21:26.0408 6048 isapnp - ok
07:21:26.0423 6048 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
07:21:26.0439 6048 iScsiPrt - ok
07:21:26.0455 6048 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
07:21:26.0470 6048 kbdclass - ok
07:21:26.0501 6048 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
07:21:26.0517 6048 kbdhid - ok
07:21:26.0548 6048 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:21:26.0564 6048 KeyIso - ok
07:21:26.0579 6048 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
07:21:26.0579 6048 KSecDD - ok
07:21:26.0595 6048 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
07:21:26.0611 6048 KSecPkg - ok
07:21:26.0642 6048 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
07:21:26.0689 6048 ksthunk - ok
07:21:26.0735 6048 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
07:21:26.0782 6048 KtmRm - ok
07:21:26.0829 6048 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
07:21:26.0860 6048 LanmanServer - ok
07:21:26.0891 6048 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
07:21:26.0969 6048 LanmanWorkstation - ok
07:21:26.0969 6048 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
07:21:27.0016 6048 lltdio - ok
07:21:27.0063 6048 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
07:21:27.0094 6048 lltdsvc - ok
07:21:27.0110 6048 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
07:21:27.0141 6048 lmhosts - ok
07:21:27.0219 6048 LMIGuardianSvc (d55a7d0553c7102f63872936c7a9d9db) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
07:21:27.0235 6048 LMIGuardianSvc - ok
07:21:27.0250 6048 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
07:21:27.0250 6048 LMIInfo - ok
07:21:27.0281 6048 LMIMaint (a7d256c8847df6e88bddb55f87e54f46) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
07:21:27.0281 6048 LMIMaint - ok
07:21:27.0328 6048 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
07:21:27.0344 6048 lmimirr - ok
07:21:27.0344 6048 LMIRfsClientNP - ok
07:21:27.0375 6048 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
07:21:27.0391 6048 LMIRfsDriver - ok
07:21:27.0422 6048 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
07:21:27.0437 6048 LogMeIn - ok
07:21:27.0484 6048 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
07:21:27.0515 6048 LSI_FC - ok
07:21:27.0531 6048 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
07:21:27.0547 6048 LSI_SAS - ok
07:21:27.0562 6048 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:21:27.0578 6048 LSI_SAS2 - ok
07:21:27.0593 6048 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:21:27.0609 6048 LSI_SCSI - ok
07:21:27.0625 6048 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
07:21:27.0671 6048 luafv - ok
07:21:27.0687 6048 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
07:21:27.0687 6048 megasas - ok
07:21:27.0718 6048 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
07:21:27.0734 6048 MegaSR - ok
07:21:27.0843 6048 Microsoft SharePoint Workspace Audit Service - ok
07:21:27.0874 6048 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
07:21:27.0921 6048 MMCSS - ok
07:21:27.0937 6048 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
07:21:27.0968 6048 Modem - ok
07:21:27.0983 6048 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
07:21:27.0999 6048 monitor - ok
07:21:28.0030 6048 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
07:21:28.0030 6048 mouclass - ok
07:21:28.0046 6048 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
07:21:28.0061 6048 mouhid - ok
07:21:28.0093 6048 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
07:21:28.0108 6048 mountmgr - ok
07:21:28.0155 6048 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
07:21:28.0155 6048 mpio - ok
07:21:28.0171 6048 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
07:21:28.0202 6048 mpsdrv - ok
07:21:28.0280 6048 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
07:21:28.0342 6048 MpsSvc - ok
07:21:28.0373 6048 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
07:21:28.0389 6048 MRxDAV - ok
07:21:28.0436 6048 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:21:28.0451 6048 mrxsmb - ok
07:21:28.0498 6048 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:21:28.0529 6048 mrxsmb10 - ok
07:21:28.0545 6048 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:21:28.0545 6048 mrxsmb20 - ok
07:21:28.0623 6048 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
07:21:28.0639 6048 msahci - ok
07:21:28.0685 6048 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
07:21:28.0701 6048 msdsm - ok
07:21:28.0748 6048 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
07:21:28.0779 6048 MSDTC - ok
07:21:28.0810 6048 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
07:21:28.0857 6048 Msfs - ok
07:21:28.0857 6048 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
07:21:28.0888 6048 mshidkmdf - ok
07:21:28.0919 6048 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
07:21:28.0951 6048 msisadrv - ok
07:21:28.0982 6048 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
07:21:29.0029 6048 MSiSCSI - ok
07:21:29.0029 6048 msiserver - ok
07:21:29.0060 6048 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
07:21:29.0091 6048 MSKSSRV - ok
07:21:29.0107 6048 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
07:21:29.0138 6048 MSPCLOCK - ok
07:21:29.0138 6048 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
07:21:29.0169 6048 MSPQM - ok
07:21:29.0200 6048 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
07:21:29.0216 6048 MsRPC - ok
07:21:29.0263 6048 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
07:21:29.0263 6048 mssmbios - ok
07:21:29.0278 6048 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
07:21:29.0325 6048 MSTEE - ok
07:21:29.0341 6048 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
07:21:29.0341 6048 MTConfig - ok
07:21:29.0372 6048 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
07:21:29.0387 6048 MTsensor - ok
07:21:29.0387 6048 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
07:21:29.0403 6048 Mup - ok
07:21:29.0450 6048 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
07:21:29.0512 6048 napagent - ok
07:21:29.0528 6048 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
07:21:29.0543 6048 NativeWifiP - ok
07:21:29.0653 6048 NAUpdate (e4534bccdd1ea7a7a256bb9d6688a5fc) C:\Program Files (x86)\Nero\Update\NASvc.exe
07:21:29.0684 6048 NAUpdate - ok
07:21:29.0746 6048 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
07:21:29.0777 6048 NDIS - ok
07:21:29.0777 6048 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
07:21:29.0809 6048 NdisCap - ok
07:21:29.0824 6048 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
07:21:29.0856 6048 NdisTapi - ok
07:21:29.0887 6048 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
07:21:29.0934 6048 Ndisuio - ok
07:21:29.0980 6048 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
07:21:30.0012 6048 NdisWan - ok
07:21:30.0043 6048 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
07:21:30.0074 6048 NDProxy - ok
07:21:30.0090 6048 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
07:21:30.0121 6048 NetBIOS - ok
07:21:30.0183 6048 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
07:21:30.0214 6048 NetBT - ok
07:21:30.0246 6048 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:21:30.0261 6048 Netlogon - ok
07:21:30.0308 6048 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
07:21:30.0355 6048 Netman - ok
07:21:30.0386 6048 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
07:21:30.0417 6048 netprofm - ok
07:21:30.0526 6048 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:21:30.0542 6048 NetTcpPortSharing - ok
07:21:30.0558 6048 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
07:21:30.0573 6048 nfrd960 - ok
07:21:30.0620 6048 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
07:21:30.0682 6048 NlaSvc - ok
07:21:30.0682 6048 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
07:21:30.0714 6048 Npfs - ok
07:21:30.0760 6048 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
07:21:30.0792 6048 nsi - ok
07:21:30.0792 6048 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
07:21:30.0823 6048 nsiproxy - ok
07:21:30.0948 6048 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
07:21:30.0979 6048 Ntfs - ok
07:21:31.0104 6048 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
07:21:31.0150 6048 Null - ok
07:21:31.0696 6048 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:21:31.0868 6048 nvlddmkm - ok
07:21:31.0946 6048 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
07:21:31.0977 6048 nvraid - ok
07:21:32.0008 6048 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
07:21:32.0024 6048 nvstor - ok
07:21:32.0055 6048 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
07:21:32.0071 6048 nv_agp - ok
07:21:32.0102 6048 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
07:21:32.0118 6048 ohci1394 - ok
07:21:32.0196 6048 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:21:32.0211 6048 ose - ok
07:21:32.0539 6048 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
07:21:32.0617 6048 osppsvc - ok
07:21:32.0726 6048 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
07:21:32.0757 6048 p2pimsvc - ok
07:21:32.0804 6048 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
07:21:32.0820 6048 p2psvc - ok
07:21:32.0898 6048 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
07:21:32.0929 6048 Parport - ok
07:21:32.0960 6048 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
07:21:32.0976 6048 partmgr - ok
07:21:33.0007 6048 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
07:21:33.0022 6048 PcaSvc - ok
07:21:33.0069 6048 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
07:21:33.0069 6048 pci - ok
07:21:33.0085 6048 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
07:21:33.0100 6048 pciide - ok
07:21:33.0116 6048 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
07:21:33.0132 6048 pcmcia - ok
07:21:33.0147 6048 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
07:21:33.0163 6048 pcw - ok
07:21:33.0210 6048 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
07:21:33.0241 6048 PEAUTH - ok
07:21:33.0319 6048 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
07:21:33.0350 6048 PeerDistSvc - ok
07:21:33.0444 6048 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
07:21:33.0459 6048 PerfHost - ok
07:21:33.0631 6048 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
07:21:33.0678 6048 pla - ok
07:21:33.0740 6048 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
07:21:33.0756 6048 PlugPlay - ok
07:21:33.0771 6048 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
07:21:33.0787 6048 PNRPAutoReg - ok
07:21:33.0818 6048 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
07:21:33.0818 6048 PNRPsvc - ok
07:21:33.0880 6048 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
07:21:33.0927 6048 PolicyAgent - ok
07:21:33.0974 6048 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
07:21:34.0021 6048 Power - ok
07:21:34.0083 6048 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
07:21:34.0114 6048 PptpMiniport - ok
07:21:34.0161 6048 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
07:21:34.0177 6048 Processor - ok
07:21:34.0224 6048 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
07:21:34.0270 6048 ProfSvc - ok
07:21:34.0302 6048 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:21:34.0302 6048 ProtectedStorage - ok
07:21:34.0348 6048 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
07:21:34.0395 6048 Psched - ok
07:21:34.0489 6048 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
07:21:34.0536 6048 ql2300 - ok
07:21:34.0660 6048 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
07:21:34.0692 6048 ql40xx - ok
07:21:34.0723 6048 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
07:21:34.0770 6048 QWAVE - ok
07:21:34.0785 6048 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
07:21:34.0801 6048 QWAVEdrv - ok
07:21:34.0816 6048 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
07:21:34.0848 6048 RasAcd - ok
07:21:34.0879 6048 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:21:34.0926 6048 RasAgileVpn - ok
07:21:34.0941 6048 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
07:21:34.0972 6048 RasAuto - ok
07:21:35.0019 6048 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:21:35.0050 6048 Rasl2tp - ok
07:21:35.0082 6048 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
07:21:35.0128 6048 RasMan - ok
07:21:35.0144 6048 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
07:21:35.0175 6048 RasPppoe - ok
07:21:35.0175 6048 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
07:21:35.0206 6048 RasSstp - ok
07:21:35.0253 6048 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
07:21:35.0316 6048 rdbss - ok
07:21:35.0316 6048 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
07:21:35.0331 6048 rdpbus - ok
07:21:35.0331 6048 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:21:35.0362 6048 RDPCDD - ok
07:21:35.0409 6048 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
07:21:35.0425 6048 RDPDR - ok
07:21:35.0440 6048 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
07:21:35.0472 6048 RDPENCDD - ok
07:21:35.0487 6048 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
07:21:35.0518 6048 RDPREFMP - ok
07:21:35.0550 6048 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
07:21:35.0565 6048 RdpVideoMiniport - ok
07:21:35.0596 6048 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
07:21:35.0612 6048 RDPWD - ok
07:21:35.0659 6048 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
07:21:35.0674 6048 rdyboost - ok
07:21:35.0706 6048 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
07:21:35.0737 6048 RemoteAccess - ok
07:21:35.0784 6048 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
07:21:35.0830 6048 RemoteRegistry - ok
07:21:35.0846 6048 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
07:21:35.0893 6048 RpcEptMapper - ok
07:21:35.0924 6048 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
07:21:35.0924 6048 RpcLocator - ok
07:21:35.0986 6048 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
07:21:36.0033 6048 RpcSs - ok
07:21:36.0080 6048 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
07:21:36.0127 6048 rspndr - ok
07:21:36.0189 6048 RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) C:\Windows\system32\DRIVERS\Rt64win7.sys
07:21:36.0205 6048 RTL8167 - ok
07:21:36.0236 6048 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
07:21:36.0236 6048 s3cap - ok
07:21:36.0267 6048 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:21:36.0283 6048 SamSs - ok
07:21:36.0330 6048 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
07:21:36.0345 6048 sbp2port - ok
07:21:36.0392 6048 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
07:21:36.0423 6048 SCardSvr - ok
07:21:36.0454 6048 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
07:21:36.0501 6048 scfilter - ok
07:21:36.0595 6048 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
07:21:36.0657 6048 Schedule - ok
07:21:36.0735 6048 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
07:21:36.0782 6048 SCPolicySvc - ok
07:21:36.0829 6048 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
07:21:36.0860 6048 SDRSVC - ok
07:21:36.0954 6048 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
07:21:37.0000 6048 secdrv - ok
07:21:37.0016 6048 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
07:21:37.0047 6048 seclogon - ok
07:21:37.0078 6048 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
07:21:37.0110 6048 SENS - ok
07:21:37.0125 6048 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
07:21:37.0141 6048 SensrSvc - ok
07:21:37.0156 6048 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
07:21:37.0172 6048 Serenum - ok
07:21:37.0188 6048 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
07:21:37.0203 6048 Serial - ok
07:21:37.0234 6048 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
07:21:37.0250 6048 sermouse - ok
07:21:37.0297 6048 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
07:21:37.0344 6048 SessionEnv - ok
07:21:37.0375 6048 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
07:21:37.0390 6048 sffdisk - ok
07:21:37.0406 6048 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
07:21:37.0422 6048 sffp_mmc - ok
07:21:37.0437 6048 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
07:21:37.0453 6048 sffp_sd - ok
07:21:37.0453 6048 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
07:21:37.0468 6048 sfloppy - ok
07:21:37.0515 6048 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
07:21:37.0546 6048 SharedAccess - ok
07:21:37.0609 6048 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
07:21:37.0656 6048 ShellHWDetection - ok
07:21:37.0687 6048 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:21:37.0687 6048 SiSRaid2 - ok
07:21:37.0702 6048 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
07:21:37.0718 6048 SiSRaid4 - ok
07:21:37.0734 6048 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
07:21:37.0765 6048 Smb - ok
07:21:37.0812 6048 snapman (10450f432811d7fda60a97fcc674d7b2) C:\Windows\system32\DRIVERS\snapman.sys
07:21:37.0812 6048 snapman - ok
07:21:37.0843 6048 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
07:21:37.0874 6048 SNMPTRAP - ok
07:21:37.0890 6048 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
07:21:37.0890 6048 spldr - ok
07:21:37.0952 6048 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
07:21:37.0999 6048 Spooler - ok
07:21:38.0186 6048 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
07:21:38.0264 6048 sppsvc - ok
07:21:38.0358 6048 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
07:21:38.0404 6048 sppuinotify - ok
07:21:38.0482 6048 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
07:21:38.0514 6048 srv - ok
07:21:38.0545 6048 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
07:21:38.0576 6048 srv2 - ok
07:21:38.0592 6048 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
07:21:38.0607 6048 srvnet - ok
07:21:38.0623 6048 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
07:21:38.0670 6048 SSDPSRV - ok
07:21:38.0670 6048 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
07:21:38.0716 6048 SstpSvc - ok
07:21:38.0748 6048 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
07:21:38.0748 6048 stexstor - ok
07:21:38.0810 6048 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
07:21:38.0841 6048 stisvc - ok
07:21:38.0888 6048 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
07:21:38.0888 6048 storflt - ok
07:21:38.0919 6048 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
07:21:38.0919 6048 storvsc - ok
07:21:38.0950 6048 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
07:21:38.0982 6048 swenum - ok
07:21:39.0013 6048 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
07:21:39.0060 6048 swprv - ok
07:21:39.0075 6048 Synth3dVsc - ok
07:21:39.0184 6048 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
07:21:39.0231 6048 SysMain - ok
07:21:39.0356 6048 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
07:21:39.0387 6048 TabletInputService - ok
07:21:39.0418 6048 TabletServicePen - ok
07:21:39.0481 6048 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
07:21:39.0528 6048 TapiSrv - ok
07:21:39.0559 6048 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
07:21:39.0606 6048 TBS - ok
07:21:39.0777 6048 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
07:21:39.0824 6048 Tcpip - ok
07:21:39.0964 6048 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
07:21:40.0011 6048 TCPIP6 - ok
07:21:40.0089 6048 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
07:21:40.0136 6048 tcpipreg - ok
07:21:40.0183 6048 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
07:21:40.0183 6048 TDPIPE - ok
07:21:40.0292 6048 tdrpman273 (99527d49ee0a96fc25537c61b270a372) C:\Windows\system32\DRIVERS\tdrpm273.sys
07:21:40.0339 6048 tdrpman273 - ok
07:21:40.0370 6048 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
07:21:40.0370 6048 TDTCP - ok
07:21:40.0417 6048 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
07:21:40.0464 6048 tdx - ok
07:21:40.0495 6048 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
07:21:40.0495 6048 TermDD - ok
07:21:40.0573 6048 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
07:21:40.0620 6048 TermService - ok
07:21:40.0666 6048 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
07:21:40.0682 6048 Themes - ok
07:21:40.0713 6048 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
07:21:40.0760 6048 THREADORDER - ok
07:21:40.0978 6048 timounter (ebbaea02f0095a798000c7e06b16d41b) C:\Windows\system32\DRIVERS\timntr.sys
07:21:41.0010 6048 timounter - ok
07:21:41.0025 6048 TouchServicePen - ok
07:21:41.0056 6048 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
07:21:41.0088 6048 TrkWks - ok
07:21:41.0166 6048 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
07:21:41.0212 6048 TrustedInstaller - ok
07:21:41.0244 6048 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:21:41.0275 6048 tssecsrv - ok
07:21:41.0306 6048 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
07:21:41.0322 6048 TsUsbFlt - ok
07:21:41.0322 6048 tsusbhub - ok
07:21:41.0353 6048 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
07:21:41.0384 6048 tunnel - ok
07:21:41.0415 6048 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
07:21:41.0446 6048 uagp35 - ok
07:21:41.0478 6048 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
07:21:41.0524 6048 udfs - ok
07:21:41.0540 6048 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
07:21:41.0540 6048 UI0Detect - ok
07:21:41.0587 6048 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
07:21:41.0602 6048 uliagpkx - ok
07:21:41.0634 6048 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
07:21:41.0665 6048 umbus - ok
07:21:41.0680 6048 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
07:21:41.0696 6048 UmPass - ok
07:21:41.0727 6048 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
07:21:41.0743 6048 UmRdpService - ok
07:21:41.0774 6048 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
07:21:41.0821 6048 upnphost - ok
07:21:41.0852 6048 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
07:21:41.0868 6048 USBAAPL64 - ok
07:21:41.0914 6048 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
07:21:41.0930 6048 usbccgp - ok
07:21:41.0961 6048 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
07:21:41.0992 6048 usbcir - ok
07:21:42.0024 6048 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
07:21:42.0039 6048 usbehci - ok
07:21:42.0070 6048 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
07:21:42.0070 6048 usbhub - ok
07:21:42.0086 6048 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
07:21:42.0102 6048 usbohci - ok
07:21:42.0133 6048 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
07:21:42.0148 6048 usbprint - ok
07:21:42.0180 6048 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
07:21:42.0195 6048 usbscan - ok
07:21:42.0242 6048 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:21:42.0258 6048 USBSTOR - ok
07:21:42.0289 6048 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
07:21:42.0304 6048 usbuhci - ok
07:21:42.0336 6048 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
07:21:42.0382 6048 UxSms - ok
07:21:42.0414 6048 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:21:42.0429 6048 VaultSvc - ok
07:21:42.0460 6048 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
07:21:42.0460 6048 vdrvroot - ok
07:21:42.0523 6048 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
07:21:42.0585 6048 vds - ok
07:21:42.0601 6048 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
07:21:42.0601 6048 vga - ok
07:21:42.0616 6048 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
07:21:42.0648 6048 VgaSave - ok
07:21:42.0648 6048 VGPU - ok
07:21:42.0694 6048 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
07:21:42.0726 6048 vhdmp - ok
07:21:42.0741 6048 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
07:21:42.0757 6048 viaide - ok
07:21:42.0772 6048 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
07:21:42.0788 6048 vmbus - ok
07:21:42.0804 6048 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
07:21:42.0819 6048 VMBusHID - ok
07:21:42.0850 6048 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
07:21:42.0913 6048 volmgr - ok
07:21:42.0944 6048 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
07:21:42.0975 6048 volmgrx - ok
07:21:42.0991 6048 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
07:21:43.0006 6048 volsnap - ok
07:21:43.0053 6048 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
07:21:43.0069 6048 vpcbus - ok
07:21:43.0100 6048 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
07:21:43.0116 6048 vpcnfltr - ok
07:21:43.0131 6048 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
07:21:43.0131 6048 vpcusb - ok
07:21:43.0194 6048 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
07:21:43.0225 6048 vpcvmm - ok
07:21:43.0256 6048 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
07:21:43.0287 6048 vsmraid - ok
07:21:43.0396 6048 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
07:21:43.0443 6048 VSS - ok
07:21:43.0568 6048 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
07:21:43.0599 6048 vwifibus - ok
07:21:43.0662 6048 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
07:21:43.0740 6048 W32Time - ok
07:21:43.0740 6048 wacmoumonitor - ok
07:21:43.0740 6048 wacommousefilter - ok
07:21:43.0771 6048 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
07:21:43.0771 6048 WacomPen - ok
07:21:43.0786 6048 wacomvhid - ok
07:21:43.0833 6048 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:21:43.0864 6048 WANARP - ok
07:21:43.0864 6048 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:21:43.0896 6048 Wanarpv6 - ok
07:21:44.0005 6048 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
07:21:44.0036 6048 WatAdminSvc - ok
07:21:44.0130 6048 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
07:21:44.0161 6048 wbengine - ok
07:21:44.0286 6048 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
07:21:44.0317 6048 WbioSrvc - ok
07:21:44.0364 6048 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
07:21:44.0395 6048 wcncsvc - ok
07:21:44.0410 6048 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
07:21:44.0410 6048 WcsPlugInService - ok
07:21:44.0473 6048 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
07:21:44.0504 6048 Wd - ok
07:21:44.0551 6048 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
07:21:44.0582 6048 Wdf01000 - ok
07:21:44.0598 6048 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
07:21:44.0613 6048 WdiServiceHost - ok
07:21:44.0613 6048 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
07:21:44.0629 6048 WdiSystemHost - ok
07:21:44.0676 6048 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
07:21:44.0691 6048 WebClient - ok
07:21:44.0707 6048 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
07:21:44.0754 6048 Wecsvc - ok
07:21:44.0769 6048 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
07:21:44.0800 6048 wercplsupport - ok
07:21:44.0832 6048 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
07:21:44.0863 6048 WerSvc - ok
07:21:44.0941 6048 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
07:21:44.0988 6048 WfpLwf - ok
07:21:45.0003 6048 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
07:21:45.0003 6048 WIMMount - ok
07:21:45.0034 6048 WinDefend - ok
07:21:45.0034 6048 WinHttpAutoProxySvc - ok
07:21:45.0128 6048 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
07:21:45.0206 6048 Winmgmt - ok
07:21:45.0331 6048 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
07:21:45.0393 6048 WinRM - ok
07:21:45.0534 6048 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
07:21:45.0549 6048 WinUsb - ok
07:21:45.0627 6048 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
07:21:45.0658 6048 Wlansvc - ok
07:21:45.0939 6048 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:21:45.0986 6048 wlidsvc - ok
07:21:46.0080 6048 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
07:21:46.0095 6048 WmiAcpi - ok
07:21:46.0189 6048 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
07:21:46.0220 6048 wmiApSrv - ok
07:21:46.0251 6048 WMPNetworkSvc - ok
07:21:46.0282 6048 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
07:21:46.0314 6048 WPCSvc - ok
07:21:46.0345 6048 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
07:21:46.0376 6048 WPDBusEnum - ok
07:21:46.0407 6048 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
07:21:46.0454 6048 ws2ifsl - ok
07:21:46.0470 6048 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
07:21:46.0485 6048 wscsvc - ok
07:21:46.0485 6048 WSearch - ok
07:21:46.0626 6048 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
07:21:46.0688 6048 wuauserv - ok
07:21:46.0844 6048 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
07:21:46.0891 6048 WudfPf - ok
07:21:46.0906 6048 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:21:46.0938 6048 WUDFRd - ok
07:21:46.0984 6048 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
07:21:47.0031 6048 wudfsvc - ok
07:21:47.0078 6048 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
07:21:47.0094 6048 WwanSvc - ok
07:21:47.0125 6048 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
07:21:47.0499 6048 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
07:21:47.0499 6048 \Device\Harddisk0\DR0 - detected TDSS File System (1)
07:21:47.0499 6048 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
07:21:47.0530 6048 \Device\Harddisk1\DR1 - ok
07:21:47.0546 6048 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
07:21:47.0577 6048 \Device\Harddisk2\DR2 - ok
07:21:47.0577 6048 Boot (0x1200) (7615a7af663135034c0d2ae89899d022) \Device\Harddisk0\DR0\Partition0
07:21:47.0577 6048 \Device\Harddisk0\DR0\Partition0 - ok
07:21:47.0577 6048 Boot (0x1200) (0c06356ac56fad3ecdf1dcd065c02be8) \Device\Harddisk1\DR1\Partition0
07:21:47.0593 6048 \Device\Harddisk1\DR1\Partition0 - ok
07:21:47.0593 6048 Boot (0x1200) (f41fe51333635436d35ba3e2e44726a0) \Device\Harddisk1\DR1\Partition1
07:21:47.0593 6048 \Device\Harddisk1\DR1\Partition1 - ok
07:21:47.0624 6048 Boot (0x1200) (d64e32350b8a4da731cc04d33699a813) \Device\Harddisk1\DR1\Partition2
07:21:47.0640 6048 \Device\Harddisk1\DR1\Partition2 - ok
07:21:47.0640 6048 Boot (0x1200) (a508802763d70d8bb15bcf88ae023301) \Device\Harddisk2\DR2\Partition0
07:21:47.0640 6048 \Device\Harddisk2\DR2\Partition0 - ok
07:21:47.0655 6048 ============================================================
07:21:47.0655 6048 Scan finished
07:21:47.0655 6048 ============================================================
07:21:47.0686 4676 Detected object count: 2
07:21:47.0686 4676 Actual detected object count: 2
07:21:53.0661 4676 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user
07:21:53.0661 4676 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:21:53.0661 4676 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
07:21:53.0661 4676 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
07:22:15.0585 4352 Deinitialize success


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-31 07:55:30
-----------------------------
07:55:30.770 OS Version: Windows x64 6.1.7601 Service Pack 1
07:55:30.770 Number of processors: 4 586 0x2502
07:55:30.770 ComputerName: UPSTAIRS UserName: Mommy
07:55:33.204 Initialize success
07:55:41.986 AVAST engine defs: 12053100
07:55:48.320 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-7
07:55:48.336 Disk 0 Vendor: ST31000528AS CC3E Size: 953869MB BusType: 3
07:55:48.336 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
07:55:48.336 Disk 1 Vendor: WDC_WD1200JB-32EVA0 15.05R15 Size: 114473MB BusType: 3
07:55:48.336 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T1L0-8
07:55:48.351 Disk 2 Vendor: ST31000528AS CC46 Size: 953869MB BusType: 3
07:55:48.351 Disk 1 MBR read successfully
07:55:48.382 Disk 1 MBR scan
07:55:48.382 Disk 1 Windows 7 default MBR code
07:55:48.382 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114470 MB offset 63
07:55:48.460 Disk 1 scanning C:\Windows\system32\drivers
07:56:24.613 Service scanning
07:57:02.764 Modules scanning
07:57:02.764 Disk 1 trace - called modules:
07:57:03.123 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
07:57:03.138 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8005813060]
07:57:03.170 3 CLASSPNP.SYS[fffff88001ba543f] -> nt!IofCallDriver -> [0xfffffa8005584520]
07:57:03.185 5 ACPI.sys[fffff88000fa47a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005572060]
07:57:03.201 Scan finished successfully
07:57:17.912 Disk 1 MBR has been saved successfully to "C:\Users\Mommy\Desktop\MBR.dat"
07:57:17.927 The log file has been saved successfully to "C:\Users\Mommy\Desktop\aswMBR.txt"


Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-GJY49-VJBQ7-HYRR2
Windows Product Key Hash: W5/6nm6F2UPXrCkY5xUhXb/+21g=
Windows Product ID: 00426-OEM-8992662-00006
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {1312FD75-3912-4DF1-88F8-405799B095E1}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120330-1504
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{1312FD75-3912-4DF1-88F8-405799B095E1}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-HYRR2</PKey><PID>00426-OEM-8992662-00006</PID><PIDType>2</PIDType><SID>S-1-5-21-4065330535-165493440-3738457496</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0601 </Version><SMBIOSVersion major="2" minor="6"/><Date>20091230000000.000000+000</Date></BIOS><HWID>CA463007018400FC</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600006-02-1033-7600.0000-1412011
Installation ID: 001986688622574473726190801141662400510252043004737721
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: HYRR2
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 5/31/2012 7:57:39 AM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 5:28:2012 08:17
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: PgAAAAIABgABAAMAAAACAAAAAgABAAEA6GFyiUbmFiDiX8reHL8m/kLGgJa8rvqoznBeMzTkBNak+4j+XF0=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC 123009 APIC0947
FACP 123009 FACP0947
HPET 123009 OEMHPET
MCFG 123009 OEMMCFG
OEMB 123009 OEMB0947
GSCI 123009 GMCHSCI
DMAR AMI OEMDMAR
OSFR 123009 OEMOSFR
SSDT DpgPmm CpuPm
SLIC ACRSYS ACRPRDCT

Windows Validation Check
Version: 1.9.12.5
Log Created On: 0758_31-05-2012
-----------------------

Windows Information
-----------------------
Windows Version: Windows 7 Service Pack 1
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2012-05-31 10:07:45
Last Success Time for Update Download: 2012-05-29 15:11:32
Last Success Time for Update Installation: 2012-05-29 15:12:07


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Windows\System32\slwga.dll
Size: 14336 bytes
Creation; 21/5/2011 17:14:18
Modification; 20/11/2010 7:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\SysWOW64\slwga.dll
Size: 14336 bytes
Creation; 21/5/2011 17:14:18
Modification; 20/11/2010 7:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_5d778f71b9f4fd55\slwga.dll
Size: 15360 bytes
Creation; 21/5/2011 17:14:48
Modification; 20/11/2010 8:27:26
MD5; b6d6886149573278cba6abd44c4317f5
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
Size: 14336 bytes
Creation; 21/5/2011 17:14:18
Modification; 20/11/2010 7:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - 5e0db2d8b2750543cd2ebb9ea8e6cdd3


-------- End of File, program close at 0803_31-05-2012 --------


CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\mommy\music\itunes\itunes media\music\arthur fiedler,leo litwin\a christmas festival\13 the nutcracker_dance of the sugar.m4a
c:\users\mommy\music\itunes\itunes media\music\hootie & the blowfish\cracked rear view\01 hannah jane.m4a
c:\users\mommy\music\itunes\itunes media\music\hootie & the blowfish\cracked rear view\04 only wanna be with you.m4a
scanner sequence 3.CP.11.QMAPXS
----- EOF -----
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,323 posts.
 
Join Date: Mar 2001
Location: Bradford, England
01-Jun-2012, 02:24 PM #10
The reason for checking Windows is that you had a few things I was curious about, so just had to be sure

Re-run TDSSKiller and select delete for this line

\Device\Harddisk0\DR0 ( TDSS File System )

and post the log it creates.

---------

Can youn uninstall this from AddRemove Programs via the Control Panel as its the older versions, and you have the news 64-bit:

Java(TM) 6 Update 25 (64-bit)
Java(TM) 6 Update 25



---

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
    SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    :Files
    ipconfig /flushdns /c
    :Commands 
    [purity] 
    [resethosts] 
    [emptytemp] 
    [emptyjava]
    [EMPTYFLASH] 
    [CREATERESTOREPOINT] 
    [Reboot]
  • Then click the Run Fix button at the top
  • Click OK.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.


--------

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:
    :file
    c:\windows\system32\drivers\efavdrv.sys
    C:\Windows\KMSEmulator.exe
    C:\Windows\tasks\AutoKMS.job
    :dir
    C:\Users\Mommy\AppData\Roaming\FDAEED01-7C45-4A70-AD09-0D4D909E34B3 /sub
    C:\sh4ldr /sub
    C:\Users\Mommy\AppData\Roaming\redsn0w /sub
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt

eddie
Bertie Bott's Avatar
Bertie Bott Bertie Bott is offline
Member with 33 posts.
THREAD STARTER
 
Join Date: Dec 2006
01-Jun-2012, 03:02 PM #11
14:30:03.0418 5640 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
14:30:03.0805 5640 ============================================================
14:30:03.0805 5640 Current date / time: 2012/06/01 14:30:03.0805
14:30:03.0805 5640 SystemInfo:
14:30:03.0805 5640
14:30:03.0805 5640 OS Version: 6.1.7601 ServicePack: 1.0
14:30:03.0805 5640 Product type: Workstation
14:30:03.0805 5640 ComputerName: UPSTAIRS
14:30:03.0805 5640 UserName: Mommy
14:30:03.0805 5640 Windows directory: C:\Windows
14:30:03.0805 5640 System windows directory: C:\Windows
14:30:03.0805 5640 Running under WOW64
14:30:03.0805 5640 Processor architecture: Intel x64
14:30:03.0805 5640 Number of processors: 4
14:30:03.0805 5640 Page size: 0x1000
14:30:03.0805 5640 Boot type: Normal boot
14:30:03.0805 5640 ============================================================
14:30:05.0112 5640 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:30:05.0130 5640 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:30:11.0197 5640 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:30:11.0213 5640 ============================================================
14:30:11.0213 5640 \Device\Harddisk0\DR0:
14:30:11.0223 5640 MBR partitions:
14:30:11.0223 5640 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782
14:30:11.0223 5640 \Device\Harddisk1\DR1:
14:30:11.0223 5640 MBR partitions:
14:30:11.0223 5640 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xA0120E
14:30:11.0223 5640 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0xA0124D, BlocksNum 0x39E823BA
14:30:11.0223 5640 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x3A883607, BlocksNum 0x39E823BA
14:30:11.0223 5640 \Device\Harddisk2\DR2:
14:30:11.0224 5640 MBR partitions:
14:30:11.0224 5640 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
14:30:11.0224 5640 ============================================================
14:30:11.0264 5640 C: <-> \Device\Harddisk0\DR0\Partition0
14:30:11.0304 5640 D: <-> \Device\Harddisk1\DR1\Partition0
14:30:11.0318 5640 E: <-> \Device\Harddisk2\DR2\Partition0
14:30:11.0340 5640 F: <-> \Device\Harddisk1\DR1\Partition1
14:30:11.0370 5640 G: <-> \Device\Harddisk1\DR1\Partition2
14:30:11.0371 5640 ============================================================
14:30:11.0371 5640 Initialize success
14:30:11.0371 5640 ============================================================
14:30:15.0944 0172 ============================================================
14:30:15.0944 0172 Scan started
14:30:15.0944 0172 Mode: Manual; SigCheck; TDLFS;
14:30:15.0944 0172 ============================================================
14:30:19.0123 0172 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:30:19.0289 0172 1394ohci - ok
14:30:19.0356 0172 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:30:19.0391 0172 ACPI - ok
14:30:19.0403 0172 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:30:19.0489 0172 AcpiPmi - ok
14:30:19.0656 0172 AcrSch2Svc (2fa64c2e62f1b30e2ff70578b9babdcd) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
14:30:19.0727 0172 AcrSch2Svc - ok
14:30:19.0827 0172 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:30:19.0845 0172 AdobeARMservice - ok
14:30:19.0903 0172 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:30:19.0971 0172 adp94xx - ok
14:30:20.0013 0172 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:30:20.0065 0172 adpahci - ok
14:30:20.0105 0172 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:30:20.0130 0172 adpu320 - ok
14:30:20.0166 0172 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:30:20.0368 0172 AeLookupSvc - ok
14:30:20.0431 0172 afcdp (ae1fce2cd1e99bea89183ba8cd320872) C:\Windows\system32\DRIVERS\afcdp.sys
14:30:20.0477 0172 afcdp - ok
14:30:20.0737 0172 afcdpsrv (af44f7e027037628f1fac3c13cde73e6) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
14:30:20.0873 0172 afcdpsrv - ok
14:30:21.0064 0172 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:30:21.0174 0172 AFD - ok
14:30:21.0215 0172 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:30:21.0271 0172 agp440 - ok
14:30:21.0334 0172 AirPrint - ok
14:30:21.0388 0172 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:30:21.0472 0172 ALG - ok
14:30:21.0485 0172 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:30:21.0516 0172 aliide - ok
14:30:21.0519 0172 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:30:21.0548 0172 amdide - ok
14:30:21.0580 0172 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:30:21.0655 0172 AmdK8 - ok
14:30:21.0679 0172 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:30:21.0761 0172 AmdPPM - ok
14:30:21.0808 0172 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:30:21.0888 0172 amdsata - ok
14:30:21.0908 0172 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:30:21.0949 0172 amdsbs - ok
14:30:21.0977 0172 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:30:21.0997 0172 amdxata - ok
14:30:22.0034 0172 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:30:22.0343 0172 AppID - ok
14:30:22.0381 0172 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:30:22.0441 0172 AppIDSvc - ok
14:30:22.0478 0172 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:30:22.0557 0172 Appinfo - ok
14:30:22.0660 0172 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:30:22.0681 0172 Apple Mobile Device - ok
14:30:22.0714 0172 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
14:30:22.0791 0172 AppMgmt - ok
14:30:22.0827 0172 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:30:22.0881 0172 arc - ok
14:30:22.0899 0172 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:30:22.0926 0172 arcsas - ok
14:30:22.0958 0172 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:30:23.0031 0172 AsyncMac - ok
14:30:23.0056 0172 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:30:23.0064 0172 atapi - ok
14:30:23.0122 0172 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:30:23.0193 0172 AudioEndpointBuilder - ok
14:30:23.0199 0172 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:30:23.0236 0172 AudioSrv - ok
14:30:23.0266 0172 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:30:23.0394 0172 AxInstSV - ok
14:30:23.0452 0172 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:30:23.0481 0172 b06bdrv - ok
14:30:23.0503 0172 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:30:23.0572 0172 b57nd60a - ok
14:30:23.0610 0172 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:30:23.0646 0172 BDESVC - ok
14:30:23.0674 0172 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:30:23.0761 0172 Beep - ok
14:30:23.0817 0172 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:30:23.0907 0172 BFE - ok
14:30:24.0001 0172 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
14:30:24.0116 0172 BITS - ok
14:30:24.0223 0172 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:30:24.0295 0172 blbdrive - ok
14:30:24.0394 0172 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:30:24.0423 0172 Bonjour Service - ok
14:30:24.0494 0172 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:30:24.0565 0172 bowser - ok
14:30:24.0581 0172 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:30:24.0613 0172 BrFiltLo - ok
14:30:24.0632 0172 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:30:24.0651 0172 BrFiltUp - ok
14:30:24.0687 0172 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:30:24.0756 0172 BridgeMP - ok
14:30:24.0794 0172 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:30:24.0888 0172 Browser - ok
14:30:24.0920 0172 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:30:24.0983 0172 Brserid - ok
14:30:25.0006 0172 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:30:25.0070 0172 BrSerWdm - ok
14:30:25.0088 0172 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:30:25.0133 0172 BrUsbMdm - ok
14:30:25.0149 0172 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:30:25.0181 0172 BrUsbSer - ok
14:30:25.0200 0172 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:30:25.0263 0172 BTHMODEM - ok
14:30:25.0300 0172 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:30:25.0373 0172 bthserv - ok
14:30:25.0411 0172 catchme - ok
14:30:25.0444 0172 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:30:25.0528 0172 cdfs - ok
14:30:25.0555 0172 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:30:25.0624 0172 cdrom - ok
14:30:25.0650 0172 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:30:25.0726 0172 CertPropSvc - ok
14:30:25.0741 0172 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:30:25.0800 0172 circlass - ok
14:30:25.0845 0172 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:30:25.0896 0172 CLFS - ok
14:30:26.0004 0172 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:30:26.0041 0172 clr_optimization_v2.0.50727_32 - ok
14:30:26.0130 0172 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:30:26.0163 0172 clr_optimization_v2.0.50727_64 - ok
14:30:26.0255 0172 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:30:26.0278 0172 clr_optimization_v4.0.30319_32 - ok
14:30:26.0367 0172 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:30:26.0386 0172 clr_optimization_v4.0.30319_64 - ok
14:30:26.0419 0172 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:30:26.0474 0172 CmBatt - ok
14:30:26.0499 0172 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:30:26.0532 0172 cmdide - ok
14:30:26.0599 0172 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:30:26.0675 0172 CNG - ok
14:30:26.0686 0172 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:30:26.0709 0172 Compbatt - ok
14:30:26.0746 0172 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:30:26.0799 0172 CompositeBus - ok
14:30:26.0802 0172 COMSysApp - ok
14:30:26.0817 0172 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:30:26.0829 0172 crcdisk - ok
14:30:26.0957 0172 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\Windows\SysWOW64\CTsvcCDA.exe
14:30:26.0987 0172 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning
14:30:26.0987 0172 Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)
14:30:27.0023 0172 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:30:27.0111 0172 CryptSvc - ok
14:30:27.0190 0172 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
14:30:27.0269 0172 CSC - ok
14:30:27.0336 0172 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
14:30:27.0421 0172 CscService - ok
14:30:27.0469 0172 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:30:27.0550 0172 DcomLaunch - ok
14:30:27.0591 0172 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:30:27.0681 0172 defragsvc - ok
14:30:27.0761 0172 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:30:27.0855 0172 DfsC - ok
14:30:27.0900 0172 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:30:27.0956 0172 Dhcp - ok
14:30:28.0008 0172 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:30:28.0089 0172 discache - ok
14:30:28.0112 0172 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:30:28.0137 0172 Disk - ok
14:30:28.0179 0172 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:30:28.0214 0172 Dnscache - ok
14:30:28.0251 0172 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:30:28.0311 0172 dot3svc - ok
14:30:28.0342 0172 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:30:28.0435 0172 DPS - ok
14:30:28.0466 0172 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:30:28.0512 0172 drmkaud - ok
14:30:28.0571 0172 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:30:28.0605 0172 dtsoftbus01 - ok
14:30:28.0709 0172 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:30:28.0786 0172 DXGKrnl - ok
14:30:28.0832 0172 eamonm (aca3fe4f18a945b7bf2618a79f6f670b) C:\Windows\system32\DRIVERS\eamonm.sys
14:30:28.0860 0172 eamonm - ok
14:30:28.0899 0172 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:30:28.0981 0172 EapHost - ok
14:30:29.0158 0172 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:30:29.0338 0172 ebdrv - ok
14:30:29.0453 0172 efavdrv - ok
14:30:29.0495 0172 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:30:29.0534 0172 EFS - ok
14:30:29.0608 0172 ehdrv (6672438bdcbfd87250d22112d458294d) C:\Windows\system32\DRIVERS\ehdrv.sys
14:30:29.0676 0172 ehdrv - ok
14:30:29.0776 0172 EhttpSrv (deb2b067745d92ff17a5068dfd2360bc) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
14:30:29.0793 0172 EhttpSrv - ok
14:30:29.0885 0172 ekrn (191d8eccc40f05b52fac0513f35ba01d) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
14:30:29.0937 0172 ekrn - ok
14:30:29.0986 0172 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:30:30.0016 0172 elxstor - ok
14:30:30.0071 0172 epfwwfpr (954fade8e59f159b0a71d0cfcc99a76e) C:\Windows\system32\DRIVERS\epfwwfpr.sys
14:30:30.0120 0172 epfwwfpr - ok
14:30:30.0146 0172 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:30:30.0187 0172 ErrDev - ok
14:30:30.0232 0172 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:30:30.0294 0172 EventSystem - ok
14:30:30.0314 0172 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:30:30.0398 0172 exfat - ok
14:30:30.0423 0172 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:30:30.0520 0172 fastfat - ok
14:30:30.0574 0172 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:30:30.0633 0172 Fax - ok
14:30:30.0648 0172 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:30:30.0713 0172 fdc - ok
14:30:30.0729 0172 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:30:30.0792 0172 fdPHost - ok
14:30:30.0809 0172 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:30:30.0860 0172 FDResPub - ok
14:30:30.0893 0172 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:30:30.0918 0172 FileInfo - ok
14:30:30.0936 0172 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:30:30.0998 0172 Filetrace - ok
14:30:31.0015 0172 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:30:31.0025 0172 flpydisk - ok
14:30:31.0073 0172 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:30:31.0129 0172 FltMgr - ok
14:30:31.0227 0172 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:30:31.0304 0172 FontCache - ok
14:30:31.0418 0172 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:30:31.0450 0172 FontCache3.0.0.0 - ok
14:30:31.0540 0172 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:30:31.0602 0172 FsDepends - ok
14:30:31.0659 0172 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:30:31.0698 0172 Fs_Rec - ok
14:30:31.0741 0172 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:30:31.0778 0172 fvevol - ok
14:30:31.0796 0172 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:30:31.0860 0172 gagp30kx - ok
14:30:31.0893 0172 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:30:31.0901 0172 GEARAspiWDM - ok
14:30:31.0986 0172 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:30:32.0096 0172 gpsvc - ok
14:30:32.0222 0172 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:30:32.0241 0172 gupdate - ok
14:30:32.0266 0172 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:30:32.0282 0172 gupdatem - ok
14:30:32.0355 0172 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
14:30:32.0400 0172 hamachi - ok
14:30:32.0584 0172 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
14:30:32.0696 0172 Hamachi2Svc - ok
14:30:32.0851 0172 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:30:32.0887 0172 hcw85cir - ok
14:30:32.0967 0172 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:30:33.0008 0172 HdAudAddService - ok
14:30:33.0033 0172 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:30:33.0080 0172 HDAudBus - ok
14:30:33.0097 0172 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:30:33.0147 0172 HidBatt - ok
14:30:33.0166 0172 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:30:33.0222 0172 HidBth - ok
14:30:33.0240 0172 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:30:33.0296 0172 HidIr - ok
14:30:33.0324 0172 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:30:33.0390 0172 hidserv - ok
14:30:33.0423 0172 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:30:33.0447 0172 HidUsb - ok
14:30:33.0479 0172 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:30:33.0540 0172 hkmsvc - ok
14:30:33.0573 0172 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:30:33.0615 0172 HomeGroupListener - ok
14:30:33.0651 0172 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:30:33.0692 0172 HomeGroupProvider - ok
14:30:33.0719 0172 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:30:33.0755 0172 HpSAMD - ok
14:30:33.0830 0172 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:30:33.0949 0172 HTTP - ok
14:30:34.0006 0172 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:30:34.0042 0172 hwpolicy - ok
14:30:34.0074 0172 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:30:34.0114 0172 i8042prt - ok
14:30:34.0167 0172 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:30:34.0221 0172 iaStorV - ok
14:30:34.0372 0172 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:30:34.0431 0172 idsvc - ok
14:30:34.0947 0172 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:30:35.0384 0172 igfx - ok
14:30:35.0501 0172 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:30:35.0523 0172 iirsp - ok
14:30:35.0609 0172 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:30:35.0702 0172 IKEEXT - ok
14:30:35.0730 0172 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:30:35.0740 0172 intelide - ok
14:30:35.0758 0172 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:30:35.0825 0172 intelppm - ok
14:30:35.0939 0172 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
14:30:35.0955 0172 IntuitUpdateServiceV4 - ok
14:30:35.0995 0172 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:30:36.0087 0172 IPBusEnum - ok
14:30:36.0118 0172 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:30:36.0203 0172 IpFilterDriver - ok
14:30:36.0247 0172 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:30:36.0323 0172 iphlpsvc - ok
14:30:36.0348 0172 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:30:36.0374 0172 IPMIDRV - ok
14:30:36.0408 0172 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:30:36.0499 0172 IPNAT - ok
14:30:36.0630 0172 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
14:30:36.0694 0172 iPod Service - ok
14:30:36.0712 0172 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:30:36.0729 0172 IRENUM - ok
14:30:36.0759 0172 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:30:36.0799 0172 isapnp - ok
14:30:36.0818 0172 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:30:36.0859 0172 iScsiPrt - ok
14:30:36.0870 0172 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
14:30:36.0896 0172 kbdclass - ok
14:30:36.0937 0172 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:30:36.0972 0172 kbdhid - ok
14:30:36.0995 0172 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:30:37.0017 0172 KeyIso - ok
14:30:37.0055 0172 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:30:37.0089 0172 KSecDD - ok
14:30:37.0121 0172 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:30:37.0171 0172 KSecPkg - ok
14:30:37.0207 0172 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:30:37.0287 0172 ksthunk - ok
14:30:37.0330 0172 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:30:37.0392 0172 KtmRm - ok
14:30:37.0433 0172 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
14:30:37.0521 0172 LanmanServer - ok
14:30:37.0796 0172 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:30:37.0878 0172 LanmanWorkstation - ok
14:30:37.0895 0172 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:30:37.0975 0172 lltdio - ok
14:30:38.0014 0172 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:30:38.0075 0172 lltdsvc - ok
14:30:38.0090 0172 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:30:38.0122 0172 lmhosts - ok
14:30:38.0205 0172 LMIGuardianSvc (d55a7d0553c7102f63872936c7a9d9db) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
14:30:38.0232 0172 LMIGuardianSvc - ok
14:30:38.0260 0172 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
14:30:38.0296 0172 LMIInfo - ok
14:30:38.0332 0172 LMIMaint (a7d256c8847df6e88bddb55f87e54f46) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
14:30:38.0352 0172 LMIMaint - ok
14:30:38.0394 0172 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
14:30:38.0429 0172 lmimirr - ok
14:30:38.0431 0172 LMIRfsClientNP - ok
14:30:38.0458 0172 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
14:30:38.0501 0172 LMIRfsDriver - ok
14:30:38.0531 0172 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
14:30:38.0546 0172 LogMeIn - ok
14:30:38.0588 0172 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:30:38.0644 0172 LSI_FC - ok
14:30:38.0660 0172 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:30:38.0700 0172 LSI_SAS - ok
14:30:38.0716 0172 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:30:38.0757 0172 LSI_SAS2 - ok
14:30:38.0773 0172 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:30:38.0814 0172 LSI_SCSI - ok
14:30:38.0850 0172 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:30:38.0933 0172 luafv - ok
14:30:38.0954 0172 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:30:38.0985 0172 megasas - ok
14:30:39.0006 0172 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:30:39.0047 0172 MegaSR - ok
14:30:39.0178 0172 Microsoft SharePoint Workspace Audit Service - ok
14:30:39.0207 0172 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:30:39.0271 0172 MMCSS - ok
14:30:39.0287 0172 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:30:39.0356 0172 Modem - ok
14:30:39.0386 0172 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:30:39.0429 0172 monitor - ok
14:30:39.0458 0172 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:30:39.0485 0172 mouclass - ok
14:30:39.0496 0172 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:30:39.0526 0172 mouhid - ok
14:30:39.0559 0172 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:30:39.0586 0172 mountmgr - ok
14:30:39.0628 0172 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:30:39.0669 0172 mpio - ok
14:30:39.0686 0172 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:30:39.0749 0172 mpsdrv - ok
14:30:39.0824 0172 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:30:39.0923 0172 MpsSvc - ok
14:30:39.0961 0172 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:30:40.0023 0172 MRxDAV - ok
14:30:40.0096 0172 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:30:40.0152 0172 mrxsmb - ok
14:30:40.0202 0172 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:30:40.0262 0172 mrxsmb10 - ok
14:30:40.0285 0172 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:30:40.0310 0172 mrxsmb20 - ok
14:30:40.0336 0172 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:30:40.0360 0172 msahci - ok
14:30:40.0398 0172 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:30:40.0460 0172 msdsm - ok
14:30:40.0502 0172 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:30:40.0556 0172 MSDTC - ok
14:30:40.0615 0172 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:30:40.0673 0172 Msfs - ok
14:30:40.0689 0172 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:30:40.0721 0172 mshidkmdf - ok
14:30:40.0737 0172 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:30:40.0757 0172 msisadrv - ok
14:30:40.0790 0172 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:30:40.0853 0172 MSiSCSI - ok
14:30:40.0855 0172 msiserver - ok
14:30:40.0884 0172 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:30:40.0935 0172 MSKSSRV - ok
14:30:40.0953 0172 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:30:41.0002 0172 MSPCLOCK - ok
14:30:41.0015 0172 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:30:41.0071 0172 MSPQM - ok
14:30:41.0114 0172 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:30:41.0146 0172 MsRPC - ok
14:30:41.0169 0172 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:30:41.0181 0172 mssmbios - ok
14:30:41.0191 0172 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:30:41.0242 0172 MSTEE - ok
14:30:41.0263 0172 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:30:41.0292 0172 MTConfig - ok
14:30:41.0331 0172 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
14:30:41.0402 0172 MTsensor - ok
14:30:41.0416 0172 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:30:41.0456 0172 Mup - ok
14:30:41.0510 0172 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:30:41.0597 0172 napagent - ok
14:30:41.0622 0172 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:30:41.0688 0172 NativeWifiP - ok
14:30:41.0814 0172 NAUpdate (e4534bccdd1ea7a7a256bb9d6688a5fc) C:\Program Files (x86)\Nero\Update\NASvc.exe
14:30:41.0853 0172 NAUpdate - ok
14:30:41.0927 0172 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:30:42.0017 0172 NDIS - ok
14:30:42.0035 0172 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:30:42.0078 0172 NdisCap - ok
14:30:42.0096 0172 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:30:42.0129 0172 NdisTapi - ok
14:30:42.0163 0172 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:30:42.0250 0172 Ndisuio - ok
14:30:42.0280 0172 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:30:42.0386 0172 NdisWan - ok
14:30:42.0413 0172 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:30:42.0519 0172 NDProxy - ok
14:30:42.0530 0172 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:30:42.0588 0172 NetBIOS - ok
14:30:42.0649 0172 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:30:42.0723 0172 NetBT - ok
14:30:42.0747 0172 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:30:42.0757 0172 Netlogon - ok
14:30:42.0834 0172 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:30:42.0908 0172 Netman - ok
14:30:42.0944 0172 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:30:43.0009 0172 netprofm - ok
14:30:43.0138 0172 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:30:43.0168 0172 NetTcpPortSharing - ok
14:30:43.0219 0172 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:30:43.0286 0172 nfrd960 - ok
14:30:43.0325 0172 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:30:43.0388 0172 NlaSvc - ok
14:30:43.0408 0172 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:30:43.0452 0172 Npfs - ok
14:30:43.0464 0172 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:30:43.0510 0172 nsi - ok
14:30:43.0530 0172 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:30:43.0588 0172 nsiproxy - ok
14:30:43.0718 0172 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:30:43.0805 0172 Ntfs - ok
14:30:43.0934 0172 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:30:44.0012 0172 Null - ok
14:30:44.0524 0172 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:30:44.0982 0172 nvlddmkm - ok
14:30:45.0067 0172 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:30:45.0126 0172 nvraid - ok
14:30:45.0170 0172 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:30:45.0236 0172 nvstor - ok
14:30:45.0274 0172 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:30:45.0326 0172 nv_agp - ok
14:30:45.0354 0172 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:30:45.0427 0172 ohci1394 - ok
14:30:45.0504 0172 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:30:45.0532 0172 ose - ok
14:30:45.0866 0172 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:30:46.0069 0172 osppsvc - ok
14:30:46.0177 0172 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:30:46.0227 0172 p2pimsvc - ok
14:30:46.0275 0172 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:30:46.0310 0172 p2psvc - ok
14:30:46.0370 0172 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:30:46.0447 0172 Parport - ok
14:30:46.0476 0172 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:30:46.0512 0172 partmgr - ok
14:30:46.0527 0172 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:30:46.0563 0172 PcaSvc - ok
14:30:46.0599 0172 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:30:46.0638 0172 pci - ok
14:30:46.0645 0172 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:30:46.0665 0172 pciide - ok
14:30:46.0689 0172 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:30:46.0728 0172 pcmcia - ok
14:30:46.0755 0172 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:30:46.0780 0172 pcw - ok
14:30:46.0817 0172 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:30:46.0908 0172 PEAUTH - ok
14:30:46.0982 0172 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
14:30:47.0062 0172 PeerDistSvc - ok
14:30:47.0151 0172 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:30:47.0194 0172 PerfHost - ok
14:30:47.0340 0172 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:30:47.0448 0172 pla - ok
14:30:47.0491 0172 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:30:47.0528 0172 PlugPlay - ok
14:30:47.0560 0172 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:30:47.0591 0172 PNRPAutoReg - ok
14:30:47.0626 0172 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:30:47.0645 0172 PNRPsvc - ok
14:30:47.0703 0172 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:30:47.0786 0172 PolicyAgent - ok
14:30:47.0823 0172 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:30:47.0900 0172 Power - ok
14:30:48.0016 0172 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:30:48.0135 0172 PptpMiniport - ok
14:30:48.0159 0172 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:30:48.0217 0172 Processor - ok
14:30:48.0252 0172 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:30:48.0327 0172 ProfSvc - ok
14:30:48.0350 0172 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:30:48.0360 0172 ProtectedStorage - ok
14:30:48.0391 0172 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:30:48.0436 0172 Psched - ok
14:30:48.0536 0172 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:30:48.0619 0172 ql2300 - ok
14:30:48.0771 0172 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:30:48.0807 0172 ql40xx - ok
14:30:48.0858 0172 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:30:48.0904 0172 QWAVE - ok
14:30:48.0923 0172 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:30:48.0983 0172 QWAVEdrv - ok
14:30:49.0008 0172 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:30:49.0116 0172 RasAcd - ok
14:30:49.0282 0172 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:30:49.0343 0172 RasAgileVpn - ok
14:30:49.0360 0172 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:30:49.0439 0172 RasAuto - ok
14:30:49.0493 0172 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:30:49.0613 0172 Rasl2tp - ok
14:30:49.0655 0172 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:30:49.0699 0172 RasMan - ok
14:30:49.0741 0172 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:30:49.0828 0172 RasPppoe - ok
14:30:49.0850 0172 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:30:49.0934 0172 RasSstp - ok
14:30:49.0994 0172 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:30:50.0062 0172 rdbss - ok
14:30:50.0090 0172 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:30:50.0143 0172 rdpbus - ok
14:30:50.0174 0172 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:30:50.0224 0172 RDPCDD - ok
14:30:50.0281 0172 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
14:30:50.0346 0172 RDPDR - ok
14:30:50.0356 0172 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:30:50.0410 0172 RDPENCDD - ok
14:30:50.0432 0172 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:30:50.0464 0172 RDPREFMP - ok
14:30:50.0512 0172 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
14:30:50.0561 0172 RdpVideoMiniport - ok
14:30:50.0604 0172 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
14:30:50.0668 0172 RDPWD - ok
14:30:50.0702 0172 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:30:50.0727 0172 rdyboost - ok
14:30:50.0776 0172 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:30:50.0863 0172 RemoteAccess - ok
14:30:50.0895 0172 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:30:50.0978 0172 RemoteRegistry - ok
14:30:51.0003 0172 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:30:51.0084 0172 RpcEptMapper - ok
14:30:51.0110 0172 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:30:51.0121 0172 RpcLocator - ok
14:30:51.0179 0172 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
14:30:51.0238 0172 RpcSs - ok
14:30:51.0293 0172 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:30:51.0374 0172 rspndr - ok
14:30:51.0425 0172 RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:30:51.0470 0172 RTL8167 - ok
14:30:51.0497 0172 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
14:30:51.0507 0172 s3cap - ok
14:30:51.0539 0172 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:30:51.0549 0172 SamSs - ok
14:30:51.0584 0172 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:30:51.0645 0172 sbp2port - ok
14:30:51.0684 0172 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:30:51.0754 0172 SCardSvr - ok
14:30:51.0794 0172 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:30:51.0852 0172 scfilter - ok
14:30:51.0937 0172 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:30:52.0069 0172 Schedule - ok
14:30:52.0098 0172 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:30:52.0132 0172 SCPolicySvc - ok
14:30:52.0173 0172 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:30:52.0220 0172 SDRSVC - ok
14:30:52.0323 0172 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:30:52.0405 0172 secdrv - ok
14:30:52.0440 0172 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:30:52.0503 0172 seclogon - ok
14:30:52.0527 0172 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
14:30:52.0593 0172 SENS - ok
14:30:52.0609 0172 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:30:52.0621 0172 SensrSvc - ok
14:30:52.0650 0172 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:30:52.0689 0172 Serenum - ok
14:30:52.0708 0172 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:30:52.0795 0172 Serial - ok
14:30:52.0827 0172 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:30:52.0865 0172 sermouse - ok
14:30:52.0901 0172 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:30:52.0972 0172 SessionEnv - ok
14:30:52.0996 0172 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:30:53.0036 0172 sffdisk - ok
14:30:53.0057 0172 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:30:53.0099 0172 sffp_mmc - ok
14:30:53.0116 0172 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:30:53.0148 0172 sffp_sd - ok
14:30:53.0172 0172 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:30:53.0217 0172 sfloppy - ok
14:30:53.0279 0172 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:30:53.0364 0172 SharedAccess - ok
14:30:53.0431 0172 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:30:53.0507 0172 ShellHWDetection - ok
14:30:53.0522 0172 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:30:53.0553 0172 SiSRaid2 - ok
14:30:53.0569 0172 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:30:53.0604 0172 SiSRaid4 - ok
14:30:53.0619 0172 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:30:53.0670 0172 Smb - ok
14:30:53.0742 0172 snapman (10450f432811d7fda60a97fcc674d7b2) C:\Windows\system32\DRIVERS\snapman.sys
14:30:53.0780 0172 snapman - ok
14:30:53.0808 0172 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:30:53.0848 0172 SNMPTRAP - ok
14:30:53.0865 0172 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:30:53.0891 0172 spldr - ok
14:30:53.0953 0172 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:30:54.0000 0172 Spooler - ok
14:30:54.0147 0172 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:30:54.0292 0172 sppsvc - ok
14:30:54.0426 0172 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:30:54.0495 0172 sppuinotify - ok
14:30:54.0579 0172 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:30:54.0664 0172 srv - ok
14:30:54.0707 0172 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:30:54.0764 0172 srv2 - ok
14:30:54.0792 0172 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:30:54.0837 0172 srvnet - ok
14:30:54.0867 0172 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:30:54.0926 0172 SSDPSRV - ok
14:30:54.0944 0172 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:30:54.0992 0172 SstpSvc - ok
14:30:55.0019 0172 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:30:55.0029 0172 stexstor - ok
14:30:55.0087 0172 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:30:55.0129 0172 stisvc - ok
14:30:55.0174 0172 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
14:30:55.0184 0172 storflt - ok
14:30:55.0203 0172 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
14:30:55.0226 0172 storvsc - ok
14:30:55.0241 0172 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:30:55.0264 0172 swenum - ok
14:30:55.0297 0172 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:30:55.0370 0172 swprv - ok
14:30:55.0372 0172 Synth3dVsc - ok
14:30:55.0477 0172 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:30:55.0600 0172 SysMain - ok
14:30:55.0727 0172 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:30:55.0773 0172 TabletInputService - ok
14:30:55.0838 0172 TabletServicePen - ok
14:30:55.0889 0172 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:30:55.0973 0172 TapiSrv - ok
14:30:56.0021 0172 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:30:56.0071 0172 TBS - ok
14:30:56.0234 0172 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:30:56.0328 0172 Tcpip - ok
14:30:56.0502 0172 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:30:56.0543 0172 TCPIP6 - ok
14:30:56.0628 0172 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:30:56.0698 0172 tcpipreg - ok
14:30:56.0726 0172 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:30:56.0765 0172 TDPIPE - ok
14:30:56.0868 0172 tdrpman273 (99527d49ee0a96fc25537c61b270a372) C:\Windows\system32\DRIVERS\tdrpm273.sys
14:30:56.0936 0172 tdrpman273 - ok
14:30:56.0968 0172 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:30:56.0989 0172 TDTCP - ok
14:30:57.0028 0172 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:30:57.0103 0172 tdx - ok
14:30:57.0143 0172 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:30:57.0204 0172 TermDD - ok
14:30:57.0250 0172 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:30:57.0350 0172 TermService - ok
14:30:57.0378 0172 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:30:57.0395 0172 Themes - ok
14:30:57.0429 0172 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:30:57.0462 0172 THREADORDER - ok
14:30:57.0547 0172 timounter (ebbaea02f0095a798000c7e06b16d41b) C:\Windows\system32\DRIVERS\timntr.sys
14:30:57.0626 0172 timounter - ok
14:30:57.0660 0172 TouchServicePen - ok
14:30:57.0678 0172 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:30:57.0712 0172 TrkWks - ok
14:30:57.0775 0172 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:30:57.0851 0172 TrustedInstaller - ok
14:30:57.0884 0172 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:30:57.0936 0172 tssecsrv - ok
14:30:57.0982 0172 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:30:58.0053 0172 TsUsbFlt - ok
14:30:58.0055 0172 tsusbhub - ok
14:30:58.0108 0172 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:30:58.0206 0172 tunnel - ok
14:30:58.0240 0172 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:30:58.0287 0172 uagp35 - ok
14:30:58.0339 0172 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:30:58.0413 0172 udfs - ok
14:30:58.0445 0172 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:30:58.0473 0172 UI0Detect - ok
14:30:58.0507 0172 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:30:58.0559 0172 uliagpkx - ok
14:30:58.0597 0172 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:30:58.0664 0172 umbus - ok
14:30:58.0681 0172 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:30:58.0727 0172 UmPass - ok
14:30:58.0760 0172 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
14:30:58.0796 0172 UmRdpService - ok
14:30:58.0827 0172 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:30:58.0906 0172 upnphost - ok
14:30:58.0930 0172 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
14:30:58.0968 0172 USBAAPL64 - ok
14:30:58.0999 0172 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
14:30:59.0040 0172 usbccgp - ok
14:30:59.0079 0172 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:30:59.0123 0172 usbcir - ok
14:30:59.0173 0172 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:30:59.0250 0172 usbehci - ok
14:30:59.0288 0172 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:30:59.0342 0172 usbhub - ok
14:30:59.0359 0172 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:30:59.0404 0172 usbohci - ok
14:30:59.0432 0172 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:30:59.0485 0172 usbprint - ok
14:30:59.0516 0172 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:30:59.0555 0172 usbscan - ok
14:30:59.0584 0172 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:30:59.0663 0172 USBSTOR - ok
14:30:59.0702 0172 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:30:59.0835 0172 usbuhci - ok
14:31:00.0002 0172 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:31:00.0083 0172 UxSms - ok
14:31:00.0104 0172 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:31:00.0117 0172 VaultSvc - ok
14:31:00.0161 0172 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:31:00.0211 0172 vdrvroot - ok
14:31:00.0261 0172 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:31:00.0321 0172 vds - ok
14:31:00.0350 0172 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:31:00.0365 0172 vga - ok
14:31:00.0376 0172 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:31:00.0439 0172 VgaSave - ok
14:31:00.0442 0172 VGPU - ok
14:31:00.0478 0172 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:31:00.0532 0172 vhdmp - ok
14:31:00.0571 0172 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:31:00.0597 0172 viaide - ok
14:31:00.0655 0172 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
14:31:00.0720 0172 vmbus - ok
14:31:00.0734 0172 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
14:31:00.0771 0172 VMBusHID - ok
14:31:00.0777 0172 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:31:00.0808 0172 volmgr - ok
14:31:00.0891 0172 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:31:00.0925 0172 volmgrx - ok
14:31:00.0950 0172 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:31:00.0989 0172 volsnap - ok
14:31:01.0028 0172 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
14:31:01.0056 0172 vpcbus - ok
14:31:01.0110 0172 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
14:31:01.0171 0172 vpcnfltr - ok
14:31:01.0192 0172 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
14:31:01.0251 0172 vpcusb - ok
14:31:01.0296 0172 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
14:31:01.0321 0172 vpcvmm - ok
14:31:01.0360 0172 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:31:01.0395 0172 vsmraid - ok
14:31:01.0490 0172 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:31:01.0596 0172 VSS - ok
14:31:01.0721 0172 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:31:01.0777 0172 vwifibus - ok
14:31:01.0816 0172 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:31:01.0857 0172 W32Time - ok
14:31:01.0860 0172 wacmoumonitor - ok
14:31:01.0863 0172 wacommousefilter - ok
14:31:01.0891 0172 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:31:01.0917 0172 WacomPen - ok
14:31:01.0920 0172 wacomvhid - ok
14:31:01.0948 0172 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:31:02.0022 0172 WANARP - ok
14:31:02.0024 0172 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:31:02.0055 0172 Wanarpv6 - ok
14:31:02.0160 0172 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:31:02.0235 0172 WatAdminSvc - ok
14:31:02.0343 0172 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:31:02.0455 0172 wbengine - ok
14:31:02.0576 0172 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:31:02.0640 0172 WbioSrvc - ok
14:31:02.0684 0172 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:31:02.0712 0172 wcncsvc - ok
14:31:02.0731 0172 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:31:02.0762 0172 WcsPlugInService - ok
14:31:02.0828 0172 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:31:02.0843 0172 Wd - ok
14:31:02.0901 0172 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:31:02.0956 0172 Wdf01000 - ok
14:31:02.0966 0172 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:31:03.0120 0172 WdiServiceHost - ok
14:31:03.0124 0172 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:31:03.0145 0172 WdiSystemHost - ok
14:31:03.0191 0172 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:31:03.0250 0172 WebClient - ok
14:31:03.0280 0172 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:31:03.0349 0172 Wecsvc - ok
14:31:03.0368 0172 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:31:03.0449 0172 wercplsupport - ok
14:31:03.0474 0172 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:31:03.0527 0172 WerSvc - ok
14:31:03.0636 0172 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:31:03.0705 0172 WfpLwf - ok
14:31:03.0721 0172 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:31:03.0741 0172 WIMMount - ok
14:31:03.0780 0172 WinDefend - ok
14:31:03.0785 0172 WinHttpAutoProxySvc - ok
14:31:03.0881 0172 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:31:03.0949 0172 Winmgmt - ok
14:31:04.0059 0172 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:31:04.0190 0172 WinRM - ok
14:31:04.0346 0172 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:31:04.0401 0172 WinUsb - ok
14:31:04.0486 0172 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:31:04.0570 0172 Wlansvc - ok
14:31:04.0798 0172 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:31:04.0904 0172 wlidsvc - ok
14:31:05.0166 0172 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:31:05.0255 0172 WmiAcpi - ok
14:31:05.0364 0172 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:31:05.0416 0172 wmiApSrv - ok
14:31:05.0470 0172 WMPNetworkSvc - ok
14:31:05.0503 0172 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:31:05.0527 0172 WPCSvc - ok
14:31:05.0560 0172 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:31:05.0619 0172 WPDBusEnum - ok
14:31:05.0658 0172 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:31:05.0735 0172 ws2ifsl - ok
14:31:05.0764 0172 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
14:31:05.0818 0172 wscsvc - ok
14:31:05.0822 0172 WSearch - ok
14:31:05.0965 0172 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:31:06.0151 0172 wuauserv - ok
14:31:06.0303 0172 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:31:06.0393 0172 WudfPf - ok
14:31:06.0432 0172 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:31:06.0490 0172 WUDFRd - ok
14:31:06.0518 0172 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:31:06.0587 0172 wudfsvc - ok
14:31:06.0634 0172 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:31:06.0699 0172 WwanSvc - ok
14:31:06.0732 0172 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:31:07.0104 0172 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:31:07.0104 0172 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:31:07.0106 0172 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
14:31:07.0155 0172 \Device\Harddisk1\DR1 - ok
14:31:07.0159 0172 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
14:31:07.0216 0172 \Device\Harddisk2\DR2 - ok
14:31:07.0219 0172 Boot (0x1200) (7615a7af663135034c0d2ae89899d022) \Device\Harddisk0\DR0\Partition0
14:31:07.0221 0172 \Device\Harddisk0\DR0\Partition0 - ok
14:31:07.0227 0172 Boot (0x1200) (0c06356ac56fad3ecdf1dcd065c02be8) \Device\Harddisk1\DR1\Partition0
14:31:07.0229 0172 \Device\Harddisk1\DR1\Partition0 - ok
14:31:07.0238 0172 Boot (0x1200) (f41fe51333635436d35ba3e2e44726a0) \Device\Harddisk1\DR1\Partition1
14:31:07.0240 0172 \Device\Harddisk1\DR1\Partition1 - ok
14:31:07.0276 0172 Boot (0x1200) (d64e32350b8a4da731cc04d33699a813) \Device\Harddisk1\DR1\Partition2
14:31:07.0278 0172 \Device\Harddisk1\DR1\Partition2 - ok
14:31:07.0282 0172 Boot (0x1200) (a508802763d70d8bb15bcf88ae023301) \Device\Harddisk2\DR2\Partition0
14:31:07.0284 0172 \Device\Harddisk2\DR2\Partition0 - ok
14:31:07.0316 0172 ============================================================
14:31:07.0317 0172 Scan finished
14:31:07.0317 0172 ============================================================
14:31:07.0359 2700 Detected object count: 2
14:31:07.0360 2700 Actual detected object count: 2
14:31:12.0503 2700 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user
14:31:12.0503 2700 Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:31:12.0544 2700 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
14:31:12.0552 2700 \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine
14:31:12.0557 2700 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
14:31:12.0590 2700 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
14:31:13.0298 2700 \Device\Harddisk0\DR0\TDLFS - deleted
14:31:13.0298 2700 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
14:31:20.0465 3968 Deinitialize success


All processes killed
========== OTL ==========
Service TouchServicePen stopped successfully!
Service TouchServicePen deleted successfully!
File C:\Program Files\Tablet\Pen\Pen_TouchService.exe not found.
Service TabletServicePen stopped successfully!
Service TabletServicePen deleted successfully!
File C:\Program Files\Tablet\Pen\Pen_Tablet.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Mommy\Desktop\cmd.bat deleted successfully.
C:\Users\Mommy\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mommy
->Temp folder emptied: 58015162 bytes
->Temporary Internet Files folder emptied: 119122208 bytes
->Java cache emptied: 664785 bytes
->Google Chrome cache emptied: 408905345 bytes
->Flash cache emptied: 225036 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 829749773 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows \Temporary Internet Files folder emptied: 67496 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,351.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: LogMeInRemoteUser

User: Mommy
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser

User: Mommy
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.45.0 log created on 06012012_143721

Files\Folders moved on Reboot...
C:\Users\Mommy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

SystemLook 30.07.11 by jpshortstuff
Log created at 15:00 on 01/06/2012 by Mommy
Administrator - Elevation successful

========== file ==========

c:\windows\system32\drivers\efavdrv.sys - Unable to find/read file.

C:\Windows\KMSEmulator.exe - File found and opened.
MD5: 485055033BCDDFDE56325C0D2FEEA4F2
Created at 20:06 on 21/05/2011
Modified at 20:06 on 21/05/2011
Size: 151552 bytes
Attributes: --a----
No version information available.

C:\Windows\tasks\AutoKMS.job - File found and opened.
MD5: 9802FD7C62B1F237665B8E368B2F686F
Created at 14:17 on 04/01/2012
Modified at 18:57 on 01/06/2012
Size: 266 bytes
Attributes: --a----
No version information available.

========== dir ==========

C:\Users\Mommy\AppData\Roaming\FDAEED01-7C45-4A70-AD09-0D4D909E34B3 - Parameters: "/sub"

---Files---
.RestoreList --a---- 0 bytes [20:13 21/05/2011] [20:13 21/05/2011]

No folders found.

C:\sh4ldr - Parameters: "/sub"

---Files---
shldr.mbr --a---- 8192 bytes [12:28 19/05/2012] [12:28 19/05/2012]

No folders found.

C:\Users\Mommy\AppData\Roaming\redsn0w - Parameters: "/sub"

---Files---
iPhone3,3_5.0.1_9A405_applelogo.img3 --a---- 15172 bytes [00:05 31/12/2011] [00:05 31/12/2011]
iPhone3,3_5.0.1_9A405_DeviceTree.img3 --a---- 60740 bytes [00:05 31/12/2011] [00:05 31/12/2011]
iPhone3,3_5.0.1_9A405_iBEC.dfu --a---- 240132 bytes [00:05 31/12/2011] [00:05 31/12/2011]
iPhone3,3_5.0.1_9A405_iBoot.img3 --a---- 240132 bytes [00:05 31/12/2011] [00:05 31/12/2011]
iPhone3,3_5.0.1_9A405_iBSS.dfu --a---- 68100 bytes [00:05 31/12/2011] [00:05 31/12/2011]
iPhone3,3_5.0.1_9A405_kernelcache.img3 --a---- 6470916 bytes [00:05 31/12/2011] [00:05 31/12/2011]
iPhone3,3_5.0.1_9A405_LLB.img3 --a---- 121348 bytes [00:05 31/12/2011] [00:05 31/12/2011]
iPhone3,3_5.0.1_9A405_manifest --a---- 387 bytes [00:05 31/12/2011] [00:05 31/12/2011]

No folders found.

-= EOF =-
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,323 posts.
 
Join Date: Mar 2001
Location: Bradford, England
01-Jun-2012, 05:29 PM #12
Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html (direct download http://www.safer-networking.org/files/sfp.zip )

Unzip it to desktop, open it & paste in the contents of the quote box below, press next & it will create an archive (zip/cab file) on desktop

please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file

Quote:

C:\Windows\KMSEmulator.exe
C:\Windows\tasks\AutoKMS.job

Let me know when they're uploaded
Bertie Bott's Avatar
Bertie Bott Bertie Bott is offline
Member with 33 posts.
THREAD STARTER
 
Join Date: Dec 2006
02-Jun-2012, 01:51 PM #13
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,323 posts.
 
Join Date: Mar 2001
Location: Bradford, England
04-Jun-2012, 05:08 AM #14
Thanks

Can you also see if you can upload this as well. It may/may not be there

C:\Windows\AutoKMS\AutoKMS.exe

Just reply to the same thread at the other site

---------

In the meantime, can you run a scan as follows:

Please go to here to run an online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.



On a side note, since the Eset scanner is a 32-bit applcation, If you're running a 64-bit system you have to choose the 32-bit option in IE when running the scan
Bertie Bott's Avatar
Bertie Bott Bertie Bott is offline
Member with 33 posts.
THREAD STARTER
 
Join Date: Dec 2006
04-Jun-2012, 09:47 AM #15
C:\Qoobox\Quarantine\C\Users\Mommy\AppData\Local\Badger I.T\Apple Computer\elbmwb.dll.vir a variant of Win32/Kryptik.AGAE trojan cleaned by deleting - quarantined
C:\Windows\KMSEmulator.exe a variant of Win32/HackKMS.A application cleaned by deleting - quarantined
C:\Windows\AutoKMS\AutoKMS.exe probably a variant of Win32/HackKMS.B application cleaned by deleting - quarantined


Requested exe was also posted on other forum
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑