Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: I simply cant get rid of imminent search as my default firefox search


(!)

PEP's Avatar
PEP PEP is offline
Computer Specs
Account Disabled with 2,366 posts.
THREAD STARTER
 
Join Date: Feb 2006
Location: New York
Experience: Vir........ medium.......
23-May-2012, 05:48 AM #1
I simply cant get rid of imminent search as my default firefox search
ok guys i can really use some help here.
As title says, ive been trying to get rid of imminent search for a while now and it just wont frickin go away!!!
its not in add/remove programs, i tried spybot, kaspersky scan, firefox addon removals. its like the search is hardcoded into firefox or something... also my booting takes extremely long as of late, the desktop freezes on startup for a good minute+ before the antivirus loads up and everything works...
Please help me out here, i dont know what else to do...
actually now that ive ran the programs needed here, i do see that i missed some stuff, but ill leave it to the professionals to give the final word

System specs:
CPU: core2quad 2.4ghz
GPU: ati 4870 512mb
RAM: 4 gig(2 2gig sticks)
gigabyte motherboard
windows 7 ultimate
500gb HD


HIJACK LOG:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:39:10 AM, on 5/23/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\a folder\Files\DOWNLOADS\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_cus...spx?tbid=80115
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.Reco rderBarBHO100.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\a folder\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
O4 - HKLM\..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
O4 - HKLM\..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup
O4 - HKLM\..\Run: [NI Background Service] C:\a folder\Program Files (x86)\National Instruments\Shared\Update Service\BackgroundService.exe
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Adflybot] C:\Eliteclicks\Adflybot
O4 - HKCU\..\Run: [ghost] C:\temp\ghost
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\AFOLDE~1\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\AFOLDE~1\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\AFOLDE~1\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\a folder\Program Files (x86)\AIM\aim.exe
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.facebook.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\SysWOW64\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\Windows\SysWOW64\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\Windows\SysWOW64\lktsrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\a folder\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corporation - C:\Windows\SysWOW64\nisvcloc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\a folder\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11134 bytes

DDS LOG
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by PEP at 5:40:00 on 2012-05-23
Microsoft Windows 7 Ultimate 6.1.7601.1.1251.7.1033.18.4094.2443 [GMT -4:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\lkads.exe
C:\Windows\SysWOW64\lktsrv.exe
C:\a folder\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
C:\Windows\SysWOW64\nisvcloc.exe
C:\a folder\Program Files\OO Software\Defrag\oodag.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DeviceDisplayObjectProvider.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\DXPServer.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\splwow64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar =
uSearch Page =
uStart Page = hxxp://www.google.com/
mSearchAssistant =
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80115
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: IMinent WebBooster (BHO): {a09ab6eb-31b5-454c-97ec-9b294d92ee2a} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.Reco rderBarBHO100.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Adflybot] C:\Eliteclicks\Adflybot
uRun: [ghost] C:\temp\ghost
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [Adobe Reader Speed Launcher] "C:\a folder\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
mRun: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
mRun: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup
mRun: [NI Background Service] C:\a folder\Program Files (x86)\National Instruments\Shared\Update Service\BackgroundService.exe
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
dRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\a folder\Program Files (x86)\AIM\aim.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\AFOLDE~1\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\AFOLDE~1\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
Trusted Zone: facebook.com\www
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{659D3C6A-9AF6-47A6-8D43-C5166F4A3B63} : DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll
BHO-X64: IMinent WebBooster - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.Reco rderBarBHO100.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
EB-X64: {5802D092-1784-4908-8CDB-99B6842D353D} - No File
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\a folder\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
mRun-x64: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
mRun-x64: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
mRun-x64: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup
mRun-x64: [NI Background Service] C:\a folder\Program Files (x86)\National Instruments\Shared\Update Service\BackgroundService.exe
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
IE-X64: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\a folder\Program Files (x86)\AIM\aim.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\PEP\AppData\Roaming\Mozilla\Firefox\Profiles\pv2z0nyu.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: C:\a folder\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\a folder\Program Files (x86)\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: C:\a folder\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\a folder\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
FF - plugin: C:\a folder\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: C:\a folder\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll
FF - plugin: C:\a folder\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: C:\a folder\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: C:\a folder\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: C:\a folder\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: C:\a folder\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: C:\a folder\Program Files (x86)\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nplv86win32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nplv90win32.dll
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\PEP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-25 202296]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-15 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-15 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-15 129976]
S3 RDID1053;PC-50;C:\Windows\system32\Drivers\rdwm1053.sys --> C:\Windows\system32\Drivers\rdwm1053.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 CSHelper;CopySafe Helper Service;C:\Windows\SysWOW64\CSHelper.exe [2010-1-30 266240]
.
=============== Created Last 30 ================
.
2012-05-21 05:44:18 -------- d-----w- C:\BigFishGamesCache
2012-05-15 05:27:36 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-05-10 03:37:35 -------- d-----w- C:\Users\PEP\.dia
2012-05-09 04:48:31 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-05-06 04:11:14 -------- d-----w- C:\Users\PEP\AppData\Local\{E14F677C-8118-476A-92C8-338A2CFA9E76}
2012-05-06 04:11:02 -------- d-----w- C:\Users\PEP\AppData\Local\{73EAE1C6-6666-4AC8-9C64-F162D8CF6850}
2012-05-04 00:49:36 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-24 19:35:18 -------- d-----w- C:\Users\PEP\AppData\Local\{9C0B4AB5-88DB-4C60-92E1-4D5E7490AA7B}
2012-04-24 19:35:07 -------- d-----w- C:\Users\PEP\AppData\Local\{0103CB08-2810-457D-B515-B1B6AD26AFEB}
.
==================== Find3M ====================
.
2012-04-22 00:22:42 202448 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-04-06 05:22:40 11174400 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-04-06 02:34:26 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-04-06 02:34:10 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-04-06 02:34:04 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-04-06 02:33:56 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-04-06 02:33:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-04-06 02:33:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll
2012-04-06 02:32:56 13007872 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-04-06 02:22:00 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-04-06 02:21:52 909312 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-04-06 02:20:04 1067520 ----a-w- C:\Windows\System32\aticfx64.dll
2012-04-06 02:16:52 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-04-06 02:16:46 503808 ----a-w- C:\Windows\System32\atieclxx.exe
2012-04-06 02:16:02 236544 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-04-06 02:14:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-04-06 02:14:30 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-04-06 02:14:26 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-04-06 02:14:20 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-04-06 02:13:42 6800896 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-04-06 02:10:50 26181632 ----a-w- C:\Windows\System32\atio6axx.dll
2012-04-06 02:00:10 64000 ----a-w- C:\Windows\System32\coinst.dll
2012-04-06 01:54:46 7479296 ----a-w- C:\Windows\System32\atidxx64.dll
2012-04-06 01:50:56 19753984 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-04-06 01:35:24 1120768 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-04-06 01:34:50 1831424 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-04-06 01:34:34 4731904 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-04-06 01:34:04 6203392 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-04-06 01:30:16 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-04-06 01:30:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-04-06 01:30:08 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-04-06 01:30:06 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-04-06 01:29:54 16090624 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-04-06 01:25:30 13764096 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-04-06 01:23:24 7431680 ----a-w- C:\Windows\System32\atiumd64.dll
2012-04-06 01:22:54 4795904 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-04-06 01:11:28 514560 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-04-06 01:11:20 360448 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-04-06 01:11:06 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-04-06 01:11:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-04-06 01:11:04 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-04-06 01:11:00 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-04-06 01:10:52 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-04-06 01:10:44 343040 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-04-06 01:09:56 54784 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-04-06 01:09:48 41984 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-04-06 01:09:42 44544 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-04-06 01:09:34 32256 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-04-06 01:09:02 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-03-25 18:25:48 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-09 05:24:22 54272 ----a-w- C:\Windows\System32\OpenCL.dll
2012-03-09 05:24:14 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-03-08 22:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2012-02-23 12:32:04 95760 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
.
============= FINISH: 5:41:54.89 ===============
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,270 posts.
 
Join Date: Mar 2001
Location: Bradford, England
24-May-2012, 04:16 PM #2
Hiya

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.






Download and scan with SUPERAntiSpyware Free Edition for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Home" button to leave the control center screen.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click Scan your computer.
  • On the left, select all fixed drives.
  • Click "Start Complete Scan" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "Continue".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "Remove Threats" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • [i][color=green]Click View Scan Logs.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Please include the MBAM log and, SUPERAntiSpyware Scan Log and a fresh HijackThis log in your next reply

eddie
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

MVP in Consumer Security
PEP's Avatar
PEP PEP is offline
Computer Specs
Account Disabled with 2,366 posts.
THREAD STARTER
 
Join Date: Feb 2006
Location: New York
Experience: Vir........ medium.......
29-May-2012, 08:58 AM #3
Ok here they are. Thanks for the help

MALWARE BYTES LOG
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.25.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
PEP :: PEPBOBA [administrator]

Protection: Enabled

5/26/2012 3:48:23 PM
mbam-log-2012-05-26 (15-48-23).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 982613
Time elapsed: 3 hour(s), 54 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\microsoft.visual.studio.2010.patch.exe (PUP.Hacktool.Patcher) -> No action taken.
C:\Users\PEP\AppData\Local\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> No action taken.
C:\Users\PEP\Downloads\aimersoft.dvd.creator.2.6.3.19_2b\Reg\patch\aimersof t.dvd.creator.2.6.3.19-patch.exe (PUP.Hacktool.Patcher) -> No action taken.
C:\Users\PEP\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> No action taken.
C:\Users\PEP\AppData\Roaming\Thinstall\WORD 2007\300000005700002h\WINWORD.EXE (Trojan.Agent.H) -> Quarantined and deleted successfully.
C:\Windows\System32\mrvcl32.exe (Trojan.Clicker.CT) -> Quarantined and deleted successfully.
P:\Program Files (x86)\Space Pirates and Zombies\TDU.exe (Packer.ModifiedUPX) -> Quarantined and deleted successfully.

(end)


SUPERANTISPYWARE LOG
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/27/2012 at 07:59 AM

Application Version : 5.0.1150

Core Rules Database Version : 8650
Trace Rules Database Version: 6462

Scan type : Complete Scan
Total Scan Time : 04:15:57

Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 745
Memory threats detected : 0
Registry items scanned : 69025
Registry threats detected : 1
File items scanned : 808499
File threats detected : 231

Adware.Tracking Cookie
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\IN432KVA.txt [ /invitemedia.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\OCNIKOO4.txt [ /ru4.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\Z18NLUH4.txt [ /care2.112.2o7.net ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\Z5U51OGY.txt [ /msnbc.112.2o7.net ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\HU4HGPGV.txt [ /dmtracker.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\9PTGOCAW.txt [ /server.iad.liveperson.net ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\WT7ZAF30.txt [ /2o7.net ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\CZ7OEN7N.txt [ /hotlog.ru ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\BMCBZY0K.txt [ /liveperson.net ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\JU62P3FC.txt [ /indieclicktv.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\NS5P4T5C.txt [ /nextag.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\KP9WDDSE.txt [ /liveperson.net ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\VSIDNYWZ.txt [ /openstat.net ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\OC63C9FK.txt [ /rambler.ru ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\V1P2XYXZ.txt [ /usatoday1.112.2o7.net ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\B0E2CCLI.txt [ /media-mgmt.armorgames.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\5LCKWSCR.txt [ /cracked.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\MZP01QYR.txt [ /media2.legacy.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\RU39F71V.txt [ /rambler.ru ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\GZU3ML3G.txt [ /media6degrees.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\2LWUEYD5.txt [ /trafficmp.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\9040A4IC.txt [ /yadro.ru ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\TVM4JXKG.txt [ /www.googleadservices.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\2T5W3SWZ.txt [ /www.cracked.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\TB3CS485.txt [ /lucidmedia.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\P8XLWNDS.txt [ /accounts.google.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\4Q4YBQQK.txt [ /ad.yieldmanager.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\15C11BCC.txt [ /trinitymirror.112.2o7.net ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\LN7MVD49.txt [ /imrworldwide.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\F4YNIZCX.txt [ /revsci.net ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\HNAMVWYQ.txt [ /stats.paypal.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\HCIX4ZRS.txt [ /www.googleadservices.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\UGD1XFVV.txt [ /interclick.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\IXRMB8DZ.txt [ /clickfuse.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\RMAXXZ88.txt [ /serving-sys.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\4BVSVZ73.txt [ /marinetraffic.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\9025VHM9.txt [ /ads.undertone.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\Z0RZ29S8.txt [ /amazon-adsystem.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\93FT2TID.txt [ /ping.indieclicktv.com ]
C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Cookies\FVXEZUPK.txt [ /at.atwola.com ]
C:\USERS\PEP\Cookies\IN432KVA.txt [ Cookieep@invitemedia.com/ ]
C:\USERS\PEP\Cookies\OCNIKOO4.txt [ Cookieep@ru4.com/ ]
C:\USERS\PEP\Cookies\Z18NLUH4.txt [ Cookieep@care2.112.2o7.net/ ]
C:\USERS\PEP\Cookies\Z5U51OGY.txt [ Cookieep@msnbc.112.2o7.net/ ]
C:\USERS\PEP\Cookies\HU4HGPGV.txt [ Cookieep@dmtracker.com/ ]
C:\USERS\PEP\Cookies\9PTGOCAW.txt [ Cookieep@server.iad.liveperson.net/ ]
C:\USERS\PEP\Cookies\WT7ZAF30.txt [ Cookieep@2o7.net/ ]
C:\USERS\PEP\Cookies\CZ7OEN7N.txt [ Cookieep@hotlog.ru/ ]
C:\USERS\PEP\Cookies\BMCBZY0K.txt [ Cookieep@liveperson.net/ ]
C:\USERS\PEP\Cookies\JU62P3FC.txt [ Cookieep@indieclicktv.com/ ]
C:\USERS\PEP\Cookies\NS5P4T5C.txt [ Cookieep@nextag.com/ ]
C:\USERS\PEP\Cookies\KP9WDDSE.txt [ Cookieep@liveperson.net/hc/24327209 ]
C:\USERS\PEP\Cookies\VSIDNYWZ.txt [ Cookieep@openstat.net/ ]
C:\USERS\PEP\Cookies\OC63C9FK.txt [ Cookieep@rambler.ru/ ]
C:\USERS\PEP\Cookies\5LCKWSCR.txt [ Cookieep@cracked.com/ ]
C:\USERS\PEP\Cookies\MZP01QYR.txt [ Cookieep@media2.legacy.com/ ]
C:\USERS\PEP\Cookies\RU39F71V.txt [ Cookieep@rambler.ru/ ]
C:\USERS\PEP\Cookies\9040A4IC.txt [ Cookieep@yadro.ru/ ]
C:\USERS\PEP\Cookies\TVM4JXKG.txt [ Cookieep@www.googleadservices.com/pagead/conversion/959842016/ ]
C:\USERS\PEP\Cookies\TB3CS485.txt [ Cookieep@lucidmedia.com/ ]
C:\USERS\PEP\Cookies\4Q4YBQQK.txt [ Cookieep@ad.yieldmanager.com/ ]
C:\USERS\PEP\Cookies\15C11BCC.txt [ Cookieep@trinitymirror.112.2o7.net/ ]
C:\USERS\PEP\Cookies\LN7MVD49.txt [ Cookieep@imrworldwide.com/cgi-bin ]
C:\USERS\PEP\Cookies\F4YNIZCX.txt [ Cookieep@revsci.net/ ]
C:\USERS\PEP\Cookies\HNAMVWYQ.txt [ Cookieep@stats.paypal.com/ ]
C:\USERS\PEP\Cookies\IXRMB8DZ.txt [ Cookieep@clickfuse.com/ ]
C:\USERS\PEP\Cookies\4BVSVZ73.txt [ Cookieep@marinetraffic.com/ ]
C:\USERS\PEP\Cookies\Z0RZ29S8.txt [ Cookieep@amazon-adsystem.com/ ]
C:\USERS\PEP\Cookies\93FT2TID.txt [ Cookieep@ping.indieclicktv.com/ ]
C:\USERS\PEP\Cookies\FVXEZUPK.txt [ Cookieep@at.atwola.com/ ]
cdn1.static.pornhub.phncdn.com [ C:\USERS\PEP\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\SP5WJ356 ]
convoad.technoratimedia.net [ C:\USERS\PEP\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\SP5WJ356 ]
ia.media-imdb.com [ C:\USERS\PEP\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\SP5WJ356 ]
ictv-5sec-ec.indieclicktv.com [ C:\USERS\PEP\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\SP5WJ356 ]
media.mtvnservices.com [ C:\USERS\PEP\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\SP5WJ356 ]
msnbcmedia.msn.com [ C:\USERS\PEP\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\SP5WJ356 ]
secure-us.imrworldwide.com [ C:\USERS\PEP\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\SP5WJ356 ]
staticedge.hardsextube.com [ C:\USERS\PEP\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\SP5WJ356 ]
.trafficexchangelist.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.cdn.trafficexchangelist.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
c3576.rsadvert.ru [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
c3576.rsadvert.ru [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.doubleclick.net [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
accounts.youtube.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.imrworldwide.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.imrworldwide.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.dmtracker.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.revsci.net [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.revsci.net [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.atdmt.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
in.getclicky.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.clickbank.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.clickbank.net [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.apmebf.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.mediaplex.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.mediaplex.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.clickbank.net [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
c4105.rsadvert.ru [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
c4105.rsadvert.ru [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.eaeacom.112.2o7.net [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
content.clickbank.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.zedo.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.zedo.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.lucidmedia.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.advertising.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.clickbank.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.clickbank.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.adhitz.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.adhitz.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
content.clickbank.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
www.clickbank.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.adhitz.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.clickbank.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.adhitz.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.adhitz.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.adhitz.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.adhitz.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.clickbank.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.stats.paypal.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.media6degrees.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.advertising.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
c3364.rsadvert.ru [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
c3364.rsadvert.ru [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.hentaitoplist.org [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.yadro.ru [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.histats.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.histats.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.solvemedia.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.solvemedia.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.questionmarket.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.questionmarket.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
c5205.rsadvert.ru [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
c5205.rsadvert.ru [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.revsci.net [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.revsci.net [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.userporn.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.hentaicounter.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
www.findtubes.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.findtubes.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.findtubes.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.findtubes.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.hardsextube.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
www.hardsextube.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.hardsextube.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
dev.hardsextube.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.hardsextube.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.hardsextube.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.hardsextube.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.hardsextube.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.hardsextube.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.hardsextube.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.hardsextube.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.hardsextube.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.hardsextube.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.hardsextube.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.hardsextube.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
www.hardsextube.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.advertising.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.advertising.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.advertising.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.stats.complex.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.stats.complex.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.stats.complex.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.interclick.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.invitemedia.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.interclick.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.ru4.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.interclick.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.invitemedia.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.media6degrees.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.ru4.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.ru4.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.ru4.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.atdmt.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.c.atdmt.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.c.atdmt.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.zedo.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
www.warez-bb.org [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.warez-bb.org [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.warez-bb.org [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.warez-bb.org [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.zedo.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.zedo.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.zedo.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.zedo.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.media6degrees.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.media6degrees.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.media6degrees.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.media6degrees.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.www.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.revsci.net [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.revsci.net [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.www.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
www.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.getclicky.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.static.getclicky.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.w3counter.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
www.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.www.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
www.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
www.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
www.cracked.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
.doubleclick.net [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
accounts.google.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
accounts.google.com [ C:\USERS\PEP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PV2Z0NYU.DEFAULT\COOK IES.SQLITE ]
cdn.tremormedia.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\538BLXT4 ]
objects.tremormedia.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\538BLXT4 ]

Browser Hijacker.Deskbar
(x64) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

Riskware.HideWindows
P:\PROGRAM FILES (X86)\LUCASARTS\STAR WARS JEDI KNIGHT JEDI ACADEMY\DEMO\CMDS\CMDOW.EXE

Trojan.Agent/Gen-FakeAlert[Local]
P:\PROGRAM FILES (X86)\LUCASARTS\STAR WARS JEDI KNIGHT JEDI ACADEMY\GAMEDATA\TOOLS\CARCASS.EXE
P:\PROGRAM FILES (X86)\LUCASARTS\STAR WARS JEDI KNIGHT JEDI ACADEMY\GAMEDATA\TOOLS\MD3VIEW.EXE

Trojan.Agent/Gen-Krpytik
C:\TASM\TASM\BIN\SVGA32.DLL
C:\TASM\TASM\BIN\TDKBD32.DLL

HIJACK THIS LOG
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:58:08 AM, on 5/29/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\a folder\Files\DOWNLOADS\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_cus...spx?tbid=80115
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.Reco rderBarBHO100.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\a folder\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
O4 - HKLM\..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
O4 - HKLM\..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup
O4 - HKLM\..\Run: [NI Background Service] C:\a folder\Program Files (x86)\National Instruments\Shared\Update Service\BackgroundService.exe
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\a folder\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Adflybot] C:\Eliteclicks\Adflybot
O4 - HKCU\..\Run: [ghost] C:\temp\ghost
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\a folder\Program Files\SuperAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\AFOLDE~1\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\AFOLDE~1\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\AFOLDE~1\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\a folder\Program Files (x86)\AIM\aim.exe
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.facebook.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\a folder\Program Files\SuperAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\SysWOW64\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\Windows\SysWOW64\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\Windows\SysWOW64\lktsrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\a folder\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\a folder\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corporation - C:\Windows\SysWOW64\nisvcloc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\a folder\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11627 bytes
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,270 posts.
 
Join Date: Mar 2001
Location: Bradford, England
31-May-2012, 02:15 PM #4
In MBAM, the following are shown as not removed. Have they been, or still on the computer:

Quote:
C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\microsoft.visual.studio.2010.patch.exe (PUP.Hacktool.Patcher) -> No action taken.
C:\Users\PEP\AppData\Local\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> No action taken.
C:\Users\PEP\Downloads\aimersoft.dvd.creator.2.6.3.19_2b\Reg\patch\aimersof t.dvd.creator.2.6.3.19-patch.exe (PUP.Hacktool.Patcher) -> No action taken.
C:\Users\PEP\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> No action taken.
-------------

Can you run the following tools, and copy/paste the logs that they produce here. If its over a few posts, that's fine


Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.


  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.


  • Click the Start Scan button.


  • If a suspicious object is detected, the default action will be Skip, click on Continue.


  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.


  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply


--------------------------

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply


-------------------------

Delete any copies of Combofix that you have.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re-enable the protection again afterwards before connecting to the Internet.
  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

eddie
PEP's Avatar
PEP PEP is offline
Computer Specs
Account Disabled with 2,366 posts.
THREAD STARTER
 
Join Date: Feb 2006
Location: New York
Experience: Vir........ medium.......
03-Jun-2012, 08:02 AM #5
I manually deleted the files that you mentioned.

Here are the logs:
TDSKILLER:

07:21:52.0040 1400 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
07:21:52.0330 1400 ============================================================
07:21:52.0330 1400 Current date / time: 2012/06/03 07:21:52.0330
07:21:52.0330 1400 SystemInfo:
07:21:52.0330 1400
07:21:52.0330 1400 OS Version: 6.1.7601 ServicePack: 1.0
07:21:52.0330 1400 Product type: Workstation
07:21:52.0330 1400 ComputerName: PEPBOBA
07:21:52.0330 1400 UserName: PEP
07:21:52.0330 1400 Windows directory: C:\Windows
07:21:52.0330 1400 System windows directory: C:\Windows
07:21:52.0330 1400 Running under WOW64
07:21:52.0330 1400 Processor architecture: Intel x64
07:21:52.0330 1400 Number of processors: 4
07:21:52.0330 1400 Page size: 0x1000
07:21:52.0330 1400 Boot type: Normal boot
07:21:52.0330 1400 ============================================================
07:21:53.0830 1400 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:21:53.0840 1400 ============================================================
07:21:53.0840 1400 \Device\Harddisk0\DR0:
07:21:53.0840 1400 MBR partitions:
07:21:53.0840 1400 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x24414000
07:21:53.0840 1400 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x24414800, BlocksNum 0x15F6F800
07:21:53.0840 1400 ============================================================
07:21:53.0880 1400 C: <-> \Device\Harddisk0\DR0\Partition0
07:21:53.0920 1400 P: <-> \Device\Harddisk0\DR0\Partition1
07:21:53.0920 1400 ============================================================
07:21:53.0920 1400 Initialize success
07:21:53.0920 1400 ============================================================
07:25:36.0306 4584 ============================================================
07:25:36.0306 4584 Scan started
07:25:36.0306 4584 Mode: Manual; SigCheck; TDLFS;
07:25:36.0306 4584 ============================================================
07:25:37.0446 4584 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\a folder\Program Files\SuperAntiSpyware\SASCORE64.EXE
07:25:37.0506 4584 !SASCORE - ok
07:25:37.0706 4584 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
07:25:37.0746 4584 1394ohci - ok
07:25:37.0816 4584 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
07:25:37.0826 4584 ACPI - ok
07:25:37.0846 4584 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
07:25:37.0916 4584 AcpiPmi - ok
07:25:37.0976 4584 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
07:25:37.0996 4584 adp94xx - ok
07:25:38.0026 4584 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
07:25:38.0046 4584 adpahci - ok
07:25:38.0076 4584 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
07:25:38.0086 4584 adpu320 - ok
07:25:38.0116 4584 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
07:25:38.0416 4584 AeLookupSvc - ok
07:25:38.0466 4584 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
07:25:38.0536 4584 AFD - ok
07:25:38.0566 4584 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
07:25:38.0576 4584 agp440 - ok
07:25:38.0656 4584 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
07:25:38.0696 4584 ALG - ok
07:25:38.0746 4584 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
07:25:38.0756 4584 aliide - ok
07:25:38.0806 4584 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
07:25:38.0836 4584 AMD External Events Utility - ok
07:25:38.0846 4584 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
07:25:38.0866 4584 amdide - ok
07:25:38.0906 4584 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
07:25:38.0956 4584 AmdK8 - ok
07:25:39.0506 4584 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
07:25:39.0786 4584 amdkmdag - ok
07:25:39.0936 4584 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
07:25:39.0996 4584 amdkmdap - ok
07:25:40.0016 4584 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
07:25:40.0056 4584 AmdPPM - ok
07:25:40.0086 4584 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
07:25:40.0106 4584 amdsata - ok
07:25:40.0126 4584 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
07:25:40.0146 4584 amdsbs - ok
07:25:40.0156 4584 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
07:25:40.0166 4584 amdxata - ok
07:25:40.0226 4584 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
07:25:40.0266 4584 AppID - ok
07:25:40.0286 4584 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
07:25:40.0336 4584 AppIDSvc - ok
07:25:40.0396 4584 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
07:25:40.0436 4584 Appinfo - ok
07:25:40.0486 4584 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
07:25:40.0516 4584 AppMgmt - ok
07:25:40.0536 4584 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
07:25:40.0556 4584 arc - ok
07:25:40.0576 4584 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
07:25:40.0586 4584 arcsas - ok
07:25:40.0776 4584 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
07:25:40.0786 4584 aspnet_state - ok
07:25:40.0816 4584 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
07:25:40.0876 4584 AsyncMac - ok
07:25:40.0906 4584 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
07:25:40.0916 4584 atapi - ok
07:25:40.0956 4584 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
07:25:40.0986 4584 AtiHDAudioService - ok
07:25:41.0016 4584 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
07:25:41.0026 4584 AtiHdmiService - ok
07:25:41.0556 4584 atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
07:25:41.0676 4584 atikmdag - ok
07:25:41.0816 4584 atksgt (64f07381335e37c142f6d176705ffca6) C:\Windows\system32\DRIVERS\atksgt.sys
07:25:41.0826 4584 atksgt - ok
07:25:41.0906 4584 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
07:25:41.0956 4584 AudioEndpointBuilder - ok
07:25:41.0966 4584 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
07:25:41.0996 4584 AudioSrv - ok
07:25:42.0096 4584 AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
07:25:42.0106 4584 AVP - ok
07:25:42.0146 4584 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
07:25:42.0196 4584 AxInstSV - ok
07:25:42.0246 4584 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
07:25:42.0276 4584 b06bdrv - ok
07:25:42.0316 4584 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
07:25:42.0346 4584 b57nd60a - ok
07:25:42.0386 4584 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
07:25:42.0426 4584 BDESVC - ok
07:25:42.0436 4584 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
07:25:42.0486 4584 Beep - ok
07:25:42.0576 4584 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
07:25:42.0696 4584 BFE - ok
07:25:42.0766 4584 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
07:25:42.0826 4584 BITS - ok
07:25:42.0866 4584 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
07:25:42.0896 4584 blbdrive - ok
07:25:42.0926 4584 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
07:25:42.0956 4584 bowser - ok
07:25:42.0976 4584 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:25:43.0036 4584 BrFiltLo - ok
07:25:43.0046 4584 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:25:43.0066 4584 BrFiltUp - ok
07:25:43.0116 4584 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
07:25:43.0186 4584 Browser - ok
07:25:43.0206 4584 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
07:25:43.0246 4584 Brserid - ok
07:25:43.0256 4584 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
07:25:43.0276 4584 BrSerWdm - ok
07:25:43.0296 4584 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:25:43.0326 4584 BrUsbMdm - ok
07:25:43.0336 4584 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
07:25:43.0366 4584 BrUsbSer - ok
07:25:43.0396 4584 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
07:25:43.0426 4584 BTHMODEM - ok
07:25:43.0466 4584 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
07:25:43.0516 4584 bthserv - ok
07:25:43.0536 4584 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
07:25:43.0576 4584 cdfs - ok
07:25:43.0686 4584 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
07:25:43.0706 4584 cdrom - ok
07:25:43.0746 4584 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
07:25:43.0806 4584 CertPropSvc - ok
07:25:43.0816 4584 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
07:25:43.0836 4584 circlass - ok
07:25:43.0876 4584 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
07:25:43.0896 4584 CLFS - ok
07:25:43.0946 4584 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:25:43.0966 4584 clr_optimization_v2.0.50727_32 - ok
07:25:44.0006 4584 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:25:44.0016 4584 clr_optimization_v2.0.50727_64 - ok
07:25:44.0096 4584 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:25:44.0106 4584 clr_optimization_v4.0.30319_32 - ok
07:25:44.0136 4584 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:25:44.0146 4584 clr_optimization_v4.0.30319_64 - ok
07:25:44.0166 4584 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
07:25:44.0186 4584 CmBatt - ok
07:25:44.0216 4584 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
07:25:44.0226 4584 cmdide - ok
07:25:44.0286 4584 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
07:25:44.0316 4584 CNG - ok
07:25:44.0326 4584 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
07:25:44.0336 4584 Compbatt - ok
07:25:44.0366 4584 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
07:25:44.0386 4584 CompositeBus - ok
07:25:44.0406 4584 COMSysApp - ok
07:25:44.0426 4584 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
07:25:44.0436 4584 crcdisk - ok
07:25:44.0476 4584 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
07:25:44.0526 4584 CryptSvc - ok
07:25:44.0646 4584 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
07:25:44.0706 4584 CSC - ok
07:25:44.0766 4584 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
07:25:44.0806 4584 CscService - ok
07:25:44.0896 4584 CSHelper (aefb8558199bd5212b268b09bfa1d71a) C:\Windows\SysWOW64\CSHelper.exe
07:25:44.0916 4584 CSHelper ( UnsignedFile.Multi.Generic ) - warning
07:25:44.0916 4584 CSHelper - detected UnsignedFile.Multi.Generic (1)
07:25:45.0016 4584 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
07:25:45.0056 4584 DcomLaunch - ok
07:25:45.0096 4584 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
07:25:45.0146 4584 defragsvc - ok
07:25:45.0206 4584 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
07:25:45.0256 4584 DfsC - ok
07:25:45.0326 4584 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
07:25:45.0376 4584 Dhcp - ok
07:25:45.0416 4584 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
07:25:45.0456 4584 discache - ok
07:25:45.0486 4584 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
07:25:45.0506 4584 Disk - ok
07:25:45.0546 4584 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
07:25:45.0596 4584 Dnscache - ok
07:25:45.0696 4584 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
07:25:45.0746 4584 dot3svc - ok
07:25:45.0796 4584 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
07:25:45.0846 4584 DPS - ok
07:25:45.0876 4584 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
07:25:45.0906 4584 drmkaud - ok
07:25:45.0996 4584 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
07:25:46.0026 4584 DXGKrnl - ok
07:25:46.0056 4584 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
07:25:46.0096 4584 EapHost - ok
07:25:46.0286 4584 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
07:25:46.0366 4584 ebdrv - ok
07:25:46.0456 4584 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
07:25:46.0466 4584 EFS - ok
07:25:46.0556 4584 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
07:25:46.0586 4584 ehRecvr - ok
07:25:46.0666 4584 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
07:25:46.0676 4584 ehSched - ok
07:25:46.0746 4584 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
07:25:46.0766 4584 elxstor - ok
07:25:46.0796 4584 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
07:25:46.0846 4584 ErrDev - ok
07:25:46.0896 4584 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
07:25:46.0946 4584 EventSystem - ok
07:25:46.0966 4584 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
07:25:47.0026 4584 exfat - ok
07:25:47.0036 4584 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
07:25:47.0096 4584 fastfat - ok
07:25:47.0166 4584 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
07:25:47.0216 4584 Fax - ok
07:25:47.0226 4584 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
07:25:47.0256 4584 fdc - ok
07:25:47.0256 4584 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
07:25:47.0296 4584 fdPHost - ok
07:25:47.0306 4584 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
07:25:47.0356 4584 FDResPub - ok
07:25:47.0366 4584 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
07:25:47.0376 4584 FileInfo - ok
07:25:47.0386 4584 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
07:25:47.0436 4584 Filetrace - ok
07:25:47.0456 4584 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
07:25:47.0466 4584 flpydisk - ok
07:25:47.0516 4584 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
07:25:47.0536 4584 FltMgr - ok
07:25:47.0686 4584 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
07:25:47.0746 4584 FontCache - ok
07:25:47.0826 4584 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:25:47.0836 4584 FontCache3.0.0.0 - ok
07:25:47.0886 4584 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
07:25:47.0896 4584 FsDepends - ok
07:25:47.0906 4584 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
07:25:47.0926 4584 Fs_Rec - ok
07:25:47.0986 4584 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
07:25:48.0006 4584 fvevol - ok
07:25:48.0026 4584 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
07:25:48.0046 4584 gagp30kx - ok
07:25:48.0066 4584 gdrv (f51fb25e1328fa14f446a8b24ac52709) C:\Windows\gdrv.sys
07:25:48.0076 4584 gdrv - ok
07:25:48.0116 4584 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:25:48.0126 4584 GEARAspiWDM - ok
07:25:48.0166 4584 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
07:25:48.0216 4584 gpsvc - ok
07:25:48.0306 4584 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:25:48.0316 4584 gupdate - ok
07:25:48.0326 4584 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:25:48.0336 4584 gupdatem - ok
07:25:48.0356 4584 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
07:25:48.0376 4584 hcw85cir - ok
07:25:48.0696 4584 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
07:25:48.0736 4584 HdAudAddService - ok
07:25:48.0786 4584 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
07:25:48.0816 4584 HDAudBus - ok
07:25:48.0826 4584 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
07:25:48.0866 4584 HidBatt - ok
07:25:48.0886 4584 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
07:25:48.0916 4584 HidBth - ok
07:25:48.0946 4584 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
07:25:48.0986 4584 HidIr - ok
07:25:49.0026 4584 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
07:25:49.0066 4584 hidserv - ok
07:25:49.0106 4584 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
07:25:49.0126 4584 HidUsb - ok
07:25:49.0156 4584 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
07:25:49.0226 4584 hkmsvc - ok
07:25:49.0266 4584 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
07:25:49.0296 4584 HomeGroupListener - ok
07:25:49.0336 4584 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
07:25:49.0366 4584 HomeGroupProvider - ok
07:25:49.0406 4584 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
07:25:49.0416 4584 HpSAMD - ok
07:25:49.0496 4584 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
07:25:49.0556 4584 HTTP - ok
07:25:49.0616 4584 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
07:25:49.0636 4584 hwpolicy - ok
07:25:49.0686 4584 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
07:25:49.0696 4584 i8042prt - ok
07:25:49.0726 4584 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
07:25:49.0746 4584 iaStorV - ok
07:25:49.0856 4584 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
07:25:49.0866 4584 IDriverT ( UnsignedFile.Multi.Generic ) - warning
07:25:49.0866 4584 IDriverT - detected UnsignedFile.Multi.Generic (1)
07:25:49.0956 4584 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:25:49.0986 4584 idsvc - ok
07:25:50.0076 4584 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
07:25:50.0086 4584 iirsp - ok
07:25:50.0166 4584 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
07:25:50.0216 4584 IKEEXT - ok
07:25:50.0346 4584 IntcAzAudAddService (b1cf774c00a5d466277fe0b45439c643) C:\Windows\system32\drivers\RTKVHD64.sys
07:25:50.0396 4584 IntcAzAudAddService - ok
07:25:50.0486 4584 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
07:25:50.0496 4584 intelide - ok
07:25:50.0516 4584 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
07:25:50.0536 4584 intelppm - ok
07:25:50.0566 4584 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
07:25:50.0606 4584 IPBusEnum - ok
07:25:50.0686 4584 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:25:50.0736 4584 IpFilterDriver - ok
07:25:50.0796 4584 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
07:25:50.0856 4584 iphlpsvc - ok
07:25:50.0886 4584 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
07:25:50.0916 4584 IPMIDRV - ok
07:25:50.0946 4584 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
07:25:50.0996 4584 IPNAT - ok
07:25:51.0076 4584 iPod Service (dc115bd67a913f71a77c7c72c1e64c0a) C:\Program Files\iPod\bin\iPodService.exe
07:25:51.0106 4584 iPod Service - ok
07:25:51.0126 4584 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
07:25:51.0146 4584 IRENUM - ok
07:25:51.0176 4584 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
07:25:51.0196 4584 isapnp - ok
07:25:51.0236 4584 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
07:25:51.0256 4584 iScsiPrt - ok
07:25:51.0276 4584 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
07:25:51.0286 4584 kbdclass - ok
07:25:51.0326 4584 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
07:25:51.0346 4584 kbdhid - ok
07:25:51.0376 4584 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
07:25:51.0396 4584 KeyIso - ok
07:25:51.0456 4584 KL1 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys
07:25:51.0476 4584 KL1 - ok
07:25:51.0496 4584 kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys
07:25:51.0506 4584 kl2 - ok
07:25:51.0566 4584 KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys
07:25:51.0586 4584 KLIF - ok
07:25:51.0646 4584 KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys
07:25:51.0656 4584 KLIM6 - ok
07:25:51.0666 4584 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
07:25:51.0676 4584 klmouflt - ok
07:25:51.0716 4584 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
07:25:51.0726 4584 KSecDD - ok
07:25:51.0776 4584 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
07:25:51.0786 4584 KSecPkg - ok
07:25:51.0816 4584 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
07:25:51.0856 4584 ksthunk - ok
07:25:51.0886 4584 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
07:25:51.0946 4584 KtmRm - ok
07:25:52.0006 4584 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
07:25:52.0046 4584 LanmanServer - ok
07:25:52.0096 4584 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
07:25:52.0146 4584 LanmanWorkstation - ok
07:25:52.0186 4584 lirsgt (83ba097acaad0b00505634a62d90f93a) C:\Windows\system32\DRIVERS\lirsgt.sys
07:25:52.0196 4584 lirsgt - ok
07:25:52.0316 4584 LkCitadelServer (20cdb07017497c94a0bad253c4bafcbc) C:\Windows\SysWOW64\lkcitdl.exe
07:25:52.0346 4584 LkCitadelServer - ok
07:25:52.0366 4584 lkClassAds (c373079f8d6a3543faadb96c874cf06b) C:\Windows\SysWOW64\lkads.exe
07:25:52.0376 4584 lkClassAds - ok
07:25:52.0386 4584 lkTimeSync (ed1c2f1b9b7dedee5c6287211ac4422e) C:\Windows\SysWOW64\lktsrv.exe
07:25:52.0396 4584 lkTimeSync - ok
07:25:52.0496 4584 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
07:25:52.0546 4584 lltdio - ok
07:25:52.0576 4584 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
07:25:52.0686 4584 lltdsvc - ok
07:25:52.0696 4584 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
07:25:52.0726 4584 lmhosts - ok
07:25:52.0756 4584 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
07:25:52.0776 4584 lmimirr - ok
07:25:52.0796 4584 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
07:25:52.0806 4584 LMIRfsDriver - ok
07:25:52.0836 4584 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
07:25:52.0846 4584 LSI_FC - ok
07:25:52.0866 4584 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
07:25:52.0876 4584 LSI_SAS - ok
07:25:52.0896 4584 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:25:52.0916 4584 LSI_SAS2 - ok
07:25:52.0926 4584 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:25:52.0946 4584 LSI_SCSI - ok
07:25:52.0956 4584 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
07:25:53.0006 4584 luafv - ok
07:25:53.0046 4584 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
07:25:53.0066 4584 MBAMProtector - ok
07:25:53.0156 4584 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\a folder\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
07:25:53.0166 4584 MBAMService - ok
07:25:53.0196 4584 mcdbus (dd7376c4154a4b65962c47f21850bdad) C:\Windows\system32\DRIVERS\mcdbus.sys
07:25:53.0216 4584 mcdbus - ok
07:25:53.0246 4584 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
07:25:53.0266 4584 Mcx2Svc - ok
07:25:53.0286 4584 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
07:25:53.0296 4584 megasas - ok
07:25:53.0326 4584 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
07:25:53.0336 4584 MegaSR - ok
07:25:53.0406 4584 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
07:25:53.0416 4584 Microsoft Office Groove Audit Service - ok
07:25:53.0446 4584 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
07:25:53.0496 4584 MMCSS - ok
07:25:53.0516 4584 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
07:25:53.0556 4584 Modem - ok
07:25:53.0576 4584 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
07:25:53.0606 4584 monitor - ok
07:25:53.0716 4584 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
07:25:53.0726 4584 mouclass - ok
07:25:53.0806 4584 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
07:25:53.0886 4584 mouhid - ok
07:25:53.0946 4584 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
07:25:53.0966 4584 mountmgr - ok
07:25:54.0026 4584 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:25:54.0056 4584 MozillaMaintenance - ok
07:25:54.0086 4584 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
07:25:54.0106 4584 mpio - ok
07:25:54.0126 4584 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
07:25:54.0156 4584 mpsdrv - ok
07:25:54.0236 4584 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
07:25:54.0296 4584 MpsSvc - ok
07:25:54.0336 4584 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
07:25:54.0376 4584 MRxDAV - ok
07:25:54.0406 4584 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:25:54.0446 4584 mrxsmb - ok
07:25:54.0476 4584 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:25:54.0506 4584 mrxsmb10 - ok
07:25:54.0536 4584 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:25:54.0556 4584 mrxsmb20 - ok
07:25:54.0656 4584 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
07:25:54.0676 4584 msahci - ok
07:25:54.0696 4584 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
07:25:54.0716 4584 msdsm - ok
07:25:54.0746 4584 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
07:25:54.0776 4584 MSDTC - ok
07:25:54.0826 4584 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
07:25:54.0866 4584 Msfs - ok
07:25:54.0876 4584 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
07:25:54.0936 4584 mshidkmdf - ok
07:25:54.0956 4584 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
07:25:54.0966 4584 msisadrv - ok
07:25:55.0016 4584 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
07:25:55.0076 4584 MSiSCSI - ok
07:25:55.0076 4584 msiserver - ok
07:25:55.0096 4584 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
07:25:55.0126 4584 MSKSSRV - ok
07:25:55.0136 4584 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
07:25:55.0186 4584 MSPCLOCK - ok
07:25:55.0206 4584 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
07:25:55.0246 4584 MSPQM - ok
07:25:55.0296 4584 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
07:25:55.0316 4584 MsRPC - ok
07:25:55.0356 4584 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
07:25:55.0366 4584 mssmbios - ok
07:25:55.0386 4584 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
07:25:55.0436 4584 MSTEE - ok
07:25:55.0446 4584 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
07:25:55.0476 4584 MTConfig - ok
07:25:55.0506 4584 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
07:25:55.0516 4584 Mup - ok
07:25:55.0576 4584 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
07:25:55.0726 4584 napagent - ok
07:25:55.0766 4584 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
07:25:55.0796 4584 NativeWifiP - ok
07:25:55.0866 4584 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
07:25:55.0886 4584 NDIS - ok
07:25:55.0906 4584 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
07:25:55.0936 4584 NdisCap - ok
07:25:55.0956 4584 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
07:25:55.0986 4584 NdisTapi - ok
07:25:56.0026 4584 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
07:25:56.0066 4584 Ndisuio - ok
07:25:56.0106 4584 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
07:25:56.0156 4584 NdisWan - ok
07:25:56.0196 4584 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
07:25:56.0226 4584 NDProxy - ok
07:25:56.0236 4584 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
07:25:56.0276 4584 NetBIOS - ok
07:25:56.0316 4584 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
07:25:56.0356 4584 NetBT - ok
07:25:56.0376 4584 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
07:25:56.0396 4584 Netlogon - ok
07:25:56.0446 4584 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
07:25:56.0496 4584 Netman - ok
07:25:56.0676 4584 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:25:56.0696 4584 NetMsmqActivator - ok
07:25:56.0696 4584 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:25:56.0706 4584 NetPipeActivator - ok
07:25:56.0746 4584 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
07:25:56.0796 4584 netprofm - ok
07:25:56.0796 4584 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:25:56.0806 4584 NetTcpActivator - ok
07:25:56.0816 4584 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:25:56.0826 4584 NetTcpPortSharing - ok
07:25:56.0866 4584 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
07:25:56.0886 4584 nfrd960 - ok
07:25:57.0016 4584 NIDomainService (a36307747e7bb2dc015f9fe4350a4a08) C:\a folder\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
07:25:57.0026 4584 NIDomainService - ok
07:25:57.0146 4584 NILM License Manager (b17093b9a2c5f874975c732c1a8ba771) C:\a folder\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe
07:25:57.0196 4584 NILM License Manager ( UnsignedFile.Multi.Generic ) - warning
07:25:57.0196 4584 NILM License Manager - detected UnsignedFile.Multi.Generic (1)
07:25:57.0256 4584 niSvcLoc - ok
07:25:57.0346 4584 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
07:25:57.0396 4584 NlaSvc - ok
07:25:57.0436 4584 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
07:25:57.0476 4584 Npfs - ok
07:25:57.0496 4584 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
07:25:57.0546 4584 nsi - ok
07:25:57.0566 4584 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
07:25:57.0616 4584 nsiproxy - ok
07:25:57.0756 4584 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
07:25:57.0806 4584 Ntfs - ok
07:25:57.0866 4584 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
07:25:57.0916 4584 Null - ok
07:25:57.0956 4584 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
07:25:57.0966 4584 nvraid - ok
07:25:58.0006 4584 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
07:25:58.0016 4584 nvstor - ok
07:25:58.0066 4584 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
07:25:58.0086 4584 nv_agp - ok
07:25:58.0276 4584 O&O Defrag (6ff0f6c590e92ff1dc559b3b1b3b1b11) C:\a folder\Program Files\OO Software\Defrag\oodag.exe
07:25:58.0316 4584 O&O Defrag - ok
07:25:58.0396 4584 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:25:58.0416 4584 odserv - ok
07:25:58.0536 4584 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
07:25:58.0566 4584 ohci1394 - ok
07:25:58.0646 4584 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:25:58.0666 4584 ose - ok
07:25:58.0706 4584 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
07:25:58.0736 4584 p2pimsvc - ok
07:25:58.0756 4584 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
07:25:58.0786 4584 p2psvc - ok
07:25:58.0816 4584 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
07:25:58.0826 4584 Parport - ok
07:25:58.0866 4584 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
07:25:58.0886 4584 partmgr - ok
07:25:58.0896 4584 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
07:25:58.0936 4584 PcaSvc - ok
07:25:59.0006 4584 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
07:25:59.0026 4584 pci - ok
07:25:59.0026 4584 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
07:25:59.0046 4584 pciide - ok
07:25:59.0066 4584 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
07:25:59.0076 4584 pcmcia - ok
07:25:59.0096 4584 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
07:25:59.0106 4584 pcw - ok
07:25:59.0146 4584 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
07:25:59.0206 4584 PEAUTH - ok
07:25:59.0286 4584 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
07:25:59.0346 4584 PeerDistSvc - ok
07:25:59.0416 4584 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
07:25:59.0436 4584 PerfHost - ok
07:25:59.0586 4584 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
07:25:59.0726 4584 pla - ok
07:25:59.0776 4584 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
07:25:59.0806 4584 PlugPlay - ok
07:25:59.0836 4584 PnkBstrA - ok
07:25:59.0856 4584 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
07:25:59.0866 4584 PNRPAutoReg - ok
07:25:59.0896 4584 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
07:25:59.0916 4584 PNRPsvc - ok
07:25:59.0946 4584 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
07:25:59.0996 4584 PolicyAgent - ok
07:26:00.0026 4584 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
07:26:00.0086 4584 Power - ok
07:26:00.0146 4584 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
07:26:00.0196 4584 PptpMiniport - ok
07:26:00.0226 4584 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
07:26:00.0256 4584 Processor - ok
07:26:00.0276 4584 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
07:26:00.0326 4584 ProfSvc - ok
07:26:00.0356 4584 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
07:26:00.0366 4584 ProtectedStorage - ok
07:26:00.0416 4584 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
07:26:00.0446 4584 Psched - ok
07:26:00.0546 4584 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
07:26:00.0596 4584 ql2300 - ok
07:26:00.0696 4584 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
07:26:00.0716 4584 ql40xx - ok
07:26:00.0746 4584 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
07:26:00.0766 4584 QWAVE - ok
07:26:00.0786 4584 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
07:26:00.0806 4584 QWAVEdrv - ok
07:26:00.0826 4584 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
07:26:00.0876 4584 RasAcd - ok
07:26:00.0906 4584 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:26:00.0946 4584 RasAgileVpn - ok
07:26:00.0966 4584 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
07:26:01.0016 4584 RasAuto - ok
07:26:01.0056 4584 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:26:01.0106 4584 Rasl2tp - ok
07:26:01.0146 4584 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
07:26:01.0196 4584 RasMan - ok
07:26:01.0216 4584 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
07:26:01.0256 4584 RasPppoe - ok
07:26:01.0276 4584 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
07:26:01.0326 4584 RasSstp - ok
07:26:01.0376 4584 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
07:26:01.0416 4584 rdbss - ok
07:26:01.0456 4584 RDID1053 (d22bd2c64e750013d23f97a50d183758) C:\Windows\system32\Drivers\rdwm1053.sys
07:26:01.0466 4584 RDID1053 - ok
07:26:01.0486 4584 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
07:26:01.0516 4584 rdpbus - ok
07:26:01.0516 4584 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:26:01.0556 4584 RDPCDD - ok
07:26:01.0656 4584 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
07:26:01.0676 4584 RDPDR - ok
07:26:01.0696 4584 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
07:26:01.0746 4584 RDPENCDD - ok
07:26:01.0766 4584 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
07:26:01.0796 4584 RDPREFMP - ok
07:26:01.0846 4584 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
07:26:01.0876 4584 RdpVideoMiniport - ok
07:26:01.0936 4584 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
07:26:01.0976 4584 RDPWD - ok
07:26:02.0026 4584 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
07:26:02.0036 4584 rdyboost - ok
07:26:02.0066 4584 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
07:26:02.0116 4584 RemoteAccess - ok
07:26:02.0146 4584 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
07:26:02.0206 4584 RemoteRegistry - ok
07:26:02.0226 4584 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
07:26:02.0276 4584 RpcEptMapper - ok
07:26:02.0296 4584 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
07:26:02.0316 4584 RpcLocator - ok
07:26:02.0366 4584 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
07:26:02.0406 4584 RpcSs - ok
07:26:02.0446 4584 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
07:26:02.0486 4584 rspndr - ok
07:26:02.0526 4584 RTL8169 (faeeed5a8949e6ba611a7b738ad28cee) C:\Windows\system32\DRIVERS\Rtlh64.sys
07:26:02.0556 4584 RTL8169 - ok
07:26:02.0596 4584 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
07:26:02.0656 4584 s3cap - ok
07:26:02.0686 4584 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
07:26:02.0706 4584 SamSs - ok
07:26:02.0786 4584 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\a folder\Program Files\SuperAntiSpyware\SASDIFSV64.SYS
07:26:02.0796 4584 SASDIFSV - ok
07:26:02.0806 4584 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\a folder\Program Files\SuperAntiSpyware\SASKUTIL64.SYS
07:26:02.0816 4584 SASKUTIL - ok
07:26:02.0846 4584 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
07:26:02.0856 4584 sbp2port - ok
07:26:02.0906 4584 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
07:26:02.0966 4584 SCardSvr - ok
07:26:02.0996 4584 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
07:26:03.0036 4584 scfilter - ok
07:26:03.0126 4584 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
07:26:03.0176 4584 Schedule - ok
07:26:03.0216 4584 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
07:26:03.0246 4584 SCPolicySvc - ok
07:26:03.0286 4584 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
07:26:03.0316 4584 SDRSVC - ok
07:26:03.0386 4584 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
07:26:03.0426 4584 secdrv - ok
07:26:03.0466 4584 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
07:26:03.0496 4584 seclogon - ok
07:26:03.0516 4584 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
07:26:03.0556 4584 SENS - ok
07:26:03.0576 4584 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
07:26:03.0586 4584 SensrSvc - ok
07:26:03.0656 4584 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
07:26:03.0676 4584 Serenum - ok
07:26:03.0686 4584 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
07:26:03.0696 4584 Serial - ok
07:26:03.0736 4584 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
07:26:03.0766 4584 sermouse - ok
07:26:03.0806 4584 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
07:26:03.0866 4584 SessionEnv - ok
07:26:03.0896 4584 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
07:26:03.0926 4584 sffdisk - ok
07:26:03.0946 4584 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
07:26:03.0966 4584 sffp_mmc - ok
07:26:04.0016 4584 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
07:26:04.0086 4584 sffp_sd - ok
07:26:04.0126 4584 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
07:26:04.0136 4584 sfloppy - ok
07:26:04.0256 4584 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
07:26:04.0316 4584 SharedAccess - ok
07:26:04.0356 4584 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
07:26:04.0416 4584 ShellHWDetection - ok
07:26:04.0446 4584 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:26:04.0456 4584 SiSRaid2 - ok
07:26:04.0466 4584 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
07:26:04.0486 4584 SiSRaid4 - ok
07:26:04.0506 4584 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
07:26:04.0556 4584 Smb - ok
07:26:04.0656 4584 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
07:26:04.0686 4584 SNMPTRAP - ok
07:26:04.0756 4584 speedfan (5f9785e7535f8f602cb294a54962c9e7) C:\Windows\syswow64\speedfan.sys
07:26:04.0766 4584 speedfan - ok
07:26:04.0776 4584 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
07:26:04.0786 4584 spldr - ok
07:26:04.0846 4584 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
07:26:04.0886 4584 Spooler - ok
07:26:05.0076 4584 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
07:26:05.0176 4584 sppsvc - ok
07:26:05.0256 4584 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
07:26:05.0296 4584 sppuinotify - ok
07:26:05.0386 4584 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
07:26:05.0386 4584 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
07:26:05.0396 4584 sptd ( LockedFile.Multi.Generic ) - warning
07:26:05.0396 4584 sptd - detected LockedFile.Multi.Generic (1)
07:26:05.0436 4584 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
07:26:05.0466 4584 srv - ok
07:26:05.0506 4584 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
07:26:05.0546 4584 srv2 - ok
07:26:05.0566 4584 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
07:26:05.0596 4584 srvnet - ok
07:26:05.0666 4584 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
07:26:05.0726 4584 SSDPSRV - ok
07:26:05.0736 4584 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
07:26:05.0776 4584 SstpSvc - ok
07:26:05.0816 4584 Steam Client Service - ok
07:26:05.0836 4584 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
07:26:05.0846 4584 stexstor - ok
07:26:05.0916 4584 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
07:26:05.0976 4584 stisvc - ok
07:26:06.0026 4584 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
07:26:06.0036 4584 storflt - ok
07:26:06.0086 4584 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
07:26:06.0096 4584 storvsc - ok
07:26:06.0126 4584 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
07:26:06.0146 4584 swenum - ok
07:26:06.0176 4584 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
07:26:06.0226 4584 swprv - ok
07:26:06.0246 4584 Synth3dVsc - ok
07:26:06.0356 4584 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
07:26:06.0416 4584 SysMain - ok
07:26:06.0506 4584 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
07:26:06.0546 4584 TabletInputService - ok
07:26:06.0586 4584 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
07:26:06.0696 4584 TapiSrv - ok
07:26:06.0706 4584 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
07:26:06.0746 4584 TBS - ok
07:26:06.0866 4584 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
07:26:06.0916 4584 Tcpip - ok
07:26:07.0046 4584 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
07:26:07.0086 4584 TCPIP6 - ok
07:26:07.0146 4584 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
07:26:07.0196 4584 tcpipreg - ok
07:26:07.0226 4584 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
07:26:07.0266 4584 TDPIPE - ok
07:26:07.0286 4584 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
07:26:07.0326 4584 TDTCP - ok
07:26:07.0376 4584 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
07:26:07.0416 4584 tdx - ok
07:26:07.0456 4584 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
07:26:07.0466 4584 TermDD - ok
07:26:07.0536 4584 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
07:26:07.0646 4584 TermService - ok
07:26:07.0676 4584 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
07:26:07.0706 4584 Themes - ok
07:26:07.0726 4584 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
07:26:07.0766 4584 THREADORDER - ok
07:26:07.0806 4584 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
07:26:07.0866 4584 TrkWks - ok
07:26:07.0946 4584 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
07:26:07.0986 4584 TrustedInstaller - ok
07:26:08.0026 4584 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:26:08.0066 4584 tssecsrv - ok
07:26:08.0116 4584 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
07:26:08.0126 4584 TsUsbFlt - ok
07:26:08.0136 4584 tsusbhub - ok
07:26:08.0196 4584 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
07:26:08.0246 4584 tunnel - ok
07:26:08.0266 4584 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
07:26:08.0286 4584 uagp35 - ok
07:26:08.0316 4584 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
07:26:08.0376 4584 udfs - ok
07:26:08.0396 4584 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
07:26:08.0416 4584 UI0Detect - ok
07:26:08.0456 4584 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
07:26:08.0476 4584 uliagpkx - ok
07:26:08.0526 4584 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
07:26:08.0546 4584 umbus - ok
07:26:08.0556 4584 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
07:26:08.0586 4584 UmPass - ok
07:26:08.0686 4584 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
07:26:08.0716 4584 UmRdpService - ok
07:26:08.0736 4584 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
07:26:08.0786 4584 upnphost - ok
07:26:08.0816 4584 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
07:26:08.0836 4584 usbccgp - ok
07:26:08.0876 4584 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
07:26:08.0896 4584 usbcir - ok
07:26:08.0936 4584 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
07:26:08.0946 4584 usbehci - ok
07:26:08.0996 4584 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
07:26:09.0036 4584 usbhub - ok
07:26:09.0056 4584 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
07:26:09.0066 4584 usbohci - ok
07:26:09.0096 4584 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
07:26:09.0126 4584 usbprint - ok
07:26:09.0156 4584 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
07:26:09.0176 4584 usbscan - ok
07:26:09.0206 4584 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:26:09.0236 4584 USBSTOR - ok
07:26:09.0276 4584 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
07:26:09.0326 4584 usbuhci - ok
07:26:09.0436 4584 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
07:26:09.0516 4584 UxSms - ok
07:26:09.0536 4584 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
07:26:09.0546 4584 VaultSvc - ok
07:26:09.0646 4584 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
07:26:09.0666 4584 vdrvroot - ok
07:26:09.0716 4584 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
07:26:09.0766 4584 vds - ok
07:26:09.0776 4584 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
07:26:09.0796 4584 vga - ok
07:26:09.0806 4584 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
07:26:09.0856 4584 VgaSave - ok
07:26:09.0876 4584 VGPU - ok
07:26:09.0896 4584 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
07:26:09.0916 4584 vhdmp - ok
07:26:09.0926 4584 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
07:26:09.0936 4584 viaide - ok
07:26:09.0986 4584 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
07:26:09.0996 4584 vmbus - ok
07:26:10.0036 4584 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
07:26:10.0066 4584 VMBusHID - ok
07:26:10.0106 4584 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
07:26:10.0116 4584 volmgr - ok
07:26:10.0166 4584 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
07:26:10.0186 4584 volmgrx - ok
07:26:10.0216 4584 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
07:26:10.0236 4584 volsnap - ok
07:26:10.0266 4584 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
07:26:10.0286 4584 vsmraid - ok
07:26:10.0426 4584 VSPerfDrv100 (1928b9ca20f51bfbbad54d2c2c447b13) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
07:26:10.0436 4584 VSPerfDrv100 - ok
07:26:10.0546 4584 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
07:26:10.0646 4584 VSS - ok
07:26:10.0726 4584 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
07:26:10.0756 4584 vwifibus - ok
07:26:10.0786 4584 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
07:26:10.0836 4584 W32Time - ok
07:26:10.0856 4584 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
07:26:10.0876 4584 WacomPen - ok
07:26:10.0926 4584 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:26:10.0976 4584 WANARP - ok
07:26:10.0976 4584 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:26:11.0016 4584 Wanarpv6 - ok
07:26:11.0106 4584 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
07:26:11.0156 4584 WatAdminSvc - ok
07:26:11.0256 4584 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
07:26:11.0316 4584 wbengine - ok
07:26:11.0396 4584 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
07:26:11.0426 4584 WbioSrvc - ok
07:26:11.0476 4584 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
07:26:11.0516 4584 wcncsvc - ok
07:26:11.0526 4584 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
07:26:11.0546 4584 WcsPlugInService - ok
07:26:11.0656 4584 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
07:26:11.0666 4584 Wd - ok
07:26:11.0706 4584 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
07:26:11.0736 4584 Wdf01000 - ok
07:26:11.0746 4584 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
07:26:11.0786 4584 WdiServiceHost - ok
07:26:11.0786 4584 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
07:26:11.0806 4584 WdiSystemHost - ok
07:26:11.0856 4584 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
07:26:11.0886 4584 WebClient - ok
07:26:11.0916 4584 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
07:26:11.0976 4584 Wecsvc - ok
07:26:11.0986 4584 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
07:26:12.0046 4584 wercplsupport - ok
07:26:12.0066 4584 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
07:26:12.0106 4584 WerSvc - ok
07:26:12.0136 4584 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
07:26:12.0166 4584 WfpLwf - ok
07:26:12.0186 4584 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
07:26:12.0196 4584 WIMMount - ok
07:26:12.0216 4584 WinDefend - ok
07:26:12.0226 4584 WinHttpAutoProxySvc - ok
07:26:12.0266 4584 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
07:26:12.0316 4584 Winmgmt - ok
07:26:12.0436 4584 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
07:26:12.0506 4584 WinRM - ok
07:26:12.0666 4584 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
07:26:12.0676 4584 WinUsb - ok
07:26:12.0746 4584 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
07:26:12.0786 4584 Wlansvc - ok
07:26:12.0986 4584 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:26:13.0026 4584 wlidsvc - ok
07:26:13.0086 4584 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
07:26:13.0116 4584 WmiAcpi - ok
07:26:13.0176 4584 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
07:26:13.0206 4584 wmiApSrv - ok
07:26:13.0236 4584 WMPNetworkSvc - ok
07:26:13.0266 4584 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
07:26:13.0276 4584 WPCSvc - ok
07:26:13.0316 4584 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
07:26:13.0346 4584 WPDBusEnum - ok
07:26:13.0366 4584 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
07:26:13.0416 4584 ws2ifsl - ok
07:26:13.0446 4584 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
07:26:13.0476 4584 wscsvc - ok
07:26:13.0476 4584 WSearch - ok
07:26:13.0706 4584 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
07:26:13.0796 4584 wuauserv - ok
07:26:13.0896 4584 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
07:26:13.0936 4584 WudfPf - ok
07:26:13.0976 4584 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:26:14.0006 4584 WUDFRd - ok
07:26:14.0046 4584 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
07:26:14.0086 4584 wudfsvc - ok
07:26:14.0106 4584 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
07:26:14.0146 4584 WwanSvc - ok
07:26:14.0156 4584 MBR (0x1B8) (4661f953f30d48fd76a9da73c4892179) \Device\Harddisk0\DR0
07:26:14.0646 4584 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
07:26:14.0646 4584 \Device\Harddisk0\DR0 - detected TDSS File System (1)
07:26:14.0676 4584 Boot (0x1200) (b4f67d19b2b9cb025785cc00f8bccdfe) \Device\Harddisk0\DR0\Partition0
07:26:14.0676 4584 \Device\Harddisk0\DR0\Partition0 - ok
07:26:14.0696 4584 Boot (0x1200) (4d2cca53ef627626c7ad78ce199b81f7) \Device\Harddisk0\DR0\Partition1
07:26:14.0696 4584 \Device\Harddisk0\DR0\Partition1 - ok
07:26:14.0696 4584 ============================================================
07:26:14.0696 4584 Scan finished
07:26:14.0696 4584 ============================================================
07:26:14.0706 3128 Detected object count: 5
07:26:14.0706 3128 Actual detected object count: 5
07:26:57.0626 3128 CSHelper ( UnsignedFile.Multi.Generic ) - skipped by user
07:26:57.0626 3128 CSHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:26:57.0626 3128 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
07:26:57.0626 3128 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:26:57.0626 3128 NILM License Manager ( UnsignedFile.Multi.Generic ) - skipped by user
07:26:57.0626 3128 NILM License Manager ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:26:57.0636 3128 sptd ( LockedFile.Multi.Generic ) - skipped by user
07:26:57.0636 3128 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
07:26:57.0636 3128 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
07:26:57.0636 3128 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
07:27:30.0436 5900 ============================================================
07:27:30.0436 5900 Scan started
07:27:30.0436 5900 Mode: Manual; SigCheck; TDLFS;
07:27:30.0436 5900 ============================================================
07:27:30.0876 5900 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\a folder\Program Files\SuperAntiSpyware\SASCORE64.EXE
07:27:30.0896 5900 !SASCORE - ok
07:27:30.0936 5900 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
07:27:30.0956 5900 1394ohci - ok
07:27:31.0006 5900 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
07:27:31.0016 5900 ACPI - ok
07:27:31.0036 5900 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
07:27:31.0056 5900 AcpiPmi - ok
07:27:31.0096 5900 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
07:27:31.0116 5900 adp94xx - ok
07:27:31.0146 5900 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
07:27:31.0156 5900 adpahci - ok
07:27:31.0186 5900 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
07:27:31.0196 5900 adpu320 - ok
07:27:31.0226 5900 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
07:27:31.0266 5900 AeLookupSvc - ok
07:27:31.0296 5900 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
07:27:31.0316 5900 AFD - ok
07:27:31.0356 5900 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
07:27:31.0366 5900 agp440 - ok
07:27:31.0386 5900 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
07:27:31.0396 5900 ALG - ok
07:27:31.0406 5900 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
07:27:31.0416 5900 aliide - ok
07:27:31.0466 5900 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
07:27:31.0486 5900 AMD External Events Utility - ok
07:27:31.0496 5900 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
07:27:31.0506 5900 amdide - ok
07:27:31.0526 5900 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
07:27:31.0536 5900 AmdK8 - ok
07:27:32.0126 5900 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
07:27:32.0246 5900 amdkmdag - ok
07:27:32.0376 5900 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
07:27:32.0396 5900 amdkmdap - ok
07:27:32.0426 5900 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
07:27:32.0446 5900 AmdPPM - ok
07:27:32.0456 5900 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
07:27:32.0476 5900 amdsata - ok
07:27:32.0496 5900 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
07:27:32.0516 5900 amdsbs - ok
07:27:32.0526 5900 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
07:27:32.0536 5900 amdxata - ok
07:27:32.0576 5900 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
07:27:32.0606 5900 AppID - ok
07:27:32.0666 5900 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
07:27:32.0696 5900 AppIDSvc - ok
07:27:32.0696 5900 Scan interrupted by user!
07:27:32.0696 5900 Scan interrupted by user!
07:27:32.0696 5900 Scan interrupted by user!
07:27:32.0696 5900 ============================================================
07:27:32.0696 5900 Scan finished
07:27:32.0696 5900 ============================================================
07:27:32.0706 3592 Detected object count: 0
07:27:32.0706 3592 Actual detected object count: 0
07:27:34.0636 5204 ============================================================
07:27:34.0636 5204 Scan started
07:27:34.0636 5204 Mode: Manual; SigCheck; TDLFS;
07:27:34.0636 5204 ============================================================
07:27:35.0116 5204 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\a folder\Program Files\SuperAntiSpyware\SASCORE64.EXE
07:27:35.0126 5204 !SASCORE - ok
07:27:35.0166 5204 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
07:27:35.0176 5204 1394ohci - ok
07:27:35.0226 5204 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
07:27:35.0246 5204 ACPI - ok
07:27:35.0266 5204 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
07:27:35.0286 5204 AcpiPmi - ok
07:27:35.0316 5204 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
07:27:35.0336 5204 adp94xx - ok
07:27:35.0366 5204 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
07:27:35.0376 5204 adpahci - ok
07:27:35.0406 5204 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
07:27:35.0416 5204 adpu320 - ok
07:27:35.0446 5204 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
07:27:35.0476 5204 AeLookupSvc - ok
07:27:35.0516 5204 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
07:27:35.0536 5204 AFD - ok
07:27:35.0576 5204 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
07:27:35.0586 5204 agp440 - ok
07:27:35.0656 5204 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
07:27:35.0676 5204 ALG - ok
07:27:35.0686 5204 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
07:27:35.0696 5204 aliide - ok
07:27:35.0746 5204 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
07:27:35.0766 5204 AMD External Events Utility - ok
07:27:35.0786 5204 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
07:27:35.0796 5204 amdide - ok
07:27:35.0806 5204 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
07:27:35.0826 5204 AmdK8 - ok
07:27:36.0346 5204 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
07:27:36.0476 5204 amdkmdag - ok
07:27:36.0656 5204 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
07:27:36.0676 5204 amdkmdap - ok
07:27:36.0706 5204 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
07:27:36.0716 5204 AmdPPM - ok
07:27:36.0736 5204 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
07:27:36.0746 5204 amdsata - ok
07:27:36.0776 5204 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
07:27:36.0786 5204 amdsbs - ok
07:27:36.0796 5204 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
07:27:36.0806 5204 amdxata - ok
07:27:36.0846 5204 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
07:27:36.0886 5204 AppID - ok
07:27:36.0906 5204 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
07:27:36.0936 5204 AppIDSvc - ok
07:27:36.0976 5204 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
07:27:37.0006 5204 Appinfo - ok
07:27:37.0036 5204 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
07:27:37.0056 5204 AppMgmt - ok
07:27:37.0066 5204 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
07:27:37.0086 5204 arc - ok
07:27:37.0096 5204 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
07:27:37.0106 5204 arcsas - ok
07:27:37.0216 5204 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
07:27:37.0226 5204 aspnet_state - ok
07:27:37.0246 5204 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
07:27:37.0276 5204 AsyncMac - ok
07:27:37.0316 5204 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
07:27:37.0326 5204 atapi - ok
07:27:37.0376 5204 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
07:27:37.0386 5204 AtiHDAudioService - ok
07:27:37.0416 5204 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
07:27:37.0426 5204 AtiHdmiService - ok
07:27:38.0016 5204 atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
07:27:38.0136 5204 atikmdag - ok
07:27:38.0256 5204 atksgt (64f07381335e37c142f6d176705ffca6) C:\Windows\system32\DRIVERS\atksgt.sys
07:27:38.0276 5204 atksgt - ok
07:27:38.0336 5204 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
07:27:38.0376 5204 AudioEndpointBuilder - ok
07:27:38.0376 5204 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
07:27:38.0416 5204 AudioSrv - ok
07:27:38.0486 5204 AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
07:27:38.0496 5204 AVP - ok
07:27:38.0536 5204 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
07:27:38.0556 5204 AxInstSV - ok
07:27:38.0666 5204 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
07:27:38.0686 5204 b06bdrv - ok
07:27:38.0726 5204 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
07:27:38.0736 5204 b57nd60a - ok
07:27:38.0766 5204 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
07:27:38.0776 5204 BDESVC - ok
07:27:38.0796 5204 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
07:27:38.0826 5204 Beep - ok
07:27:38.0896 5204 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
07:27:38.0936 5204 BFE - ok
07:27:38.0986 5204 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
07:27:39.0026 5204 BITS - ok
07:27:39.0046 5204 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
07:27:39.0056 5204 blbdrive - ok
07:27:39.0096 5204 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
07:27:39.0106 5204 bowser - ok
07:27:39.0126 5204 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:27:39.0136 5204 BrFiltLo - ok
07:27:39.0156 5204 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:27:39.0166 5204 BrFiltUp - ok
07:27:39.0206 5204 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
07:27:39.0246 5204 Browser - ok
07:27:39.0266 5204 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
07:27:39.0286 5204 Brserid - ok
07:27:39.0306 5204 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
07:27:39.0316 5204 BrSerWdm - ok
07:27:39.0336 5204 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:27:39.0346 5204 BrUsbMdm - ok
07:27:39.0356 5204 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
07:27:39.0376 5204 BrUsbSer - ok
07:27:39.0396 5204 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
07:27:39.0416 5204 BTHMODEM - ok
07:27:39.0556 5204 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
07:27:39.0596 5204 bthserv - ok
07:27:39.0706 5204 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
07:27:39.0736 5204 cdfs - ok
07:27:39.0766 5204 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
07:27:39.0786 5204 cdrom - ok
07:27:39.0816 5204 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
07:27:39.0856 5204 CertPropSvc - ok
07:27:39.0866 5204 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
07:27:39.0886 5204 circlass - ok
07:27:39.0916 5204 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
07:27:39.0926 5204 CLFS - ok
07:27:39.0976 5204 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:27:39.0986 5204 clr_optimization_v2.0.50727_32 - ok
07:27:40.0016 5204 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:27:40.0026 5204 clr_optimization_v2.0.50727_64 - ok
07:27:40.0106 5204 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:27:40.0116 5204 clr_optimization_v4.0.30319_32 - ok
07:27:40.0146 5204 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:27:40.0156 5204 clr_optimization_v4.0.30319_64 - ok
07:27:40.0166 5204 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
07:27:40.0176 5204 CmBatt - ok
07:27:40.0216 5204 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
07:27:40.0226 5204 cmdide - ok
07:27:40.0286 5204 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
07:27:40.0306 5204 CNG - ok
07:27:40.0316 5204 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
07:27:40.0326 5204 Compbatt - ok
07:27:40.0346 5204 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
07:27:40.0366 5204 CompositeBus - ok
07:27:40.0366 5204 COMSysApp - ok
07:27:40.0376 5204 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
07:27:40.0386 5204 crcdisk - ok
07:27:40.0436 5204 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
07:27:40.0466 5204 CryptSvc - ok
07:27:40.0526 5204 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
07:27:40.0546 5204 CSC - ok
07:27:40.0676 5204 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
07:27:40.0696 5204 CscService - ok
07:27:40.0776 5204 CSHelper (aefb8558199bd5212b268b09bfa1d71a) C:\Windows\SysWOW64\CSHelper.exe
07:27:40.0776 5204 CSHelper ( UnsignedFile.Multi.Generic ) - warning
07:27:40.0776 5204 CSHelper - detected UnsignedFile.Multi.Generic (1)
07:27:40.0856 5204 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
07:27:40.0896 5204 DcomLaunch - ok
07:27:40.0936 5204 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
07:27:40.0966 5204 defragsvc - ok
07:27:41.0006 5204 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
07:27:41.0046 5204 DfsC - ok
07:27:41.0066 5204 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
07:27:41.0106 5204 Dhcp - ok
07:27:41.0116 5204 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
07:27:41.0156 5204 discache - ok
07:27:41.0166 5204 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
07:27:41.0186 5204 Disk - ok
07:27:41.0226 5204 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
07:27:41.0236 5204 Dnscache - ok
07:27:41.0286 5204 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
07:27:41.0316 5204 dot3svc - ok
07:27:41.0356 5204 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
07:27:41.0386 5204 DPS - ok
07:27:41.0406 5204 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
07:27:41.0426 5204 drmkaud - ok
07:27:41.0486 5204 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
07:27:41.0516 5204 DXGKrnl - ok
07:27:41.0546 5204 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
07:27:41.0576 5204 EapHost - ok
07:27:41.0796 5204 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
07:27:41.0836 5204 ebdrv - ok
07:27:41.0916 5204 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
07:27:41.0936 5204 EFS - ok
07:27:42.0026 5204 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
07:27:42.0046 5204 ehRecvr - ok
07:27:42.0066 5204 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
07:27:42.0086 5204 ehSched - ok
07:27:42.0136 5204 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
07:27:42.0146 5204 elxstor - ok
07:27:42.0186 5204 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
07:27:42.0206 5204 ErrDev - ok
07:27:42.0236 5204 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
07:27:42.0276 5204 EventSystem - ok
07:27:42.0306 5204 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
07:27:42.0336 5204 exfat - ok
07:27:42.0366 5204 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
07:27:42.0396 5204 fastfat - ok
07:27:42.0456 5204 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
07:27:42.0476 5204 Fax - ok
07:27:42.0496 5204 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
07:27:42.0506 5204 fdc - ok
07:27:42.0526 5204 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
07:27:42.0556 5204 fdPHost - ok
07:27:42.0566 5204 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
07:27:42.0596 5204 FDResPub - ok
07:27:42.0646 5204 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
07:27:42.0666 5204 FileInfo - ok
07:27:42.0676 5204 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
07:27:42.0716 5204 Filetrace - ok
07:27:42.0726 5204 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
07:27:42.0736 5204 flpydisk - ok
07:27:42.0786 5204 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
07:27:42.0806 5204 FltMgr - ok
07:27:42.0896 5204 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
07:27:42.0946 5204 FontCache - ok
07:27:43.0026 5204 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:27:43.0036 5204 FontCache3.0.0.0 - ok
07:27:43.0066 5204 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
07:27:43.0086 5204 FsDepends - ok
07:27:43.0096 5204 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
07:27:43.0106 5204 Fs_Rec - ok
07:27:43.0146 5204 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
07:27:43.0166 5204 fvevol - ok
07:27:43.0176 5204 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
07:27:43.0186 5204 gagp30kx - ok
07:27:43.0206 5204 gdrv (f51fb25e1328fa14f446a8b24ac52709) C:\Windows\gdrv.sys
07:27:43.0216 5204 gdrv - ok
07:27:43.0236 5204 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:27:43.0246 5204 GEARAspiWDM - ok
07:27:43.0296 5204 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
07:27:43.0336 5204 gpsvc - ok
07:27:43.0406 5204 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:27:43.0416 5204 gupdate - ok
07:27:43.0426 5204 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:27:43.0436 5204 gupdatem - ok
07:27:43.0446 5204 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
07:27:43.0456 5204 hcw85cir - ok
07:27:43.0506 5204 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
07:27:43.0526 5204 HdAudAddService - ok
07:27:43.0556 5204 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
07:27:43.0576 5204 HDAudBus - ok
07:27:43.0646 5204 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
07:27:43.0666 5204 HidBatt - ok
07:27:43.0676 5204 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
07:27:43.0696 5204 HidBth - ok
07:27:43.0706 5204 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
07:27:43.0726 5204 HidIr - ok
07:27:43.0746 5204 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
07:27:43.0776 5204 hidserv - ok
07:27:43.0806 5204 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
07:27:43.0816 5204 HidUsb - ok
07:27:43.0856 5204 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
07:27:43.0896 5204 hkmsvc - ok
07:27:43.0946 5204 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
07:27:43.0956 5204 HomeGroupListener - ok
07:27:43.0996 5204 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
07:27:44.0016 5204 HomeGroupProvider - ok
07:27:44.0046 5204 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
07:27:44.0056 5204 HpSAMD - ok
07:27:44.0126 5204 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
07:27:44.0166 5204 HTTP - ok
07:27:44.0206 5204 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
07:27:44.0216 5204 hwpolicy - ok
07:27:44.0246 5204 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
07:27:44.0266 5204 i8042prt - ok
07:27:44.0296 5204 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
07:27:44.0306 5204 iaStorV - ok
07:27:44.0396 5204 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
07:27:44.0406 5204 IDriverT ( UnsignedFile.Multi.Generic ) - warning
07:27:44.0406 5204 IDriverT - detected UnsignedFile.Multi.Generic (1)
07:27:44.0496 5204 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:27:44.0516 5204 idsvc - ok
07:27:44.0656 5204 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
07:27:44.0666 5204 iirsp - ok
07:27:44.0766 5204 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
07:27:44.0806 5204 IKEEXT - ok
07:27:44.0906 5204 IntcAzAudAddService (b1cf774c00a5d466277fe0b45439c643) C:\Windows\system32\drivers\RTKVHD64.sys
07:27:44.0936 5204 IntcAzAudAddService - ok
07:27:45.0026 5204 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
07:27:45.0036 5204 intelide - ok
07:27:45.0046 5204 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
07:27:45.0056 5204 intelppm - ok
07:27:45.0086 5204 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
07:27:45.0116 5204 IPBusEnum - ok
07:27:45.0166 5204 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:27:45.0196 5204 IpFilterDriver - ok
07:27:45.0246 5204 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
07:27:45.0286 5204 iphlpsvc - ok
07:27:45.0326 5204 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
07:27:45.0336 5204 IPMIDRV - ok
07:27:45.0366 5204 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
07:27:45.0396 5204 IPNAT - ok
07:27:45.0466 5204 iPod Service (dc115bd67a913f71a77c7c72c1e64c0a) C:\Program Files\iPod\bin\iPodService.exe
07:27:45.0486 5204 iPod Service - ok
07:27:45.0496 5204 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
07:27:45.0516 5204 IRENUM - ok
07:27:45.0556 5204 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
07:27:45.0566 5204 isapnp - ok
07:27:45.0676 5204 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
07:27:45.0686 5204 iScsiPrt - ok
07:27:45.0706 5204 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
07:27:45.0716 5204 kbdclass - ok
07:27:45.0736 5204 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
07:27:45.0756 5204 kbdhid - ok
07:27:45.0766 5204 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
07:27:45.0786 5204 KeyIso - ok
07:27:45.0836 5204 KL1 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys
07:27:45.0856 5204 KL1 - ok
07:27:45.0866 5204 kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys
07:27:45.0876 5204 kl2 - ok
07:27:45.0916 5204 KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys
07:27:45.0936 5204 KLIF - ok
07:27:45.0946 5204 KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys
07:27:45.0956 5204 KLIM6 - ok
07:27:45.0966 5204 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
07:27:45.0966 5204 klmouflt - ok
07:27:45.0986 5204 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
07:27:45.0996 5204 KSecDD - ok
07:27:46.0036 5204 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
07:27:46.0056 5204 KSecPkg - ok
07:27:46.0056 5204 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
07:27:46.0086 5204 ksthunk - ok
07:27:46.0126 5204 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
07:27:46.0156 5204 KtmRm - ok
07:27:46.0196 5204 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
07:27:46.0236 5204 LanmanServer - ok
07:27:46.0276 5204 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
07:27:46.0306 5204 LanmanWorkstation - ok
07:27:46.0326 5204 lirsgt (83ba097acaad0b00505634a62d90f93a) C:\Windows\system32\DRIVERS\lirsgt.sys
07:27:46.0336 5204 lirsgt - ok
07:27:46.0446 5204 LkCitadelServer (20cdb07017497c94a0bad253c4bafcbc) C:\Windows\SysWOW64\lkcitdl.exe
07:27:46.0466 5204 LkCitadelServer - ok
07:27:46.0486 5204 lkClassAds (c373079f8d6a3543faadb96c874cf06b) C:\Windows\SysWOW64\lkads.exe
07:27:46.0496 5204 lkClassAds - ok
07:27:46.0506 5204 lkTimeSync (ed1c2f1b9b7dedee5c6287211ac4422e) C:\Windows\SysWOW64\lktsrv.exe
07:27:46.0516 5204 lkTimeSync - ok
07:27:46.0586 5204 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
07:27:46.0616 5204 lltdio - ok
07:27:46.0666 5204 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
07:27:46.0706 5204 lltdsvc - ok
07:27:46.0716 5204 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
07:27:46.0756 5204 lmhosts - ok
07:27:46.0766 5204 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
07:27:46.0776 5204 lmimirr - ok
07:27:46.0786 5204 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
07:27:46.0796 5204 LMIRfsDriver - ok
07:27:46.0816 5204 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
07:27:46.0826 5204 LSI_FC - ok
07:27:46.0836 5204 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
07:27:46.0856 5204 LSI_SAS - ok
07:27:46.0866 5204 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:27:46.0886 5204 LSI_SAS2 - ok
07:27:46.0896 5204 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:27:46.0916 5204 LSI_SCSI - ok
07:27:46.0916 5204 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
07:27:46.0956 5204 luafv - ok
07:27:46.0976 5204 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
07:27:46.0986 5204 MBAMProtector - ok
07:27:47.0076 5204 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\a folder\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
07:27:47.0096 5204 MBAMService - ok
07:27:47.0116 5204 mcdbus (dd7376c4154a4b65962c47f21850bdad) C:\Windows\system32\DRIVERS\mcdbus.sys
07:27:47.0126 5204 mcdbus - ok
07:27:47.0166 5204 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
07:27:47.0176 5204 Mcx2Svc - ok
07:27:47.0196 5204 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
07:27:47.0206 5204 megasas - ok
07:27:47.0236 5204 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
07:27:47.0256 5204 MegaSR - ok
07:27:47.0296 5204 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
07:27:47.0306 5204 Microsoft Office Groove Audit Service - ok
07:27:47.0326 5204 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
07:27:47.0366 5204 MMCSS - ok
07:27:47.0376 5204 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
07:27:47.0416 5204 Modem - ok
07:27:47.0426 5204 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
07:27:47.0446 5204 monitor - ok
07:27:47.0476 5204 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
07:27:47.0486 5204 mouclass - ok
07:27:47.0506 5204 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
07:27:47.0516 5204 mouhid - ok
07:27:47.0556 5204 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
07:27:47.0566 5204 mountmgr - ok
07:27:47.0676 5204 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:27:47.0686 5204 MozillaMaintenance - ok
07:27:47.0726 5204 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
07:27:47.0736 5204 mpio - ok
07:27:47.0766 5204 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
07:27:47.0796 5204 mpsdrv - ok
07:27:47.0876 5204 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
07:27:47.0916 5204 MpsSvc - ok
07:27:47.0966 5204 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
07:27:47.0986 5204 MRxDAV - ok
07:27:48.0016 5204 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:27:48.0026 5204 mrxsmb - ok
07:27:48.0056 5204 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:27:48.0076 5204 mrxsmb10 - ok
07:27:48.0096 5204 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:27:48.0106 5204 mrxsmb20 - ok
07:27:48.0126 5204 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
07:27:48.0136 5204 msahci - ok
07:27:48.0166 5204 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
07:27:48.0186 5204 msdsm - ok
07:27:48.0216 5204 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
07:27:48.0236 5204 MSDTC - ok
07:27:48.0256 5204 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
07:27:48.0286 5204 Msfs - ok
07:27:48.0306 5204 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
07:27:48.0336 5204 mshidkmdf - ok
07:27:48.0356 5204 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
07:27:48.0366 5204 msisadrv - ok
07:27:48.0396 5204 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
07:27:48.0436 5204 MSiSCSI - ok
07:27:48.0436 5204 msiserver - ok
07:27:48.0446 5204 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
07:27:48.0486 5204 MSKSSRV - ok
07:27:48.0496 5204 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
07:27:48.0526 5204 MSPCLOCK - ok
07:27:48.0546 5204 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
07:27:48.0576 5204 MSPQM - ok
07:27:48.0686 5204 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
07:27:48.0706 5204 MsRPC - ok
07:27:48.0746 5204 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
07:27:48.0756 5204 mssmbios - ok
07:27:48.0766 5204 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
07:27:48.0806 5204 MSTEE - ok
07:27:48.0826 5204 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
07:27:48.0846 5204 MTConfig - ok
07:27:48.0856 5204 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
07:27:48.0866 5204 Mup - ok
07:27:48.0906 5204 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
07:27:48.0936 5204 napagent - ok
07:27:48.0966 5204 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
07:27:48.0986 5204 NativeWifiP - ok
07:27:49.0056 5204 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
07:27:49.0076 5204 NDIS - ok
07:27:49.0096 5204 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
07:27:49.0126 5204 NdisCap - ok
07:27:49.0136 5204 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
07:27:49.0166 5204 NdisTapi - ok
07:27:49.0206 5204 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
07:27:49.0236 5204 Ndisuio - ok
07:27:49.0286 5204 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
07:27:49.0316 5204 NdisWan - ok
07:27:49.0356 5204 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
07:27:49.0386 5204 NDProxy - ok
07:27:49.0406 5204 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
07:27:49.0436 5204 NetBIOS - ok
07:27:49.0456 5204 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
07:27:49.0496 5204 NetBT - ok
07:27:49.0516 5204 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
07:27:49.0536 5204 Netlogon - ok
07:27:49.0566 5204 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
07:27:49.0606 5204 Netman - ok
07:27:49.0866 5204 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:27:49.0876 5204 NetMsmqActivator - ok
07:27:49.0916 5204 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:27:49.0926 5204 NetPipeActivator - ok
07:27:49.0986 5204 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
07:27:50.0016 5204 netprofm - ok
07:27:50.0026 5204 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:27:50.0036 5204 NetTcpActivator - ok
07:27:50.0036 5204 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:27:50.0046 5204 NetTcpPortSharing - ok
07:27:50.0086 5204 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
07:27:50.0096 5204 nfrd960 - ok
07:27:50.0216 5204 NIDomainService (a36307747e7bb2dc015f9fe4350a4a08) C:\a folder\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
07:27:50.0226 5204 NIDomainService - ok
07:27:50.0336 5204 NILM License Manager (b17093b9a2c5f874975c732c1a8ba771) C:\a folder\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe
07:27:50.0356 5204 NILM License Manager ( UnsignedFile.Multi.Generic ) - warning
07:27:50.0356 5204 NILM License Manager - detected UnsignedFile.Multi.Generic (1)
07:27:50.0426 5204 niSvcLoc - ok
07:27:50.0496 5204 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
07:27:50.0536 5204 NlaSvc - ok
07:27:50.0556 5204 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
07:27:50.0586 5204 Npfs - ok
07:27:50.0646 5204 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
07:27:50.0686 5204 nsi - ok
07:27:50.0686 5204 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
07:27:50.0726 5204 nsiproxy - ok
07:27:50.0836 5204 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
07:27:50.0876 5204 Ntfs - ok
07:27:50.0916 5204 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
07:27:50.0946 5204 Null - ok
07:27:50.0976 5204 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
07:27:50.0986 5204 nvraid - ok
07:27:51.0006 5204 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
07:27:51.0026 5204 nvstor - ok
07:27:51.0056 5204 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
07:27:51.0066 5204 nv_agp - ok
07:27:51.0246 5204 O&O Defrag (6ff0f6c590e92ff1dc559b3b1b3b1b11) C:\a folder\Program Files\OO Software\Defrag\oodag.exe
07:27:51.0286 5204 O&O Defrag - ok
07:27:51.0376 5204 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:27:51.0396 5204 odserv - ok
07:27:51.0446 5204 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
07:27:51.0466 5204 ohci1394 - ok
07:27:51.0496 5204 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:27:51.0506 5204 ose - ok
07:27:51.0546 5204 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
07:27:51.0566 5204 p2pimsvc - ok
07:27:51.0656 5204 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
07:27:51.0666 5204 p2psvc - ok
07:27:51.0696 5204 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
07:27:51.0706 5204 Parport - ok
07:27:51.0756 5204 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
07:27:51.0766 5204 partmgr - ok
07:27:51.0786 5204 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
07:27:51.0806 5204 PcaSvc - ok
07:27:51.0846 5204 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
07:27:51.0866 5204 pci - ok
07:27:51.0866 5204 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
07:27:51.0886 5204 pciide - ok
07:27:51.0906 5204 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
07:27:51.0926 5204 pcmcia - ok
07:27:51.0946 5204 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
07:27:51.0956 5204 pcw - ok
07:27:51.0986 5204 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
07:27:52.0026 5204 PEAUTH - ok
07:27:52.0116 5204 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
07:27:52.0146 5204 PeerDistSvc - ok
07:27:52.0216 5204 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
07:27:52.0236 5204 PerfHost - ok
07:27:52.0376 5204 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
07:27:52.0426 5204 pla - ok
07:27:52.0466 5204 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
07:27:52.0486 5204 PlugPlay - ok
07:27:52.0486 5204 PnkBstrA - ok
07:27:52.0496 5204 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
07:27:52.0516 5204 PNRPAutoReg - ok
07:27:52.0536 5204 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
07:27:52.0556 5204 PNRPsvc - ok
07:27:52.0646 5204 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
07:27:52.0686 5204 PolicyAgent - ok
07:27:52.0716 5204 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
07:27:52.0756 5204 Power - ok
07:27:52.0796 5204 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
07:27:52.0836 5204 PptpMiniport - ok
07:27:52.0866 5204 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
07:27:52.0876 5204 Processor - ok
07:27:52.0906 5204 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
07:27:52.0936 5204 ProfSvc - ok
07:27:52.0956 5204 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
07:27:52.0976 5204 ProtectedStorage - ok
07:27:53.0016 5204 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
07:27:53.0046 5204 Psched - ok
07:27:53.0126 5204 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
07:27:53.0166 5204 ql2300 - ok
07:27:53.0226 5204 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
07:27:53.0236 5204 ql40xx - ok
07:27:53.0276 5204 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
07:27:53.0296 5204 QWAVE - ok
07:27:53.0316 5204 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
07:27:53.0326 5204 QWAVEdrv - ok
07:27:53.0346 5204 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
07:27:53.0376 5204 RasAcd - ok
07:27:53.0406 5204 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:27:53.0446 5204 RasAgileVpn - ok
07:27:53.0466 5204 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
07:27:53.0496 5204 RasAuto - ok
07:27:53.0536 5204 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:27:53.0576 5204 Rasl2tp - ok
07:27:53.0676 5204 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
07:27:53.0716 5204 RasMan - ok
07:27:53.0726 5204 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
07:27:53.0766 5204 RasPppoe - ok
07:27:53.0776 5204 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
07:27:53.0806 5204 RasSstp - ok
07:27:53.0856 5204 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
07:27:53.0896 5204 rdbss - ok
07:27:53.0916 5204 RDID1053 (d22bd2c64e750013d23f97a50d183758) C:\Windows\system32\Drivers\rdwm1053.sys
07:27:53.0926 5204 RDID1053 - ok
07:27:53.0946 5204 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
07:27:53.0966 5204 rdpbus - ok
07:27:53.0976 5204 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:27:54.0006 5204 RDPCDD - ok
07:27:54.0056 5204 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
07:27:54.0066 5204 RDPDR - ok
07:27:54.0086 5204 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
07:27:54.0116 5204 RDPENCDD - ok
07:27:54.0126 5204 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
07:27:54.0166 5204 RDPREFMP - ok
07:27:54.0206 5204 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
07:27:54.0216 5204 RdpVideoMiniport - ok
07:27:54.0266 5204 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
07:27:54.0296 5204 RDPWD - ok
07:27:54.0336 5204 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
07:27:54.0356 5204 rdyboost - ok
07:27:54.0376 5204 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
07:27:54.0416 5204 RemoteAccess - ok
07:27:54.0426 5204 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
07:27:54.0466 5204 RemoteRegistry - ok
07:27:54.0486 5204 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
07:27:54.0516 5204 RpcEptMapper - ok
07:27:54.0546 5204 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
07:27:54.0556 5204 RpcLocator - ok
07:27:54.0666 5204 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
07:27:54.0706 5204 RpcSs - ok
07:27:54.0716 5204 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
07:27:54.0756 5204 rspndr - ok
07:27:54.0776 5204 RTL8169 (faeeed5a8949e6ba611a7b738ad28cee) C:\Windows\system32\DRIVERS\Rtlh64.sys
07:27:54.0796 5204 RTL8169 - ok
07:27:54.0836 5204 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
07:27:54.0846 5204 s3cap - ok
07:27:54.0866 5204 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
07:27:54.0886 5204 SamSs - ok
07:27:54.0986 5204 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\a folder\Program Files\SuperAntiSpyware\SASDIFSV64.SYS
07:27:54.0996 5204 SASDIFSV - ok
07:27:55.0006 5204 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\a folder\Program Files\SuperAntiSpyware\SASKUTIL64.SYS
07:27:55.0016 5204 SASKUTIL - ok
07:27:55.0046 5204 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
07:27:55.0056 5204 sbp2port - ok
07:27:55.0086 5204 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
07:27:55.0116 5204 SCardSvr - ok
07:27:55.0156 5204 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
07:27:55.0186 5204 scfilter - ok
07:27:55.0266 5204 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
07:27:55.0316 5204 Schedule - ok
07:27:55.0356 5204 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
07:27:55.0386 5204 SCPolicySvc - ok
07:27:55.0426 5204 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
07:27:55.0446 5204 SDRSVC - ok
07:27:55.0486 5204 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
07:27:55.0526 5204 secdrv - ok
07:27:55.0556 5204 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
07:27:55.0596 5204 seclogon - ok
07:27:55.0656 5204 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
07:27:55.0686 5204 SENS - ok
07:27:55.0706 5204 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
07:27:55.0716 5204 SensrSvc - ok
07:27:55.0726 5204 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
07:27:55.0746 5204 Serenum - ok
07:27:55.0756 5204 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
07:27:55.0776 5204 Serial - ok
07:27:55.0796 5204 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
07:27:55.0816 5204 sermouse - ok
07:27:55.0856 5204 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
07:27:55.0886 5204 SessionEnv - ok
07:27:55.0906 5204 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
07:27:55.0926 5204 sffdisk - ok
07:27:55.0946 5204 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
07:27:55.0956 5204 sffp_mmc - ok
07:27:55.0976 5204 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
07:27:55.0996 5204 sffp_sd - ok
07:27:56.0006 5204 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
07:27:56.0016 5204 sfloppy - ok
07:27:56.0056 5204 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
07:27:56.0096 5204 SharedAccess - ok
07:27:56.0146 5204 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
07:27:56.0186 5204 ShellHWDetection - ok
07:27:56.0196 5204 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:27:56.0206 5204 SiSRaid2 - ok
07:27:56.0226 5204 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
07:27:56.0236 5204 SiSRaid4 - ok
07:27:56.0256 5204 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
07:27:56.0296 5204 Smb - ok
07:27:56.0316 5204 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
07:27:56.0336 5204 SNMPTRAP - ok
07:27:56.0406 5204 speedfan (5f9785e7535f8f602cb294a54962c9e7) C:\Windows\syswow64\speedfan.sys
07:27:56.0416 5204 speedfan - ok
07:27:56.0426 5204 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
07:27:56.0436 5204 spldr - ok
07:27:56.0496 5204 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
07:27:56.0536 5204 Spooler - ok
07:27:56.0776 5204 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
07:27:56.0846 5204 sppsvc - ok
07:27:56.0916 5204 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
07:27:56.0956 5204 sppuinotify - ok
07:27:57.0026 5204 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
07:27:57.0026 5204 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
07:27:57.0026 5204 sptd ( LockedFile.Multi.Generic ) - warning
07:27:57.0026 5204 sptd - detected LockedFile.Multi.Generic (1)
07:27:57.0076 5204 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
07:27:57.0096 5204 srv - ok
07:27:57.0126 5204 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
07:27:57.0146 5204 srv2 - ok
07:27:57.0166 5204 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
07:27:57.0186 5204 srvnet - ok
07:27:57.0196 5204 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
07:27:57.0236 5204 SSDPSRV - ok
07:27:57.0246 5204 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
07:27:57.0286 5204 SstpSvc - ok
07:27:57.0316 5204 Steam Client Service - ok
07:27:57.0346 5204 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
07:27:57.0356 5204 stexstor - ok
07:27:57.0416 5204 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
07:27:57.0446 5204 stisvc - ok
07:27:57.0476 5204 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
07:27:57.0486 5204 storflt - ok
07:27:57.0526 5204 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
07:27:57.0536 5204 storvsc - ok
07:27:57.0566 5204 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
07:27:57.0586 5204 swenum - ok
07:27:57.0666 5204 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
07:27:57.0706 5204 swprv - ok
07:27:57.0716 5204 Synth3dVsc - ok
07:27:57.0826 5204 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
07:27:57.0866 5204 SysMain - ok
07:27:57.0956 5204 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
07:27:57.0976 5204 TabletInputService - ok
07:27:58.0036 5204 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
07:27:58.0076 5204 TapiSrv - ok
07:27:58.0096 5204 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
07:27:58.0126 5204 TBS - ok
07:27:58.0246 5204 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
07:27:58.0286 5204 Tcpip - ok
07:27:58.0416 5204 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
07:27:58.0446 5204 TCPIP6 - ok
07:27:58.0516 5204 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
07:27:58.0546 5204 tcpipreg - ok
07:27:58.0566 5204 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
07:27:58.0596 5204 TDPIPE - ok
07:27:58.0656 5204 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
07:27:58.0686 5204 TDTCP - ok
07:27:58.0736 5204 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
07:27:58.0766 5204 tdx - ok
07:27:58.0806 5204 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
07:27:58.0816 5204 TermDD - ok
07:27:58.0896 5204 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
07:27:58.0936 5204 TermService - ok
07:27:58.0946 5204 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
07:27:58.0966 5204 Themes - ok
07:27:58.0986 5204 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
07:27:59.0016 5204 THREADORDER - ok
07:27:59.0036 5204 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
07:27:59.0076 5204 TrkWks - ok
07:27:59.0136 5204 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
07:27:59.0166 5204 TrustedInstaller - ok
07:27:59.0206 5204 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:27:59.0236 5204 tssecsrv - ok
07:27:59.0276 5204 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
07:27:59.0286 5204 TsUsbFlt - ok
07:27:59.0286 5204 tsusbhub - ok
07:27:59.0336 5204 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
07:27:59.0366 5204 tunnel - ok
07:27:59.0386 5204 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
07:27:59.0396 5204 uagp35 - ok
07:27:59.0436 5204 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
07:27:59.0466 5204 udfs - ok
07:27:59.0496 5204 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
07:27:59.0506 5204 UI0Detect - ok
07:27:59.0526 5204 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
07:27:59.0536 5204 uliagpkx - ok
07:27:59.0576 5204 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
07:27:59.0586 5204 umbus - ok
07:27:59.0656 5204 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
07:27:59.0666 5204 UmPass - ok
07:27:59.0716 5204 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
07:27:59.0726 5204 UmRdpService - ok
07:27:59.0756 5204 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
07:27:59.0796 5204 upnphost - ok
07:27:59.0826 5204 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
07:27:59.0846 5204 usbccgp - ok
07:27:59.0876 5204 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
07:27:59.0886 5204 usbcir - ok
07:27:59.0926 5204 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
07:27:59.0946 5204 usbehci - ok
07:28:00.0176 5204 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
07:28:00.0196 5204 usbhub - ok
07:28:00.0216 5204 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
07:28:00.0236 5204 usbohci - ok
07:28:00.0246 5204 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
07:28:00.0256 5204 usbprint - ok
07:28:00.0276 5204 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
07:28:00.0296 5204 usbscan - ok
07:28:00.0326 5204 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:28:00.0336 5204 USBSTOR - ok
07:28:00.0376 5204 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
07:28:00.0386 5204 usbuhci - ok
07:28:00.0396 5204 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
07:28:00.0436 5204 UxSms - ok
07:28:00.0456 5204 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
07:28:00.0476 5204 VaultSvc - ok
07:28:00.0486 5204 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
07:28:00.0496 5204 vdrvroot - ok
07:28:00.0556 5204 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
07:28:00.0596 5204 vds - ok
07:28:00.0656 5204 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
07:28:00.0666 5204 vga - ok
07:28:00.0686 5204 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
07:28:00.0716 5204 VgaSave - ok
07:28:00.0716 5204 VGPU - ok
07:28:00.0746 5204 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
07:28:00.0756 5204 vhdmp - ok
07:28:00.0776 5204 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
07:28:00.0786 5204 viaide - ok
07:28:00.0826 5204 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
07:28:00.0836 5204 vmbus - ok
07:28:00.0876 5204 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
07:28:00.0886 5204 VMBusHID - ok
07:28:00.0926 5204 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
07:28:00.0936 5204 volmgr - ok
07:28:00.0996 5204 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
07:28:01.0006 5204 volmgrx - ok
07:28:01.0036 5204 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
07:28:01.0046 5204 volsnap - ok
07:28:01.0066 5204 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
07:28:01.0076 5204 vsmraid - ok
07:28:01.0196 5204 VSPerfDrv100 (1928b9ca20f51bfbbad54d2c2c447b13) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
07:28:01.0206 5204 VSPerfDrv100 - ok
07:28:01.0336 5204 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
07:28:01.0386 5204 VSS - ok
07:28:01.0466 5204 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
07:28:01.0476 5204 vwifibus - ok
07:28:01.0506 5204 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
07:28:01.0546 5204 W32Time - ok
07:28:01.0566 5204 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
07:28:01.0586 5204 WacomPen - ok
07:28:01.0656 5204 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:28:01.0686 5204 WANARP - ok
07:28:01.0696 5204 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:28:01.0726 5204 Wanarpv6 - ok
07:28:01.0816 5204 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
07:28:01.0846 5204 WatAdminSvc - ok
07:28:01.0936 5204 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
07:28:01.0966 5204 wbengine - ok
07:28:02.0016 5204 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
07:28:02.0046 5204 WbioSrvc - ok
07:28:02.0086 5204 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
07:28:02.0116 5204 wcncsvc - ok
07:28:02.0126 5204 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
07:28:02.0146 5204 WcsPlugInService - ok
07:28:02.0156 5204 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
07:28:02.0166 5204 Wd - ok
07:28:02.0206 5204 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
07:28:02.0226 5204 Wdf01000 - ok
07:28:02.0246 5204 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
07:28:02.0266 5204 WdiServiceHost - ok
07:28:02.0276 5204 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
07:28:02.0296 5204 WdiSystemHost - ok
07:28:02.0346 5204 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
07:28:02.0366 5204 WebClient - ok
07:28:02.0386 5204 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
07:28:02.0426 5204 Wecsvc - ok
07:28:02.0446 5204 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
07:28:02.0486 5204 wercplsupport - ok
07:28:02.0496 5204 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
07:28:02.0536 5204 WerSvc - ok
07:28:02.0546 5204 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
07:28:02.0586 5204 WfpLwf - ok
07:28:02.0656 5204 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
07:28:02.0666 5204 WIMMount - ok
07:28:02.0676 5204 WinDefend - ok
07:28:02.0676 5204 WinHttpAutoProxySvc - ok
07:28:02.0726 5204 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
07:28:02.0756 5204 Winmgmt - ok
07:28:02.0886 5204 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
07:28:02.0936 5204 WinRM - ok
07:28:03.0016 5204 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
07:28:03.0036 5204 WinUsb - ok
07:28:03.0106 5204 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
07:28:03.0136 5204 Wlansvc - ok
07:28:03.0296 5204 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:28:03.0336 5204 wlidsvc - ok
07:28:03.0406 5204 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
07:28:03.0416 5204 WmiAcpi - ok
07:28:03.0476 5204 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
07:28:03.0496 5204 wmiApSrv - ok
07:28:03.0516 5204 WMPNetworkSvc - ok
07:28:03.0526 5204 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
07:28:03.0546 5204 WPCSvc - ok
07:28:03.0576 5204 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
07:28:03.0596 5204 WPDBusEnum - ok
07:28:03.0666 5204 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
07:28:03.0706 5204 ws2ifsl - ok
07:28:03.0716 5204 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
07:28:03.0736 5204 wscsvc - ok
07:28:03.0746 5204 WSearch - ok
07:28:03.0886 5204 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
07:28:03.0936 5204 wuauserv - ok
07:28:04.0006 5204 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
07:28:04.0036 5204 WudfPf - ok
07:28:04.0056 5204 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:28:04.0086 5204 WUDFRd - ok
07:28:04.0126 5204 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
07:28:04.0156 5204 wudfsvc - ok
07:28:04.0196 5204 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
07:28:04.0216 5204 WwanSvc - ok
07:28:04.0236 5204 MBR (0x1B8) (4661f953f30d48fd76a9da73c4892179) \Device\Harddisk0\DR0
07:28:04.0706 5204 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
07:28:04.0706 5204 \Device\Harddisk0\DR0 - detected TDSS File System (1)
07:28:04.0746 5204 Boot (0x1200) (b4f67d19b2b9cb025785cc00f8bccdfe) \Device\Harddisk0\DR0\Partition0
07:28:04.0746 5204 \Device\Harddisk0\DR0\Partition0 - ok
07:28:04.0766 5204 Boot (0x1200) (4d2cca53ef627626c7ad78ce199b81f7) \Device\Harddisk0\DR0\Partition1
07:28:04.0766 5204 \Device\Harddisk0\DR0\Partition1 - ok
07:28:04.0766 5204 ============================================================
07:28:04.0766 5204 Scan finished
07:28:04.0766 5204 ============================================================
07:28:04.0776 4336 Detected object count: 5
07:28:04.0776 4336 Actual detected object count: 5
07:28:16.0526 4336 CSHelper ( UnsignedFile.Multi.Generic ) - skipped by user
07:28:16.0526 4336 CSHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:28:16.0526 4336 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
07:28:16.0526 4336 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:28:16.0526 4336 NILM License Manager ( UnsignedFile.Multi.Generic ) - skipped by user
07:28:16.0526 4336 NILM License Manager ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:28:16.0526 4336 sptd ( LockedFile.Multi.Generic ) - skipped by user
07:28:16.0526 4336 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
07:28:16.0526 4336 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
07:28:16.0526 4336 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
07:28:50.0385 5536 ============================================================
07:28:50.0385 5536 Scan started
07:28:50.0385 5536 Mode: Manual; SigCheck; TDLFS;
07:28:50.0385 5536 ============================================================
07:28:51.0015 5536 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\a folder\Program Files\SuperAntiSpyware\SASCORE64.EXE
07:28:51.0025 5536 !SASCORE - ok
07:28:51.0075 5536 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
07:28:51.0095 5536 1394ohci - ok
07:28:51.0175 5536 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
07:28:51.0185 5536 ACPI - ok
07:28:51.0205 5536 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
07:28:51.0225 5536 AcpiPmi - ok
07:28:51.0265 5536 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
07:28:51.0285 5536 adp94xx - ok
07:28:51.0315 5536 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
07:28:51.0325 5536 adpahci - ok
07:28:51.0345 5536 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
07:28:51.0355 5536 adpu320 - ok
07:28:51.0385 5536 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
07:28:51.0415 5536 AeLookupSvc - ok
07:28:51.0455 5536 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
07:28:51.0475 5536 AFD - ok
07:28:51.0515 5536 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
07:28:51.0525 5536 agp440 - ok
07:28:51.0535 5536 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
07:28:51.0555 5536 ALG - ok
07:28:51.0565 5536 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
07:28:51.0575 5536 aliide - ok
07:28:51.0675 5536 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
07:28:51.0695 5536 AMD External Events Utility - ok
07:28:51.0705 5536 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
07:28:51.0715 5536 amdide - ok
07:28:51.0735 5536 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
07:28:51.0745 5536 AmdK8 - ok
07:28:52.0285 5536 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
07:28:52.0405 5536 amdkmdag - ok
07:28:52.0525 5536 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
07:28:52.0545 5536 amdkmdap - ok
07:28:52.0575 5536 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
07:28:52.0585 5536 AmdPPM - ok
07:28:52.0665 5536 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
07:28:52.0675 5536 amdsata - ok
07:28:52.0695 5536 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
07:28:52.0705 5536 amdsbs - ok
07:28:52.0725 5536 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
07:28:52.0735 5536 amdxata - ok
07:28:52.0775 5536 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
07:28:52.0805 5536 AppID - ok
07:28:52.0825 5536 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
07:28:52.0865 5536 AppIDSvc - ok
07:28:52.0895 5536 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
07:28:52.0925 5536 Appinfo - ok
07:28:52.0965 5536 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
07:28:52.0975 5536 AppMgmt - ok
07:28:52.0995 5536 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
07:28:53.0005 5536 arc - ok
07:28:53.0015 5536 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
07:28:53.0035 5536 arcsas - ok
07:28:53.0135 5536 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
07:28:53.0145 5536 aspnet_state - ok
07:28:53.0155 5536 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
07:28:53.0185 5536 AsyncMac - ok
07:28:53.0215 5536 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
07:28:53.0235 5536 atapi - ok
07:28:53.0285 5536 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
07:28:53.0295 5536 AtiHDAudioService - ok
07:28:53.0315 5536 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
07:28:53.0325 5536 AtiHdmiService - ok
07:28:53.0905 5536 atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
07:28:54.0025 5536 atikmdag - ok
07:28:54.0145 5536 atksgt (64f07381335e37c142f6d176705ffca6) C:\Windows\system32\DRIVERS\atksgt.sys
07:28:54.0155 5536 atksgt - ok
07:28:54.0215 5536 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
07:28:54.0255 5536 AudioEndpointBuilder - ok
07:28:54.0255 5536 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
07:28:54.0295 5536 AudioSrv - ok
07:28:54.0365 5536 AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
07:28:54.0375 5536 AVP - ok
07:28:54.0415 5536 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
07:28:54.0435 5536 AxInstSV - ok
07:28:54.0475 5536 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
07:28:54.0485 5536 b06bdrv - ok
07:28:54.0525 5536 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
07:28:54.0545 5536 b57nd60a - ok
07:28:54.0565 5536 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
07:28:54.0585 5536 BDESVC - ok
07:28:54.0645 5536 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
07:28:54.0685 5536 Beep - ok
07:28:54.0745 5536 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
07:28:54.0785 5536 BFE - ok
07:28:54.0835 5536 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
07:28:54.0875 5536 BITS - ok
07:28:54.0895 5536 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
07:28:54.0905 5536 blbdrive - ok
07:28:54.0945 5536 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
07:28:54.0955 5536 bowser - ok
07:28:54.0965 5536 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:28:54.0975 5536 BrFiltLo - ok
07:28:54.0995 5536 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:28:55.0015 5536 BrFiltUp - ok
07:28:55.0045 5536 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
07:28:55.0085 5536 Browser - ok
07:28:55.0115 5536 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
07:28:55.0125 5536 Brserid - ok
07:28:55.0145 5536 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
07:28:55.0155 5536 BrSerWdm - ok
07:28:55.0175 5536 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:28:55.0185 5536 BrUsbMdm - ok
07:28:55.0195 5536 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
07:28:55.0215 5536 BrUsbSer - ok
07:28:55.0235 5536 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
07:28:55.0245 5536 BTHMODEM - ok
07:28:55.0275 5536 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
07:28:55.0305 5536 bthserv - ok
07:28:55.0325 5536 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
07:28:55.0355 5536 cdfs - ok
07:28:55.0375 5536 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
07:28:55.0395 5536 cdrom - ok
07:28:55.0425 5536 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
07:28:55.0455 5536 CertPropSvc - ok
07:28:55.0475 5536 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
07:28:55.0485 5536 circlass - ok
07:28:55.0515 5536 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
07:28:55.0535 5536 CLFS - ok
07:28:55.0645 5536 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:28:55.0655 5536 clr_optimization_v2.0.50727_32 - ok
07:28:55.0705 5536 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:28:55.0715 5536 clr_optimization_v2.0.50727_64 - ok
07:28:55.0785 5536 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:28:55.0795 5536 clr_optimization_v4.0.30319_32 - ok
07:28:55.0825 5536 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:28:55.0835 5536 clr_optimization_v4.0.30319_64 - ok
07:28:55.0845 5536 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
07:28:55.0865 5536 CmBatt - ok
07:28:55.0895 5536 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
07:28:55.0905 5536 cmdide - ok
07:28:55.0975 5536 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
07:28:55.0995 5536 CNG - ok
07:28:56.0005 5536 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
07:28:56.0015 5536 Compbatt - ok
07:28:56.0035 5536 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
07:28:56.0055 5536 CompositeBus - ok
07:28:56.0055 5536 COMSysApp - ok
07:28:56.0065 5536 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
07:28:56.0075 5536 crcdisk - ok
07:28:56.0125 5536 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
07:28:56.0155 5536 CryptSvc - ok
07:28:56.0405 5536 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
07:28:56.0425 5536 CSC - ok
07:28:56.0505 5536 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
07:28:56.0525 5536 CscService - ok
07:28:56.0655 5536 CSHelper (aefb8558199bd5212b268b09bfa1d71a) C:\Windows\SysWOW64\CSHelper.exe
07:28:56.0665 5536 CSHelper ( UnsignedFile.Multi.Generic ) - warning
07:28:56.0665 5536 CSHelper - detected UnsignedFile.Multi.Generic (1)
07:28:56.0755 5536 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
07:28:56.0795 5536 DcomLaunch - ok
07:28:56.0825 5536 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
07:28:56.0855 5536 defragsvc - ok
07:28:56.0895 5536 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
07:28:56.0935 5536 DfsC - ok
07:28:56.0965 5536 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
07:28:56.0995 5536 Dhcp - ok
07:28:57.0005 5536 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
07:28:57.0045 5536 discache - ok
07:28:57.0055 5536 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
07:28:57.0065 5536 Disk - ok
07:28:57.0105 5536 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
07:28:57.0125 5536 Dnscache - ok
07:28:57.0165 5536 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
07:28:57.0195 5536 dot3svc - ok
07:28:57.0235 5536 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
07:28:57.0275 5536 DPS - ok
07:28:57.0295 5536 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
07:28:57.0305 5536 drmkaud - ok
07:28:57.0365 5536 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
07:28:57.0385 5536 DXGKrnl - ok
07:28:57.0415 5536 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
07:28:57.0445 5536 EapHost - ok
07:28:57.0685 5536 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
07:28:57.0725 5536 ebdrv - ok
07:28:57.0805 5536 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
07:28:57.0825 5536 EFS - ok
07:28:57.0915 5536 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
07:28:57.0935 5536 ehRecvr - ok
07:28:57.0955 5536 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
07:28:57.0975 5536 ehSched - ok
07:28:58.0025 5536 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
07:28:58.0045 5536 elxstor - ok
07:28:58.0075 5536 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
07:28:58.0095 5536 ErrDev - ok
07:28:58.0135 5536 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
07:28:58.0165 5536 EventSystem - ok
07:28:58.0195 5536 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
07:28:58.0225 5536 exfat - ok
07:28:58.0255 5536 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
07:28:58.0285 5536 fastfat - ok
07:28:58.0345 5536 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
07:28:58.0365 5536 Fax - ok
07:28:58.0385 5536 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
07:28:58.0395 5536 fdc - ok
07:28:58.0405 5536 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
07:28:58.0435 5536 fdPHost - ok
07:28:58.0445 5536 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
07:28:58.0485 5536 FDResPub - ok
07:28:58.0495 5536 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
07:28:58.0505 5536 FileInfo - ok
07:28:58.0515 5536 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
07:28:58.0555 5536 Filetrace - ok
07:28:58.0565 5536 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
07:28:58.0575 5536 flpydisk - ok
07:28:58.0675 5536 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
07:28:58.0695 5536 FltMgr - ok
07:28:58.0785 5536 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
07:28:58.0835 5536 FontCache - ok
07:28:58.0915 5536 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:28:58.0925 5536 FontCache3.0.0.0 - ok
07:28:58.0965 5536 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
07:28:58.0975 5536 FsDepends - ok
07:28:58.0985 5536 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
07:28:58.0995 5536 Fs_Rec - ok
07:28:59.0035 5536 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
07:28:59.0055 5536 fvevol - ok
07:28:59.0065 5536 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
07:28:59.0075 5536 gagp30kx - ok
07:28:59.0095 5536 gdrv (f51fb25e1328fa14f446a8b24ac52709) C:\Windows\gdrv.sys
07:28:59.0105 5536 gdrv - ok
07:28:59.0125 5536 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:28:59.0135 5536 GEARAspiWDM - ok
07:28:59.0185 5536 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
07:28:59.0225 5536 gpsvc - ok
07:28:59.0295 5536 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:28:59.0305 5536 gupdate - ok
07:28:59.0315 5536 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:28:59.0325 5536 gupdatem - ok
07:28:59.0335 5536 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
07:28:59.0345 5536 hcw85cir - ok
07:28:59.0395 5536 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
07:28:59.0415 5536 HdAudAddService - ok
07:28:59.0445 5536 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
07:28:59.0465 5536 HDAudBus - ok
07:28:59.0475 5536 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
07:28:59.0495 5536 HidBatt - ok
07:28:59.0505 5536 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
07:28:59.0515 5536 HidBth - ok
07:28:59.0545 5536 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
07:28:59.0555 5536 HidIr - ok
07:28:59.0575 5536 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
07:28:59.0615 5536 hidserv - ok
07:28:59.0675 5536 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
07:28:59.0685 5536 HidUsb - ok
07:28:59.0725 5536 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
07:28:59.0755 5536 hkmsvc - ok
07:28:59.0805 5536 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
07:28:59.0825 5536 HomeGroupListener - ok
07:28:59.0865 5536 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
07:28:59.0875 5536 HomeGroupProvider - ok
07:28:59.0905 5536 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
07:28:59.0925 5536 HpSAMD - ok
07:29:00.0005 5536 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
07:29:00.0045 5536 HTTP - ok
07:29:00.0075 5536 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
07:29:00.0085 5536 hwpolicy - ok
07:29:00.0125 5536 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
07:29:00.0135 5536 i8042prt - ok
07:29:00.0165 5536 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
07:29:00.0185 5536 iaStorV - ok
07:29:00.0275 5536 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
07:29:00.0275 5536 IDriverT ( UnsignedFile.Multi.Generic ) - warning
07:29:00.0275 5536 IDriverT - detected UnsignedFile.Multi.Generic (1)
07:29:00.0365 5536 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:29:00.0385 5536 idsvc - ok
07:29:00.0465 5536 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
07:29:00.0475 5536 iirsp - ok
07:29:00.0545 5536 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
07:29:00.0585 5536 IKEEXT - ok
07:29:00.0735 5536 IntcAzAudAddService (b1cf774c00a5d466277fe0b45439c643) C:\Windows\system32\drivers\RTKVHD64.sys
07:29:00.0765 5536 IntcAzAudAddService - ok
07:29:00.0855 5536 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
07:29:00.0865 5536 intelide - ok
07:29:00.0875 5536 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
07:29:00.0895 5536 intelppm - ok
07:29:00.0915 5536 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
07:29:00.0955 5536 IPBusEnum - ok
07:29:00.0995 5536 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:29:01.0025 5536 IpFilterDriver - ok
07:29:01.0085 5536 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
07:29:01.0115 5536 iphlpsvc - ok
07:29:01.0155 5536 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
07:29:01.0165 5536 IPMIDRV - ok
07:29:01.0195 5536 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
07:29:01.0235 5536 IPNAT - ok
07:29:01.0295 5536 iPod Service (dc115bd67a913f71a77c7c72c1e64c0a) C:\Program Files\iPod\bin\iPodService.exe
07:29:01.0315 5536 iPod Service - ok
07:29:01.0335 5536 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
07:29:01.0345 5536 IRENUM - ok
07:29:01.0385 5536 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
07:29:01.0395 5536 isapnp - ok
07:29:01.0645 5536 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
07:29:01.0665 5536 iScsiPrt - ok
07:29:01.0675 5536 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
07:29:01.0685 5536 kbdclass - ok
07:29:01.0715 5536 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
07:29:01.0725 5536 kbdhid - ok
07:29:01.0745 5536 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
07:29:01.0755 5536 KeyIso - ok
07:29:01.0805 5536 KL1 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys
07:29:01.0825 5536 KL1 - ok
07:29:01.0835 5536 kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys
07:29:01.0845 5536 kl2 - ok
07:29:01.0885 5536 KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys
07:29:01.0905 5536 KLIF - ok
07:29:01.0925 5536 KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys
07:29:01.0935 5536 KLIM6 - ok
07:29:01.0935 5536 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
07:29:01.0945 5536 klmouflt - ok
07:29:01.0985 5536 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
07:29:01.0995 5536 KSecDD - ok
07:29:02.0035 5536 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
07:29:02.0055 5536 KSecPkg - ok
07:29:02.0065 5536 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
07:29:02.0095 5536 ksthunk - ok
07:29:02.0125 5536 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
07:29:02.0155 5536 KtmRm - ok
07:29:02.0195 5536 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
07:29:02.0235 5536 LanmanServer - ok
07:29:02.0265 5536 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
07:29:02.0305 5536 LanmanWorkstation - ok
07:29:02.0325 5536 lirsgt (83ba097acaad0b00505634a62d90f93a) C:\Windows\system32\DRIVERS\lirsgt.sys
07:29:02.0335 5536 lirsgt - ok
07:29:02.0445 5536 LkCitadelServer (20cdb07017497c94a0bad253c4bafcbc) C:\Windows\SysWOW64\lkcitdl.exe
07:29:02.0465 5536 LkCitadelServer - ok
07:29:02.0495 5536 lkClassAds (c373079f8d6a3543faadb96c874cf06b) C:\Windows\SysWOW64\lkads.exe
07:29:02.0495 5536 lkClassAds - ok
07:29:02.0515 5536 lkTimeSync (ed1c2f1b9b7dedee5c6287211ac4422e) C:\Windows\SysWOW64\lktsrv.exe
07:29:02.0525 5536 lkTimeSync - ok
07:29:02.0645 5536 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
07:29:02.0685 5536 lltdio - ok
07:29:02.0705 5536 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
07:29:02.0745 5536 lltdsvc - ok
07:29:02.0755 5536 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
07:29:02.0795 5536 lmhosts - ok
07:29:02.0805 5536 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
07:29:02.0815 5536 lmimirr - ok
07:29:02.0825 5536 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
07:29:02.0835 5536 LMIRfsDriver - ok
07:29:02.0865 5536 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
07:29:02.0875 5536 LSI_FC - ok
07:29:02.0885 5536 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
07:29:02.0895 5536 LSI_SAS - ok
07:29:02.0915 5536 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:29:02.0935 5536 LSI_SAS2 - ok
07:29:02.0945 5536 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:29:02.0955 5536 LSI_SCSI - ok
07:29:02.0965 5536 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
07:29:03.0005 5536 luafv - ok
07:29:03.0025 5536 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
07:29:03.0025 5536 MBAMProtector - ok
07:29:03.0125 5536 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\a folder\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
07:29:03.0145 5536 MBAMService - ok
07:29:03.0155 5536 mcdbus (dd7376c4154a4b65962c47f21850bdad) C:\Windows\system32\DRIVERS\mcdbus.sys
07:29:03.0175 5536 mcdbus - ok
07:29:03.0205 5536 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
07:29:03.0215 5536 Mcx2Svc - ok
07:29:03.0235 5536 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
07:29:03.0245 5536 megasas - ok
07:29:03.0265 5536 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
07:29:03.0285 5536 MegaSR - ok
07:29:03.0325 5536 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
07:29:03.0335 5536 Microsoft Office Groove Audit Service - ok
07:29:03.0365 5536 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
07:29:03.0405 5536 MMCSS - ok
07:29:03.0415 5536 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
07:29:03.0455 5536 Modem - ok
07:29:03.0475 5536 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
07:29:03.0485 5536 monitor - ok
07:29:03.0515 5536 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
07:29:03.0525 5536 mouclass - ok
07:29:03.0545 5536 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
07:29:03.0555 5536 mouhid - ok
07:29:03.0655 5536 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
07:29:03.0665 5536 mountmgr - ok
07:29:03.0735 5536 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:29:03.0745 5536 MozillaMaintenance - ok
07:29:03.0775 5536 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
07:29:03.0785 5536 mpio - ok
07:29:03.0805 5536 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
07:29:03.0835 5536 mpsdrv - ok
07:29:03.0915 5536 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
07:29:03.0955 5536 MpsSvc - ok
07:29:04.0005 5536 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
07:29:04.0025 5536 MRxDAV - ok
07:29:04.0055 5536 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:29:04.0065 5536 mrxsmb - ok
07:29:04.0105 5536 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:29:04.0115 5536 mrxsmb10 - ok
07:29:04.0135 5536 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:29:04.0145 5536 mrxsmb20 - ok
07:29:04.0155 5536 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
07:29:04.0175 5536 msahci - ok
07:29:04.0195 5536 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
07:29:04.0205 5536 msdsm - ok
07:29:04.0235 5536 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
07:29:04.0255 5536 MSDTC - ok
07:29:04.0265 5536 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
07:29:04.0305 5536 Msfs - ok
07:29:04.0315 5536 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
07:29:04.0345 5536 mshidkmdf - ok
07:29:04.0365 5536 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
07:29:04.0375 5536 msisadrv - ok
07:29:04.0405 5536 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
07:29:04.0435 5536 MSiSCSI - ok
07:29:04.0445 5536 msiserver - ok
07:29:04.0455 5536 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
07:29:04.0485 5536 MSKSSRV - ok
07:29:04.0495 5536 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
07:29:04.0525 5536 MSPCLOCK - ok
07:29:04.0545 5536 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
07:29:04.0575 5536 MSPQM - ok
07:29:04.0685 5536 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
07:29:04.0705 5536 MsRPC - ok
07:29:04.0735 5536 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
07:29:04.0745 5536 mssmbios - ok
07:29:04.0755 5536 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
07:29:04.0795 5536 MSTEE - ok
07:29:04.0805 5536 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
07:29:04.0815 5536 MTConfig - ok
07:29:04.0835 5536 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
07:29:04.0845 5536 Mup - ok
07:29:04.0875 5536 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
07:29:04.0915 5536 napagent - ok
07:29:04.0945 5536 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
07:29:04.0965 5536 NativeWifiP - ok
07:29:05.0015 5536 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
07:29:05.0045 5536 NDIS - ok
07:29:05.0055 5536 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
07:29:05.0095 5536 NdisCap - ok
07:29:05.0105 5536 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
07:29:05.0135 5536 NdisTapi - ok
07:29:05.0175 5536 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
07:29:05.0205 5536 Ndisuio - ok
07:29:05.0245 5536 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
07:29:05.0275 5536 NdisWan - ok
07:29:05.0325 5536 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
07:29:05.0355 5536 NDProxy - ok
07:29:05.0365 5536 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
07:29:05.0395 5536 NetBIOS - ok
07:29:05.0415 5536 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
07:29:05.0445 5536 NetBT - ok
07:29:05.0475 5536 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
07:29:05.0485 5536 Netlogon - ok
07:29:05.0525 5536 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
07:29:05.0565 5536 Netman - ok
07:29:05.0705 5536 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:29:05.0715 5536 NetMsmqActivator - ok
07:29:05.0725 5536 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:29:05.0735 5536 NetPipeActivator - ok
07:29:05.0765 5536 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
07:29:05.0805 5536 netprofm - ok
07:29:05.0805 5536 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:29:05.0815 5536 NetTcpActivator - ok
07:29:05.0815 5536 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:29:05.0825 5536 NetTcpPortSharing - ok
07:29:05.0865 5536 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
07:29:05.0875 5536 nfrd960 - ok
07:29:05.0985 5536 NIDomainService (a36307747e7bb2dc015f9fe4350a4a08) C:\a folder\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
07:29:05.0995 5536 NIDomainService - ok
07:29:06.0115 5536 NILM License Manager (b17093b9a2c5f874975c732c1a8ba771) C:\a folder\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe
07:29:06.0125 5536 NILM License Manager ( UnsignedFile.Multi.Generic ) - warning
07:29:06.0125 5536 NILM License Manager - detected UnsignedFile.Multi.Generic (1)
07:29:06.0195 5536 niSvcLoc - ok
07:29:06.0275 5536 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
07:29:06.0305 5536 NlaSvc - ok
07:29:06.0325 5536 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
07:29:06.0365 5536 Npfs - ok
07:29:06.0395 5536 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
07:29:06.0435 5536 nsi - ok
07:29:06.0435 5536 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
07:29:06.0475 5536 nsiproxy - ok
07:29:06.0665 5536 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
07:29:06.0705 5536 Ntfs - ok
07:29:06.0735 5536 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
07:29:06.0765 5536 Null - ok
07:29:06.0795 5536 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
07:29:06.0815 5536 nvraid - ok
07:29:06.0835 5536 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
07:29:06.0845 5536 nvstor - ok
07:29:06.0885 5536 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
07:29:06.0895 5536 nv_agp - ok
07:29:07.0075 5536 O&O Defrag (6ff0f6c590e92ff1dc559b3b1b3b1b11) C:\a folder\Program Files\OO Software\Defrag\oodag.exe
07:29:07.0105 5536 O&O Defrag - ok
07:29:07.0205 5536 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:29:07.0215 5536 odserv - ok
07:29:07.0325 5536 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
07:29:07.0335 5536 ohci1394 - ok
07:29:07.0365 5536 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:29:07.0375 5536 ose - ok
07:29:07.0425 5536 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
07:29:07.0435 5536 p2pimsvc - ok
07:29:07.0465 5536 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
07:29:07.0485 5536 p2psvc - ok
07:29:07.0505 5536 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
07:29:07.0525 5536 Parport - ok
07:29:07.0555 5536 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
07:29:07.0565 5536 partmgr - ok
07:29:07.0645 5536 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
07:29:07.0665 5536 PcaSvc - ok
07:29:07.0715 5536 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
07:29:07.0725 5536 pci - ok
07:29:07.0735 5536 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
07:29:07.0745 5536 pciide - ok
07:29:07.0765 5536 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
07:29:07.0785 5536 pcmcia - ok
07:29:07.0795 5536 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
07:29:07.0815 5536 pcw - ok
07:29:07.0845 5536 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
07:29:07.0885 5536 PEAUTH - ok
07:29:07.0975 5536 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
07:29:08.0005 5536 PeerDistSvc - ok
07:29:08.0075 5536 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
07:29:08.0085 5536 PerfHost - ok
07:29:08.0235 5536 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
07:29:08.0285 5536 pla - ok
07:29:08.0315 5536 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
07:29:08.0335 5536 PlugPlay - ok
07:29:08.0345 5536 PnkBstrA - ok
07:29:08.0365 5536 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
07:29:08.0385 5536 PNRPAutoReg - ok
07:29:08.0405 5536 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
07:29:08.0425 5536 PNRPsvc - ok
07:29:08.0475 5536 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
07:29:08.0515 5536 PolicyAgent - ok
07:29:08.0545 5536 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
07:29:08.0575 5536 Power - ok
07:29:08.0685 5536 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
07:29:08.0725 5536 PptpMiniport - ok
07:29:08.0745 5536 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
07:29:08.0755 5536 Processor - ok
07:29:08.0785 5536 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
07:29:08.0815 5536 ProfSvc - ok
07:29:08.0835 5536 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
07:29:08.0855 5536 ProtectedStorage - ok
07:29:08.0895 5536 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
07:29:08.0925 5536 Psched - ok
07:29:09.0015 5536 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
07:29:09.0045 5536 ql2300 - ok
07:29:09.0105 5536 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
07:29:09.0125 5536 ql40xx - ok
07:29:09.0145 5536 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
07:29:09.0165 5536 QWAVE - ok
07:29:09.0185 5536 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
07:29:09.0205 5536 QWAVEdrv - ok
07:29:09.0215 5536 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
07:29:09.0245 5536 RasAcd - ok
07:29:09.0275 5536 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:29:09.0305 5536 RasAgileVpn - ok
07:29:09.0335 5536 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
07:29:09.0375 5536 RasAuto - ok
07:29:09.0415 5536 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:29:09.0445 5536 Rasl2tp - ok
07:29:09.0485 5536 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
07:29:09.0525 5536 RasMan - ok
07:29:09.0545 5536 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
07:29:09.0575 5536 RasPppoe - ok
07:29:09.0645 5536 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
07:29:09.0685 5536 RasSstp - ok
07:29:09.0735 5536 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
07:29:09.0765 5536 rdbss - ok
07:29:09.0795 5536 RDID1053 (d22bd2c64e750013d23f97a50d183758) C:\Windows\system32\Drivers\rdwm1053.sys
07:29:09.0805 5536 RDID1053 - ok
07:29:09.0815 5536 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
07:29:09.0825 5536 rdpbus - ok
07:29:09.0835 5536 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:29:09.0865 5536 RDPCDD - ok
07:29:09.0915 5536 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
07:29:09.0925 5536 RDPDR - ok
07:29:09.0935 5536 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
07:29:09.0975 5536 RDPENCDD - ok
07:29:09.0985 5536 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
07:29:10.0015 5536 RDPREFMP - ok
07:29:10.0055 5536 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
07:29:10.0065 5536 RdpVideoMiniport - ok
07:29:10.0105 5536 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
07:29:10.0145 5536 RDPWD - ok
07:29:10.0175 5536 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
07:29:10.0195 5536 rdyboost - ok
07:29:10.0215 5536 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
07:29:10.0255 5536 RemoteAccess - ok
07:29:10.0275 5536 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
07:29:10.0305 5536 RemoteRegistry - ok
07:29:10.0325 5536 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
07:29:10.0355 5536 RpcEptMapper - ok
07:29:10.0385 5536 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
07:29:10.0395 5536 RpcLocator - ok
07:29:10.0445 5536 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
07:29:10.0485 5536 RpcSs - ok
07:29:10.0505 5536 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
07:29:10.0535 5536 rspndr - ok
07:29:10.0555 5536 RTL8169 (faeeed5a8949e6ba611a7b738ad28cee) C:\Windows\system32\DRIVERS\Rtlh64.sys
07:29:10.0575 5536 RTL8169 - ok
07:29:10.0695 5536 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
07:29:10.0705 5536 s3cap - ok
07:29:10.0755 5536 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
07:29:10.0775 5536 SamSs - ok
07:29:10.0845 5536 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\a folder\Program Files\SuperAntiSpyware\SASDIFSV64.SYS
07:29:10.0855 5536 SASDIFSV - ok
07:29:10.0865 5536 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\a folder\Program Files\SuperAntiSpyware\SASKUTIL64.SYS
07:29:10.0875 5536 SASKUTIL - ok
07:29:10.0905 5536 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
07:29:10.0925 5536 sbp2port - ok
07:29:10.0945 5536 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
07:29:10.0985 5536 SCardSvr - ok
07:29:11.0015 5536 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
07:29:11.0055 5536 scfilter - ok
07:29:11.0135 5536 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
07:29:11.0185 5536 Schedule - ok
07:29:11.0215 5536 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
07:29:11.0255 5536 SCPolicySvc - ok
07:29:11.0295 5536 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
07:29:11.0315 5536 SDRSVC - ok
07:29:11.0355 5536 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
07:29:11.0385 5536 secdrv - ok
07:29:11.0425 5536 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
07:29:11.0455 5536 seclogon - ok
07:29:11.0475 5536 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
07:29:11.0515 5536 SENS - ok
07:29:11.0525 5536 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
07:29:11.0545 5536 SensrSvc - ok
07:29:11.0555 5536 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
07:29:11.0565 5536 Serenum - ok
07:29:11.0585 5536 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
07:29:11.0595 5536 Serial - ok
07:29:11.0685 5536 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
07:29:11.0695 5536 sermouse - ok
07:29:11.0895 5536 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
07:29:11.0925 5536 SessionEnv - ok
07:29:11.0945 5536 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
07:29:11.0965 5536 sffdisk - ok
07:29:11.0985 5536 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
07:29:11.0995 5536 sffp_mmc - ok
07:29:12.0025 5536 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
07:29:12.0035 5536 sffp_sd - ok
07:29:12.0055 5536 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
07:29:12.0065 5536 sfloppy - ok
07:29:12.0115 5536 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
07:29:12.0155 5536 SharedAccess - ok
07:29:12.0195 5536 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
07:29:12.0235 5536 ShellHWDetection - ok
07:29:12.0245 5536 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:29:12.0255 5536 SiSRaid2 - ok
07:29:12.0275 5536 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
07:29:12.0285 5536 SiSRaid4 - ok
07:29:12.0305 5536 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
07:29:12.0335 5536 Smb - ok
07:29:12.0355 5536 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
07:29:12.0375 5536 SNMPTRAP - ok
07:29:12.0445 5536 speedfan (5f9785e7535f8f602cb294a54962c9e7) C:\Windows\syswow64\speedfan.sys
07:29:12.0455 5536 speedfan - ok
07:29:12.0465 5536 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
07:29:12.0475 5536 spldr - ok
07:29:12.0535 5536 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
07:29:12.0575 5536 Spooler - ok
07:29:12.0825 5536 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
07:29:12.0895 5536 sppsvc - ok
07:29:12.0955 5536 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
07:29:12.0995 5536 sppuinotify - ok
07:29:13.0055 5536 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
07:29:13.0055 5536 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
07:29:13.0055 5536 sptd ( LockedFile.Multi.Generic ) - warning
07:29:13.0055 5536 sptd - detected LockedFile.Multi.Generic (1)
07:29:13.0095 5536 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
07:29:13.0115 5536 srv - ok
07:29:13.0155 5536 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
07:29:13.0175 5536 srv2 - ok
07:29:13.0195 5536 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
07:29:13.0205 5536 srvnet - ok
07:29:13.0225 5536 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
07:29:13.0255 5536 SSDPSRV - ok
07:29:13.0265 5536 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
07:29:13.0305 5536 SstpSvc - ok
07:29:13.0345 5536 Steam Client Service - ok
07:29:13.0365 5536 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
07:29:13.0375 5536 stexstor - ok
07:29:13.0435 5536 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
07:29:13.0465 5536 stisvc - ok
07:29:13.0495 5536 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
07:29:13.0515 5536 storflt - ok
07:29:13.0545 5536 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
07:29:13.0555 5536 storvsc - ok
07:29:13.0665 5536 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
07:29:13.0675 5536 swenum - ok
07:29:13.0715 5536 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
07:29:13.0755 5536 swprv - ok
07:29:13.0755 5536 Synth3dVsc - ok
07:29:13.0875 5536 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
07:29:13.0905 5536 SysMain - ok
07:29:14.0005 5536 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
07:29:14.0025 5536 TabletInputService - ok
07:29:14.0065 5536 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
07:29:14.0105 5536 TapiSrv - ok
07:29:14.0125 5536 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
07:29:14.0165 5536 TBS - ok
07:29:14.0285 5536 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
07:29:14.0315 5536 Tcpip - ok
07:29:14.0445 5536 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
07:29:14.0485 5536 TCPIP6 - ok
07:29:14.0545 5536 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
07:29:14.0575 5536 tcpipreg - ok
07:29:14.0665 5536 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
07:29:14.0695 5536 TDPIPE - ok
07:29:14.0715 5536 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
07:29:14.0745 5536 TDTCP - ok
07:29:14.0785 5536 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
07:29:14.0815 5536 tdx - ok
07:29:14.0855 5536 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
07:29:14.0865 5536 TermDD - ok
07:29:14.0945 5536 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
07:29:14.0985 5536 TermService - ok
07:29:14.0995 5536 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
07:29:15.0015 5536 Themes - ok
07:29:15.0035 5536 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
07:29:15.0065 5536 THREADORDER - ok
07:29:15.0085 5536 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
07:29:15.0125 5536 TrkWks - ok
07:29:15.0185 5536 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
07:29:15.0215 5536 TrustedInstaller - ok
07:29:15.0255 5536 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:29:15.0285 5536 tssecsrv - ok
07:29:15.0315 5536 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
07:29:15.0335 5536 TsUsbFlt - ok
07:29:15.0335 5536 tsusbhub - ok
07:29:15.0375 5536 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
07:29:15.0415 5536 tunnel - ok
07:29:15.0435 5536 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
07:29:15.0445 5536 uagp35 - ok
07:29:15.0485 5536 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
07:29:15.0515 5536 udfs - ok
07:29:15.0545 5536 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
07:29:15.0555 5536 UI0Detect - ok
07:29:15.0575 5536 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
07:29:15.0585 5536 uliagpkx - ok
07:29:15.0675 5536 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
07:29:15.0685 5536 umbus - ok
07:29:15.0695 5536 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
07:29:15.0715 5536 UmPass - ok
07:29:15.0755 5536 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
07:29:15.0765 5536 UmRdpService - ok
07:29:15.0795 5536 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
07:29:15.0835 5536 upnphost - ok
07:29:15.0865 5536 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
07:29:15.0885 5536 usbccgp - ok
07:29:15.0915 5536 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
07:29:15.0925 5536 usbcir - ok
07:29:15.0965 5536 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
07:29:15.0985 5536 usbehci - ok
07:29:16.0035 5536 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
07:29:16.0045 5536 usbhub - ok
07:29:16.0065 5536 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
07:29:16.0085 5536 usbohci - ok
07:29:16.0095 5536 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
07:29:16.0105 5536 usbprint - ok
07:29:16.0125 5536 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
07:29:16.0145 5536 usbscan - ok
07:29:16.0175 5536 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:29:16.0185 5536 USBSTOR - ok
07:29:16.0225 5536 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
07:29:16.0235 5536 usbuhci - ok
07:29:16.0245 5536 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
07:29:16.0285 5536 UxSms - ok
07:29:16.0305 5536 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
07:29:16.0325 5536 VaultSvc - ok
07:29:16.0335 5536 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
07:29:16.0345 5536 vdrvroot - ok
07:29:16.0405 5536 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
07:29:16.0445 5536 vds - ok
07:29:16.0455 5536 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
07:29:16.0475 5536 vga - ok
07:29:16.0485 5536 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
07:29:16.0525 5536 VgaSave - ok
07:29:16.0525 5536 VGPU - ok
07:29:16.0555 5536 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
07:29:16.0565 5536 vhdmp - ok
07:29:16.0655 5536 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
07:29:16.0665 5536 viaide - ok
07:29:16.0715 5536 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
07:29:16.0725 5536 vmbus - ok
07:29:16.0765 5536 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
07:29:16.0775 5536 VMBusHID - ok
07:29:16.0815 5536 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
07:29:16.0825 5536 volmgr - ok
07:29:16.0885 5536 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
07:29:16.0895 5536 volmgrx - ok
07:29:16.0935 5536 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
07:29:16.0955 5536 volsnap - ok
07:29:16.0975 5536 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
07:29:16.0985 5536 vsmraid - ok
07:29:17.0095 5536 VSPerfDrv100 (1928b9ca20f51bfbbad54d2c2c447b13) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
07:29:17.0105 5536 VSPerfDrv100 - ok
07:29:17.0215 5536 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
07:29:17.0265 5536 VSS - ok
07:29:17.0345 5536 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
07:29:17.0355 5536 vwifibus - ok
07:29:17.0395 5536 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
07:29:17.0425 5536 W32Time - ok
07:29:17.0445 5536 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
07:29:17.0465 5536 WacomPen - ok
07:29:17.0475 5536 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:29:17.0515 5536 WANARP - ok
07:29:17.0515 5536 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:29:17.0545 5536 Wanarpv6 - ok
07:29:17.0695 5536 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
07:29:17.0725 5536 WatAdminSvc - ok
07:29:17.0825 5536 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
07:29:17.0855 5536 wbengine - ok
07:29:17.0915 5536 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
07:29:17.0935 5536 WbioSrvc - ok
07:29:17.0985 5536 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
07:29:18.0005 5536 wcncsvc - ok
07:29:18.0015 5536 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
07:29:18.0035 5536 WcsPlugInService - ok
07:29:18.0045 5536 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
07:29:18.0055 5536 Wd - ok
07:29:18.0095 5536 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
07:29:18.0115 5536 Wdf01000 - ok
07:29:18.0135 5536 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
07:29:18.0155 5536 WdiServiceHost - ok
07:29:18.0165 5536 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
07:29:18.0185 5536 WdiSystemHost - ok
07:29:18.0245 5536 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
07:29:18.0275 5536 WebClient - ok
07:29:18.0295 5536 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
07:29:18.0335 5536 Wecsvc - ok
07:29:18.0355 5536 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
07:29:18.0385 5536 wercplsupport - ok
07:29:18.0395 5536 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
07:29:18.0435 5536 WerSvc - ok
07:29:18.0445 5536 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
07:29:18.0485 5536 WfpLwf - ok
07:29:18.0495 5536 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
07:29:18.0505 5536 WIMMount - ok
07:29:18.0525 5536 WinDefend - ok
07:29:18.0525 5536 WinHttpAutoProxySvc - ok
07:29:18.0575 5536 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
07:29:18.0605 5536 Winmgmt - ok
07:29:18.0765 5536 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
07:29:18.0825 5536 WinRM - ok
07:29:18.0895 5536 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
07:29:18.0905 5536 WinUsb - ok
07:29:18.0975 5536 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
07:29:19.0005 5536 Wlansvc - ok
07:29:19.0165 5536 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:29:19.0205 5536 wlidsvc - ok
07:29:19.0275 5536 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
07:29:19.0285 5536 WmiAcpi - ok
07:29:19.0345 5536 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
07:29:19.0365 5536 wmiApSrv - ok
07:29:19.0375 5536 WMPNetworkSvc - ok
07:29:19.0395 5536 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
07:29:19.0405 5536 WPCSvc - ok
07:29:19.0445 5536 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
07:29:19.0455 5536 WPDBusEnum - ok
07:29:19.0485 5536 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
07:29:19.0515 5536 ws2ifsl - ok
07:29:19.0535 5536 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
07:29:19.0555 5536 wscsvc - ok
07:29:19.0555 5536 WSearch - ok
07:29:19.0755 5536 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
07:29:19.0815 5536 wuauserv - ok
07:29:19.0875 5536 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
07:29:19.0915 5536 WudfPf - ok
07:29:19.0935 5536 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:29:19.0965 5536 WUDFRd - ok
07:29:20.0005 5536 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
07:29:20.0045 5536 wudfsvc - ok
07:29:20.0065 5536 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
07:29:20.0085 5536 WwanSvc - ok
07:29:20.0095 5536 MBR (0x1B8) (4661f953f30d48fd76a9da73c4892179) \Device\Harddisk0\DR0
07:29:20.0525 5536 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
07:29:20.0525 5536 \Device\Harddisk0\DR0 - detected TDSS File System (1)
07:29:20.0565 5536 Boot (0x1200) (b4f67d19b2b9cb025785cc00f8bccdfe) \Device\Harddisk0\DR0\Partition0
07:29:20.0565 5536 \Device\Harddisk0\DR0\Partition0 - ok
07:29:20.0585 5536 Boot (0x1200) (4d2cca53ef627626c7ad78ce199b81f7) \Device\Harddisk0\DR0\Partition1
07:29:20.0645 5536 \Device\Harddisk0\DR0\Partition1 - ok
07:29:20.0645 5536 ============================================================
07:29:20.0645 5536 Scan finished
07:29:20.0645 5536 ============================================================
07:29:20.0645 2516 Detected object count: 5
07:29:20.0645 2516 Actual detected object count: 5
07:29:38.0775 2516 CSHelper ( UnsignedFile.Multi.Generic ) - skipped by user
07:29:38.0775 2516 CSHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:29:38.0775 2516 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
07:29:38.0775 2516 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:29:38.0775 2516 NILM License Manager ( UnsignedFile.Multi.Generic ) - skipped by user
07:29:38.0775 2516 NILM License Manager ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:29:38.0775 2516 sptd ( LockedFile.Multi.Generic ) - skipped by user
07:29:38.0775 2516 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
07:29:38.0775 2516 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
07:29:38.0775 2516 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
07:30:01.0165 4956 Deinitialize success





ASWMBR LOG:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-03 07:31:48
-----------------------------
07:31:48.935 OS Version: Windows x64 6.1.7601 Service Pack 1
07:31:48.935 Number of processors: 4 586 0xF0B
07:31:48.935 ComputerName: PEPBOBA UserName: PEP
07:31:50.159 Initialize success
07:32:14.228 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
07:32:14.230 Disk 0 Vendor: WDC_WD5000AAKS-07A7B0 01.03B01 Size: 476938MB BusType: 3
07:32:14.261 Disk 0 MBR read successfully
07:32:14.264 Disk 0 MBR scan
07:32:14.266 Disk 0 unknown MBR code
07:32:14.271 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 297000 MB offset 2048
07:32:14.290 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 179935 MB offset 608258048
07:32:14.334 Disk 0 scanning C:\Windows\system32\drivers
07:32:21.580 Service scanning
07:32:27.023 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
07:32:27.046 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
07:32:27.096 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
07:32:27.110 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
07:32:32.676 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
07:32:36.632 Modules scanning
07:32:36.640 Disk 0 trace - called modules:
07:32:36.652 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80046ea2c0]<<spjx.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
07:32:36.657 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b35060]
07:32:36.661 3 CLASSPNP.SYS[fffff8800200143f] -> nt!IofCallDriver -> [0xfffffa80048d9520]
07:32:36.666 5 ACPI.sys[fffff880011a87a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800481a680]
07:32:36.670 \Driver\atapi[0xfffffa800494b4e0] -> IRP_MJ_CREATE -> 0xfffffa80046ea2c0
07:32:36.675 Scan finished successfully
07:33:04.291 Disk 0 MBR has been saved successfully to "C:\Users\PEP\Desktop\MBR.dat"
07:33:04.296 The log file has been saved successfully to "C:\Users\PEP\Desktop\aswMBR.txt"





COMBOFIX LOG:
ComboFix 12-06-03.01 - PEP 06/03/2012 7:39.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1251.7.1033.18.4094.2499 [GMT -4:00]
Running from: c:\users\PEP\Desktop\username123.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\PEP\AppData\Local\assembly\tmp
c:\users\PEP\AppData\Roaming\9791e4fc.dat
c:\users\PEP\AppData\Roaming\PEPlog.dat
c:\windows\SysWow64\tmp71FC.tmp
c:\windows\SysWow64\tmp71FD.tmp
c:\windows\SysWow64\tmp868E.tmp
c:\windows\SysWow64\tmp869E.tmp
c:\windows\SysWow64\tmpBC54.tmp
c:\windows\SysWow64\tmpBC64.tmp
c:\windows\SysWow64\tmpFBC5.tmp
c:\windows\SysWow64\tmpFBC6.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-03 to 2012-06-03 )))))))))))))))))))))))))))))))
.
.
2012-06-03 11:48 . 2012-06-03 11:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-01 22:20 . 2012-06-01 22:20 -------- d-----w- c:\program files (x86)\TexturePacker
2012-05-31 18:52 . 2012-05-31 18:52 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-05-31 18:47 . 2012-05-31 18:47 -------- d-----w- c:\programdata\ALM
2012-05-31 18:45 . 2012-05-31 18:45 -------- d-----w- c:\program files (x86)\Adobe Media Player
2012-05-27 07:40 . 2012-05-27 07:40 -------- d-----w- c:\users\PEP\AppData\Roaming\SUPERAntiSpyware.com
2012-05-27 07:37 . 2012-05-27 07:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-25 10:57 . 2012-05-25 10:57 -------- d-----w- c:\users\PEP\AppData\Roaming\Malwarebytes
2012-05-25 10:57 . 2012-05-25 10:57 -------- d-----w- c:\programdata\Malwarebytes
2012-05-25 10:57 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-21 05:44 . 2012-05-21 05:44 -------- d-----w- C:\BigFishGamesCache
2012-05-15 05:27 . 2012-05-15 06:14 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-10 03:37 . 2012-05-10 03:39 -------- d-----w- c:\users\PEP\.dia
2012-05-09 04:48 . 2012-05-09 04:48 -------- d-----w- c:\programdata\ATI
2012-05-09 04:48 . 2012-05-09 04:48 -------- d-----w- c:\program files (x86)\AMD APP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-22 00:22 . 2008-11-15 02:33 202448 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:34 . 2012-04-06 02:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 02:34 . 2012-04-06 02:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 02:34 . 2012-04-06 02:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 02:33 . 2012-04-06 02:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 02:33 . 2012-04-06 02:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 02:33 . 2012-04-06 02:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-06 02:32 . 2012-04-06 02:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2011-04-20 02:09 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2010-05-05 02:18 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2011-12-06 03:12 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2011-04-20 01:59 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2010-05-05 01:35 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2009-08-14 02:03 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2011-12-06 02:39 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2011-12-06 02:24 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2011-12-06 02:13 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2010-05-05 01:22 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2011-04-20 01:21 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2011-12-06 02:11 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2011-05-25 02:24 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-03-25 18:25 . 2011-05-13 09:04 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-09 05:24 . 2012-03-09 05:24 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-09 05:24 . 2012-03-09 05:24 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adflybot"="c:\eliteclicks\Adflybot" [X]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Adobe Reader Speed Launcher"="c:\a folder\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-25 202296]
"NI Background Service"="c:\a folder\Program Files (x86)\National Instruments\Shared\Update Service\BackgroundService.exe" [2009-08-25 77824]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"Malwarebytes' Anti-Malware"="c:\a folder\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 RDID1053;PC-50;c:\windows\system32\Drivers\rdwm1053.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 CSHelper;CopySafe Helper Service;c:\windows\SysWOW64\CSHelper.exe [2010-01-30 266240]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 SASDIFSV;SASDIFSV;c:\a folder\Program Files\SuperAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\a folder\Program Files\SuperAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\a folder\Program Files\SuperAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 MBAMService;MBAMService;c:\a folder\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 04:40]
.
2012-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 04:40]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-02-17 7037984]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-17 1833504]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\system32\blank.htm
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
Trusted Zone: facebook.com\www
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\PEP\AppData\Roaming\Mozilla\Firefox\Profiles\pv2z0nyu.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-ATICustomerCare - c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe
Wow6432Node-HKLM-Run-Aimersoft Helper Compact.exe - c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
Wow6432Node-HKLM-Run-Iminent - c:\program files (x86)\Iminent\Iminent.exe
Wow6432Node-HKLM-Run-IminentMessenger - c:\program files (x86)\Iminent\Iminent.Messengers.exe
Toolbar-Locked - (no file)
AddRemove-Dev-C++ - c:\dev-cpp\uninstall.exe
AddRemove-Grand Theft Auto - f:\gta1\Uninst.isu
AddRemove-IMBoosterARP - c:\program files (x86)\Iminent\inst\Bootstrapper\Bootstrapper.exe
AddRemove-{13C0E1F7-BB8A-4545-B25E-628D025A94AD}_is1 - c:\qtweb\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8755E78F-6D1F-7C34-959D-8881783F5E69}*]
"iapjihekbjfkkgacjn"=hex:69,61,63,68,65,65,64,66,69,6d,61,69,61,69,64,6b,6d ,6a,
00,00
"hajkofdmhdceeecb"=hex:69,61,63,68,65,65,64,66,69,6d,61,69,61,69,64,6b,6d,6 a,
00,00
.
[HKEY_USERS\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A4A6A70A-7ED1-4DB3-BFBF-546F7405A606}*]
"hakljdhibnddlfim"=hex:6a,61,66,68,68,6f,6c,6b,65,62,6f,69,61,63,6e,6e,67,6 4,
6a,6b,00,00
"iaalddiaejcgingjkd"=hex:6a,61,66,68,68,6f,6c,6b,65,62,6f,69,61,63,6e,6e,67 ,64,
6a,6b,00,00
"haldbfedihkbpbgc"=hex:61,63,6b,68,66,6f,6b,6b,69,68,61,6d,6a,62,68,69,66,6 b,
66,6b,6c,62,65,67,67,65,66,61,6a,64,65,70,62,69,6c,6a,6c,62,6f,68,68,62,6a, \
.
[HKEY_USERS\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1d,95,30,5e,fb,dd,83,9b,84,5e,8e,f2,cf,37,94,bd,67,71,52,46,33,ac, 86,
a5,7f,93,2f,da,ad,0c,a6,db,a1,06,d2,c4,a2,1d,d2,f4,2d,69,bf,ce,54,ca,fd,b0, \
"??"=hex:64,c7,47,3c,b1,46,dc,87,ee,75,dd,19,bc,bf,1a,4f
.
[HKEY_USERS\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\SecuROM\License information*]
"datasecu"=hex:3f,f8,70,63,d7,18,a4,68,54,86,a6,9c,b8,9a,25,32,22,4e,74,8f, d1,
b2,44,f5,49,9d,dc,54,0b,c7,d1,6a,bc,c9,08,7e,56,52,32,e4,43,b9,92,a5,79,74, \
"rkeysecu"=hex:d4,46,73,92,b3,86,58,32,28,6b,1f,b9,40,5a,eb,cb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8755E78F-6D1F-7C34-959D-8881783F5E69}\InProcServer32*]
"jafldkobhojdafobbmgj"=hex:69,61,63,68,65,65,64,66,69,6d,61,69,61,69,64,6b, 6d,
6a,00,00
"iaflnleckfbhmpbood"=hex:69,61,63,68,65,65,64,66,69,6d,61,69,61,69,64,6b,6d ,6a,
00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_Ac tiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A6A70A-7ED1-4DB3-BFBF-546F7405A606}\InProcServer32*]
"jagmadgejgelkpbloilp"=hex:6a,61,66,68,68,6f,6c,6b,65,62,6f,69,61,63,6e,6e, 67,
64,6a,6b,00,df
"iagmkimdopdbpllaeb"=hex:6a,61,66,68,68,6f,6c,6b,65,62,6f,69,61,63,6e,6e,67 ,64,
6a,6b,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="C19BBF812550E14CD03A90C28F2637EDA1F57C2B B11DE4999DA059DB378BDB3193EF9BABF4DD9780E375FA431D72887F41601C840BC8955E781 6DAC0137B9DE9D7939BC46C8D183E179FAB2EA8873D3ED8D635983961C06E3A773F0F81C49C 10EB0DC4590792EB8F675F53969D44D3CB2A3BBF1FB694FEA10204664230812B4BF01A01CCB F13BC94180DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C FEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA9C6AECB7A5 D1407A6A0AC4980AC79331EFD33BB0154EE9DAF084DCFE9C0FA3972F6691FE9D4566CF3F503 C21BA0B0F7722CEED8D01E54E333C73D56ADDE90315DD6369F548ABDDA726A5C761D3646B14 E1605B7E4FDCBF8B9B4FC6861F74D618F013F0B14F4EBCA6A7D40D53C12385669B0BA2B6795 10500727A16488A48A5E73D48CEE25BFFB0C0E33453B8C93811562C159F7A69B1C13404DC51 DC890666DD903274A272ACD9E776107F1C831E1493AE6ACD714D8B31C71A6065AEE7AC48575 139E12DE0B83BAA232263C4B735D89578F85F8472E597D070805D66835C9D65CDC06AD33488 5CAEEA5C6CE97793D1C017F387EF78B58FBD399E741C7A95F428C8FF279B05FFC6DA20E8ED2 D0F10E7CE54E1EFC0678BD8F0F5A58BCC4D0B5DB632C01C58660DA74E4122B64C0A31EDA986 6137F718D5964D31984E0BABBBDEE25894ED5896F51E6C22DCA1554E703998B89788361FB41 DA9E7B9D38A70CADF779507C62B0445800ABAD22EA9A2C15511BCAB37B9F834E8853F958C2A EFAFEA9EAFDB417982D2BABF4B5E75D4B70EECD82922BCC197C9D35B6E1F0729653F1676965 20138108C78F56BCD85B3ECA710DE49BCCD1E0CE105D7553A1ADCA7385CDC7ABEC6D4EC9720 1EC8D3444EFE541C3C5F50AD8AC7ACB319CC2AF50D9CE83A73E4BCE2A87FA318A38C63D6D01 FCC6D99005D5A3569039969DF95E2A766D73F7E891FB4858B850E99E5B3C20B6E0ACE91202A A695B398526D015777D77692473459FAEB691B1DD9265917B99F979E443FA770452DD2DA22A EF85C98159F3A70437ECA5D9A6AC2E2B3C84CC0AD8BD22E9E04662FCA3BA442519102660B84 E554708412588AFFE588DB023819782BB5D16BD20CAFA97C4644ACECB623A5AD0C50FDFBB71 116895364839B0F2DACC955232ED8FC6D3C5C14004772758222366D7DF514D57B0B072E79EA C43FC60AF7F815F34ED6180E0BAD86CDD62E41E200F2D744EBC241E8DA75086C8C4FDA9C9C3 AFEEB46CAC7040CFF2D6B013EAA97EDC2DB92D23A97FA46017AAAD75592CDABDE3E9F98D3C8 25BB198C48021CE3592F800D0AB6EC0F044D5A7E95E68F8CFC6616A8A712B298F51A79671C4 49FA21521C168FE76043045A5A2F554502C5729831D342EA6F1061E48A"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\lkads.exe
c:\windows\SysWOW64\lktsrv.exe
c:\a folder\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\SysWOW64\nisvcloc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-06-03 07:59:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-03 11:59
.
Pre-Run: 78,781,505,536 bytes free
Post-Run: 78,388,199,424 bytes free
.
- - End Of File - - 79F3FFE9FF32DC8D70E103F4CC773258
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,270 posts.
 
Join Date: Mar 2001
Location: Bradford, England
06-Jun-2012, 06:24 PM #6
Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html (direct download http://www.safer-networking.org/files/sfp.zip )

Unzip it to desktop, open it & paste in the contents of the quote box below, press next & it will create an archive (zip/cab file) on desktop

please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file

Quote:

c:\eliteclicks\Adflybot

Let me know when they're uploaded


-------------------

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Please copy the text in the code box below and paste it in the Custom Scans/Fixes box in OTL:

    Code:
    netsvcs
    activex
    msconfig
    %SYSTEMDRIVE%\*.
    %PROGRAMFILES%\*.exe
    %LOCALAPPDATA%\*.exe
    %windir%\Installer\*.*
    %windir%\system32\tasks\*.* /64
    %systemroot%\Fonts\*.exe
    %systemroot%\*. /mp /s
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    regedit.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
PEP's Avatar
PEP PEP is offline
Computer Specs
Account Disabled with 2,366 posts.
THREAD STARTER
 
Join Date: Feb 2006
Location: New York
Experience: Vir........ medium.......
10-Jun-2012, 02:22 AM #7
ok i did the upload, doing otl stuff now
PEP's Avatar
PEP PEP is offline
Computer Specs
Account Disabled with 2,366 posts.
THREAD STARTER
 
Join Date: Feb 2006
Location: New York
Experience: Vir........ medium.......
10-Jun-2012, 02:51 AM #8
OTL.TXT

OTL logfile created on: 6/10/2012 2:23:38 AM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\PEP\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 45.74% Memory free
9.99 Gb Paging File | 7.74 Gb Available in Paging File | 77.43% Paging File free
Paging file location(s): c:\pagefile.sys 6141 6141 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 290.04 Gb Total Space | 66.97 Gb Free Space | 23.09% Space Free | Partition Type: NTFS
Drive H: | 7.45 Gb Total Space | 1.32 Gb Free Space | 17.70% Space Free | Partition Type: FAT32
Drive P: | 175.72 Gb Total Space | 53.89 Gb Free Space | 30.67% Space Free | Partition Type: NTFS

Computer Name: PEPBOBA | User Name: PEP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/10 02:21:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\PEP\Desktop\OTL.exe
PRC - [2012/04/20 21:18:58 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\a folder\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2011/03/29 21:09:01 | 000,232,896 | ---- | M] (Vuze Inc.) -- C:\a folder\Program Files (x86)\Vuze\Azureus.exe
PRC - [2011/03/20 21:26:10 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/06/18 07:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) -- C:\a folder\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2009/06/18 06:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lkads.exe
PRC - [2009/06/18 06:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lktsrv.exe
PRC - [2009/06/04 04:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\nisvcloc.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/06 21:15:51 | 000,028,160 | ---- | M] () -- C:\Users\PEP\AppData\Roaming\Azureus\plugins\azutp\win32\utp.dll
MOD - [2012/04/20 21:19:01 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/28 16:10:13 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/04/25 00:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011/04/25 00:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011/04/25 00:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011/04/25 00:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011/04/25 00:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011/04/25 00:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011/04/20 20:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2011/03/29 21:09:01 | 000,087,480 | ---- | M] () -- C:\a folder\Program Files (x86)\Vuze\aereg.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/05 22:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/20 21:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\a folder\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\a folder\Program Files\SuperAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2011/03/20 21:26:10 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/11/18 23:25:46 | 000,403,240 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/30 18:24:23 | 000,266,240 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\CSHelper.exe -- (CSHelper)
SRV - [2009/09/18 10:10:28 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\a folder\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2009/09/12 01:40:22 | 002,287,360 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\a folder\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)
SRV - [2009/06/18 07:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\a folder\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2009/06/18 06:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)
SRV - [2009/06/18 06:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 04:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nisvcloc.exe -- (niSvcLoc)
SRV - [2008/10/31 14:52:54 | 000,695,136 | ---- | M] (National Instruments, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 21:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/02/23 15:28:08 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/03/10 19:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/03/04 14:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/03/04 14:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 09:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/05/06 05:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/27 22:57:46 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/11/02 21:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/18 02:08:00 | 000,081,792 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rdwm1053.sys -- (RDID1053)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/12 22:35:20 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/06/12 22:35:20 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/07/24 19:46:08 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2008/07/24 19:45:20 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2007/08/13 23:08:34 | 000,202,176 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2007/06/25 06:37:14 | 000,108,032 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\a folder\Program Files\SuperAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\a folder\Program Files\SuperAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/12/20 17:54:14 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE 43 99 C7 CF 0A CD 01 [binary data]
IE - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
IE - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80115&lng=en
IE - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\a folder\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll (ArtistScope)
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll (ArtistScope)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\a folder\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\a folder\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll (ArtistScope)
FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll (ArtistScope)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\PEP\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\PEP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kas persky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/05/03 12:46:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspe rsky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/05/03 12:46:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersk y.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/05/03 12:46:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/15 01:28:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/20 14:14:38 | 000,000,000 | ---D | M]

[2009/12/25 07:22:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PEP\AppData\Roaming\Mozilla\Extensions
[2012/05/02 11:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PEP\AppData\Roaming\Mozilla\Firefox\Profiles\pv2z0nyu.default\exte nsions
[2012/03/29 20:39:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\PEP\AppData\Roaming\Mozilla\Firefox\Profiles\pv2z0nyu.default\exte nsions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/05/15 01:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/30 14:46:25 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2010/12/30 14:46:24 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
[2012/04/20 21:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/01/15 14:53:03 | 000,616,448 | ---- | M] (ArtistScope) -- C:\Program Files (x86)\mozilla firefox\plugins\npArtistScope42.dll
[2009/02/02 02:06:56 | 000,211,456 | ---- | M] (ArtistScope) -- C:\Program Files (x86)\mozilla firefox\plugins\npArtistScopeDRM11.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2008/12/10 14:49:34 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv86win32.dll
[2009/10/07 16:11:28 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll
[2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/23 13:02:16 | 000,002,157 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchTheWeb.xml
[2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/03 07:51:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\a folder\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NI Background Service] C:\a folder\Program Files (x86)\National Instruments\Shared\Update Service\BackgroundService.exe (National Instruments)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000..\Run: [Adflybot] C:\Eliteclicks\Adflybot File not found
O4 - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\a folder\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\a folder\Program Files (x86)\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O15 - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\..Trusted Domains: facebook.com ([www] http in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.4.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_04)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...nt/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{659D3C6A-9AF6-47A6-8D43-C5166F4A3B63}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\a folder\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AMTDeviceService - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: EPSON Stylus NX400 Series - hkey= - key= - C:\Windows\SysNative\spool\DRIVERS\x64\3\E_IATIEGA.EXE (SEIKO EPSON CORPORATION)
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\a folder\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: OODefragTray - hkey= - key= - C:\a folder\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\a folder\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SiteRanker - hkey= - key= - File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/10 02:21:50 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\PEP\Desktop\OTL.exe
[2012/06/10 02:15:35 | 000,000,000 | ---D | C] -- C:\Users\PEP\Desktop\sfp
[2012/06/10 02:14:04 | 000,000,000 | ---D | C] -- C:\Users\PEP\Desktop\vstuff
[2012/06/07 13:15:58 | 000,000,000 | ---D | C] -- C:\Users\PEP\AppData\Local\{5BACA261-352A-4298-A263-53FA6901779E}
[2012/06/07 13:15:47 | 000,000,000 | ---D | C] -- C:\Users\PEP\AppData\Local\{C338CF99-EE53-47DC-9690-C9264C8EA72F}
[2012/06/06 23:16:48 | 000,000,000 | ---D | C] -- C:\Users\PEP\AppData\Local\{E26418B8-A9B5-4ADF-9CF6-BC33B102B58F}
[2012/06/06 23:16:37 | 000,000,000 | ---D | C] -- C:\Users\PEP\AppData\Local\{E899EF6D-6942-4DE4-A5B7-74F192E2F9B2}
[2012/06/06 23:06:22 | 000,000,000 | ---D | C] -- C:\Users\PEP\Documents\OneNote Notebooks
[2012/06/06 21:15:35 | 000,000,000 | ---D | C] -- C:\Users\PEP\.swt
[2012/06/06 21:11:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/06 21:10:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/05 20:59:06 | 000,000,000 | ---D | C] -- C:\SD
[2012/06/05 20:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/06/04 03:03:40 | 000,000,000 | ---D | C] -- C:\Users\PEP\AppData\Roaming\MonoDevelop-Unity-2.8
[2012/06/04 03:03:34 | 000,000,000 | ---D | C] -- C:\Users\PEP\AppData\Local\MonoDevelop-Unity-2.8
[2012/06/03 07:59:45 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/03 07:51:47 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/06/03 07:35:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/03 07:35:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/03 07:35:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/03 07:35:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/06/03 07:35:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/01 18:29:34 | 000,000,000 | ---D | C] -- C:\Users\PEP\Documents\WAP
[2012/06/01 18:20:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TexturePacker
[2012/06/01 18:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TexturePacker
[2012/05/31 14:52:18 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/05/31 14:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2012/05/31 14:45:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2012/05/31 14:45:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012/05/27 03:40:32 | 000,000,000 | ---D | C] -- C:\Users\PEP\AppData\Roaming\SUPERAntiSpyware.com
[2012/05/27 03:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/05/27 03:37:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/05/25 06:57:54 | 000,000,000 | ---D | C] -- C:\Users\PEP\AppData\Roaming\Malwarebytes
[2012/05/25 06:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/25 06:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/25 06:57:49 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/23 05:40:00 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/05/21 01:44:18 | 000,000,000 | ---D | C] -- C:\BigFishGamesCache
[2012/05/15 01:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/05/15 01:27:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\PEP\Desktop\*.tmp files -> C:\Users\PEP\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/10 02:21:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\PEP\Desktop\OTL.exe
[2012/06/10 02:15:53 | 000,000,340 | ---- | M] () -- C:\Users\PEP\Desktop\requested-files[2012-06-10_02_15].cab
[2012/06/10 02:14:56 | 000,264,875 | ---- | M] () -- C:\Users\PEP\Desktop\sfp.zip
[2012/06/10 01:35:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/09 17:35:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/09 06:42:39 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/09 06:42:39 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/09 06:34:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/09 06:34:32 | 003,155,769 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2012/06/07 21:31:21 | 000,000,576 | ---- | M] () -- C:\Users\PEP\AppData\Roaming\AutoGK.ini
[2012/06/07 07:29:29 | 005,007,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/06 23:43:00 | 000,017,920 | ---- | M] () -- C:\Users\PEP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/06 23:06:20 | 000,001,226 | ---- | M] () -- C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/06/05 21:43:36 | 000,000,845 | ---- | M] () -- C:\Users\PEP\Desktop\eclipse.exe - Shortcut.lnk
[2012/06/05 15:16:25 | 000,041,892 | ---- | M] () -- C:\Users\PEP\Desktop\_save786332.sav
[2012/06/03 07:51:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/02 21:22:19 | 000,003,303 | ---- | M] () -- C:\Users\PEP\Desktop\face.png
[2012/06/01 19:07:50 | 000,001,058 | ---- | M] () -- C:\Users\Public\Desktop\Unity.lnk
[2012/05/31 15:00:40 | 000,004,716 | ---- | M] () -- C:\Users\PEP\Desktop\Untitled.png
[2012/05/18 14:43:46 | 003,145,782 | ---- | M] () -- C:\Users\PEP\Desktop\screenshot100.bmp
[2012/05/18 01:14:43 | 006,209,857 | ---- | M] () -- C:\Users\PEP\Desktop\cube.exe
[2012/05/15 01:28:44 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/13 22:11:49 | 000,006,784 | ---- | M] () -- C:\Users\PEP\AppData\Local\recently-used.xbel
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Users\PEP\Desktop\*.tmp files -> C:\Users\PEP\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/10 02:15:53 | 000,000,340 | ---- | C] () -- C:\Users\PEP\Desktop\requested-files[2012-06-10_02_15].cab
[2012/06/10 02:14:46 | 000,264,875 | ---- | C] () -- C:\Users\PEP\Desktop\sfp.zip
[2012/06/06 23:06:20 | 000,001,226 | ---- | C] () -- C:\Users\PEP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/06/05 21:43:36 | 000,000,845 | ---- | C] () -- C:\Users\PEP\Desktop\eclipse.exe - Shortcut.lnk
[2012/06/03 07:35:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/03 07:35:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/03 07:35:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/03 07:35:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/03 07:35:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/02 21:21:40 | 000,003,303 | ---- | C] () -- C:\Users\PEP\Desktop\face.png
[2012/06/01 19:07:50 | 000,001,058 | ---- | C] () -- C:\Users\Public\Desktop\Unity.lnk
[2012/05/31 15:00:40 | 000,004,716 | ---- | C] () -- C:\Users\PEP\Desktop\Untitled.png
[2012/05/31 14:47:02 | 000,001,588 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS5.lnk
[2012/05/31 14:46:42 | 000,001,107 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2012/05/31 14:46:27 | 000,001,200 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2012/05/31 14:44:55 | 000,001,291 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2012/05/31 14:44:48 | 000,001,523 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2012/05/31 14:44:20 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/05/18 14:43:46 | 003,145,782 | ---- | C] () -- C:\Users\PEP\Desktop\screenshot100.bmp
[2012/05/18 14:42:07 | 000,041,892 | ---- | C] () -- C:\Users\PEP\Desktop\_save786332.sav
[2012/05/18 01:13:47 | 006,209,857 | ---- | C] () -- C:\Users\PEP\Desktop\cube.exe
[2012/05/15 01:28:44 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/05/15 01:28:44 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/13 22:11:49 | 000,006,784 | ---- | C] () -- C:\Users\PEP\AppData\Local\recently-used.xbel
[2012/03/28 11:17:16 | 000,000,101 | ---- | C] () -- C:\Windows\TheMatrix.ini
[2012/03/25 14:26:58 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012/03/20 15:36:37 | 000,004,696 | ---- | C] () -- C:\Windows\scad3.INI
[2012/03/09 00:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/09 00:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/05 15:16:52 | 000,000,000 | ---- | C] () -- C:\Windows\lmtools.INI
[2012/03/05 14:55:23 | 000,000,527 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/02/23 15:31:30 | 000,017,408 | ---- | C] () -- C:\Users\PEP\AppData\Local\WebpageIcons.db
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/13 15:29:45 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012/01/13 00:03:49 | 000,000,576 | ---- | C] () -- C:\Users\PEP\AppData\Roaming\AutoGK.ini
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/05/18 16:36:37 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2011/01/26 19:52:26 | 000,007,605 | ---- | C] () -- C:\Users\PEP\AppData\Local\Resmon.ResmonCfg
[2010/10/22 23:42:28 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\STLL Notifier
[2010/10/22 23:27:11 | 000,000,482 | ---- | C] () -- C:\Windows\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2010/08/22 17:01:56 | 000,000,298 | ---- | C] () -- C:\Windows\vtmb.ini
[2010/07/02 21:08:09 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini

========== LOP Check ==========

[2011/12/24 10:03:43 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\.minecraft
[2009/12/25 07:21:55 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Aim
[2011/11/12 08:50:07 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Amvud
[2012/01/22 14:21:03 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Audacity
[2012/06/10 02:29:33 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Azureus
[2011/01/13 20:56:39 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Bioshock2
[2012/01/01 18:03:47 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Canneverbe Limited
[2012/05/23 21:22:48 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\DAEMON Tools Lite
[2011/06/21 21:21:19 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Deckadance16
[2009/12/25 07:21:58 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\DeepBurner
[2011/05/13 04:41:19 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Dev-Cpp
[2010/03/29 22:17:59 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\EMCO
[2011/01/16 19:46:53 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Filter Forge 2
[2009/12/25 07:21:58 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\FreeImageConverter
[2009/12/25 07:21:58 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Games
[2012/01/24 14:00:08 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\GetRightToGo
[2011/12/31 21:12:03 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\gtk-2.0
[2010/09/17 23:09:04 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Helios
[2011/08/28 16:27:31 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\hte
[2011/06/21 22:18:16 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Image-Line
[2012/01/12 21:35:32 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\ImgBurn
[2009/12/25 07:21:58 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Leadertech
[2010/04/07 19:41:21 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Lionhead Studios
[2012/01/13 15:30:07 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\MinMaxGames
[2012/06/01 18:26:15 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\MonoDevelop-Unity
[2012/06/04 03:03:49 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\MonoDevelop-Unity-2.8
[2009/12/25 07:22:24 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Mount&Blade
[2010/04/13 00:33:38 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Mount&Blade Warband
[2011/05/09 18:17:49 | 000,000,000 | -HSD | M] -- C:\Users\PEP\AppData\Roaming\ms-drivers
[2009/12/25 07:22:26 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\MuPAD
[2010/10/12 22:29:34 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\MusE
[2012/03/25 22:42:09 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\National Instruments
[2011/08/27 17:01:58 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Notepad++
[2010/12/27 15:11:21 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\PACE Anti-Piracy
[2011/07/30 21:37:10 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Picsoft
[2009/12/31 13:33:50 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\PlayFirst
[2011/03/20 21:26:07 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\PunkBuster
[2012/03/11 23:03:57 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Rational
[2011/05/18 18:30:58 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\ScripterRon
[2010/01/25 19:39:46 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\ScummVM
[2011/06/21 21:21:19 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\SongManager
[2010/03/20 20:31:08 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\SprillRichiEng
[2011/08/08 21:38:45 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\stetic
[2011/02/22 00:22:08 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\System
[2011/11/06 19:15:27 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\SystemRequirementsLab
[2011/04/18 19:07:45 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\The Creative Assembly
[2009/12/25 07:22:27 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Thinstall
[2010/05/28 22:27:48 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Tropico 3
[2010/04/16 00:42:08 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Ubisoft
[2012/06/01 19:16:10 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Unity
[2011/11/11 17:02:23 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Uppae
[2012/01/12 19:38:07 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\windows-dvd-maker
[2011/05/09 17:42:04 | 000,000,000 | -HSD | M] -- C:\Users\PEP\AppData\Roaming\wyUpdate AU
[2009/12/25 07:22:28 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\XRay Engine
[2012/05/29 08:14:55 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2009/12/25 09:52:30 | 000,000,000 | ---D | M] -- C:\$INPLACE.~TR
[2012/06/05 21:22:33 | 000,000,000 | ---D | M] -- C:\$RECYCLE.BIN
[2009/12/25 07:29:37 | 000,000,000 | ---D | M] -- C:\$WINDOWS.~Q
[2012/05/05 08:28:35 | 000,000,000 | ---D | M] -- C:\a folder
[2011/09/18 20:48:08 | 000,000,000 | ---D | M] -- C:\altera
[2012/03/29 21:26:30 | 000,000,000 | ---D | M] -- C:\AMD
[2012/01/04 11:37:43 | 000,000,000 | ---D | M] -- C:\ANDROIDHW
[2011/10/29 11:28:38 | 000,000,000 | ---D | M] -- C:\ATI
[2012/05/21 01:44:18 | 000,000,000 | ---D | M] -- C:\BigFishGamesCache
[2011/04/13 03:24:04 | 000,000,000 | ---D | M] -- C:\Boot
[2010/10/28 20:41:30 | 000,000,000 | ---D | M] -- C:\CIMTEMP
[2012/06/06 21:11:14 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2008/12/20 18:22:45 | 000,000,000 | ---D | M] -- C:\CPQSYSTEM
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012/01/12 21:48:57 | 000,000,000 | ---D | M] -- C:\DVR216D
[2012/01/04 11:42:05 | 000,000,000 | ---D | M] -- C:\ECLIPSEHW
[2011/08/25 19:50:17 | 000,000,000 | ---D | M] -- C:\emu8086
[2011/05/09 22:51:50 | 000,000,000 | ---D | M] -- C:\goblin
[2011/09/18 16:26:05 | 000,000,000 | ---D | M] -- C:\holy
[2008/10/25 10:03:02 | 000,000,000 | ---D | M] -- C:\Intel
[2009/10/28 23:58:15 | 000,000,000 | R--D | M] -- C:\MSOCache
[2012/03/25 21:50:38 | 000,000,000 | ---D | M] -- C:\National Instruments Downloads
[2010/01/25 20:40:16 | 000,000,000 | ---D | M] -- C:\nite
[2009/07/13 23:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/06/05 20:18:02 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/06/06 21:10:50 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012/05/31 14:52:18 | 000,000,000 | ---D | M] -- C:\ProgramData
[2012/06/03 07:59:50 | 000,000,000 | ---D | M] -- C:\Qoobox
[2009/12/25 07:45:59 | 000,000,000 | ---D | M] -- C:\Recovery
[2012/06/05 21:44:54 | 000,000,000 | ---D | M] -- C:\SD
[2012/06/10 02:32:22 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010/11/10 03:04:43 | 000,000,000 | ---D | M] -- C:\tasm
[2009/12/25 07:23:49 | 000,000,000 | R--D | M] -- C:\Users
[2012/06/03 07:59:45 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %windir%\Installer\*.* >
[2009/10/16 08:09:28 | 002,518,016 | R--- | M] () -- C:\Windows\Installer\100f17a.msp
[2009/11/21 00:36:14 | 005,002,752 | R--- | M] () -- C:\Windows\Installer\100f191.msp
[2010/12/06 18:28:24 | 002,523,136 | ---- | M] () -- C:\Windows\Installer\104e6fa.msi
[2010/12/06 18:30:16 | 006,798,336 | ---- | M] () -- C:\Windows\Installer\104e919.msi
[2010/10/07 19:43:04 | 001,980,416 | R--- | M] () -- C:\Windows\Installer\11ca53e.msp
[2010/10/21 19:12:42 | 003,359,744 | R--- | M] () -- C:\Windows\Installer\11ca555.msp
[2010/09/17 07:04:16 | 009,401,856 | R--- | M] () -- C:\Windows\Installer\11ca56c.msp
[2011/01/11 17:53:56 | 001,763,328 | R--- | M] () -- C:\Windows\Installer\1239607.msp
[2011/02/16 13:54:08 | 004,992,000 | R--- | M] () -- C:\Windows\Installer\123961e.msp
[2011/01/07 20:05:12 | 004,583,936 | R--- | M] () -- C:\Windows\Installer\12d59b.msp
[2011/06/05 19:03:23 | 007,054,336 | ---- | M] () -- C:\Windows\Installer\1377e7d.msi
[2008/12/02 15:03:57 | 000,020,992 | ---- | M] () -- C:\Windows\Installer\13a246.msi
[2011/09/04 16:10:06 | 021,237,248 | ---- | M] () -- C:\Windows\Installer\14263f9.msi
[2010/03/19 09:19:04 | 000,155,136 | ---- | M] () -- C:\Windows\Installer\148745a.msi
[2010/09/22 15:16:52 | 007,013,888 | R--- | M] () -- C:\Windows\Installer\156772.msp
[2010/07/23 01:04:08 | 011,395,072 | R--- | M] () -- C:\Windows\Installer\1691e0c.msp
[2010/08/04 15:12:26 | 001,004,544 | R--- | M] () -- C:\Windows\Installer\1691e14.msp
[2010/08/19 17:57:46 | 003,395,584 | R--- | M] () -- C:\Windows\Installer\1691e2b.msp
[2010/08/04 15:13:04 | 000,686,080 | R--- | M] () -- C:\Windows\Installer\1691e42.msp
[2011/11/06 19:15:27 | 000,245,760 | ---- | M] () -- C:\Windows\Installer\1692595.msi
[2012/03/25 14:25:33 | 009,420,800 | ---- | M] () -- C:\Windows\Installer\174640c.msi
[2005/12/06 13:53:46 | 000,157,696 | ---- | M] () -- C:\Windows\Installer\1781cdd.msi
[2009/11/24 23:46:17 | 024,760,320 | ---- | M] () -- C:\Windows\Installer\17855e7.msi
[2007/10/22 17:09:10 | 017,566,720 | ---- | M] () -- C:\Windows\Installer\1838476.msi
[2010/03/29 18:09:47 | 001,484,288 | ---- | M] () -- C:\Windows\Installer\18426ad.msi
[2010/03/19 11:25:14 | 000,163,328 | ---- | M] () -- C:\Windows\Installer\1873b00.msi
[2010/03/18 23:09:05 | 000,695,296 | ---- | M] () -- C:\Windows\Installer\1873b0b.msi
[2011/10/04 21:39:07 | 000,377,344 | ---- | M] () -- C:\Windows\Installer\1873b11.msi
[2010/03/19 09:40:13 | 000,269,824 | ---- | M] () -- C:\Windows\Installer\1873b17.msi
[2010/03/19 15:46:10 | 008,565,760 | ---- | M] () -- C:\Windows\Installer\1873b3b.msi
[2011/10/04 21:50:27 | 000,548,352 | ---- | M] () -- C:\Windows\Installer\1873b42.msi
[2010/03/11 14:58:35 | 006,492,160 | ---- | M] () -- C:\Windows\Installer\1873b48.msi
[2010/03/19 11:00:19 | 000,250,880 | ---- | M] () -- C:\Windows\Installer\1873b50.msi
[2010/03/19 09:20:04 | 000,260,096 | ---- | M] () -- C:\Windows\Installer\1873b56.msi
[2010/03/19 09:27:40 | 000,135,680 | ---- | M] () -- C:\Windows\Installer\1873b5c.msi
[2011/10/04 21:51:30 | 004,121,600 | ---- | M] () -- C:\Windows\Installer\1873b62.msi
[2010/02/28 21:40:32 | 003,468,800 | ---- | M] () -- C:\Windows\Installer\1873b68.msi
[2010/02/28 21:40:29 | 003,590,144 | ---- | M] () -- C:\Windows\Installer\1873b6f.msi
[2010/02/28 21:40:32 | 010,955,264 | ---- | M] () -- C:\Windows\Installer\1873b75.msi
[2010/02/28 21:40:29 | 016,429,568 | ---- | M] () -- C:\Windows\Installer\1873b96.msi
[2010/03/11 14:57:44 | 001,490,944 | ---- | M] () -- C:\Windows\Installer\1873b9c.msi
[2010/03/11 14:57:45 | 005,067,776 | ---- | M] () -- C:\Windows\Installer\1873ba3.msi
[2010/03/11 14:57:47 | 002,853,376 | ---- | M] () -- C:\Windows\Installer\1873ba9.msi
[2010/04/20 17:48:32 | 000,168,960 | ---- | M] () -- C:\Windows\Installer\190d7d.msi
[2012/06/06 21:08:27 | 017,379,840 | ---- | M] () -- C:\Windows\Installer\19789a4.msi
[2012/06/06 21:10:26 | 000,461,312 | ---- | M] () -- C:\Windows\Installer\19789a8.msi
[2012/06/06 21:11:05 | 000,179,200 | ---- | M] () -- C:\Windows\Installer\19789b8.msi
[2009/12/25 05:34:09 | 000,603,136 | ---- | M] () -- C:\Windows\Installer\19fee2.msi
[2012/04/19 18:17:27 | 000,026,112 | ---- | M] () -- C:\Windows\Installer\1aa42f4.msi
[2011/11/04 13:36:13 | 009,433,088 | ---- | M] () -- C:\Windows\Installer\1aa42fd.msi
[2012/04/19 18:17:37 | 004,426,240 | R--- | M] () -- C:\Windows\Installer\1aa430c.msp
[2011/11/04 13:38:12 | 007,710,720 | ---- | M] () -- C:\Windows\Installer\1aa4311.msi
[2012/04/19 18:17:40 | 002,932,224 | R--- | M] () -- C:\Windows\Installer\1aa4325.msp
[2011/11/04 13:38:55 | 000,429,056 | ---- | M] () -- C:\Windows\Installer\1aa432a.msi
[2012/04/19 18:17:40 | 000,136,704 | R--- | M] () -- C:\Windows\Installer\1aa432f.msp
[2011/11/04 13:39:10 | 004,004,864 | ---- | M] () -- C:\Windows\Installer\1aa4334.msi
[2012/04/19 18:17:43 | 001,139,712 | R--- | M] () -- C:\Windows\Installer\1aa4340.msp
[2011/11/04 13:39:27 | 002,310,656 | ---- | M] () -- C:\Windows\Installer\1aa4345.msi
[2012/04/19 18:17:45 | 000,715,264 | R--- | M] () -- C:\Windows\Installer\1aa434d.msp
[2011/11/04 13:40:02 | 008,332,288 | ---- | M] () -- C:\Windows\Installer\1aa4355.msi
[2012/04/19 18:17:57 | 003,312,128 | R--- | M] () -- C:\Windows\Installer\1aa4371.msp
[2011/11/04 13:41:28 | 034,193,408 | ---- | M] () -- C:\Windows\Installer\1aa437d.msi
[2012/04/19 18:18:13 | 014,624,256 | R--- | M] () -- C:\Windows\Installer\1aa43a8.msp
[2011/11/04 13:42:57 | 011,846,656 | ---- | M] () -- C:\Windows\Installer\1aa43b0.msi
[2012/04/19 18:18:16 | 003,734,016 | R--- | M] () -- C:\Windows\Installer\1aa43b9.msp
[2011/11/04 13:43:19 | 000,067,072 | ---- | M] () -- C:\Windows\Installer\1aa43bf.msi
[2012/04/19 18:18:17 | 000,029,184 | R--- | M] () -- C:\Windows\Installer\1aa43c5.msp
[2011/11/04 13:43:32 | 001,492,992 | ---- | M] () -- C:\Windows\Installer\1aa43ca.msi
[2012/04/19 18:18:18 | 000,625,664 | R--- | M] () -- C:\Windows\Installer\1aa43d3.msp
[2011/11/04 13:43:47 | 001,070,592 | ---- | M] () -- C:\Windows\Installer\1aa43d8.msi
[2012/04/19 18:18:18 | 000,468,480 | R--- | M] () -- C:\Windows\Installer\1aa43e2.msp
[2011/11/04 13:44:11 | 004,250,112 | ---- | M] () -- C:\Windows\Installer\1aa43e8.msi
[2012/04/19 18:18:26 | 002,146,304 | R--- | M] () -- C:\Windows\Installer\1aa43f3.msp
[2011/11/04 13:44:28 | 000,153,600 | ---- | M] () -- C:\Windows\Installer\1aa43f9.msi
[2012/04/19 18:18:26 | 000,060,416 | R--- | M] () -- C:\Windows\Installer\1aa43fe.msp
[2012/06/05 20:14:39 | 000,471,040 | ---- | M] () -- C:\Windows\Installer\1ae0eea.msi
[2012/05/03 00:32:12 | 020,036,096 | ---- | M] () -- C:\Windows\Installer\1ae0ef1.msi
[2012/06/05 20:17:42 | 000,440,832 | ---- | M] () -- C:\Windows\Installer\1ae0ef5.msi
[2012/06/05 20:18:21 | 000,514,048 | ---- | M] () -- C:\Windows\Installer\1ae0ef9.msi
[2011/04/28 09:57:38 | 002,721,280 | R--- | M] () -- C:\Windows\Installer\1ae7bb9.msp
[2011/04/28 17:35:20 | 001,375,744 | R--- | M] () -- C:\Windows\Installer\1ae7bc1.msp
[2011/07/27 07:42:04 | 004,985,856 | R--- | M] () -- C:\Windows\Installer\1ae7bd7.msp
[2010/01/08 21:19:18 | 001,399,808 | ---- | M] () -- C:\Windows\Installer\1b7c415.msi
[2012/02/12 22:39:28 | 000,032,256 | ---- | M] () -- C:\Windows\Installer\1b92a2d.msi
[2009/08/10 14:09:46 | 017,254,912 | R--- | M] () -- C:\Windows\Installer\1be8b1.msp
[2009/07/12 03:35:00 | 002,736,640 | ---- | M] () -- C:\Windows\Installer\1bf8161.msi
[2010/07/04 14:53:29 | 001,222,656 | ---- | M] () -- C:\Windows\Installer\1c87c8.msi
[2008/12/13 10:02:26 | 000,802,816 | R--- | M] () -- C:\Windows\Installer\1cfb4c1.msp
[2011/04/28 05:42:32 | 004,990,976 | R--- | M] () -- C:\Windows\Installer\1d101f2.msp
[2011/04/29 12:27:04 | 004,158,464 | R--- | M] () -- C:\Windows\Installer\1d10218.msp
[2011/04/22 19:41:34 | 011,507,712 | R--- | M] () -- C:\Windows\Installer\1d10233.msp
[2010/09/17 06:06:50 | 003,355,648 | R--- | M] () -- C:\Windows\Installer\1d34d44.msp
[2010/07/16 08:41:36 | 001,732,608 | R--- | M] () -- C:\Windows\Installer\1d34d4c.msp
[2010/08/13 18:00:36 | 009,404,928 | R--- | M] () -- C:\Windows\Installer\1d34d63.msp
[2010/08/13 18:02:20 | 002,545,664 | R--- | M] () -- C:\Windows\Installer\1d34d7a.msp
[2010/08/13 17:59:46 | 008,182,272 | R--- | M] () -- C:\Windows\Installer\1d34d91.msp
[2010/08/13 18:01:28 | 008,993,280 | R--- | M] () -- C:\Windows\Installer\1d34da8.msp
[2009/10/28 23:59:06 | 002,397,184 | ---- | M] () -- C:\Windows\Installer\1d60616.msi
[2009/10/28 23:59:12 | 000,501,248 | ---- | M] () -- C:\Windows\Installer\1d6061c.msi
[2009/10/28 23:59:18 | 001,713,152 | ---- | M] () -- C:\Windows\Installer\1d60622.msi
[2009/10/28 23:59:24 | 002,022,912 | ---- | M] () -- C:\Windows\Installer\1d60628.msi
[2009/10/28 23:59:28 | 001,640,960 | ---- | M] () -- C:\Windows\Installer\1d6062e.msi
[2009/10/28 23:59:32 | 001,647,616 | ---- | M] () -- C:\Windows\Installer\1d60634.msi
[2009/10/28 23:59:36 | 000,501,248 | ---- | M] () -- C:\Windows\Installer\1d6063a.msi
[2009/10/28 23:59:40 | 002,319,872 | ---- | M] () -- C:\Windows\Installer\1d60640.msi
[2009/10/28 23:59:44 | 000,502,272 | ---- | M] () -- C:\Windows\Installer\1d60646.msi
[2009/10/28 23:59:47 | 000,501,248 | ---- | M] () -- C:\Windows\Installer\1d6064c.msi
[2009/10/28 23:59:52 | 000,513,024 | ---- | M] () -- C:\Windows\Installer\1d60652.msi
[2009/10/28 23:59:57 | 000,516,608 | ---- | M] () -- C:\Windows\Installer\1d60659.msi
[2009/10/29 00:00:03 | 000,506,880 | ---- | M] () -- C:\Windows\Installer\1d60660.msi
[2009/10/29 00:00:07 | 000,501,248 | ---- | M] () -- C:\Windows\Installer\1d60666.msi
[2009/10/29 00:00:11 | 001,652,736 | ---- | M] () -- C:\Windows\Installer\1d6066c.msi
[2009/10/29 00:00:15 | 001,652,736 | ---- | M] () -- C:\Windows\Installer\1d60672.msi
[2009/10/29 00:00:21 | 001,652,736 | ---- | M] () -- C:\Windows\Installer\1d60678.msi
[2009/10/29 00:00:25 | 000,501,248 | ---- | M] () -- C:\Windows\Installer\1d6067e.msi
[2009/10/29 00:00:29 | 001,640,960 | ---- | M] () -- C:\Windows\Installer\1d60684.msi
[2009/10/29 00:00:38 | 000,846,848 | ---- | M] () -- C:\Windows\Installer\1d6068b.msi
[2009/10/29 00:06:45 | 018,181,632 | ---- | M] () -- C:\Windows\Installer\1d60693.msi
[2011/10/17 14:26:31 | 001,437,184 | ---- | M] () -- C:\Windows\Installer\1e34bc9.msi
[2010/04/24 17:10:46 | 008,486,400 | R--- | M] () -- C:\Windows\Installer\1e79fd6.msp
[2010/04/24 17:07:04 | 010,118,144 | R--- | M] () -- C:\Windows\Installer\1e79fee.msp
[2010/05/18 23:35:24 | 005,023,744 | R--- | M] () -- C:\Windows\Installer\1e7a005.msp
[2010/04/24 17:05:14 | 004,199,424 | R--- | M] () -- C:\Windows\Installer\1e7a01c.msp
[2010/04/24 17:07:58 | 004,667,392 | R--- | M] () -- C:\Windows\Installer\1e7a042.msp
[2010/03/24 18:54:54 | 002,516,992 | R--- | M] () -- C:\Windows\Installer\1e7a06c.msp
[2010/03/24 18:54:48 | 003,126,272 | R--- | M] () -- C:\Windows\Installer\1e7a06d.msp
[2010/04/24 17:08:48 | 009,129,984 | R--- | M] () -- C:\Windows\Installer\1e7a085.msp
[2010/04/24 17:09:46 | 011,750,912 | R--- | M] () -- C:\Windows\Installer\1e7a09c.msp
[2009/07/12 12:16:26 | 000,223,232 | ---- | M] () -- C:\Windows\Installer\1ea4ac4.msi
[2009/04/03 19:55:22 | 021,390,848 | R--- | M] () -- C:\Windows\Installer\1f0b76f.msp
[2009/04/03 19:55:36 | 009,926,144 | R--- | M] () -- C:\Windows\Installer\1f0b7a2.msp
[2009/04/03 19:55:48 | 001,282,560 | R--- | M] () -- C:\Windows\Installer\1f0b7aa.msp
[2009/04/03 19:55:42 | 007,888,384 | R--- | M] () -- C:\Windows\Installer\1f0b7b4.msp
[2009/04/03 19:55:10 | 007,999,488 | R--- | M] () -- C:\Windows\Installer\1f0b7c3.msp
[2009/04/03 19:55:30 | 015,190,016 | R--- | M] () -- C:\Windows\Installer\1f0b7ca.msp
[2009/04/03 19:55:04 | 343,058,432 | R--- | M] () -- C:\Windows\Installer\1f0b917.msp
[2010/03/11 23:59:18 | 005,031,424 | R--- | M] () -- C:\Windows\Installer\1fb5965.msp
[2010/02/21 01:02:24 | 004,195,840 | R--- | M] () -- C:\Windows\Installer\1fb597c.msp
[2010/02/21 01:03:34 | 004,472,832 | R--- | M] () -- C:\Windows\Installer\1fb5999.msp
[2010/03/22 16:03:14 | 011,732,992 | R--- | M] () -- C:\Windows\Installer\1fb59b0.msp
[2011/03/22 21:31:40 | 007,671,808 | ---- | M] () -- C:\Windows\Installer\206579.msi
[2009/12/03 15:15:12 | 005,004,288 | R--- | M] () -- C:\Windows\Installer\208c966.msp
[2010/12/21 14:06:38 | 011,570,688 | R--- | M] () -- C:\Windows\Installer\210608c.msp
[2010/12/17 01:17:02 | 003,362,304 | R--- | M] () -- C:\Windows\Installer\21060a3.msp
[2012/03/22 12:02:44 | 006,859,264 | ---- | M] () -- C:\Windows\Installer\211ee9f.msi
[2012/01/26 23:25:54 | 028,719,616 | ---- | M] () -- C:\Windows\Installer\211eee6.msi
[2006/12/02 07:09:06 | 002,818,048 | ---- | M] () -- C:\Windows\Installer\211eeec.msi
[2010/02/04 01:59:48 | 005,031,936 | R--- | M] () -- C:\Windows\Installer\2171055.msp
[2010/02/21 02:00:02 | 008,480,768 | R--- | M] () -- C:\Windows\Installer\217106c.msp
[2010/02/04 18:24:30 | 009,122,304 | R--- | M] () -- C:\Windows\Installer\2171083.msp
[2009/11/21 00:46:06 | 011,524,608 | R--- | M] () -- C:\Windows\Installer\217109a.msp
[2010/01/14 22:26:08 | 005,027,840 | R--- | M] () -- C:\Windows\Installer\21a20c9.msp
[2010/04/09 15:21:24 | 005,025,792 | R--- | M] () -- C:\Windows\Installer\21b4aa6.msp
[2009/10/16 07:08:48 | 002,237,952 | R--- | M] () -- C:\Windows\Installer\21b4abd.msp
[2011/05/30 23:45:52 | 000,041,984 | ---- | M] () -- C:\Windows\Installer\224a66c.msi
[2011/08/09 18:20:45 | 020,333,056 | R--- | M] () -- C:\Windows\Installer\224a673.msp
[2009/11/11 00:53:08 | 000,868,352 | ---- | M] () -- C:\Windows\Installer\2699129.msi
[2009/08/18 13:57:54 | 009,122,304 | R--- | M] () -- C:\Windows\Installer\27adf68.msp
[2009/08/18 13:58:56 | 008,301,056 | R--- | M] () -- C:\Windows\Installer\27adf7f.msp
[2009/08/18 14:19:26 | 010,098,688 | R--- | M] () -- C:\Windows\Installer\27adf97.msp
[2009/10/16 08:03:20 | 005,003,776 | R--- | M] () -- C:\Windows\Installer\27adfae.msp
[2011/11/10 21:46:06 | 000,998,400 | ---- | M] () -- C:\Windows\Installer\27b1d35.msi
[2009/04/24 13:29:02 | 009,013,760 | R--- | M] () -- C:\Windows\Installer\288b1c6.msp
[2009/08/18 13:50:38 | 012,022,272 | R--- | M] () -- C:\Windows\Installer\288b202.msp
[2009/11/06 04:01:32 | 000,259,072 | ---- | M] () -- C:\Windows\Installer\288b209.msi
[2009/11/06 04:01:44 | 000,248,832 | ---- | M] () -- C:\Windows\Installer\288b20f.msi
[2009/04/14 05:50:22 | 005,191,680 | R--- | M] () -- C:\Windows\Installer\288b217.msp
[2009/08/18 14:08:34 | 001,373,696 | R--- | M] () -- C:\Windows\Installer\288b22e.msp
[2009/05/26 19:53:56 | 000,579,072 | R--- | M] () -- C:\Windows\Installer\288b244.msp
[2009/09/18 10:30:44 | 005,016,576 | R--- | M] () -- C:\Windows\Installer\288b25b.msp
[2009/04/14 04:20:06 | 009,573,376 | R--- | M] () -- C:\Windows\Installer\288b264.msp
[2009/07/27 05:31:24 | 003,738,624 | R--- | M] () -- C:\Windows\Installer\288b27b.msp
[2009/04/24 13:28:00 | 004,450,816 | R--- | M] () -- C:\Windows\Installer\288b294.msp
[2009/08/05 08:49:32 | 003,457,024 | R--- | M] () -- C:\Windows\Installer\288b2ad.msp
[2009/02/25 20:08:18 | 008,311,808 | R--- | M] () -- C:\Windows\Installer\288b2c3.msp
[2009/04/24 13:30:16 | 002,583,552 | R--- | M] () -- C:\Windows\Installer\288b2dc.msp
[2009/04/14 05:51:24 | 001,303,040 | R--- | M] () -- C:\Windows\Installer\288b2e5.msp
[2009/05/04 08:47:22 | 009,124,864 | R--- | M] () -- C:\Windows\Installer\288b2fd.msp
[2009/05/26 19:54:44 | 004,192,768 | R--- | M] () -- C:\Windows\Installer\288b319.msp
[2009/05/04 08:46:14 | 008,299,008 | R--- | M] () -- C:\Windows\Installer\288b331.msp
[2009/04/14 05:18:14 | 009,684,480 | R--- | M] () -- C:\Windows\Installer\288b33a.msp
[2009/04/14 05:49:26 | 001,922,560 | R--- | M] () -- C:\Windows\Installer\288b342.msp
[2011/07/27 07:39:50 | 009,892,352 | R--- | M] () -- C:\Windows\Installer\28b04a4.msp
[2011/07/27 07:37:28 | 011,592,192 | R--- | M] () -- C:\Windows\Installer\28b04c2.msp
[2011/09/06 21:48:02 | 008,181,248 | R--- | M] () -- C:\Windows\Installer\28b04d9.msp
[2011/08/10 17:42:04 | 007,070,208 | R--- | M] () -- C:\Windows\Installer\28b04f0.msp
[2011/08/24 06:37:22 | 004,985,856 | R--- | M] () -- C:\Windows\Installer\28b0507.msp
[2011/06/21 11:59:26 | 001,764,352 | R--- | M] () -- C:\Windows\Installer\28b051f.msp
[2011/09/06 21:46:22 | 009,006,080 | R--- | M] () -- C:\Windows\Installer\28b0536.msp
[2011/08/10 17:43:30 | 003,795,968 | R--- | M] () -- C:\Windows\Installer\28b054d.msp
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\Windows\Installer\28b0a2c.msi
[2008/08/08 15:11:02 | 000,232,960 | ---- | M] () -- C:\Windows\Installer\29c035c.msi
[2012/04/26 10:56:06 | 000,630,272 | ---- | M] () -- C:\Windows\Installer\29d85fc.msi
[2012/04/26 11:02:22 | 008,302,080 | ---- | M] () -- C:\Windows\Installer\29d8603.msi
[2012/03/30 05:38:34 | 000,507,904 | ---- | M] () -- C:\Windows\Installer\29d880b.msi
[2012/04/26 10:58:16 | 001,891,328 | ---- | M] () -- C:\Windows\Installer\29d8811.msi
[2012/04/26 10:53:34 | 000,811,520 | ---- | M] () -- C:\Windows\Installer\29d8817.msi
[2012/04/26 10:53:42 | 000,782,336 | ---- | M] () -- C:\Windows\Installer\29d881d.msi
[2012/04/26 10:53:46 | 000,808,960 | ---- | M] () -- C:\Windows\Installer\29d8823.msi
[2012/04/26 10:53:54 | 000,927,744 | ---- | M] () -- C:\Windows\Installer\29d8829.msi
[2012/04/26 10:54:00 | 000,770,048 | ---- | M] () -- C:\Windows\Installer\29d882f.msi
[2012/04/26 10:54:06 | 000,792,064 | ---- | M] () -- C:\Windows\Installer\29d8835.msi
[2012/04/26 10:54:12 | 000,778,752 | ---- | M] () -- C:\Windows\Installer\29d883b.msi
[2012/04/26 10:54:18 | 000,800,256 | ---- | M] () -- C:\Windows\Installer\29d8841.msi
[2012/04/26 10:54:24 | 000,814,592 | ---- | M] () -- C:\Windows\Installer\29d8847.msi
[2012/04/26 10:54:30 | 000,786,432 | ---- | M] () -- C:\Windows\Installer\29d884d.msi
[2012/04/26 10:54:36 | 000,843,776 | ---- | M] () -- C:\Windows\Installer\29d8853.msi
[2012/04/26 10:54:42 | 000,823,808 | ---- | M] () -- C:\Windows\Installer\29d8859.msi
[2012/04/26 10:54:48 | 000,778,752 | ---- | M] () -- C:\Windows\Installer\29d885f.msi
[2012/04/26 10:54:54 | 000,773,120 | ---- | M] () -- C:\Windows\Installer\29d8865.msi
[2012/04/26 10:55:00 | 000,808,448 | ---- | M] () -- C:\Windows\Installer\29d886b.msi
[2012/04/26 10:55:06 | 000,790,016 | ---- | M] () -- C:\Windows\Installer\29d8871.msi
[2012/04/26 10:55:14 | 000,906,752 | ---- | M] () -- C:\Windows\Installer\29d8877.msi
[2012/04/26 10:55:22 | 000,775,680 | ---- | M] () -- C:\Windows\Installer\29d887d.msi
[2012/04/26 10:55:28 | 000,880,640 | ---- | M] () -- C:\Windows\Installer\29d8883.msi
[2012/04/26 10:55:36 | 000,796,160 | ---- | M] () -- C:\Windows\Installer\29d8889.msi
[2012/04/26 10:55:42 | 000,786,432 | ---- | M] () -- C:\Windows\Installer\29d888f.msi
[2012/04/26 10:55:48 | 000,803,328 | ---- | M] () -- C:\Windows\Installer\29d8895.msi
[2012/04/26 10:56:00 | 000,984,576 | ---- | M] () -- C:\Windows\Installer\29d889b.msi
[2012/04/26 10:56:34 | 000,397,312 | ---- | M] () -- C:\Windows\Installer\29d88a1.msi
[2012/04/26 10:52:06 | 014,508,032 | ---- | M] () -- C:\Windows\Installer\29d88a8.msi
[2012/04/26 11:02:30 | 001,793,024 | ---- | M] () -- C:\Windows\Installer\29d88b8.msi
[2012/04/26 11:03:24 | 016,913,920 | ---- | M] () -- C:\Windows\Installer\29d88cf.msi
[2010/10/08 23:07:04 | 011,559,424 | R--- | M] () -- C:\Windows\Installer\29fc3b8.msp
[2010/07/23 02:03:24 | 000,338,432 | R--- | M] () -- C:\Windows\Installer\29fc3cf.msp
[2010/11/21 00:35:20 | 003,359,744 | R--- | M] () -- C:\Windows\Installer\29fc3e6.msp
[2010/10/21 19:10:00 | 003,995,136 | R--- | M] () -- C:\Windows\Installer\29fc401.msp
[2011/04/23 21:41:44 | 285,707,264 | R--- | M] () -- C:\Windows\Installer\2adcfb2.msp
[2011/04/27 08:36:42 | 014,359,552 | R--- | M] () -- C:\Windows\Installer\2add1b9.msp
[2008/11/19 22:53:37 | 000,354,304 | ---- | M] () -- C:\Windows\Installer\2b55b8.msi
[2009/01/01 12:50:15 | 001,174,528 | ---- | M] () -- C:\Windows\Installer\2b822d.msi
[2008/12/29 02:00:14 | 001,100,288 | ---- | M] () -- C:\Windows\Installer\2ba1af.msi
[2009/11/13 20:49:18 | 001,619,968 | ---- | M] () -- C:\Windows\Installer\2d60679.msi
[2008/11/12 22:53:41 | 019,210,240 | R--- | M] () -- C:\Windows\Installer\2d96cd.msp
[2011/06/30 21:44:57 | 000,272,896 | ---- | M] () -- C:\Windows\Installer\2e1ee29.msi
[2010/07/14 11:21:34 | 001,530,880 | ---- | M] () -- C:\Windows\Installer\2f1ea.msi
[2009/09/12 02:35:50 | 021,596,672 | ---- | M] () -- C:\Windows\Installer\2fe9570.msi
[2009/04/14 04:22:08 | 019,840,000 | R--- | M] () -- C:\Windows\Installer\2fef74f.msp
[2009/04/14 05:56:18 | 020,498,944 | R--- | M] () -- C:\Windows\Installer\2fef758.msp
[2009/05/07 10:04:06 | 018,341,376 | R--- | M] () -- C:\Windows\Installer\2fef761.msp
[2009/04/14 04:46:12 | 015,438,848 | R--- | M] () -- C:\Windows\Installer\2fef76a.msp
[2009/04/14 05:21:34 | 015,303,168 | R--- | M] () -- C:\Windows\Installer\2fef773.msp
[2009/12/18 00:12:34 | 000,942,592 | ---- | M] () -- C:\Windows\Installer\30eccd4.msi
[2009/12/18 00:12:16 | 003,705,856 | ---- | M] () -- C:\Windows\Installer\30eccda.msi
[2009/12/18 00:12:32 | 003,328,512 | ---- | M] () -- C:\Windows\Installer\30ecce0.msi
[2009/12/18 00:12:16 | 000,664,576 | ---- | M] () -- C:\Windows\Installer\30ecce6.msi
[2009/12/18 00:12:32 | 000,673,280 | ---- | M] () -- C:\Windows\Installer\30eccf1.msi
[2009/12/18 00:12:32 | 021,783,552 | ---- | M] () -- C:\Windows\Installer\30eccf9.msi
[2009/12/18 00:11:58 | 001,066,496 | ---- | M] () -- C:\Windows\Installer\30eccff.msi
[2009/12/18 00:12:34 | 000,746,496 | ---- | M] () -- C:\Windows\Installer\30ecd05.msi
[2009/12/18 00:12:24 | 000,806,912 | ---- | M] () -- C:\Windows\Installer\30ecd0b.msi
[2009/12/18 00:11:56 | 000,814,592 | ---- | M] () -- C:\Windows\Installer\30ecd11.msi
[2009/12/18 00:12:06 | 000,733,696 | ---- | M] () -- C:\Windows\Installer\30ecd17.msi
[2009/12/18 00:12:28 | 000,940,544 | ---- | M] () -- C:\Windows\Installer\30ecd24.msi
[2009/12/18 00:12:30 | 000,686,592 | ---- | M] () -- C:\Windows\Installer\30ecd2a.msi
[2009/12/18 00:12:28 | 000,734,720 | ---- | M] () -- C:\Windows\Installer\30ecd30.msi
[2009/12/18 00:12:26 | 001,062,912 | ---- | M] () -- C:\Windows\Installer\30ecd36.msi
[2009/12/18 00:12:02 | 001,154,048 | ---- | M] () -- C:\Windows\Installer\30ecd3c.msi
[2009/12/18 00:12:24 | 000,733,696 | ---- | M] () -- C:\Windows\Installer\30ecd42.msi
[2009/12/18 00:12:34 | 000,588,800 | ---- | M] () -- C:\Windows\Installer\30ecd48.msi
[2009/12/18 00:12:24 | 000,889,856 | ---- | M] () -- C:\Windows\Installer\30ecd50.msi
[2009/12/18 00:11:58 | 000,573,440 | ---- | M] () -- C:\Windows\Installer\30ecd56.msi
[2009/12/18 00:12:30 | 000,735,232 | ---- | M] () -- C:\Windows\Installer\30ecd5c.msi
[2009/12/18 00:12:10 | 000,732,672 | ---- | M] () -- C:\Windows\Installer\30ecd62.msi
[2009/12/18 00:12:28 | 000,737,280 | ---- | M] () -- C:\Windows\Installer\30ecd68.msi
[2009/12/18 00:12:30 | 000,688,128 | ---- | M] () -- C:\Windows\Installer\30ecd6e.msi
[2009/12/18 00:12:32 | 000,688,640 | ---- | M] () -- C:\Windows\Installer\30ecd74.msi
[2009/12/18 00:12:18 | 000,697,344 | ---- | M] () -- C:\Windows\Installer\30ecd7a.msi
[2009/12/18 00:12:30 | 000,687,104 | ---- | M] () -- C:\Windows\Installer\30ecd80.msi
[2009/12/18 00:12:34 | 000,671,232 | ---- | M] () -- C:\Windows\Installer\30ecd86.msi
[2009/12/18 00:12:22 | 000,671,232 | ---- | M] () -- C:\Windows\Installer\30ecd8c.msi
[2009/12/18 00:12:28 | 000,735,744 | ---- | M] () -- C:\Windows\Installer\30ecd94.msi
[2009/12/18 00:12:22 | 031,014,912 | ---- | M] () -- C:\Windows\Installer\30ecda7.msi
[2009/12/18 00:12:22 | 001,084,928 | ---- | M] () -- C:\Windows\Installer\30ecdad.msi
[2009/12/18 00:12:22 | 000,872,448 | ---- | M] () -- C:\Windows\Installer\30ecdb3.msi
[2009/12/18 00:12:26 | 010,805,760 | ---- | M] () -- C:\Windows\Installer\30ecdbc.msi
[2009/12/18 00:12:00 | 004,123,136 | ---- | M] () -- C:\Windows\Installer\30ecdc5.msi
[2009/12/18 00:12:30 | 030,598,144 | ---- | M] () -- C:\Windows\Installer\30ecdd1.msi
[2009/12/18 00:12:26 | 000,714,752 | ---- | M] () -- C:\Windows\Installer\30ecdd7.msi
[2009/12/18 00:12:26 | 001,307,136 | ---- | M] () -- C:\Windows\Installer\30ecddd.msi
[2009/12/18 00:12:04 | 000,712,704 | ---- | M] () -- C:\Windows\Installer\30ecde3.msi
[2009/12/18 00:12:24 | 013,020,160 | ---- | M] () -- C:\Windows\Installer\30ecded.msi
[2009/12/18 00:12:26 | 000,808,960 | ---- | M] () -- C:\Windows\Installer\30ecdf3.msi
[2009/12/18 00:12:32 | 000,737,792 | ---- | M] () -- C:\Windows\Installer\30ecdf9.msi
[2009/12/18 00:12:12 | 000,733,184 | ---- | M] () -- C:\Windows\Installer\30ecdff.msi
[2011/09/21 16:18:24 | 004,985,856 | R--- | M] () -- C:\Windows\Installer\3176607.msp
[2011/07/11 17:33:14 | 023,254,016 | R--- | M] () -- C:\Windows\Installer\317661a.msp
[2011/10/14 03:07:55 | 020,333,568 | R--- | M] () -- C:\Windows\Installer\3176625.msp
[2011/04/16 00:14:54 | 003,186,176 | ---- | M] () -- C:\Windows\Installer\32c9689.msi
[2011/04/16 08:44:26 | 002,770,944 | ---- | M] () -- C:\Windows\Installer\32c969c.msi
[2011/04/29 12:33:30 | 008,173,568 | R--- | M] () -- C:\Windows\Installer\32c96e4.msp
[2011/04/19 04:21:02 | 000,235,520 | ---- | M] () -- C:\Windows\Installer\32c9762.msi
[2011/04/19 04:54:14 | 000,227,328 | ---- | M] () -- C:\Windows\Installer\32c9769.msi
[2011/04/29 12:28:40 | 001,995,264 | R--- | M] () -- C:\Windows\Installer\32c977f.msp
[2011/04/29 12:31:46 | 009,006,080 | R--- | M] () -- C:\Windows\Installer\32c9796.msp
[2011/03/17 20:03:50 | 000,308,736 | R--- | M] () -- C:\Windows\Installer\32c97ac.msp
[2006/05/11 13:52:32 | 005,148,016 | ---- | M] () -- C:\Windows\Installer\32e7839.msi
[2010/08/25 10:16:08 | 001,061,376 | ---- | M] () -- C:\Windows\Installer\363ae7.msi
[2008/11/14 10:15:51 | 014,939,136 | R--- | M] () -- C:\Windows\Installer\383da21.msp
[2011/03/25 09:16:38 | 005,135,872 | R--- | M] () -- C:\Windows\Installer\38e1270.msp
[2011/04/13 11:48:16 | 035,326,464 | R--- | M] () -- C:\Windows\Installer\38e1286.msp
[2010/07/10 20:06:20 | 010,120,192 | R--- | M] () -- C:\Windows\Installer\3b4f11b.msp
[2010/07/10 20:14:14 | 002,850,816 | R--- | M] () -- C:\Windows\Installer\3b4f132.msp
[2010/07/26 16:00:00 | 005,010,944 | R--- | M] () -- C:\Windows\Installer\3b4f149.msp
[2010/09/01 04:00:00 | 005,314,048 | ---- | M] () -- C:\Windows\Installer\49d8f6.msi
[2010/04/15 14:44:22 | 022,104,064 | ---- | M] () -- C:\Windows\Installer\49d905.msi
[2010/05/14 12:23:28 | 005,448,704 | ---- | M] () -- C:\Windows\Installer\49d966.msi
[2009/07/14 05:29:38 | 005,922,304 | ---- | M] () -- C:\Windows\Installer\4a8c5.msi
[2009/07/14 05:29:38 | 019,210,240 | R--- | M] () -- C:\Windows\Installer\4a927.msp
[2011/02/11 08:59:10 | 023,633,408 | R--- | M] () -- C:\Windows\Installer\597f7f.msp
[2011/02/24 15:15:46 | 011,551,232 | R--- | M] () -- C:\Windows\Installer\597f9b.msp
[2010/11/20 23:33:46 | 001,980,928 | R--- | M] () -- C:\Windows\Installer\597fb2.msp
[2011/01/11 17:50:38 | 008,177,152 | R--- | M] () -- C:\Windows\Installer\597fc9.msp
[2011/03/17 20:01:58 | 009,563,648 | R--- | M] () -- C:\Windows\Installer\597fe0.msp
[2010/11/20 23:32:52 | 004,165,120 | R--- | M] () -- C:\Windows\Installer\598007.msp
[2011/03/17 20:00:20 | 000,090,624 | R--- | M] () -- C:\Windows\Installer\59800f.msp
[2011/01/11 17:49:20 | 009,003,008 | R--- | M] () -- C:\Windows\Installer\598026.msp
[2011/03/17 20:05:24 | 004,989,440 | R--- | M] () -- C:\Windows\Installer\59803d.msp
[2009/07/12 09:43:18 | 000,231,936 | ---- | M] () -- C:\Windows\Installer\5a7e7.msi
[2011/08/12 06:52:04 | 004,643,840 | ---- | M] () -- C:\Windows\Installer\64a7b.msi
[2008/08/08 15:46:10 | 000,242,176 | ---- | M] () -- C:\Windows\Installer\68d658.msi
[2008/08/11 16:41:00 | 001,305,600 | ---- | M] () -- C:\Windows\Installer\72b7070.msi
[2008/11/09 20:20:28 | 003,443,712 | ---- | M] () -- C:\Windows\Installer\7917ee.msi
[2008/11/09 20:21:10 | 001,620,992 | ---- | M] () -- C:\Windows\Installer\7a2082.msi
[2010/04/07 12:42:30 | 002,211,328 | ---- | M] () -- C:\Windows\Installer\7aba8f.msi
[2010/04/07 12:42:30 | 001,997,312 | ---- | M] () -- C:\Windows\Installer\7aba95.msi
[2010/04/07 12:42:30 | 000,725,504 | ---- | M] () -- C:\Windows\Installer\7aba9b.msi
[2010/04/07 12:42:30 | 003,670,016 | ---- | M] () -- C:\Windows\Installer\7abaa1.msi
[2010/04/07 12:42:30 | 000,606,208 | ---- | M] () -- C:\Windows\Installer\7abaa7.msi
[2010/04/07 12:42:32 | 012,719,104 | ---- | M] () -- C:\Windows\Installer\7abaad.msi
[2012/05/31 14:44:19 | 000,023,040 | ---- | M] () -- C:\Windows\Installer\7abab3.msi
[2012/05/31 14:45:39 | 000,022,528 | ---- | M] () -- C:\Windows\Installer\7abab9.msi
[2010/04/07 12:42:22 | 002,258,944 | ---- | M] () -- C:\Windows\Installer\7ababf.msi
[2012/03/23 17:30:23 | 000,025,600 | ---- | M] () -- C:\Windows\Installer\80043d.msi
[2003/02/04 16:14:56 | 001,684,480 | ---- | M] () -- C:\Windows\Installer\82b86d.msi
[2003/02/04 16:14:53 | 000,808,960 | ---- | M] () -- C:\Windows\Installer\82b873.msi
[2009/03/20 11:53:36 | 000,183,808 | R--- | M] () -- C:\Windows\Installer\87999b.msp
[2012/01/04 03:05:25 | 003,979,776 | ---- | M] () -- C:\Windows\Installer\8aeffa.msi
[2012/03/27 11:47:55 | 004,959,232 | R--- | M] () -- C:\Windows\Installer\8c4292.msp
[2009/04/29 16:56:26 | 341,439,488 | ---- | M] () -- C:\Windows\Installer\8c5353.msi
[2009/07/22 01:23:56 | 000,199,680 | ---- | M] () -- C:\Windows\Installer\8cc46e.msi
[2011/11/04 13:37:18 | 008,822,784 | ---- | M] () -- C:\Windows\Installer\8e9f21.msi
[2011/11/04 13:37:31 | 002,081,792 | ---- | M] () -- C:\Windows\Installer\8e9f25.msi
[2011/11/04 13:37:54 | 004,425,728 | R--- | M] () -- C:\Windows\Installer\8e9f3c.msp
[2011/11/04 13:38:27 | 002,933,248 | R--- | M] () -- C:\Windows\Installer\8e9f54.msp
[2011/11/04 13:38:35 | 004,680,704 | ---- | M] () -- C:\Windows\Installer\8e9f58.msi
[2011/11/04 13:38:44 | 002,343,936 | ---- | M] () -- C:\Windows\Installer\8e9f5c.msi
[2011/11/04 13:38:49 | 000,147,968 | ---- | M] () -- C:\Windows\Installer\8e9f60.msi
[2011/11/04 13:38:59 | 000,136,704 | R--- | M] () -- C:\Windows\Installer\8e9f69.msp
[2011/11/04 13:39:18 | 001,139,200 | R--- | M] () -- C:\Windows\Installer\8e9f79.msp
[2011/11/04 13:39:33 | 000,715,264 | R--- | M] () -- C:\Windows\Installer\8e9f85.msp
[2011/11/04 13:40:18 | 003,313,152 | R--- | M] () -- C:\Windows\Installer\8e9fa5.msp
[2011/11/04 13:40:28 | 001,819,136 | ---- | M] () -- C:\Windows\Installer\8e9faa.msi
[2011/11/04 13:42:32 | 014,623,744 | R--- | M] () -- C:\Windows\Installer\8e9fda.msp
[2011/11/04 13:43:13 | 003,731,968 | R--- | M] () -- C:\Windows\Installer\8e9fe8.msp
[2011/11/04 13:43:23 | 000,029,184 | R--- | M] () -- C:\Windows\Installer\8e9ff3.msp
[2011/11/04 13:43:39 | 000,626,688 | R--- | M] () -- C:\Windows\Installer\8ea000.msp
[2011/11/04 13:43:53 | 000,468,480 | R--- | M] () -- C:\Windows\Installer\8ea00e.msp
[2011/11/04 13:44:22 | 002,146,816 | R--- | M] () -- C:\Windows\Installer\8ea01e.msp
[2011/11/04 13:44:32 | 000,060,416 | R--- | M] () -- C:\Windows\Installer\8ea028.msp
[2010/09/17 23:08:30 | 002,618,368 | ---- | M] () -- C:\Windows\Installer\947351.msi
[2010/05/20 19:58:28 | 012,114,432 | R--- | M] () -- C:\Windows\Installer\ae6816.msp
[2010/06/11 11:03:22 | 005,021,184 | R--- | M] () -- C:\Windows\Installer\ae682d.msp
[2010/05/20 19:57:12 | 005,907,456 | R--- | M] () -- C:\Windows\Installer\ae684d.msp
[2010/05/20 19:57:18 | 004,989,952 | R--- | M] () -- C:\Windows\Installer\ae684e.msp
[2011/01/25 18:43:44 | 378,156,544 | ---- | M] () -- C:\Windows\Installer\b51d82.msp
[2011/01/25 18:09:23 | 000,003,584 | ---- | M] () -- C:\Windows\Installer\b51d83.mst
[2009/09/29 02:11:07 | 001,850,368 | ---- | M] () -- C:\Windows\Installer\b537bb.msi
[2010/02/24 23:47:16 | 000,224,768 | ---- | M] () -- C:\Windows\Installer\b537c2.msi
[2010/03/18 17:41:24 | 001,901,056 | ---- | M] () -- C:\Windows\Installer\b537c8.msi
[2010/03/18 20:29:04 | 000,872,448 | ---- | M] () -- C:\Windows\Installer\b537ce.msi
[2011/06/21 12:01:14 | 004,991,488 | R--- | M] () -- C:\Windows\Installer\b9c3b5.msp
[2010/03/19 19:58:20 | 000,551,424 | ---- | M] () -- C:\Windows\Installer\ba87ed.msi
[2010/03/18 22:39:40 | 000,176,640 | ---- | M] () -- C:\Windows\Installer\ba87f3.msi
[2010/03/11 16:58:26 | 003,164,160 | ---- | M] () -- C:\Windows\Installer\ba880b.msi
[2010/02/24 23:46:00 | 003,653,120 | ---- | M] () -- C:\Windows\Installer\ba8816.msi
[2010/09/24 00:02:36 | 000,517,120 | ---- | M] () -- C:\Windows\Installer\ba881c.msi
[2004/10/14 19:07:15 | 008,087,040 | ---- | M] () -- C:\Windows\Installer\d59579.msi
[2010/08/22 17:09:44 | 010,036,736 | ---- | M] () -- C:\Windows\Installer\d5958d.msi
[2010/03/16 13:37:54 | 014,171,136 | ---- | M] () -- C:\Windows\Installer\ff9a93.msi
[2010/03/25 16:03:30 | 002,097,664 | ---- | M] () -- C:\Windows\Installer\ff9adb.msi
[2010/03/25 15:59:38 | 026,932,224 | ---- | M] () -- C:\Windows\Installer\ff9d8a.msi
[2010/03/26 01:48:24 | 058,121,216 | ---- | M] () -- C:\Windows\Installer\ff9d8e.msi
[2010/04/10 13:00:32 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{CA4AF936-3312-4AF4-A191-527531490DCD}.SchedServiceConfig.rmi

< %windir%\system32\tasks\*.* /64 >
[2012/03/23 17:30:30 | 000,003,636 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore
[2012/03/23 17:30:31 | 000,003,888 | ---- | M] () -- C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA
[2010/07/23 22:01:01 | 000,003,246 | ---- | M] () -- C:\Windows\SysNative\tasks\SidebarExecute
[2011/09/18 20:28:48 | 000,002,894 | ---- | M] () -- C:\Windows\SysNative\tasks\{104E2012-6B9D-4573-8F08-6810D7E45666}
[2011/09/18 20:30:05 | 000,002,894 | ---- | M] () -- C:\Windows\SysNative\tasks\{1E05F877-732F-4326-AF6A-EE69D86EE140}
[2011/09/18 20:28:49 | 000,002,894 | ---- | M] () -- C:\Windows\SysNative\tasks\{1EF829AD-1866-4FF0-90D0-1A1D5C6AE9A9}
[2010/06/03 21:20:34 | 000,002,972 | ---- | M] () -- C:\Windows\SysNative\tasks\{29577EAE-8381-4B52-8780-DD607BF81059}
[2010/04/02 18:48:04 | 000,003,074 | ---- | M] () -- C:\Windows\SysNative\tasks\{3B467E81-76DC-4C40-B481-31EC11E18436}
[2008/11/17 01:22:02 | 000,003,174 | ---- | M] () -- C:\Windows\SysNative\tasks\{426BBE3C-F00B-4A5F-92C3-66F535EE80B7}
[2011/09/18 20:28:50 | 000,002,894 | ---- | M] () -- C:\Windows\SysNative\tasks\{46C507D3-4F73-4E27-8448-C3196391C342}
[2010/08/15 20:49:59 | 000,003,134 | ---- | M] () -- C:\Windows\SysNative\tasks\{598F790F-3476-4172-B9E7-D473726C3216}
[2011/09/18 20:28:48 | 000,002,894 | ---- | M] () -- C:\Windows\SysNative\tasks\{5D8A6BF8-CAA6-41DF-8682-3FD6CABCBAF8}
[2010/01/22 04:34:26 | 000,003,138 | ---- | M] () -- C:\Windows\SysNative\tasks\{6BDA90D2-0B44-4D04-A32B-A763EAFAE51F}
[2011/09/18 20:28:47 | 000,002,894 | ---- | M] () -- C:\Windows\SysNative\tasks\{74B0DF68-6948-4FBD-B179-3B1FA316A593}
[2011/09/18 20:28:47 | 000,002,894 | ---- | M] () -- C:\Windows\SysNative\tasks\{78BC9F60-39AC-4EAB-9812-5209AE9227AD}
[2010/08/15 20:51:34 | 000,003,134 | ---- | M] () -- C:\Windows\SysNative\tasks\{7952CBBD-2432-45A7-BB87-71EAECE25F5B}
[2011/09/18 20:28:46 | 000,002,894 | ---- | M] () -- C:\Windows\SysNative\tasks\{86EF5081-46C5-4F7D-A84A-2772C3538170}
[2009/11/24 23:37:08 | 000,002,994 | ---- | M] () -- C:\Windows\SysNative\tasks\{8AC8DFF2-2157-4EAD-A5B0-8092414F338C}
[2011/09/18 20:28:45 | 000,002,894 | ---- | M] () -- C:\Windows\SysNative\tasks\{98C4C8E2-2340-49B1-BB53-05974D12780B}
[2011/09/18 20:28:49 | 000,002,894 | ---- | M] () -- C:\Windows\SysNative\tasks\{9EE61094-8304-40FB-9E9C-42999BD1FD8F}
[2010/08/04 19:13:05 | 000,002,950 | ---- | M] () -- C:\Windows\SysNative\tasks\{9F225DB8-B3DA-4009-B51F-F2A7C36B50B6}
[2010/06/03 21:20:36 | 000,002,972 | ---- | M] () -- C:\Windows\SysNative\tasks\{A3BEFF05-36E0-4531-9D61-4DED51C4CDF6}
[2010/10/23 18:22:03 | 000,003,268 | ---- | M] () -- C:\Windows\SysNative\tasks\{B083207F-087E-440C-9044-62457B7F0A37}
[2011/09/18 20:28:30 | 000,002,894 | ---- | M] () -- C:\Windows\SysNative\tasks\{B35B7AFB-A395-4054-9B4B-1CD1D6D89B1D}
[2011/09/18 20:28:47 | 000,002,894 | ---- | M] () -- C:\Windows\SysNative\tasks\{B8806484-D2E9-4615-BF32-104F4B865879}
[2010/05/22 18:07:49 | 000,003,252 | ---- | M] () -- C:\Windows\SysNative\tasks\{BAE59C2C-0756-4404-9564-563A9B2757E9}
[2010/08/04 19:13:05 | 000,002,950 | ---- | M] () -- C:\Windows\SysNative\tasks\{CC12C8C9-AA12-4B1F-94E9-0D7CA5BC20FF}
[2011/09/18 20:30:04 | 000,002,894 | ---- | M] () -- C:\Windows\SysNative\tasks\{DDB7232E-8749-4B04-AAEE-8A68B7C9F0AC}
[2011/09/18 20:30:18 | 000,002,894 | ---- | M] () -- C:\Windows\SysNative\tasks\{E4472D0E-51C8-445C-BADA-78E16B466525}
[2011/09/18 20:28:51 | 000,002,894 | ---- | M] () -- C:\Windows\SysNative\tasks\{F1BF76F6-F3E0-4EC2-B520-629A85BAC9D1}

< %systemroot%\Fonts\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: EXPLORER.EXE >
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\ERDNT\cache86\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: REGEDIT.EXE >
[2009/07/13 21:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\ERDNT\cache86\regedit.exe
[2009/07/13 21:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009/07/13 21:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009/07/13 21:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009/07/13 21:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\a folder\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\a folder\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: PEPBOBA
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media
Volume 1 E DVD-ROM 0 B No Media
Volume 2 C NTFS Partition 290 GB Healthy System
Volume 3 P PEP NTFS Partition 175 GB Healthy
Volume 4 H PATRIOT FAT32 Removable 7644 MB Healthy

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 1253 bytes -> C:\ProgramData\Microsoft:Z5kZgN54EEOKemOeSDKHWY4jiDH
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:BB1102D7
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8CE646EE
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C8B8CEBD
@Alternate Data Stream - 1133 bytes -> C:\Users\PEP\AppData\Local\Temp:tIEBoLDxzfOncxhAJhlsx70nBLpy
@Alternate Data Stream - 1110 bytes -> C:\ProgramData\Microsoft:vnCmNOPrayl7udt8VOTRBar

< End of report >
PEP's Avatar
PEP PEP is offline
Computer Specs
Account Disabled with 2,366 posts.
THREAD STARTER
 
Join Date: Feb 2006
Location: New York
Experience: Vir........ medium.......
10-Jun-2012, 03:17 AM #9
EXTRAS.TXT

OTL Extras logfile created on: 6/10/2012 2:23:38 AM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\PEP\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 45.74% Memory free
9.99 Gb Paging File | 7.74 Gb Available in Paging File | 77.43% Paging File free
Paging file location(s): c:\pagefile.sys 6141 6141 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 290.04 Gb Total Space | 66.97 Gb Free Space | 23.09% Space Free | Partition Type: NTFS
Drive H: | 7.45 Gb Total Space | 1.32 Gb Free Space | 17.70% Space Free | Partition Type: FAT32
Drive P: | 175.72 Gb Total Space | 53.89 Gb Free Space | 30.67% Space Free | Partition Type: NTFS

Computer Name: PEPBOBA | User Name: PEP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3924556204-3487639632-2258398569-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\a folder\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\a folder\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\a folder\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\AFOLDE~1\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\a folder\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\a folder\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\a folder\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\a folder\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\AFOLDE~1\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\a folder\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfil e]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProf ile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfil e]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProf ile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{1472C893-D724-4240-8A37-C12E894BAE4D}" = rport=445 | protocol=6 | dir=out | app=system |
"{1D372302-FE92-4391-85CB-CCABC85568D7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{24636F04-D562-4E48-8BD5-3FA7D3B6E875}" = rport=137 | protocol=17 | dir=out | app=system |
"{36A5DA01-927B-473C-9402-BBD22A276530}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{375CAC8F-DD24-435F-AED8-D61C2EEC69A5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{437F6664-9380-4C08-8394-20A8399ECDE5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4CF5CC16-5567-49CF-B560-DF95B779B985}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5B2E5BE2-ED79-444E-B5CB-FE49A963E48B}" = lport=138 | protocol=17 | dir=in | app=system |
"{64552C9B-0B1B-4DD3-9731-9E9807BD2118}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6B8B7BB7-7243-418C-B401-D40EDC982704}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{749D3AC1-8F63-4F55-B5C0-CEE2583F0D18}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{81C5D623-C452-4543-B1F8-4EF33178F382}" = rport=139 | protocol=6 | dir=out | app=system |
"{933A3A2F-C989-40CF-AF0B-86B05BA6ADD7}" = lport=139 | protocol=6 | dir=in | app=system |
"{94D22FCB-9F1C-44EA-870E-E1D4260AD08D}" = rport=138 | protocol=17 | dir=out | app=system |
"{9876CD1F-FF12-478B-A604-4CE0BA96D719}" = lport=137 | protocol=17 | dir=in | app=system |
"{98A60BC6-302E-4F92-BD3D-2EC546A4447C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9DB907AE-9C39-4FF6-8C7D-18462B1B3CD8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9DC0EA03-B682-46BC-847C-79D76E02941E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9F2A4ED0-C3F2-4EEA-AF0D-E3F99195F21B}" = lport=445 | protocol=6 | dir=in | app=system |
"{B1240748-39AE-4237-A7E9-0C7991C018C2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C0B2CEB5-ECBF-4889-9DB5-700CFFE2DF3A}" = lport=6004 | protocol=17 | dir=in | app=c:\a folder\program files (x86)\microsoft office\office12\outlook.exe |
"{CADAD728-DB51-46BC-A39D-A9F9BC3C5BAF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CBC476F9-52EE-4716-98EB-94477A0B2736}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DEE85E8A-8B61-402C-BE93-09F91BED8FCE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F2D790EA-F0CB-41E2-B85A-BD959C6E6F7F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{04DADBCE-243A-4E9B-9638-FF876A0E6C8F}" = protocol=6 | dir=in | app=p:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe |
"{06B82B24-1B16-4CD0-B8F3-D9CD3A299952}" = protocol=17 | dir=in | app=c:\a folder\program files (x86)\sibelius software\sibelius 6\sibelius.exe |
"{07A1752C-7177-4102-ABFB-097552DEF6BC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{07A33C07-B825-4931-B839-4D08DA1E8312}" = protocol=17 | dir=in | app=p:\program files (x86)\gsc world publishing\s.t.a.l.k.e.r\bin\dedicated\xr_3da.exe |
"{07BE22DF-814C-4FEC-991F-82062A154021}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{089DE47C-1CC6-4A9A-BAB5-8E3D970BF1AE}" = protocol=17 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{0BA43BA1-4FE2-404B-BAA2-0E5AC847AC45}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0C9ECC9C-F7A9-4894-A886-2B39AF18070F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{0D26C5C0-A461-4CBB-A8EE-8B2E921EB084}" = protocol=6 | dir=in | app=c:\a folder\program files (x86)\sibelius software\sibelius 6\regtool.exe |
"{12C870AD-773A-4874-8D88-FB81A3A380D8}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe |
"{14037CAE-56DA-400E-AFD0-CEE25031947E}" = protocol=6 | dir=in | app=c:\a folder\program files (x86)\microsoft office\office12\groove.exe |
"{1720CB1B-087E-43B0-9926-2B833CF005D1}" = protocol=6 | dir=in | app=p:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{18AA295C-152A-489B-949C-6630B27E842F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1FCCCDAC-3057-4FCD-82EF-5EDD10A1EBD4}" = protocol=17 | dir=in | app=p:\program files (x86)\capcom\dead rising 2\deadrising2.exe |
"{2071EED4-F1A5-428D-8727-87982D8C77A8}" = protocol=6 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\luniac\source sdk base 2007\hl2.exe |
"{2485CB0A-DC4D-49BC-B1DF-D48E97FEBCB9}" = protocol=6 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{2CBD9BC1-F746-485A-9588-A166AD5CD956}" = protocol=6 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe |
"{2CD5A4D0-CFE5-42DF-BEEB-FFEDB6D8B369}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{2F09BED0-25D5-41EC-8075-A22C79ABEE7E}" = protocol=17 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{30AA094E-EB9B-4833-83BC-5A8A26F46871}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe |
"{30BB5D7C-7E5A-4C19-80ED-A09B433C6981}" = protocol=6 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\tales of monkey island - chapter 1\monkeyisland101.exe |
"{318B2EDB-7E33-46F2-8208-C142FBC30B5E}" = protocol=17 | dir=in | app=c:\program files (x86)\bioware\star wars - the old republic\launcher.exe |
"{387DA31F-7BE2-46A9-A082-9ED1718049A7}" = protocol=17 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\tales of monkey island - chapter 1\monkeyisland101.exe |
"{546EEDA1-37F7-4120-A288-551D325CD521}" = protocol=17 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
"{5A58EDEE-8504-4B83-B7A3-745D57B50755}" = protocol=17 | dir=in | app=p:\program files (x86)\dragon age 2\dragonage2launcher.exe |
"{5A6E34B7-AA35-4829-8351-D6D122B40281}" = protocol=17 | dir=in | app=p:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{5FECAA27-D451-414A-B5EA-0CAA988B7791}" = protocol=6 | dir=in | app=p:\program files (x86)\half-life 2\hl2.exe |
"{66088122-2DAB-4E95-B717-7B0B7007E731}" = protocol=6 | dir=in | app=p:\program files (x86)\gsc world publishing\s.t.a.l.k.e.r\bin\dedicated\xr_3da.exe |
"{6993E15B-5B76-4B0F-87D6-8D36A9E23D7B}" = protocol=6 | dir=in | app=p:\program files (x86)\gsc world publishing\s.t.a.l.k.e.r\bin\xr_3da.exe |
"{69C49913-9DA1-4FBC-98DF-ECD2B423E8D4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6DD6DAD0-A657-4354-8D97-2F615A60B36A}" = protocol=17 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe |
"{7AB3F8D5-5174-48FF-AD05-A2699D719FA5}" = protocol=17 | dir=in | app=p:\program files (x86)\half-life 2\hl2.exe |
"{7D668575-A739-43B2-A33D-0DB4474E5A18}" = protocol=6 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{7D852A32-B01C-4A77-AEA3-DB5B903649CA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{7F19C043-BC48-4D8C-96F0-B26CF116FE21}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{827D0B70-F3E1-4569-AAC5-B0F6FE3036F9}" = protocol=17 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{833A12E2-BD80-4592-A6D7-A534464A3B3D}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{83832E64-8F54-467B-AB6A-3E2FBEC197C2}" = protocol=6 | dir=in | app=p:\program files (x86)\mass effect 3\binaries\win32\masseffect3.exe |
"{85309405-D8E4-4D41-8159-7D3E003EA9B7}" = protocol=17 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\luniac\dark messiah might and magic multi-player\runme.exe |
"{85477DE8-DFCA-4CDC-9AEF-5BC19E43154D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8A7F3492-1FC0-4340-B546-E6148546D89F}" = protocol=6 | dir=in | app=c:\program files (x86)\bioware\star wars - the old republic\launcher.exe |
"{8D167BF8-6397-4E48-B9B6-06CB2E9202EA}" = protocol=6 | dir=in | app=p:\program files (x86)\capcom\dead rising 2\deadrising2.exe |
"{8E7AD75D-16CE-4CDD-9B5E-783FD2748807}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{90999657-4D7F-4D1F-9503-AD8EBE9FA7FE}" = protocol=17 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe |
"{94AB2618-3338-49CD-8083-F65588C10539}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{951C040B-1291-4967-983E-E133A4AF85B1}" = protocol=17 | dir=in | app=p:\program files (x86)\gsc world publishing\s.t.a.l.k.e.r\bin\xr_3da.exe |
"{95A94D00-AFB9-44EE-9529-EB021A067B34}" = protocol=6 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\luniac\dark messiah might and magic multi-player\runme.exe |
"{97C02BA5-E3C8-427A-AFCE-DDA14417C1BF}" = protocol=6 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{9A76FFFF-E373-4524-851D-9D3C132A76E7}" = protocol=6 | dir=in | app=p:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{9C8B792C-4030-4DCD-9029-A402170A0710}" = protocol=6 | dir=in | app=c:\a folder\program files (x86)\itunes\itunes.exe |
"{9FDDD8F8-5DD3-4D8F-A0A8-E6F50B00AC82}" = protocol=6 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\grand theft auto vice city\gta-vc.exe |
"{AA48AB67-EA3E-4725-9591-B616ACC03B52}" = protocol=17 | dir=in | app=c:\a folder\program files (x86)\itunes\itunes.exe |
"{AA5AE089-79F3-4DB6-A88D-58BA7F10421C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AF4C76C3-9A0E-4D56-8E43-0632CA35C122}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B436D705-D896-481C-813B-BD5BEAC7482E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B440D3BF-22D9-40CC-9576-53A3D0078D25}" = protocol=17 | dir=in | app=p:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{B5626616-5271-441C-95A1-BBE9C7221D3A}" = protocol=6 | dir=in | app=c:\a folder\program files (x86)\microsoft office\office12\onenote.exe |
"{B5F3DF31-679C-4592-A8C5-6C526464F349}" = protocol=6 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{BC26646C-5C3D-4E64-B24F-0853A9427264}" = protocol=6 | dir=in | app=p:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{BC4A8C6D-6F85-4A68-B17F-85C9608F2287}" = protocol=17 | dir=in | app=c:\a folder\program files (x86)\microsoft office\office12\groove.exe |
"{BCC0D4FE-47ED-49CB-901F-325E052A3A1E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BD2B5A0C-709A-4654-AEDB-5797373A9F8C}" = protocol=17 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{BDF1F23A-B34A-44D5-B4AF-2441F7C1D714}" = protocol=17 | dir=in | app=p:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{BEB1500A-99CF-4D90-899F-64FBDB87F966}" = protocol=6 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{C0677A9D-17B1-41B3-A6A0-1DD94B0D9CDF}" = protocol=17 | dir=in | app=c:\program files (x86)\bioware\star wars - the old republic\launcher.exe |
"{C9A8C29E-4656-4112-9E45-F6CEA82D82B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CACD7EA5-AB40-41A3-84C7-AF569BC54263}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CEEA9467-DB34-49EB-8204-60016309172E}" = protocol=6 | dir=out | app=system |
"{CFB82206-E6B6-4DC4-93F9-602D29105B90}" = protocol=6 | dir=in | app=p:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe |
"{D283D88D-334F-4978-B3B8-6C73F1C223BC}" = protocol=17 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\grand theft auto vice city\gta-vc.exe |
"{D446FFBD-A5B5-4B36-8397-2227BEA366FF}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{D59192F5-91F9-4B95-AF17-7952C92600F8}" = protocol=6 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe |
"{D866BB1F-CFB9-4AAA-8337-65EB2F79E1EF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DB594F78-1102-46B7-9433-B63F84CD5ABB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DBAD3C3F-32FA-492D-AB93-FB744BE5DBB1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DC722427-37D6-4012-9DA3-A30EC9C28355}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E5BAA7E0-8C66-42D7-981C-AA0282EAB129}" = protocol=6 | dir=in | app=p:\program files (x86)\dragon age 2\dragonage2launcher.exe |
"{E6E9B0E9-A0D5-4031-9A40-5C275E942A42}" = protocol=17 | dir=in | app=p:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe |
"{E96F5FFE-5836-4BD0-8F38-C8DF6F28E411}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EFB21C95-4EE5-4BBA-B1A3-B5FD2E5D640E}" = protocol=6 | dir=in | app=c:\a folder\program files (x86)\sibelius software\sibelius 6\sibelius.exe |
"{F2115520-5407-4E9D-8769-5453438E68C4}" = protocol=6 | dir=in | app=c:\program files (x86)\bioware\star wars - the old republic\launcher.exe |
"{F2EE435D-BD52-4D6A-9EF5-1C4BC2B4752F}" = protocol=17 | dir=in | app=c:\a folder\program files (x86)\microsoft office\office12\onenote.exe |
"{F3FB9D88-A566-4828-9522-7EBA539269C1}" = protocol=17 | dir=in | app=p:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe |
"{F735C2F9-B985-49BB-9485-3DF33AA021B3}" = protocol=17 | dir=in | app=c:\a folder\program files (x86)\sibelius software\sibelius 6\regtool.exe |
"{F9F86010-30D8-487B-AD2E-A6D1657E1444}" = protocol=6 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
"{FA739618-D6FA-433C-89D1-A37FB4B6FADA}" = protocol=17 | dir=in | app=p:\program files (x86)\mass effect 3\binaries\win32\masseffect3.exe |
"{FC5189F5-4A5B-4F26-A685-1BFC801DFE24}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FEFE399E-D73C-49DC-B145-6325B4DE9A88}" = protocol=17 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\luniac\source sdk base 2007\hl2.exe |
"{FF104646-6916-4553-92B9-34E42A580414}" = protocol=17 | dir=in | app=c:\a folder\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{FF393D1D-0FC6-45F4-A559-377A276D5E3F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{4FC40671-5DC0-4067-B576-80F189FDCBDA}P:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=p:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{D87CFEDB-4C97-44BB-9EAC-2B4B16097DD8}P:\program files (x86)\call of duty game of the year edition\codmp.exe" = protocol=6 | dir=in | app=p:\program files (x86)\call of duty game of the year edition\codmp.exe |
"UDP Query User{61122A4E-AF15-4068-BFE8-6871EEC228CC}P:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=p:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{C80D5FB5-DDD4-4DA9-A1AA-7F056443671A}P:\program files (x86)\call of duty game of the year edition\codmp.exe" = protocol=17 | dir=in | app=p:\program files (x86)\call of duty game of the year edition\codmp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1111706F-666A-4037-7777-210648764D10}" = JavaFX 2.1.0 (64-bit)
"{186D2CCE-DEFE-4188-AB44-62008E9BC3E0}" = O&O Defrag Professional
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21903252-3854-48D6-8F0C-F648CFA818C9}" = NI Help Assistant (64bit)
"{2222706F-666A-4037-7777-210648764D10}" = JavaFX 2.1.0 SDK (64-bit)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{28A0318C-B98D-B6B1-64D1-4E4755A8E668}" = AMD Drag and Drop Transcoding
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding
"{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4CE36E6A-300B-427C-BEC7-B261CC13814E}" = iTunes
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4EBBC187-6988-4B10-A846-E1DBD2AD2B8D}" = NI Math Kernel Libraries (64-bit)
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5D068141-189F-39E2-A052-E40D4B561256}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{64A3A4F4-B792-11D6-A78A-00B0D0170040}" = Java SE Development Kit 7 Update 4 (64-bit)
"{65CBBF0F-F891-4F33-860C-C75E963653A2}" = NI TDMS (64-bit)
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{79E44BF5-C355-4A5D-8F9F-25F53ACF794E}" = NI VC2008MSMs x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90AB246D-A0A0-29EA-199A-4B07841E0737}" = ATI AVIVO64 Codecs
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A9C6CA47-D937-D61D-4BD3-7CFAB7A5BA56}" = ATI Problem Report Wizard
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B71ACAB7-C0C4-42AF-A55E-50BDE3399D8B}" = EMCO MoveOnBoot v2.1
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{CA7DAF6F-D5F4-46FD-A824-7E0B472C3211}" = NI USI 1.7.0 64-Bit
"{CCC79B52-19CF-4A50-BE60-AEE3DE96B3EA}" = NI Web Pipeline 2.0.1 64-bit support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0F9AD6F-2C2A-44A8-8961-F21B5356E050}" = NI Logos64 XT Support
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D8C0E5E1-3B66-465D-8F9B-F591F5CDA726}" = NI Trace Engine (64-bit)
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{E68686D1-A5BB-467A-8DE7-A01166722607}" = NI VC2005MSMs x64
"{EC90795D-968C-4BCA-B958-27B111F3B3F6}" = NI Logos64 5.1
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"EPSON Stylus NX400 Series" = EPSON Stylus NX400 Series Printer Uninstall
"MatlabR2009b" = MATLAB R2009b
"Microsoft .NET Framework 3.5 Language Pack - rus" = Языковой пакет Microsoft .NET Framework 3.5 — RUS
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05046BCC-5E64-4A85-8615-D84DE4C1D865}" = NI VC2005MSMs x86
"{07A99739-82EE-4537-AF2E-1607015D9992}" = NI Service Locator
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08F8FD7C-44A5-4423-B87C-EBD3D94C9F87}" = Vampire - The Masquerade Bloodlines
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0DFF0C5C-D82D-4C11-91AB-86411792D081}" = NI Uninstaller
"{0FD812C9-3BBE-4CC5-A43C-B7304E3EC581}" = NI Web Pipeline 2.0.1
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{13C0E1F7-BB8A-4545-B25E-628D025A94AD}_is1" = QtWeb Internet Browser 3.7.3
"{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}" = Sibelius 6
"{184A26D9-6561-49A9-A571-4D9BD93394C8}" = QtSpim
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1B06E3AF-1CE2-4085-AE4E-DFEC369E86D3}" = NI Logos XT Support
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{1FBC283A-8B22-48FA-9DFA-6C65E34455FA}" = NI LabVIEW Real-Time NBFifo
"{200927E3-5E45-493A-9343-508613BC59CE}" = NI LabVIEW Web Services Runtime
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22D66ACE-E0A1-482E-B797-0A6A377D3E91}" = IBM Rational Rose Enterprise Edition
"{245CA706-313C-4B13-B8AF-D6067B7DC535}" = ModelSim-Altera 6.6d (Quartus II 11.0) Starter Edition
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{27BDABE9-4752-4BBF-8B3F-8714A3F7FD9B}" = Quartus II 9.1 Web Edition
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{2DFA85ED-588F-4CE3-A175-29E52C3804A8}}_is1" = Folder Size 1.9.5.0
"{307776AF-FA52-4CBA-84DA-190E52929C35}" = NI Update Service Extras 1.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{383AD0A2-FD79-4CF0-B823-C695E32BD08D}" = NI LabVIEW Run-Time Engine Web Services
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3DAA4182-08B7-45D9-8620-6B0E13018670}" = NI TDMS
"{3F64C088-9A45-41B3-8B99-71AFAB720A56}" = Sherlock Holmes versus Jack the Ripper
"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4BD8E034-E0F4-4509-A753-467A8E854CD8}" = Iminent
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4FFBBF14-D82E-483D-8C1D-FCECAABD399E}" = NI LabWindows/CVI 9.0.1 Run-Time Engine
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5708A38A-30BD-4D53-BEC9-37615564D73F}_is1" = 3DMGAMEЎАцЛїЈєиїсШ№йЎУўИХОДНкХыУІЕМж жѕ 1.0
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{57517F96-22C6-4AD8-86A2-C582B20A91D4}" = Google Desktop Plugin - Google Earth
"{578485F8-60F3-4C61-9183-0698E581B902}" = From Dust
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57B77060-04B4-468E-89A9-F68EEE466F57}" = NI USI 1.7.0
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A70FCD2-C019-4723-868F-07CD6C7755FF}" = NI Logos 5.1
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{644DAD90-2083-4871-BD49-721BF8FAE295}" = NI LabVIEW Run-Time Engine 8.6.1
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{6C520D64-E109-4A73-82A3-7808592051BC}" = NI Circuit Design Suite 11.0 Core
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6F7D11DC-DE87-45C8-A37E-A35B724FC771}" = NI Help Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{7ACFB216-29F7-4331-A5ED-2563AEB51F21}" = NI Trace Engine
"{7B8CE908-BF69-4E20-9BFE-681C573879F1}" = NI LabVIEW Run-Time Engine 2009
"{7BE5AA0C-E564-430F-B297-2B01121A1C5A}" = NI LabVIEW Real-Time NBFifo
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84FAE06F-A199-4991-8526-AF57A2A0D779}" = NI Circuit Design Suite 11.0 Pro
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93A3AB24-36E8-41BA-80C6-CCEC237836DC}" = Alice Madness Returns
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{97AAF472-E437-4C89-AAB3-FD6785315069}" = NI Circuit Design Suite 11.0 Pro Licenses
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A07CDDA5-5F52-478E-881D-E7BC34743F90}" = FreeSpace 2 SCP
"{A129D1F2-CAC4-4AD7-B26D-3C6411B87DCC}" = Psychonauts
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{ABD79E99-F9E3-413B-8D18-11070754355F}" = NI Math Kernel Libraries
"{AC2C1BDB-1E91-4F94-B99C-E716FE2E9C75}_is1" = MinGW-Get version 0.1-alpha-4
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AFEDF70D-8DC3-40CB-93A0-F276E64BDF9C}" = NI VC2008MSMs x86
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BBA6DF34-EA20-4FFB-8440-1F9657643F79}" = NI MDF Support
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C496ED25-F3EC-0CBC-37DB-B31C6E6592C9}" = Application Profiles
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{C5773953-8F33-47BD-85D7-BE719021EB3E}" = NI Update Service 1.0
"{C9894B05-06D2-4F85-86C8-6B0D011A6BA5}" = NI License Manager
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D10227CA-792C-4517-872A-8AF5DB472D48}" = PCSpim
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D6782F44-58DB-4DE5-A65C-890320CF3F99}" = Prince of Persia The Two Thrones
"{D76162F1-AFAC-47BE-9302-5F35491725E1}" = NI LabVIEW Run-Time Engine Interop 2009
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E37CCD6C-56C1-43C7-B2FA-24A32B6B09F7}" = NI Example Finder 9.0
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{E6F385C0-79A1-44F0-9C15-70D1F2C74D01}" = NI EULA Depot
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EA0B63C1-E579-43DD-A5F7-0DA5E9092554}" = CryEngine(R)2 Sandbox(TM)2
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F208D986-7DBA-47A1-B2B6-29048C1C3087}" = NI MetaSuite Installer
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE24BCDF-9231-450D-AA08-D3550B81EE41}" = NI LabVIEW Web Server for Run-Time Engine
"{FEFA778A-05D2-4D0F-80A3-7AE24B8161C0}" = NI LabVIEW Web Server for Run-Time Engine
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Active@ UNDELETE 7" = Active@ UNDELETE 7
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Allok Video to FLV Converter_is1" = Allok Video to FLV Converter 6.2.0603
"Amazon Kindle" = Amazon Kindle
"Android SDK Tools" = Android SDK Tools
"AOL Instant Messenger" = AOL Instant Messenger
"ArtistScope Plugin FX4.2.0.3" = ArtistScope Plugin FX
"ASIO4ALL" = ASIO4ALL
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"Auto Window Manager" = Auto Window Manager
"AutoGK" = Auto Gordian Knot 2.55
"AviSynth" = AviSynth 2.5
"Axife Mouse Recorder DEMO_is1" = Axife Mouse Recorder DEMO 5.01
"BFGC" = Big Fish Games: Game Manager
"BFG-Mini Robot Wars" = Mini Robot Wars
"bgbennyboyGrimReplacementSetup_is1" = Grim Fandango
"Call of Duty Game of the Year Edition" = Call of Duty Game of the Year Edition
"CEDAR Logic Simulator_is1" = CEDARLS 1.5 beta
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CityEngine TRIAL" = CityEngine TRIAL
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Dear Esther_is1" = Dear Esther
"Deckadance" = Deckadance
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Dia" = Dia (remove only)
"DirectVobSub" = DirectVobSub (remove only)
"DVD Flick_is1" = DVD Flick 1.3.0.7
"emu8086 microprocessor emulator_is1" = emu8086 microprocessor emulator
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"Fallout New Vegas_is1" = Fallout New Vegas
"Filter Forge 2_is1" = Filter Forge 2.008
"FL Studio 10" = FL Studio 10
"Fraps" = Fraps (remove only)
"Freelancer 1.0" = Freelancer
"FreeSpace Open Campaign Pack v2.0" = FreeSpace Open Campaign Pack v2.0
"FreeSpace2" = FreeSpace 2
"FXAA Post Process Injector" = FXAA Post Process Injector
"GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"Gish" = Gish
"Golden Axe_is1" = Golden Axe
"Grand Theft Auto" = Grand Theft Auto
"HC51 9.60PL0" = HI-TECH C51-lite V9.60PL0
"HijackThis" = HijackThis 2.0.2
"IL Download Manager" = IL Download Manager
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{9208F706-6528-4591-A997-F41395FBD8A7}" = Spider-Man(R) - Web of Shadows(TM) 1.1 Patch
"InstallShield_{A07CDDA5-5F52-478E-881D-E7BC34743F90}" = FreeSpace 2 SCP
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"IrfanView" = IrfanView (remove only)
"LinkLines" = LinkLines (remove only)
"LTspice IV" = LTspice IV
"LunaPix_is1" = LunaPix demo version 0.900
"Machinarium" = Machinarium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MapleStory" = MapleStory
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"nbi-nb-base-6.9.1.0.0" = NetBeans IDE 6.9.1
"NI Uninstaller" = National Instruments Software
"Nitemare-3D Trilogy for Windows_is1" = Nitemare-3D Trilogy for Windows 1.10
"Notepad++" = Notepad++
"NPC Quest_is1" = NPC Quest v1.0
"OpenAL" = OpenAL
"Panda3D 1.7.0" = Panda3D 1.7.0
"PathPix_is1" = PathPix Registered Version
"PICC 9.60PL0" = HI-TECH PICC lite V9.60PL0
"Postal 2_is1" = Portal 2
"PowerArchiver" = PowerArchiver
"PunkBusterSvc" = PunkBuster Services
"Q3E Minimizer_is1" = Q3E Minimizer v1.51
"ScummVM_is1" = ScummVM 1.0.0
"Sins of a Solar Empire" = Sins of a Solar Empire
"SleeplessHollowDemo" = SleeplessHollowDemo (remove only)
"SpeedFan" = SpeedFan (remove only)
"Sprill & Ritchie Adventures in Time_is1" = Sprill & Ritchie Adventures in Time
"StarCraft II" = StarCraft II
"Steam App 12110" = Grand Theft Auto: Vice City
"Steam App 218" = Source SDK Base 2007
"Steam App 31170" = Tales of Monkey Island: Chapter 1 - Launch of the Screaming Narwhal
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 48700" = Mount and Blade: Warband
"Steam App 550" = Left 4 Dead 2
"Steam App 6060" = Star Wars - Battlefront II
"TexturePacker" = TexturePacker
"Unity" = Unity
"Universe Sandbox" = Universe Sandbox
"Verizon High Speed Internet_is1" = Verizon High Speed Internet
"VLC media player" = VLC media player 1.0.5
"VobSub" = VobSub v2.23 (Remove Only)
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3924556204-3487639632-2258398569-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Half-Life 2" = Half-Life 2
"Play65" = Play65
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/9/2012 10:10:30 PM | Computer Name = PEPBOBA | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/9/2012 10:10:30 PM | Computer Name = PEPBOBA | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/9/2012 10:10:30 PM | Computer Name = PEPBOBA | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/10/2012 2:20:27 AM | Computer Name = PEPBOBA | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/10/2012 2:20:27 AM | Computer Name = PEPBOBA | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/10/2012 2:20:27 AM | Computer Name = PEPBOBA | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/10/2012 2:20:27 AM | Computer Name = PEPBOBA | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/10/2012 2:20:27 AM | Computer Name = PEPBOBA | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/10/2012 2:20:27 AM | Computer Name = PEPBOBA | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/10/2012 2:20:27 AM | Computer Name = PEPBOBA | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/10/2012 2:20:27 AM | Computer Name = PEPBOBA | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ Media Center Events ]
Error - 10/24/2008 11:59:02 AM | Computer Name = PEPBOBA | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

Error - 1/8/2009 6:41:51 PM | Computer Name = PEPBOBA | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 6:56:17 PM | Computer Name = PEPBOBA | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/1/2009 3:59:55 AM | Computer Name = PEPBOBA | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/11/2009 1:10:08 AM | Computer Name = PEPBOBA | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 11/15/2009 10:14:36 AM | Computer Name = PEPBOBA | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 6/3/2012 7:45:21 AM | Computer Name = PEPBOBA | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 6/3/2012 7:48:25 AM | Computer Name = PEPBOBA | Source = Application Popup | ID = 1060
Description = \??\C:\username123\catchme.sys has been blocked from loading due to
incompatibility with this system. Please contact your software vendor for a compatible
version of the driver.

Error - 6/3/2012 7:49:06 AM | Computer Name = PEPBOBA | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 6/3/2012 7:50:22 AM | Computer Name = PEPBOBA | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 6/4/2012 8:20:27 AM | Computer Name = PEPBOBA | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:19:16 AM on ?6/?4/?2012 was unexpected.

Error - 6/5/2012 1:41:22 AM | Computer Name = PEPBOBA | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:55:29 AM on ?6/?5/?2012 was unexpected.

Error - 6/6/2012 5:55:34 AM | Computer Name = PEPBOBA | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:03:07 AM on ?6/?6/?2012 was unexpected.

Error - 6/7/2012 7:29:32 AM | Computer Name = PEPBOBA | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:12:48 AM on ?6/?7/?2012 was unexpected.

Error - 6/9/2012 6:34:38 AM | Computer Name = PEPBOBA | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:57:00 AM on ?6/?9/?2012 was unexpected.

Error - 6/10/2012 2:44:52 AM | Computer Name = PEPBOBA | Source = VDS Basic Provider | ID = 33554433
Description =


< End of report >
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,270 posts.
 
Join Date: Mar 2001
Location: Bradford, England
14-Jun-2012, 05:04 PM #10
Okay, can you firstly uninstall this via AddRemove Programs:

Iminent

Also, do you know what program this is? Its in the AddRemove as well:

3DMGAMEЎАцЛїЈєиїсШ№йЎУўИХОДНкХыУІЕМж жѕ 1.0


After uninstalling the Iminent program, can you do the following:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
    IE - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\PEP\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
    [2011/12/23 13:02:16 | 000,002,157 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchTheWeb.xml
    O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
    O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    IE - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80115&lng=en
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
    O3 - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
    O4 - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000..\Run: [Adflybot] C:\Eliteclicks\Adflybot File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    [5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2 C:\Users\PEP\Desktop\*.tmp files -> C:\Users\PEP\Desktop\*.tmp -> ]
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
    @Alternate Data Stream - 1253 bytes -> C:\ProgramData\Microsoft:Z5kZgN54EEOKemOeSDKHWY4jiDH
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:BB1102D7
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8CE646EE
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C8B8CEBD
    @Alternate Data Stream - 1133 bytes -> C:\Users\PEP\AppData\Local\Temp:tIEBoLDxzfOncxhAJhlsx70nBLpy
    @Alternate Data Stream - 1110 bytes -> C:\ProgramData\Microsoft:vnCmNOPrayl7udt8VOTRBar
    :Files
    ipconfig /flushdns /c
    :Commands 
    [purity] 
    [resethosts] 
    [emptytemp] 
    [emptyjava]
    [EMPTYFLASH] 
    [CREATERESTOREPOINT] 
    [Reboot]
  • Then click the Run Fix button at the top
  • Click OK.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.


-------------------------

After doing that, can you run this via OTL again, using the following as you initially did at the beginning. Only one log will be produced:
  • Select All Users
  • Please copy the text in the code box below and paste it in the Custom Scans/Fixes box in OTL:

    Code:
    type C:\Windows\SysNative\tasks\{104E2012-6B9D-4573-8F08-6810D7E45666} /c
    type C:\Windows\SysNative\tasks\{1E05F877-732F-4326-AF6A-EE69D86EE140} /c
    type C:\Windows\SysNative\tasks\{1EF829AD-1866-4FF0-90D0-1A1D5C6AE9A9} /c
    type C:\Windows\SysNative\tasks\{29577EAE-8381-4B52-8780-DD607BF81059} /c
    type C:\Windows\SysNative\tasks\{3B467E81-76DC-4C40-B481-31EC11E18436} /c
    type C:\Windows\SysNative\tasks\{426BBE3C-F00B-4A5F-92C3-66F535EE80B7} /c
    type C:\Windows\SysNative\tasks\{46C507D3-4F73-4E27-8448-C3196391C342} /c
    type C:\Windows\SysNative\tasks\{598F790F-3476-4172-B9E7-D473726C3216} /c
    type C:\Windows\SysNative\tasks\{5D8A6BF8-CAA6-41DF-8682-3FD6CABCBAF8} /c
    type C:\Windows\SysNative\tasks\{6BDA90D2-0B44-4D04-A32B-A763EAFAE51F} /c
    type C:\Windows\SysNative\tasks\{74B0DF68-6948-4FBD-B179-3B1FA316A593} /c
    type C:\Windows\SysNative\tasks\{78BC9F60-39AC-4EAB-9812-5209AE9227AD} /c
    type C:\Windows\SysNative\tasks\{7952CBBD-2432-45A7-BB87-71EAECE25F5B} /c
    type C:\Windows\SysNative\tasks\{86EF5081-46C5-4F7D-A84A-2772C3538170} /c
    type C:\Windows\SysNative\tasks\{8AC8DFF2-2157-4EAD-A5B0-8092414F338C} /c
    type C:\Windows\SysNative\tasks\{98C4C8E2-2340-49B1-BB53-05974D12780B} /c
    type C:\Windows\SysNative\tasks\{9EE61094-8304-40FB-9E9C-42999BD1FD8F} /c
    type C:\Windows\SysNative\tasks\{9F225DB8-B3DA-4009-B51F-F2A7C36B50B6} /c
    type C:\Windows\SysNative\tasks\{A3BEFF05-36E0-4531-9D61-4DED51C4CDF6} /c
    type C:\Windows\SysNative\tasks\{B083207F-087E-440C-9044-62457B7F0A37} /c
    type C:\Windows\SysNative\tasks\{B35B7AFB-A395-4054-9B4B-1CD1D6D89B1D} /c
    type C:\Windows\SysNative\tasks\{B8806484-D2E9-4615-BF32-104F4B865879} /c
    type C:\Windows\SysNative\tasks\{BAE59C2C-0756-4404-9564-563A9B2757E9} /c
    type C:\Windows\SysNative\tasks\{CC12C8C9-AA12-4B1F-94E9-0D7CA5BC20FF} /c
    type C:\Windows\SysNative\tasks\{DDB7232E-8749-4B04-AAEE-8A68B7C9F0AC} /c
    type C:\Windows\SysNative\tasks\{E4472D0E-51C8-445C-BADA-78E16B466525} /c
    type C:\Windows\SysNative\tasks\{F1BF76F6-F3E0-4EC2-B520-629A85BAC9D1} /c
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window. OTL.Txt .This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post them in your topic

eddie
PEP's Avatar
PEP PEP is offline
Computer Specs
Account Disabled with 2,366 posts.
THREAD STARTER
 
Join Date: Feb 2006
Location: New York
Experience: Vir........ medium.......
14-Jun-2012, 06:26 PM #11
yea that program is a game.

LOG AFTER FIX:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}\ not found.
Registry key HKEY_USERS\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3\ not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\SearchTheWeb.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry key HKEY_USERS\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
Registry value HKEY_USERS\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
Registry value HKEY_USERS\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Adflybot not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ not found.
File Protocol\Handler\grooveLocalGWS - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ not found.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ not found.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
File/Folder C:\Windows\*.tmp not found.
File/Folder C:\Users\PEP\Desktop\*.tmp not found.
Unable to delete ADS C:\ProgramData\TEMP:05EE1EEF .
Unable to delete ADS C:\ProgramData\Microsoft:Z5kZgN54EEOKemOeSDKHWY4jiDH .
Unable to delete ADS C:\ProgramData\TEMP:BB1102D7 .
Unable to delete ADS C:\ProgramData\TEMP:8CE646EE .
Unable to delete ADS C:\ProgramData\TEMP:C8B8CEBD .
Unable to delete ADS C:\Users\PEP\AppData\Local\Temp:tIEBoLDxzfOncxhAJhlsx70nBLpy .
Unable to delete ADS C:\ProgramData\Microsoft:vnCmNOPrayl7udt8VOTRBar .
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\PEP\Desktop\cmd.bat deleted successfully.
C:\Users\PEP\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: PEP
->Temp folder emptied: 21093256 bytes
->Temporary Internet Files folder emptied: 235017884 bytes
->Java cache emptied: 80653366 bytes
->FireFox cache emptied: 71946550 bytes
->Flash cache emptied: 798269 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11436 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows \Temporary Internet Files folder emptied: 67630 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deplo yment folder emptied: 749 bytes
RecycleBin emptied: 2912163361 bytes

Total Files Cleaned = 3,168.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: PEP
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: PEP
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.48.0 log created on 06142012_180734

Files\Folders moved on Reboot...
C:\Users\PEP\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


OTL LOG:
OTL logfile created on: 6/14/2012 6:15:07 PM - Run 2
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\PEP\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 59.49% Memory free
9.99 Gb Paging File | 8.20 Gb Available in Paging File | 82.03% Paging File free
Paging file location(s): c:\pagefile.sys 6141 6141 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 290.04 Gb Total Space | 66.04 Gb Free Space | 22.77% Space Free | Partition Type: NTFS
Drive P: | 175.72 Gb Total Space | 74.60 Gb Free Space | 42.46% Space Free | Partition Type: NTFS

Computer Name: PEPBOBA | User Name: PEP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/10 02:21:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\PEP\Desktop\OTL.exe
PRC - [2012/04/20 21:18:58 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\a folder\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2011/03/20 21:26:10 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/06/18 07:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) -- C:\a folder\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2009/06/18 06:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lkads.exe
PRC - [2009/06/18 06:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lktsrv.exe
PRC - [2009/06/04 04:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\nisvcloc.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/20 21:19:01 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/04/25 00:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011/04/25 00:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011/04/25 00:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011/04/25 00:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011/04/25 00:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011/04/25 00:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011/04/20 20:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/05 22:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/20 21:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\a folder\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\a folder\Program Files\SuperAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2011/03/20 21:26:10 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/11/18 23:25:46 | 000,403,240 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/30 18:24:23 | 000,266,240 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\CSHelper.exe -- (CSHelper)
SRV - [2009/09/18 10:10:28 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\a folder\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2009/09/12 01:40:22 | 002,287,360 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\a folder\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)
SRV - [2009/06/18 07:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\a folder\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2009/06/18 06:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)
SRV - [2009/06/18 06:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 04:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nisvcloc.exe -- (niSvcLoc)
SRV - [2008/10/31 14:52:54 | 000,695,136 | ---- | M] (National Instruments, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 21:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/02/23 15:28:08 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/03/10 19:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/03/04 14:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/03/04 14:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 09:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/05/06 05:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/27 22:57:46 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/11/02 21:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/18 02:08:00 | 000,081,792 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rdwm1053.sys -- (RDID1053)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/12 22:35:20 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/06/12 22:35:20 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/07/24 19:46:08 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2008/07/24 19:45:20 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2007/08/13 23:08:34 | 000,202,176 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2007/06/25 06:37:14 | 000,108,032 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\a folder\Program Files\SuperAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\a folder\Program Files\SuperAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/12/20 17:54:14 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE 43 99 C7 CF 0A CD 01 [binary data]
IE - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\a folder\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll (ArtistScope)
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll (ArtistScope)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\a folder\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\a folder\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll (ArtistScope)
FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll (ArtistScope)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\PEP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kas persky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/05/03 12:46:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspe rsky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/05/03 12:46:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersk y.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/05/03 12:46:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/15 01:28:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/20 14:14:38 | 000,000,000 | ---D | M]

[2009/12/25 07:22:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PEP\AppData\Roaming\Mozilla\Extensions
[2012/05/02 11:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PEP\AppData\Roaming\Mozilla\Firefox\Profiles\pv2z0nyu.default\exte nsions
[2012/03/29 20:39:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\PEP\AppData\Roaming\Mozilla\Firefox\Profiles\pv2z0nyu.default\exte nsions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/05/15 01:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/30 14:46:25 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2010/12/30 14:46:24 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
[2012/04/20 21:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/01/15 14:53:03 | 000,616,448 | ---- | M] (ArtistScope) -- C:\Program Files (x86)\mozilla firefox\plugins\npArtistScope42.dll
[2009/02/02 02:06:56 | 000,211,456 | ---- | M] (ArtistScope) -- C:\Program Files (x86)\mozilla firefox\plugins\npArtistScopeDRM11.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2008/12/10 14:49:34 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv86win32.dll
[2009/10/07 16:11:28 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll
[2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/14 18:07:34 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [NI Background Service] C:\a folder\Program Files (x86)\National Instruments\Shared\Update Service\BackgroundService.exe (National Instruments)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\a folder\Program Files (x86)\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O15 - HKU\S-1-5-21-3924556204-3487639632-2258398569-1000\..Trusted Domains: facebook.com ([www] http in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.4.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_04)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...nt/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{659D3C6A-9AF6-47A6-8D43-C5166F4A3B63}: DhcpNameServer = 192.168.1.1 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/14 18:04:55 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/13 14:24:07 | 000,000,000 | ---D | C] -- C:\Users\PEP\Desktop\brooklyntech
[2012/06/10 02:21:50 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\PEP\Desktop\OTL.exe
[2012/06/10 02:15:35 | 000,000,000 | ---D | C] -- C:\Users\PEP\Desktop\sfp
[2012/06/10 02:14:04 | 000,000,000 | ---D | C] -- C:\Users\PEP\Desktop\vstuff
[2012/06/07 13:15:58 | 000,000,000 | ---D | C] -- C:\Users\PEP\AppData\Local\{5BACA261-352A-4298-A263-53FA6901779E}
[2012/06/07 13:15:47 | 000,000,000 | ---D | C] -- C:\Users\PEP\AppData\Local\{C338CF99-EE53-47DC-9690-C9264C8EA72F}
[2012/06/06 23:16:48 | 000,000,000 | ---D | C] -- C:\Users\PEP\AppData\Local\{E26418B8-A9B5-4ADF-9CF6-BC33B102B58F}
[2012/06/06 23:16:37 | 000,000,000 | ---D | C] -- C:\Users\PEP\AppData\Local\{E899EF6D-6942-4DE4-A5B7-74F192E2F9B2}
[2012/06/06 23:06:22 | 000,000,000 | ---D | C] -- C:\Users\PEP\Documents\OneNote Notebooks
[2012/06/06 21:15:35 | 000,000,000 | ---D | C] -- C:\Users\PEP\.swt
[2012/06/06 21:11:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/06 21:10:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/05 20:59:06 | 000,000,000 | ---D | C] -- C:\SD
[2012/06/05 20:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/06/04 03:03:40 | 000,000,000 | ---D | C] -- C:\Users\PEP\AppData\Roaming\MonoDevelop-Unity-2.8
[2012/06/04 03:03:34 | 000,000,000 | ---D | C] -- C:\Users\PEP\AppData\Local\MonoDevelop-Unity-2.8
[2012/06/03 07:59:45 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/03 07:51:47 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/06/03 07:35:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/03 07:35:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/03 07:35:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/03 07:35:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/06/03 07:35:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/01 18:29:34 | 000,000,000 | ---D | C] -- C:\Users\PEP\Documents\WAP
[2012/06/01 18:20:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TexturePacker
[2012/06/01 18:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TexturePacker
[2012/05/31 14:52:18 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/05/31 14:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2012/05/31 14:45:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2012/05/31 14:45:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2012/05/27 03:40:32 | 000,000,000 | ---D | C] -- C:\Users\PEP\AppData\Roaming\SUPERAntiSpyware.com
[2012/05/27 03:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/05/27 03:37:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/05/25 06:57:54 | 000,000,000 | ---D | C] -- C:\Users\PEP\AppData\Roaming\Malwarebytes
[2012/05/25 06:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/25 06:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/25 06:57:49 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/23 05:40:00 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/05/21 01:44:18 | 000,000,000 | ---D | C] -- C:\BigFishGamesCache

========== Files - Modified Within 30 Days ==========

[2012/06/14 18:19:13 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/14 18:19:13 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/14 18:11:26 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/14 18:11:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/14 18:11:10 | 003,171,081 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2012/06/14 18:07:34 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/06/14 17:35:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/13 17:55:36 | 000,018,432 | ---- | M] () -- C:\Users\PEP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/13 14:29:19 | 000,847,692 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/13 14:29:19 | 000,697,542 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/13 14:29:19 | 000,141,740 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/10 02:21:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\PEP\Desktop\OTL.exe
[2012/06/10 02:15:53 | 000,000,340 | ---- | M] () -- C:\Users\PEP\Desktop\requested-files[2012-06-10_02_15].cab
[2012/06/10 02:14:56 | 000,264,875 | ---- | M] () -- C:\Users\PEP\Desktop\sfp.zip
[2012/06/07 21:31:21 | 000,000,576 | ---- | M] () -- C:\Users\PEP\AppData\Roaming\AutoGK.ini
[2012/06/07 07:29:29 | 005,007,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/05 21:43:36 | 000,000,845 | ---- | M] () -- C:\Users\PEP\Desktop\eclipse.exe - Shortcut.lnk
[2012/06/05 15:16:25 | 000,041,892 | ---- | M] () -- C:\Users\PEP\Desktop\_save786332.sav
[2012/06/02 21:22:19 | 000,003,303 | ---- | M] () -- C:\Users\PEP\Desktop\face.png
[2012/06/01 19:07:50 | 000,001,058 | ---- | M] () -- C:\Users\Public\Desktop\Unity.lnk
[2012/05/31 15:00:40 | 000,004,716 | ---- | M] () -- C:\Users\PEP\Desktop\Untitled.png
[2012/05/18 14:43:46 | 003,145,782 | ---- | M] () -- C:\Users\PEP\Desktop\screenshot100.bmp
[2012/05/18 01:14:43 | 006,209,857 | ---- | M] () -- C:\Users\PEP\Desktop\cube.exe

========== Files Created - No Company Name ==========

[2012/06/10 02:15:53 | 000,000,340 | ---- | C] () -- C:\Users\PEP\Desktop\requested-files[2012-06-10_02_15].cab
[2012/06/10 02:14:46 | 000,264,875 | ---- | C] () -- C:\Users\PEP\Desktop\sfp.zip
[2012/06/05 21:43:36 | 000,000,845 | ---- | C] () -- C:\Users\PEP\Desktop\eclipse.exe - Shortcut.lnk
[2012/06/03 07:35:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/03 07:35:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/03 07:35:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/03 07:35:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/03 07:35:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/02 21:21:40 | 000,003,303 | ---- | C] () -- C:\Users\PEP\Desktop\face.png
[2012/06/01 19:07:50 | 000,001,058 | ---- | C] () -- C:\Users\Public\Desktop\Unity.lnk
[2012/05/31 15:00:40 | 000,004,716 | ---- | C] () -- C:\Users\PEP\Desktop\Untitled.png
[2012/05/31 14:47:02 | 000,001,588 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS5.lnk
[2012/05/31 14:46:42 | 000,001,107 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2012/05/31 14:46:27 | 000,001,200 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2012/05/31 14:44:55 | 000,001,291 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2012/05/31 14:44:48 | 000,001,523 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2012/05/31 14:44:20 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/05/18 14:43:46 | 003,145,782 | ---- | C] () -- C:\Users\PEP\Desktop\screenshot100.bmp
[2012/05/18 14:42:07 | 000,041,892 | ---- | C] () -- C:\Users\PEP\Desktop\_save786332.sav
[2012/05/18 01:13:47 | 006,209,857 | ---- | C] () -- C:\Users\PEP\Desktop\cube.exe
[2012/05/13 22:11:49 | 000,006,784 | ---- | C] () -- C:\Users\PEP\AppData\Local\recently-used.xbel
[2012/03/28 11:17:16 | 000,000,101 | ---- | C] () -- C:\Windows\TheMatrix.ini
[2012/03/25 14:26:58 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012/03/20 15:36:37 | 000,004,696 | ---- | C] () -- C:\Windows\scad3.INI
[2012/03/09 00:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/09 00:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/05 15:16:52 | 000,000,000 | ---- | C] () -- C:\Windows\lmtools.INI
[2012/03/05 14:55:23 | 000,000,527 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/02/23 15:31:30 | 000,017,408 | ---- | C] () -- C:\Users\PEP\AppData\Local\WebpageIcons.db
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/13 15:29:45 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012/01/13 00:03:49 | 000,000,576 | ---- | C] () -- C:\Users\PEP\AppData\Roaming\AutoGK.ini
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/05/18 16:36:37 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2011/01/26 19:52:26 | 000,007,605 | ---- | C] () -- C:\Users\PEP\AppData\Local\Resmon.ResmonCfg
[2010/10/22 23:42:28 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\STLL Notifier
[2010/10/22 23:27:11 | 000,000,482 | ---- | C] () -- C:\Windows\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2010/08/22 17:01:56 | 000,000,298 | ---- | C] () -- C:\Windows\vtmb.ini
[2010/07/02 21:08:09 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini

========== LOP Check ==========

[2011/12/24 10:03:43 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\.minecraft
[2009/12/25 07:21:55 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Aim
[2011/11/12 08:50:07 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Amvud
[2012/01/22 14:21:03 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Audacity
[2012/06/10 05:20:39 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Azureus
[2011/01/13 20:56:39 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Bioshock2
[2012/01/01 18:03:47 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Canneverbe Limited
[2012/05/23 21:22:48 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\DAEMON Tools Lite
[2011/06/21 21:21:19 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Deckadance16
[2009/12/25 07:21:58 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\DeepBurner
[2011/05/13 04:41:19 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Dev-Cpp
[2010/03/29 22:17:59 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\EMCO
[2011/01/16 19:46:53 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Filter Forge 2
[2009/12/25 07:21:58 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\FreeImageConverter
[2009/12/25 07:21:58 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Games
[2012/01/24 14:00:08 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\GetRightToGo
[2011/12/31 21:12:03 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\gtk-2.0
[2010/09/17 23:09:04 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Helios
[2011/08/28 16:27:31 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\hte
[2011/06/21 22:18:16 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Image-Line
[2012/01/12 21:35:32 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\ImgBurn
[2009/12/25 07:21:58 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Leadertech
[2010/04/07 19:41:21 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Lionhead Studios
[2012/01/13 15:30:07 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\MinMaxGames
[2012/06/01 18:26:15 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\MonoDevelop-Unity
[2012/06/13 17:25:26 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\MonoDevelop-Unity-2.8
[2009/12/25 07:22:24 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Mount&Blade
[2010/04/13 00:33:38 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Mount&Blade Warband
[2011/05/09 18:17:49 | 000,000,000 | -HSD | M] -- C:\Users\PEP\AppData\Roaming\ms-drivers
[2009/12/25 07:22:26 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\MuPAD
[2010/10/12 22:29:34 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\MusE
[2012/03/25 22:42:09 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\National Instruments
[2011/08/27 17:01:58 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Notepad++
[2010/12/27 15:11:21 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\PACE Anti-Piracy
[2011/07/30 21:37:10 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Picsoft
[2009/12/31 13:33:50 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\PlayFirst
[2011/03/20 21:26:07 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\PunkBuster
[2012/03/11 23:03:57 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Rational
[2011/05/18 18:30:58 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\ScripterRon
[2010/01/25 19:39:46 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\ScummVM
[2011/06/21 21:21:19 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\SongManager
[2010/03/20 20:31:08 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\SprillRichiEng
[2011/08/08 21:38:45 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\stetic
[2011/02/22 00:22:08 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\System
[2011/11/06 19:15:27 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\SystemRequirementsLab
[2011/04/18 19:07:45 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\The Creative Assembly
[2009/12/25 07:22:27 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Thinstall
[2010/05/28 22:27:48 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Tropico 3
[2010/04/16 00:42:08 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Ubisoft
[2012/06/01 19:16:10 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Unity
[2011/11/11 17:02:23 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\Uppae
[2012/01/12 19:38:07 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\windows-dvd-maker
[2011/05/09 17:42:04 | 000,000,000 | -HSD | M] -- C:\Users\PEP\AppData\Roaming\wyUpdate AU
[2009/12/25 07:22:28 | 000,000,000 | ---D | M] -- C:\Users\PEP\AppData\Roaming\XRay Engine
[2012/05/29 08:14:55 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< type C:\Windows\SysNative\tasks\{104E2012-6B9D-4573-8F08-6810D7E45666} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\holy\SETUP.EXE</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{1E05F877-732F-4326-AF6A-EE69D86EE140} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\holy\SETUP.EXE</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{1EF829AD-1866-4FF0-90D0-1A1D5C6AE9A9} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\holy\SETUP.EXE</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{29577EAE-8381-4B52-8780-DD607BF81059} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\a folder\Files\DOWNLOADS\rnr_ru_update_setup3.0.2.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{3B467E81-76DC-4C40-B481-31EC11E18436} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a P:\GAMES\BoulderDashTPSetup.exe -d P:\GAMES</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{426BBE3C-F00B-4A5F-92C3-66F535EE80B7} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a "C:\Program Files (x86)\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe" -c -runfromtemp -l0x0409</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{46C507D3-4F73-4E27-8448-C3196391C342} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\holy\SETUP.EXE</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{598F790F-3476-4172-B9E7-D473726C3216} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\a folder\Files\DOWNLOADS\PopCap.Games.Plants.vs.Zombies.v1.2.0.1073.Game.of.t he.Year.Edition-LMi\Plants.vs.Zombies\PlantsVsZombies.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{5D8A6BF8-CAA6-41DF-8682-3FD6CABCBAF8} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\holy\SETUP.EXE</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{6BDA90D2-0B44-4D04-A32B-A763EAFAE51F} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a "C:\a folder\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/2130</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{74B0DF68-6948-4FBD-B179-3B1FA316A593} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\holy\SETUP.EXE</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{78BC9F60-39AC-4EAB-9812-5209AE9227AD} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\holy\SETUP.EXE</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{7952CBBD-2432-45A7-BB87-71EAECE25F5B} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\a folder\Files\DOWNLOADS\PopCap.Games.Plants.vs.Zombies.v1.2.0.1073.Game.of.t he.Year.Edition-LMi\Plants.vs.Zombies\PlantsVsZombies.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{86EF5081-46C5-4F7D-A84A-2772C3538170} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\holy\SETUP.EXE</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{8AC8DFF2-2157-4EAD-A5B0-8092414F338C} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a C:\Windows\IsUninst.exe -c -ff:\gta1\Uninst.isu</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{98C4C8E2-2340-49B1-BB53-05974D12780B} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\holy\SETUP.EXE</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{9EE61094-8304-40FB-9E9C-42999BD1FD8F} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\holy\SETUP.EXE</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{9F225DB8-B3DA-4009-B51F-F2A7C36B50B6} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Users\PEP\Desktop\StarCraft_2_NA_en-US.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{A3BEFF05-36E0-4531-9D61-4DED51C4CDF6} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\a folder\Files\DOWNLOADS\rnr_ru_update_setup3.0.2.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{B083207F-087E-440C-9044-62457B7F0A37} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a "C:\Users\PEP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MYNOBAOY\sup_onlypumpkins[1].exe" -d C:\Users\PEP\Desktop</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{B35B7AFB-A395-4054-9B4B-1CD1D6D89B1D} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\holy\SETUP.EXE</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{B8806484-D2E9-4615-BF32-104F4B865879} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\holy\SETUP.EXE</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{BAE59C2C-0756-4404-9564-563A9B2757E9} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a "C:\Users\PEP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHTT0DXW\sup_hh10[1].exe" -d C:\Users\PEP\Desktop</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{CC12C8C9-AA12-4B1F-94E9-0D7CA5BC20FF} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Users\PEP\Desktop\StarCraft_2_NA_en-US.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{DDB7232E-8749-4B04-AAEE-8A68B7C9F0AC} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\holy\SETUP.EXE</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{E4472D0E-51C8-445C-BADA-78E16B466525} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\holy\SETUP.EXE</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< type C:\Windows\SysNative\tasks\{F1BF76F6-F3E0-4EC2-B520-629A85BAC9D1} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\holy\SETUP.EXE</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PEPBOBA\PEP</UserId>
<LogonType>InteractiveToken</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

< End of report >
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,270 posts.
 
Join Date: Mar 2001
Location: Bradford, England
19-Jun-2012, 05:31 PM #12
Okay, this is showing in the custom scan I asked for:

C:\holy\SETUP.EXE

Do you know what this is?

--------

Re-run TDSSKiller and select delete for this line

\Device\Harddisk0\DR0 ( TDSS File System )

and post the log afterwards

------------

Delete any copies of Combofix that you have.

Download ComboFix from one of these locations:

Link 1
Link 2

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Quote:
RegNull::
[HKEY_USERS\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8755E78F-6D1F-7C34-959D-8881783F5E69}*]
[HKEY_USERS\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A4A6A70A-7ED1-4DB3-BFBF-546F7405A606}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8755E78F-6D1F-7C34-959D-8881783F5E69}\InProcServer32*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4A6A70A-7ED1-4DB3-BFBF-546F7405A606}\InProcServer32*]
Reglock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
PEP's Avatar
PEP PEP is offline
Computer Specs
Account Disabled with 2,366 posts.
THREAD STARTER
 
Join Date: Feb 2006
Location: New York
Experience: Vir........ medium.......
24-Jun-2012, 11:29 PM #13
holy.exe is monty python and the holy grail

The TDSSKIller didn't show \Device\Harddisk0\DR0 ( TDSS File System )
Heres the log for it anyways.
22:43:02.0418 5588 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
22:43:02.0796 5588 ============================================================
22:43:02.0796 5588 Current date / time: 2012/06/24 22:43:02.0796
22:43:02.0796 5588 SystemInfo:
22:43:02.0796 5588
22:43:02.0796 5588 OS Version: 6.1.7601 ServicePack: 1.0
22:43:02.0796 5588 Product type: Workstation
22:43:02.0797 5588 ComputerName: PEPBOBA
22:43:02.0797 5588 UserName: PEP
22:43:02.0797 5588 Windows directory: C:\Windows
22:43:02.0797 5588 System windows directory: C:\Windows
22:43:02.0797 5588 Running under WOW64
22:43:02.0797 5588 Processor architecture: Intel x64
22:43:02.0797 5588 Number of processors: 4
22:43:02.0797 5588 Page size: 0x1000
22:43:02.0797 5588 Boot type: Normal boot
22:43:02.0797 5588 ============================================================
22:43:04.0462 5588 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:43:04.0467 5588 Drive \Device\Harddisk1\DR1 - Size: 0x1DE000000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:43:04.0469 5588 ============================================================
22:43:04.0469 5588 \Device\Harddisk0\DR0:
22:43:04.0469 5588 MBR partitions:
22:43:04.0469 5588 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x24414000
22:43:04.0469 5588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x24414800, BlocksNum 0x15F6F800
22:43:04.0470 5588 \Device\Harddisk1\DR1:
22:43:04.0470 5588 MBR partitions:
22:43:04.0470 5588 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x1F80, BlocksNum 0xEEE080
22:43:04.0470 5588 ============================================================
22:43:04.0498 5588 C: <-> \Device\Harddisk0\DR0\Partition0
22:43:04.0538 5588 P: <-> \Device\Harddisk0\DR0\Partition1
22:43:04.0538 5588 ============================================================
22:43:04.0538 5588 Initialize success
22:43:04.0538 5588 ============================================================
22:43:16.0447 4580 ============================================================
22:43:16.0447 4580 Scan started
22:43:16.0447 4580 Mode: Manual;
22:43:16.0447 4580 ============================================================
22:43:17.0889 4580 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\a folder\Program Files\SuperAntiSpyware\SASCORE64.EXE
22:43:17.0936 4580 !SASCORE - ok
22:43:18.0087 4580 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:43:18.0125 4580 1394ohci - ok
22:43:18.0196 4580 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:43:18.0199 4580 ACPI - ok
22:43:18.0216 4580 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:43:18.0275 4580 AcpiPmi - ok
22:43:18.0352 4580 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:43:18.0364 4580 adp94xx - ok
22:43:18.0396 4580 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:43:18.0404 4580 adpahci - ok
22:43:18.0428 4580 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:43:18.0475 4580 adpu320 - ok
22:43:18.0510 4580 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:43:18.0511 4580 AeLookupSvc - ok
22:43:18.0567 4580 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
22:43:18.0712 4580 AFD - ok
22:43:18.0748 4580 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:43:18.0751 4580 agp440 - ok
22:43:18.0766 4580 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:43:18.0801 4580 ALG - ok
22:43:18.0836 4580 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:43:18.0838 4580 aliide - ok
22:43:18.0898 4580 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
22:43:18.0901 4580 AMD External Events Utility - ok
22:43:18.0944 4580 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:43:18.0946 4580 amdide - ok
22:43:19.0130 4580 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:43:19.0176 4580 AmdK8 - ok
22:43:19.0839 4580 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
22:43:20.0087 4580 amdkmdag - ok
22:43:20.0238 4580 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
22:43:20.0246 4580 amdkmdap - ok
22:43:20.0269 4580 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:43:20.0272 4580 AmdPPM - ok
22:43:20.0303 4580 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
22:43:20.0314 4580 amdsata - ok
22:43:20.0340 4580 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:43:20.0389 4580 amdsbs - ok
22:43:20.0415 4580 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
22:43:20.0416 4580 amdxata - ok
22:43:20.0474 4580 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:43:20.0477 4580 AppID - ok
22:43:20.0493 4580 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:43:20.0500 4580 AppIDSvc - ok
22:43:20.0549 4580 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:43:20.0551 4580 Appinfo - ok
22:43:20.0661 4580 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
22:43:20.0672 4580 AppMgmt - ok
22:43:20.0687 4580 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:43:20.0695 4580 arc - ok
22:43:20.0713 4580 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:43:20.0715 4580 arcsas - ok
22:43:20.0830 4580 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:43:20.0832 4580 aspnet_state - ok
22:43:20.0857 4580 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:43:20.0892 4580 AsyncMac - ok
22:43:20.0930 4580 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:43:20.0931 4580 atapi - ok
22:43:20.0984 4580 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
22:43:21.0029 4580 AtiHDAudioService - ok
22:43:21.0078 4580 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
22:43:21.0117 4580 AtiHdmiService - ok
22:43:21.0618 4580 atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
22:43:21.0676 4580 atikmdag - ok
22:43:21.0810 4580 atksgt (64f07381335e37c142f6d176705ffca6) C:\Windows\system32\DRIVERS\atksgt.sys
22:43:21.0819 4580 atksgt - ok
22:43:21.0892 4580 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:43:21.0936 4580 AudioEndpointBuilder - ok
22:43:21.0942 4580 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:43:21.0946 4580 AudioSrv - ok
22:43:22.0044 4580 AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
22:43:22.0046 4580 AVP - ok
22:43:22.0092 4580 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:43:22.0101 4580 AxInstSV - ok
22:43:22.0148 4580 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:43:22.0187 4580 b06bdrv - ok
22:43:22.0247 4580 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:43:22.0286 4580 b57nd60a - ok
22:43:22.0341 4580 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:43:22.0363 4580 BDESVC - ok
22:43:22.0393 4580 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:43:22.0419 4580 Beep - ok
22:43:22.0526 4580 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
22:43:22.0540 4580 BFE - ok
22:43:22.0674 4580 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
22:43:22.0690 4580 BITS - ok
22:43:22.0731 4580 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:43:22.0733 4580 blbdrive - ok
22:43:22.0778 4580 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:43:22.0779 4580 bowser - ok
22:43:22.0809 4580 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:43:22.0844 4580 BrFiltLo - ok
22:43:22.0873 4580 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:43:22.0875 4580 BrFiltUp - ok
22:43:22.0907 4580 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:43:22.0929 4580 BridgeMP - ok
22:43:22.0995 4580 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:43:23.0044 4580 Browser - ok
22:43:23.0080 4580 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:43:23.0089 4580 Brserid - ok
22:43:23.0105 4580 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:43:23.0127 4580 BrSerWdm - ok
22:43:23.0161 4580 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:43:23.0162 4580 BrUsbMdm - ok
22:43:23.0168 4580 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:43:23.0169 4580 BrUsbSer - ok
22:43:23.0186 4580 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:43:23.0211 4580 BTHMODEM - ok
22:43:23.0278 4580 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:43:23.0286 4580 bthserv - ok
22:43:23.0300 4580 catchme - ok
22:43:23.0317 4580 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:43:23.0319 4580 cdfs - ok
22:43:23.0363 4580 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:43:23.0367 4580 cdrom - ok
22:43:23.0410 4580 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:43:23.0418 4580 CertPropSvc - ok
22:43:23.0436 4580 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:43:23.0438 4580 circlass - ok
22:43:23.0464 4580 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:43:23.0467 4580 CLFS - ok
22:43:23.0524 4580 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:43:23.0526 4580 clr_optimization_v2.0.50727_32 - ok
22:43:23.0571 4580 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:43:23.0597 4580 clr_optimization_v2.0.50727_64 - ok
22:43:23.0747 4580 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:43:23.0763 4580 clr_optimization_v4.0.30319_32 - ok
22:43:23.0787 4580 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:43:23.0828 4580 clr_optimization_v4.0.30319_64 - ok
22:43:23.0858 4580 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:43:23.0887 4580 CmBatt - ok
22:43:23.0918 4580 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:43:23.0941 4580 cmdide - ok
22:43:23.0995 4580 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
22:43:24.0000 4580 CNG - ok
22:43:24.0027 4580 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:43:24.0029 4580 Compbatt - ok
22:43:24.0055 4580 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:43:24.0076 4580 CompositeBus - ok
22:43:24.0100 4580 COMSysApp - ok
22:43:24.0113 4580 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:43:24.0115 4580 crcdisk - ok
22:43:24.0177 4580 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
22:43:24.0189 4580 CryptSvc - ok
22:43:24.0242 4580 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
22:43:24.0295 4580 CSC - ok
22:43:24.0366 4580 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
22:43:24.0371 4580 CscService - ok
22:43:24.0465 4580 CSHelper (aefb8558199bd5212b268b09bfa1d71a) C:\Windows\SysWOW64\CSHelper.exe
22:43:24.0475 4580 CSHelper - ok
22:43:24.0552 4580 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:43:24.0557 4580 DcomLaunch - ok
22:43:24.0677 4580 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:43:24.0680 4580 defragsvc - ok
22:43:24.0736 4580 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:43:24.0737 4580 DfsC - ok
22:43:24.0772 4580 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:43:24.0792 4580 Dhcp - ok
22:43:24.0846 4580 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:43:24.0848 4580 discache - ok
22:43:24.0880 4580 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:43:24.0881 4580 Disk - ok
22:43:24.0918 4580 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:43:24.0956 4580 Dnscache - ok
22:43:24.0996 4580 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:43:25.0012 4580 dot3svc - ok
22:43:25.0049 4580 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:43:25.0051 4580 DPS - ok
22:43:25.0086 4580 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:43:25.0088 4580 drmkaud - ok
22:43:25.0175 4580 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:43:25.0200 4580 DXGKrnl - ok
22:43:25.0225 4580 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:43:25.0230 4580 EapHost - ok
22:43:25.0405 4580 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:43:25.0463 4580 ebdrv - ok
22:43:25.0560 4580 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
22:43:25.0672 4580 EFS - ok
22:43:25.0778 4580 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:43:25.0793 4580 ehRecvr - ok
22:43:25.0847 4580 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:43:25.0852 4580 ehSched - ok
22:43:25.0918 4580 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:43:25.0928 4580 elxstor - ok
22:43:25.0958 4580 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:43:25.0959 4580 ErrDev - ok
22:43:26.0009 4580 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:43:26.0012 4580 EventSystem - ok
22:43:26.0036 4580 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:43:26.0047 4580 exfat - ok
22:43:26.0071 4580 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:43:26.0073 4580 fastfat - ok
22:43:26.0143 4580 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:43:26.0166 4580 Fax - ok
22:43:26.0178 4580 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:43:26.0188 4580 fdc - ok
22:43:26.0201 4580 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:43:26.0208 4580 fdPHost - ok
22:43:26.0217 4580 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:43:26.0219 4580 FDResPub - ok
22:43:26.0230 4580 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:43:26.0231 4580 FileInfo - ok
22:43:26.0244 4580 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:43:26.0271 4580 Filetrace - ok
22:43:26.0302 4580 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:43:26.0336 4580 flpydisk - ok
22:43:26.0383 4580 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:43:26.0386 4580 FltMgr - ok
22:43:26.0475 4580 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
22:43:26.0491 4580 FontCache - ok
22:43:26.0548 4580 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:43:26.0572 4580 FontCache3.0.0.0 - ok
22:43:26.0704 4580 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:43:26.0755 4580 FsDepends - ok
22:43:26.0781 4580 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:43:26.0818 4580 Fs_Rec - ok
22:43:26.0889 4580 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:43:26.0892 4580 fvevol - ok
22:43:26.0912 4580 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:43:26.0915 4580 gagp30kx - ok
22:43:26.0931 4580 gdrv (f51fb25e1328fa14f446a8b24ac52709) C:\Windows\gdrv.sys
22:43:26.0933 4580 gdrv - ok
22:43:26.0970 4580 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:43:26.0972 4580 GEARAspiWDM - ok
22:43:27.0036 4580 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:43:27.0044 4580 gpsvc - ok
22:43:27.0135 4580 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:43:27.0136 4580 gupdate - ok
22:43:27.0153 4580 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:43:27.0154 4580 gupdatem - ok
22:43:27.0171 4580 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:43:27.0203 4580 hcw85cir - ok
22:43:27.0248 4580 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
22:43:27.0274 4580 HdAudAddService - ok
22:43:27.0316 4580 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:43:27.0318 4580 HDAudBus - ok
22:43:27.0330 4580 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:43:27.0332 4580 HidBatt - ok
22:43:27.0348 4580 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:43:27.0373 4580 HidBth - ok
22:43:27.0403 4580 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:43:27.0405 4580 HidIr - ok
22:43:27.0422 4580 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
22:43:27.0425 4580 hidserv - ok
22:43:27.0474 4580 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
22:43:27.0483 4580 HidUsb - ok
22:43:27.0530 4580 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:43:27.0557 4580 hkmsvc - ok
22:43:27.0659 4580 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:43:27.0687 4580 HomeGroupListener - ok
22:43:27.0732 4580 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:43:27.0742 4580 HomeGroupProvider - ok
22:43:27.0778 4580 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:43:27.0781 4580 HpSAMD - ok
22:43:27.0863 4580 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:43:27.0878 4580 HTTP - ok
22:43:27.0913 4580 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:43:27.0913 4580 hwpolicy - ok
22:43:27.0949 4580 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:43:27.0978 4580 i8042prt - ok
22:43:28.0012 4580 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
22:43:28.0026 4580 iaStorV - ok
22:43:28.0141 4580 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
22:43:28.0145 4580 IDriverT - ok
22:43:28.0251 4580 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:43:28.0284 4580 idsvc - ok
22:43:28.0368 4580 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:43:28.0370 4580 iirsp - ok
22:43:28.0440 4580 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:43:28.0481 4580 IKEEXT - ok
22:43:28.0669 4580 IntcAzAudAddService (b1cf774c00a5d466277fe0b45439c643) C:\Windows\system32\drivers\RTKVHD64.sys
22:43:28.0772 4580 IntcAzAudAddService - ok
22:43:28.0856 4580 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:43:28.0897 4580 intelide - ok
22:43:28.0930 4580 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:43:28.0931 4580 intelppm - ok
22:43:28.0960 4580 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:43:28.0999 4580 IPBusEnum - ok
22:43:29.0037 4580 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:43:29.0040 4580 IpFilterDriver - ok
22:43:29.0092 4580 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:43:29.0123 4580 iphlpsvc - ok
22:43:29.0156 4580 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:43:29.0159 4580 IPMIDRV - ok
22:43:29.0303 4580 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:43:29.0355 4580 IPNAT - ok
22:43:29.0484 4580 iPod Service (dc115bd67a913f71a77c7c72c1e64c0a) C:\Program Files\iPod\bin\iPodService.exe
22:43:29.0497 4580 iPod Service - ok
22:43:29.0521 4580 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:43:29.0551 4580 IRENUM - ok
22:43:29.0654 4580 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:43:29.0656 4580 isapnp - ok
22:43:29.0718 4580 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:43:29.0728 4580 iScsiPrt - ok
22:43:29.0748 4580 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
22:43:29.0796 4580 kbdclass - ok
22:43:29.0839 4580 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:43:29.0841 4580 kbdhid - ok
22:43:29.0868 4580 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
22:43:29.0870 4580 KeyIso - ok
22:43:29.0938 4580 KL1 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys
22:43:29.0942 4580 KL1 - ok
22:43:29.0965 4580 kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys
22:43:29.0990 4580 kl2 - ok
22:43:30.0064 4580 KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys
22:43:30.0067 4580 KLIF - ok
22:43:30.0083 4580 KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys
22:43:30.0107 4580 KLIM6 - ok
22:43:30.0145 4580 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
22:43:30.0152 4580 klmouflt - ok
22:43:30.0187 4580 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
22:43:30.0189 4580 KSecDD - ok
22:43:30.0224 4580 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
22:43:30.0236 4580 KSecPkg - ok
22:43:30.0270 4580 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:43:30.0272 4580 ksthunk - ok
22:43:30.0298 4580 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:43:30.0353 4580 KtmRm - ok
22:43:30.0418 4580 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
22:43:30.0436 4580 LanmanServer - ok
22:43:30.0481 4580 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:43:30.0519 4580 LanmanWorkstation - ok
22:43:30.0565 4580 lirsgt (83ba097acaad0b00505634a62d90f93a) C:\Windows\system32\DRIVERS\lirsgt.sys
22:43:30.0567 4580 lirsgt - ok
22:43:30.0745 4580 LkCitadelServer (20cdb07017497c94a0bad253c4bafcbc) C:\Windows\SysWOW64\lkcitdl.exe
22:43:30.0814 4580 LkCitadelServer - ok
22:43:30.0860 4580 lkClassAds (c373079f8d6a3543faadb96c874cf06b) C:\Windows\SysWOW64\lkads.exe
22:43:30.0928 4580 lkClassAds - ok
22:43:30.0964 4580 lkTimeSync (ed1c2f1b9b7dedee5c6287211ac4422e) C:\Windows\SysWOW64\lktsrv.exe
22:43:30.0966 4580 lkTimeSync - ok
22:43:31.0049 4580 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:43:31.0052 4580 lltdio - ok
22:43:31.0086 4580 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:43:31.0117 4580 lltdsvc - ok
22:43:31.0134 4580 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:43:31.0137 4580 lmhosts - ok
22:43:31.0168 4580 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
22:43:31.0175 4580 lmimirr - ok
22:43:31.0195 4580 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
22:43:31.0196 4580 LMIRfsDriver - ok
22:43:31.0231 4580 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:43:31.0240 4580 LSI_FC - ok
22:43:31.0257 4580 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:43:31.0260 4580 LSI_SAS - ok
22:43:31.0280 4580 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:43:31.0290 4580 LSI_SAS2 - ok
22:43:31.0309 4580 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:43:31.0312 4580 LSI_SCSI - ok
22:43:31.0334 4580 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:43:31.0335 4580 luafv - ok
22:43:31.0374 4580 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
22:43:31.0375 4580 MBAMProtector - ok
22:43:31.0469 4580 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\a folder\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:43:31.0474 4580 MBAMService - ok
22:43:31.0496 4580 mcdbus (dd7376c4154a4b65962c47f21850bdad) C:\Windows\system32\DRIVERS\mcdbus.sys
22:43:31.0531 4580 mcdbus - ok
22:43:31.0564 4580 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:43:31.0574 4580 Mcx2Svc - ok
22:43:31.0650 4580 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:43:31.0679 4580 megasas - ok
22:43:31.0721 4580 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:43:31.0758 4580 MegaSR - ok
22:43:31.0826 4580 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\a folder\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:43:31.0854 4580 Microsoft Office Groove Audit Service - ok
22:43:31.0888 4580 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:43:31.0890 4580 MMCSS - ok
22:43:31.0905 4580 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:43:31.0914 4580 Modem - ok
22:43:31.0932 4580 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:43:31.0933 4580 monitor - ok
22:43:31.0979 4580 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
22:43:32.0008 4580 mouclass - ok
22:43:32.0053 4580 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:43:32.0082 4580 mouhid - ok
22:43:32.0122 4580 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:43:32.0124 4580 mountmgr - ok
22:43:32.0187 4580 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:43:32.0191 4580 MozillaMaintenance - ok
22:43:32.0227 4580 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:43:32.0240 4580 mpio - ok
22:43:32.0263 4580 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:43:32.0293 4580 mpsdrv - ok
22:43:32.0372 4580 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:43:32.0387 4580 MpsSvc - ok
22:43:32.0424 4580 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:43:32.0437 4580 MRxDAV - ok
22:43:32.0464 4580 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:43:32.0465 4580 mrxsmb - ok
22:43:32.0503 4580 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:43:32.0505 4580 mrxsmb10 - ok
22:43:32.0521 4580 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:43:32.0522 4580 mrxsmb20 - ok
22:43:32.0562 4580 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:43:32.0571 4580 msahci - ok
22:43:32.0671 4580 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:43:32.0692 4580 msdsm - ok
22:43:32.0736 4580 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:43:32.0776 4580 MSDTC - ok
22:43:32.0829 4580 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:43:32.0829 4580 Msfs - ok
22:43:32.0837 4580 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:43:32.0860 4580 mshidkmdf - ok
22:43:32.0888 4580 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:43:32.0889 4580 msisadrv - ok
22:43:32.0941 4580 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:43:32.0952 4580 MSiSCSI - ok
22:43:32.0956 4580 msiserver - ok
22:43:32.0966 4580 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:43:32.0991 4580 MSKSSRV - ok
22:43:33.0022 4580 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:43:33.0031 4580 MSPCLOCK - ok
22:43:33.0043 4580 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:43:33.0045 4580 MSPQM - ok
22:43:33.0094 4580 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:43:33.0098 4580 MsRPC - ok
22:43:33.0135 4580 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:43:33.0136 4580 mssmbios - ok
22:43:33.0163 4580 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:43:33.0165 4580 MSTEE - ok
22:43:33.0179 4580 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:43:33.0181 4580 MTConfig - ok
22:43:33.0209 4580 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:43:33.0209 4580 Mup - ok
22:43:33.0261 4580 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:43:33.0274 4580 napagent - ok
22:43:33.0311 4580 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:43:33.0328 4580 NativeWifiP - ok
22:43:33.0397 4580 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:43:33.0408 4580 NDIS - ok
22:43:33.0426 4580 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:43:33.0460 4580 NdisCap - ok
22:43:33.0487 4580 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:43:33.0489 4580 NdisTapi - ok
22:43:33.0517 4580 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:43:33.0519 4580 Ndisuio - ok
22:43:33.0557 4580 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:43:33.0569 4580 NdisWan - ok
22:43:33.0662 4580 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:43:33.0672 4580 NDProxy - ok
22:43:33.0680 4580 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:43:33.0680 4580 NetBIOS - ok
22:43:33.0726 4580 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:43:33.0742 4580 NetBT - ok
22:43:33.0768 4580 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
22:43:33.0769 4580 Netlogon - ok
22:43:33.0820 4580 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:43:33.0835 4580 Netman - ok
22:43:33.0953 4580 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:43:33.0958 4580 NetMsmqActivator - ok
22:43:33.0961 4580 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:43:33.0962 4580 NetPipeActivator - ok
22:43:34.0008 4580 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:43:34.0047 4580 netprofm - ok
22:43:34.0051 4580 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:43:34.0052 4580 NetTcpActivator - ok
22:43:34.0055 4580 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:43:34.0056 4580 NetTcpPortSharing - ok
22:43:34.0119 4580 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:43:34.0147 4580 nfrd960 - ok
22:43:34.0280 4580 NIDomainService (a36307747e7bb2dc015f9fe4350a4a08) C:\a folder\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
22:43:34.0323 4580 NIDomainService - ok
22:43:34.0677 4580 NILM License Manager (b17093b9a2c5f874975c732c1a8ba771) C:\a folder\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe
22:43:34.0719 4580 NILM License Manager - ok
22:43:34.0824 4580 niSvcLoc - ok
22:43:34.0907 4580 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:43:34.0915 4580 NlaSvc - ok
22:43:34.0947 4580 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:43:34.0948 4580 Npfs - ok
22:43:34.0974 4580 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:43:34.0982 4580 nsi - ok
22:43:34.0990 4580 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:43:34.0999 4580 nsiproxy - ok
22:43:35.0115 4580 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
22:43:35.0133 4580 Ntfs - ok
22:43:35.0181 4580 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:43:35.0183 4580 Null - ok
22:43:35.0218 4580 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
22:43:35.0231 4580 nvraid - ok
22:43:35.0269 4580 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
22:43:35.0281 4580 nvstor - ok
22:43:35.0334 4580 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:43:35.0337 4580 nv_agp - ok
22:43:35.0531 4580 O&O Defrag (6ff0f6c590e92ff1dc559b3b1b3b1b11) C:\a folder\Program Files\OO Software\Defrag\oodag.exe
22:43:35.0581 4580 O&O Defrag - ok
22:43:35.0741 4580 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:43:35.0853 4580 odserv - ok
22:43:35.0950 4580 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:43:35.0961 4580 ohci1394 - ok
22:43:35.0986 4580 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:43:36.0046 4580 ose - ok
22:43:36.0098 4580 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:43:36.0109 4580 p2pimsvc - ok
22:43:36.0224 4580 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:43:36.0235 4580 p2psvc - ok
22:43:36.0261 4580 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:43:36.0272 4580 Parport - ok
22:43:36.0311 4580 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:43:36.0312 4580 partmgr - ok
22:43:36.0332 4580 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:43:36.0365 4580 PcaSvc - ok
22:43:36.0407 4580 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:43:36.0409 4580 pci - ok
22:43:36.0421 4580 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:43:36.0422 4580 pciide - ok
22:43:36.0445 4580 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:43:36.0483 4580 pcmcia - ok
22:43:36.0518 4580 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:43:36.0519 4580 pcw - ok
22:43:36.0554 4580 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:43:36.0594 4580 PEAUTH - ok
22:43:36.0719 4580 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
22:43:36.0762 4580 PeerDistSvc - ok
22:43:36.0822 4580 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:43:36.0834 4580 PerfHost - ok
22:43:36.0983 4580 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:43:37.0016 4580 pla - ok
22:43:37.0063 4580 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:43:37.0077 4580 PlugPlay - ok
22:43:37.0098 4580 PnkBstrA - ok
22:43:37.0127 4580 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:43:37.0170 4580 PNRPAutoReg - ok
22:43:37.0214 4580 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:43:37.0217 4580 PNRPsvc - ok
22:43:37.0244 4580 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:43:37.0263 4580 PolicyAgent - ok
22:43:37.0295 4580 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:43:37.0334 4580 Power - ok
22:43:37.0424 4580 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:43:37.0464 4580 PptpMiniport - ok
22:43:37.0506 4580 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:43:37.0508 4580 Processor - ok
22:43:37.0535 4580 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
22:43:37.0553 4580 ProfSvc - ok
22:43:37.0576 4580 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
22:43:37.0577 4580 ProtectedStorage - ok
22:43:37.0689 4580 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:43:37.0718 4580 Psched - ok
22:43:37.0815 4580 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:43:37.0844 4580 ql2300 - ok
22:43:37.0921 4580 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:43:37.0952 4580 ql40xx - ok
22:43:38.0000 4580 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:43:38.0025 4580 QWAVE - ok
22:43:38.0038 4580 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:43:38.0048 4580 QWAVEdrv - ok
22:43:38.0064 4580 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:43:38.0086 4580 RasAcd - ok
22:43:38.0134 4580 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:43:38.0144 4580 RasAgileVpn - ok
22:43:38.0159 4580 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:43:38.0164 4580 RasAuto - ok
22:43:38.0208 4580 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:43:38.0213 4580 Rasl2tp - ok
22:43:38.0265 4580 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:43:38.0314 4580 RasMan - ok
22:43:38.0347 4580 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:43:38.0357 4580 RasPppoe - ok
22:43:38.0384 4580 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:43:38.0394 4580 RasSstp - ok
22:43:38.0444 4580 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:43:38.0447 4580 rdbss - ok
22:43:38.0486 4580 RDID1053 (d22bd2c64e750013d23f97a50d183758) C:\Windows\system32\Drivers\rdwm1053.sys
22:43:38.0489 4580 RDID1053 - ok
22:43:38.0507 4580 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:43:38.0509 4580 rdpbus - ok
22:43:38.0519 4580 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:43:38.0528 4580 RDPCDD - ok
22:43:38.0564 4580 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
22:43:38.0604 4580 RDPDR - ok
22:43:38.0716 4580 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:43:38.0717 4580 RDPENCDD - ok
22:43:38.0727 4580 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:43:38.0736 4580 RDPREFMP - ok
22:43:38.0780 4580 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
22:43:38.0782 4580 RdpVideoMiniport - ok
22:43:38.0825 4580 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
22:43:38.0861 4580 RDPWD - ok
22:43:38.0923 4580 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:43:38.0933 4580 rdyboost - ok
22:43:38.0961 4580 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:43:38.0970 4580 RemoteAccess - ok
22:43:39.0013 4580 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:43:39.0032 4580 RemoteRegistry - ok
22:43:39.0068 4580 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:43:39.0078 4580 RpcEptMapper - ok
22:43:39.0124 4580 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:43:39.0126 4580 RpcLocator - ok
22:43:39.0176 4580 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:43:39.0181 4580 RpcSs - ok
22:43:39.0205 4580 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:43:39.0215 4580 rspndr - ok
22:43:39.0252 4580 RTL8169 (faeeed5a8949e6ba611a7b738ad28cee) C:\Windows\system32\DRIVERS\Rtlh64.sys
22:43:39.0275 4580 RTL8169 - ok
22:43:39.0311 4580 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
22:43:39.0313 4580 s3cap - ok
22:43:39.0326 4580 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
22:43:39.0327 4580 SamSs - ok
22:43:39.0426 4580 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\a folder\Program Files\SuperAntiSpyware\SASDIFSV64.SYS
22:43:39.0433 4580 SASDIFSV - ok
22:43:39.0441 4580 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\a folder\Program Files\SuperAntiSpyware\SASKUTIL64.SYS
22:43:39.0448 4580 SASKUTIL - ok
22:43:39.0479 4580 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:43:39.0482 4580 sbp2port - ok
22:43:39.0518 4580 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:43:39.0529 4580 SCardSvr - ok
22:43:39.0564 4580 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:43:39.0566 4580 scfilter - ok
22:43:39.0713 4580 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:43:39.0733 4580 Schedule - ok
22:43:39.0775 4580 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:43:39.0776 4580 SCPolicySvc - ok
22:43:39.0817 4580 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:43:39.0828 4580 SDRSVC - ok
22:43:39.0891 4580 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:43:39.0898 4580 secdrv - ok
22:43:39.0930 4580 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:43:39.0933 4580 seclogon - ok
22:43:39.0947 4580 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
22:43:39.0950 4580 SENS - ok
22:43:39.0957 4580 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:43:39.0960 4580 SensrSvc - ok
22:43:39.0972 4580 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:43:39.0973 4580 Serenum - ok
22:43:39.0984 4580 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:43:39.0994 4580 Serial - ok
22:43:40.0026 4580 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:43:40.0035 4580 sermouse - ok
22:43:40.0072 4580 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:43:40.0085 4580 SessionEnv - ok
22:43:40.0109 4580 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:43:40.0118 4580 sffdisk - ok
22:43:40.0137 4580 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:43:40.0143 4580 sffp_mmc - ok
22:43:40.0153 4580 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:43:40.0181 4580 sffp_sd - ok
22:43:40.0208 4580 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:43:40.0210 4580 sfloppy - ok
22:43:40.0249 4580 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:43:40.0265 4580 SharedAccess - ok
22:43:40.0307 4580 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:43:40.0330 4580 ShellHWDetection - ok
22:43:40.0358 4580 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:43:40.0360 4580 SiSRaid2 - ok
22:43:40.0378 4580 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:43:40.0387 4580 SiSRaid4 - ok
22:43:40.0417 4580 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:43:40.0428 4580 Smb - ok
22:43:40.0459 4580 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:43:40.0462 4580 SNMPTRAP - ok
22:43:40.0529 4580 speedfan (5f9785e7535f8f602cb294a54962c9e7) C:\Windows\syswow64\speedfan.sys
22:43:40.0532 4580 speedfan - ok
22:43:40.0544 4580 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:43:40.0545 4580 spldr - ok
22:43:40.0702 4580 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:43:40.0710 4580 Spooler - ok
22:43:40.0893 4580 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:43:40.0982 4580 sppsvc - ok
22:43:41.0065 4580 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:43:41.0069 4580 sppuinotify - ok
22:43:41.0144 4580 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
22:43:41.0144 4580 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
22:43:41.0156 4580 sptd ( LockedFile.Multi.Generic ) - warning
22:43:41.0156 4580 sptd - detected LockedFile.Multi.Generic (1)
22:43:41.0193 4580 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:43:41.0196 4580 srv - ok
22:43:41.0240 4580 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:43:41.0243 4580 srv2 - ok
22:43:41.0261 4580 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:43:41.0263 4580 srvnet - ok
22:43:41.0291 4580 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:43:41.0302 4580 SSDPSRV - ok
22:43:41.0313 4580 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:43:41.0317 4580 SstpSvc - ok
22:43:41.0352 4580 Steam Client Service - ok
22:43:41.0380 4580 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:43:41.0387 4580 stexstor - ok
22:43:41.0451 4580 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:43:41.0468 4580 stisvc - ok
22:43:41.0511 4580 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
22:43:41.0511 4580 storflt - ok
22:43:41.0557 4580 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
22:43:41.0567 4580 storvsc - ok
22:43:41.0661 4580 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:43:41.0672 4580 swenum - ok
22:43:41.0712 4580 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:43:41.0729 4580 swprv - ok
22:43:41.0744 4580 Synth3dVsc - ok
22:43:41.0859 4580 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:43:41.0889 4580 SysMain - ok
22:43:41.0990 4580 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:43:41.0996 4580 TabletInputService - ok
22:43:42.0040 4580 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:43:42.0048 4580 TapiSrv - ok
22:43:42.0061 4580 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:43:42.0065 4580 TBS - ok
22:43:42.0178 4580 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
22:43:42.0202 4580 Tcpip - ok
22:43:42.0337 4580 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
22:43:42.0347 4580 TCPIP6 - ok
22:43:42.0413 4580 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:43:42.0423 4580 tcpipreg - ok
22:43:42.0448 4580 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:43:42.0470 4580 TDPIPE - ok
22:43:42.0498 4580 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:43:42.0507 4580 TDTCP - ok
22:43:42.0550 4580 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:43:42.0555 4580 tdx - ok
22:43:42.0645 4580 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:43:42.0656 4580 TermDD - ok
22:43:42.0729 4580 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:43:42.0744 4580 TermService - ok
22:43:42.0767 4580 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:43:42.0775 4580 Themes - ok
22:43:42.0795 4580 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:43:42.0797 4580 THREADORDER - ok
22:43:42.0817 4580 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:43:42.0837 4580 TrkWks - ok
22:43:42.0880 4580 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:43:42.0891 4580 TrustedInstaller - ok
22:43:42.0921 4580 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:43:42.0923 4580 tssecsrv - ok
22:43:42.0973 4580 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:43:42.0975 4580 TsUsbFlt - ok
22:43:42.0979 4580 tsusbhub - ok
22:43:43.0041 4580 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:43:43.0054 4580 tunnel - ok
22:43:43.0085 4580 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:43:43.0087 4580 uagp35 - ok
22:43:43.0125 4580 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:43:43.0133 4580 udfs - ok
22:43:43.0155 4580 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:43:43.0158 4580 UI0Detect - ok
22:43:43.0200 4580 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:43:43.0203 4580 uliagpkx - ok
22:43:43.0242 4580 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
22:43:43.0249 4580 umbus - ok
22:43:43.0267 4580 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:43:43.0273 4580 UmPass - ok
22:43:43.0314 4580 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
22:43:43.0324 4580 UmRdpService - ok
22:43:43.0351 4580 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:43:43.0363 4580 upnphost - ok
22:43:43.0395 4580 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
22:43:43.0405 4580 usbccgp - ok
22:43:43.0441 4580 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:43:43.0470 4580 usbcir - ok
22:43:43.0514 4580 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
22:43:43.0516 4580 usbehci - ok
22:43:43.0560 4580 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
22:43:43.0577 4580 usbhub - ok
22:43:43.0650 4580 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
22:43:43.0660 4580 usbohci - ok
22:43:43.0686 4580 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:43:43.0688 4580 usbprint - ok
22:43:43.0707 4580 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:43:43.0717 4580 usbscan - ok
22:43:43.0742 4580 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:43:43.0752 4580 USBSTOR - ok
22:43:43.0783 4580 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
22:43:43.0792 4580 usbuhci - ok
22:43:43.0802 4580 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:43:43.0824 4580 UxSms - ok
22:43:43.0851 4580 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
22:43:43.0853 4580 VaultSvc - ok
22:43:43.0887 4580 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:43:43.0887 4580 vdrvroot - ok
22:43:43.0940 4580 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:43:43.0958 4580 vds - ok
22:43:43.0970 4580 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:43:43.0972 4580 vga - ok
22:43:43.0983 4580 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:43:43.0992 4580 VgaSave - ok
22:43:44.0013 4580 VGPU - ok
22:43:44.0037 4580 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:43:44.0047 4580 vhdmp - ok
22:43:44.0066 4580 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:43:44.0075 4580 viaide - ok
22:43:44.0118 4580 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
22:43:44.0119 4580 vmbus - ok
22:43:44.0152 4580 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
22:43:44.0177 4580 VMBusHID - ok
22:43:44.0211 4580 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:43:44.0212 4580 volmgr - ok
22:43:44.0254 4580 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:43:44.0258 4580 volmgrx - ok
22:43:44.0283 4580 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:43:44.0285 4580 volsnap - ok
22:43:44.0316 4580 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:43:44.0335 4580 vsmraid - ok
22:43:44.0481 4580 VSPerfDrv100 (1928b9ca20f51bfbbad54d2c2c447b13) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
22:43:44.0483 4580 VSPerfDrv100 - ok
22:43:44.0659 4580 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:43:44.0930 4580 VSS - ok
22:43:45.0020 4580 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
22:43:45.0027 4580 vwifibus - ok
22:43:45.0060 4580 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:43:45.0083 4580 W32Time - ok
22:43:45.0102 4580 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:43:45.0105 4580 WacomPen - ok
22:43:45.0157 4580 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:43:45.0168 4580 WANARP - ok
22:43:45.0179 4580 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:43:45.0180 4580 Wanarpv6 - ok
22:43:45.0271 4580 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:43:45.0299 4580 WatAdminSvc - ok
22:43:45.0401 4580 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:43:45.0424 4580 wbengine - ok
22:43:45.0515 4580 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:43:45.0533 4580 WbioSrvc - ok
22:43:45.0577 4580 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:43:45.0582 4580 wcncsvc - ok
22:43:45.0648 4580 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:43:45.0652 4580 WcsPlugInService - ok
22:43:45.0685 4580 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:43:45.0687 4580 Wd - ok
22:43:45.0726 4580 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:43:45.0730 4580 Wdf01000 - ok
22:43:45.0749 4580 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:43:45.0780 4580 WdiServiceHost - ok
22:43:45.0783 4580 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:43:45.0786 4580 WdiSystemHost - ok
22:43:45.0833 4580 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:43:45.0842 4580 WebClient - ok
22:43:45.0863 4580 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:43:45.0873 4580 Wecsvc - ok
22:43:45.0888 4580 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:43:45.0897 4580 wercplsupport - ok
22:43:45.0917 4580 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:43:45.0920 4580 WerSvc - ok
22:43:45.0941 4580 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:43:45.0943 4580 WfpLwf - ok
22:43:45.0956 4580 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:43:45.0958 4580 WIMMount - ok
22:43:45.0983 4580 WinDefend - ok
22:43:45.0991 4580 WinHttpAutoProxySvc - ok
22:43:46.0033 4580 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:43:46.0051 4580 Winmgmt - ok
22:43:46.0175 4580 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:43:46.0217 4580 WinRM - ok
22:43:46.0322 4580 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:43:46.0329 4580 WinUsb - ok
22:43:46.0393 4580 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:43:46.0409 4580 Wlansvc - ok
22:43:46.0651 4580 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:43:46.0664 4580 wlidsvc - ok
22:43:46.0729 4580 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:43:46.0738 4580 WmiAcpi - ok
22:43:46.0789 4580 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:43:46.0800 4580 wmiApSrv - ok
22:43:46.0848 4580 WMPNetworkSvc - ok
22:43:46.0874 4580 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:43:46.0882 4580 WPCSvc - ok
22:43:46.0919 4580 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:43:46.0932 4580 WPDBusEnum - ok
22:43:46.0956 4580 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:43:46.0964 4580 ws2ifsl - ok
22:43:46.0979 4580 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
22:43:46.0982 4580 wscsvc - ok
22:43:46.0986 4580 WSearch - ok
22:43:47.0124 4580 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
22:43:47.0154 4580 wuauserv - ok
22:43:47.0255 4580 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:43:47.0266 4580 WudfPf - ok
22:43:47.0296 4580 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:43:47.0307 4580 WUDFRd - ok
22:43:47.0342 4580 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:43:47.0355 4580 wudfsvc - ok
22:43:47.0376 4580 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:43:47.0393 4580 WwanSvc - ok
22:43:47.0404 4580 MBR (0x1B8) (4661f953f30d48fd76a9da73c4892179) \Device\Harddisk0\DR0
22:43:47.0775 4580 \Device\Harddisk0\DR0 - ok
22:43:47.0779 4580 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR1
22:43:48.0217 4580 \Device\Harddisk1\DR1 - ok
22:43:48.0219 4580 Boot (0x1200) (b4f67d19b2b9cb025785cc00f8bccdfe) \Device\Harddisk0\DR0\Partition0
22:43:48.0220 4580 \Device\Harddisk0\DR0\Partition0 - ok
22:43:48.0241 4580 Boot (0x1200) (4d2cca53ef627626c7ad78ce199b81f7) \Device\Harddisk0\DR0\Partition1
22:43:48.0243 4580 \Device\Harddisk0\DR0\Partition1 - ok
22:43:48.0246 4580 Boot (0x1200) (b7328b645ded78ea7c684b6a94b76f87) \Device\Harddisk1\DR1\Partition0
22:43:48.0247 4580 \Device\Harddisk1\DR1\Partition0 - ok
22:43:48.0247 4580 ============================================================
22:43:48.0248 4580 Scan finished
22:43:48.0248 4580 ============================================================
22:43:48.0259 3700 Detected object count: 1
22:43:48.0259 3700 Actual detected object count: 1
22:44:40.0277 3700 sptd ( LockedFile.Multi.Generic ) - skipped by user
22:44:40.0277 3700 sptd ( LockedFile.Multi.Generic ) - User select action: Skip



COMBO FIX LOG

ComboFix 12-06-24.03 - PEP 06/24/2012 22:51:25.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1251.7.1033.18.4094.2645 [GMT -4:00]
Running from: c:\users\PEP\Desktop\ComboFix.exe
Command switches used :: c:\users\PEP\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-05-25 to 2012-06-25 )))))))))))))))))))))))))))))))
.
.
2012-06-25 02:58 . 2012-06-25 02:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-14 22:04 . 2012-06-14 22:04 -------- d-----w- C:\_OTL
2012-06-07 01:15 . 2012-06-07 01:15 -------- d-----w- c:\users\PEP\.swt
2012-06-07 01:11 . 2012-06-07 01:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-07 01:10 . 2012-06-07 01:10 -------- d-----w- c:\program files (x86)\Oracle
2012-06-07 01:10 . 2012-04-04 22:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-06 00:59 . 2012-06-18 15:01 -------- d-----w- C:\SD
2012-06-06 00:18 . 2012-06-06 00:18 -------- d-----w- c:\program files\Oracle
2012-06-06 00:17 . 2012-04-04 22:33 955800 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-04 07:03 . 2012-06-13 21:25 -------- d-----w- c:\users\PEP\AppData\Roaming\MonoDevelop-Unity-2.8
2012-06-04 07:03 . 2012-06-04 07:03 -------- d-----w- c:\users\PEP\AppData\Local\MonoDevelop-Unity-2.8
2012-06-01 22:20 . 2012-06-01 22:20 -------- d-----w- c:\program files (x86)\TexturePacker
2012-05-31 18:52 . 2012-05-31 18:52 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-05-31 18:47 . 2012-05-31 18:47 -------- d-----w- c:\programdata\ALM
2012-05-31 18:45 . 2012-05-31 18:45 -------- d-----w- c:\program files (x86)\Adobe Media Player
2012-05-27 07:40 . 2012-05-27 07:40 -------- d-----w- c:\users\PEP\AppData\Roaming\SUPERAntiSpyware.com
2012-05-27 07:37 . 2012-05-27 07:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-22 00:22 . 2008-11-15 02:33 202448 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:34 . 2012-04-06 02:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 02:34 . 2012-04-06 02:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 02:34 . 2012-04-06 02:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 02:33 . 2012-04-06 02:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 02:33 . 2012-04-06 02:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 02:33 . 2012-04-06 02:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-06 02:32 . 2012-04-06 02:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2011-04-20 02:09 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2010-05-05 02:18 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2011-12-06 03:12 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2011-04-20 01:59 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2010-05-05 01:35 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2009-08-14 02:03 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2011-12-06 02:39 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2011-12-06 02:24 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2011-12-06 02:13 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2010-05-05 01:22 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2011-04-20 01:21 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2011-12-06 02:11 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2011-05-25 02:24 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-04-04 22:47 . 2010-08-12 22:21 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 22:33 . 2011-03-30 16:58 839056 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2012-05-25 10:57 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-03_11.51.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-25 12:51 . 2012-06-21 10:12 43334 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-25 03:02 28404 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-25 11:59 . 2012-06-25 03:02 20064 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3924556204-3487639632-2258398569-1000_UserData.bin
+ 2009-12-25 11:12 . 2012-06-25 02:06 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2009-12-25 11:12 . 2012-06-03 09:11 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2012-06-14 22:12 . 2012-06-25 02:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2009-12-25 11:12 . 2012-06-03 09:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-25 02:06 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-03 09:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-06-18 23:13 88528 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Softwar eProtectionPlatform\Cache\cache.dat
- 2011-08-09 22:20 . 2011-10-14 07:08 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-08-09 22:20 . 2012-06-18 23:14 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2012-06-03 11:50 . 2012-06-03 11:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-25 03:00 . 2012-06-25 03:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-25 03:00 . 2012-06-25 03:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-03 11:50 . 2012-06-03 11:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-07 01:10 . 2012-04-04 22:47 227720 c:\windows\SysWOW64\javaws.exe
+ 2012-06-07 01:09 . 2012-06-07 01:09 174024 c:\windows\SysWOW64\javaw.exe
+ 2012-06-07 01:09 . 2012-06-07 01:09 174024 c:\windows\SysWOW64\java.exe
+ 2011-09-26 23:12 . 2012-06-23 19:19 295514 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-06-13 18:29 697542 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-09 04:05 697542 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-09 04:05 141740 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-13 18:29 141740 c:\windows\system32\perfc009.dat
+ 2012-06-06 00:17 . 2012-06-06 00:16 268744 c:\windows\system32\javaws.exe
+ 2012-06-06 00:17 . 2012-06-06 00:16 189384 c:\windows\system32\javaw.exe
+ 2012-06-06 00:17 . 2012-06-06 00:16 188872 c:\windows\system32\java.exe
+ 2012-06-19 07:13 . 2012-06-25 02:59 284864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-06-25 02:59 500824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-06 00:18 . 2012-06-06 00:18 514048 c:\windows\Installer\1ae0ef9.msi
+ 2012-06-06 00:17 . 2012-06-06 00:17 440832 c:\windows\Installer\1ae0ef5.msi
+ 2012-06-06 00:14 . 2012-06-06 00:14 471040 c:\windows\Installer\1ae0eea.msi
+ 2012-06-07 01:11 . 2012-06-07 01:11 179200 c:\windows\Installer\19789b8.msi
+ 2012-06-07 01:10 . 2012-06-07 01:10 461312 c:\windows\Installer\19789a8.msi
+ 2009-07-14 04:45 . 2012-06-07 11:29 5007800 c:\windows\system32\FNTCACHE.DAT
+ 2010-04-30 08:01 . 2012-06-25 02:59 31175380 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3924556204-3487639632-2258398569-1000-12288.dat
+ 2012-06-18 23:14 . 2012-06-18 23:14 20343808 c:\windows\Installer\257c27a.msp
+ 2012-05-03 04:32 . 2012-05-03 04:32 20036096 c:\windows\Installer\1ae0ef1.msi
+ 2012-06-07 01:08 . 2012-06-07 01:08 17379840 c:\windows\Installer\19789a4.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Adobe Reader Speed Launcher"="c:\a folder\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"NI Background Service"="c:\a folder\Program Files (x86)\National Instruments\Shared\Update Service\BackgroundService.exe" [2009-08-25 77824]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 RDID1053;PC-50;c:\windows\system32\Drivers\rdwm1053.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 CSHelper;CopySafe Helper Service;c:\windows\SysWOW64\CSHelper.exe [2010-01-30 266240]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 SASDIFSV;SASDIFSV;c:\a folder\Program Files\SuperAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\a folder\Program Files\SuperAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\a folder\Program Files\SuperAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 MBAMService;MBAMService;c:\a folder\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 04:40]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 04:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-02-17 7037984]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-17 1833504]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\system32\blank.htm
Trusted Zone: facebook.com\www
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\PEP\AppData\Roaming\Mozilla\Firefox\Profiles\pv2z0nyu.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1d,95,30,5e,fb,dd,83,9b,84,5e,8e,f2,cf,37,94,bd,67,71,52,46,33,ac, 86,
a5,7f,93,2f,da,ad,0c,a6,db,a1,06,d2,c4,a2,1d,d2,f4,2d,69,bf,ce,54,ca,fd,b0, \
"??"=hex:64,c7,47,3c,b1,46,dc,87,ee,75,dd,19,bc,bf,1a,4f
.
[HKEY_USERS\S-1-5-21-3924556204-3487639632-2258398569-1000\Software\SecuROM\License information*]
"datasecu"=hex:3f,f8,70,63,d7,18,a4,68,54,86,a6,9c,b8,9a,25,32,22,4e,74,8f, d1,
b2,44,f5,49,9d,dc,54,0b,c7,d1,6a,bc,c9,08,7e,56,52,32,e4,43,b9,92,a5,79,74, \
"rkeysecu"=hex:d4,46,73,92,b3,86,58,32,28,6b,1f,b9,40,5a,eb,cb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="C19BBF812550E14CD03A90C28F2637EDA1F57C2B B11DE4999DA059DB378BDB3193EF9BABF4DD9780E375FA431D72887F41601C840BC8955E781 6DAC0137B9DE9D7939BC46C8D183E179FAB2EA8873D3ED8D635983961C06E3A773F0F81C49C 10EB0DC4590792EB8F675F53969D44D3CB2A3BBF1FB694FEA10204664230812B4BF01A01CCB F13BC94180DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C FEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA9C6AECB7A5 D1407A6A0AC4980AC79331EFD33BB0154EE9DAF084DCFE9C0FA3972F6691FE9D4566CF3F503 C21BA0B0F7722CEED8D01E54E333C73D56ADDE90315DD6369F548ABDDA726A5C761D3646B14 E1605B7E4FDCBF8B9B4FC6861F74D618F013F0B14F4EBCA6A7D40D53C12385669B0BA2B6795 10500727A16488A48A5E73D48CEE25BFFB0C0E33453B8C93811562C159F7A69B1C13404DC51 DC890666DD903274A272ACD9E776107F1C831E1493AE6ACD714D8B31C71A6065AEE7AC48575 139E12DE0B83BAA232263C4B735D89578F85F8472E597D070805D66835C9D65CDC06AD33488 5CAEEA5C6CE97793D1C017F387EF78B58FBD399E741C7A95F428C8FF279B05FFC6DA20E8ED2 D0F10E7CE54E1EFC0678BD8F0F5A58BCC4D0B5DB632C01C58660DA74E4122B64C0A31EDA986 6137F718D5964D31984E0BABBBDEE25894ED5896F51E6C22DCA1554E703998B89788361FB41 DA9E7B9D38A70CADF779507C62B0445800ABAD22EA9A2C15511BCAB37B9F834E8853F958C2A EFAFEA9EAFDB417982D2BABF4B5E75D4B70EECD82922BCC197C9D35B6E1F0729653F1676965 20138108C78F56BCD85B3ECA710DE49BCCD1E0CE105D7553A1ADCA7385CDC7ABEC6D4EC9720 1EC8D3444EFE541C3C5F50AD8AC7ACB319CC2AF50D9CE83A73E4BCE2A87FA318A38C63D6D01 FCC6D99005D5A3569039969DF95E2A766D73F7E891FB4858B850E99E5B3C20B6E0ACE91202A A695B398526D015777D77692473459FAEB691B1DD9265917B99F979E443FA770452DD2DA22A EF85C98159F3A70437ECA5D9A6AC2E2B3C84CC0AD8BD22E9E04662FCA3BA442519102660B84 E554708412588AFFE588DB023819782BB5D16BD20CAFA97C4644ACECB623A5AD0C50FDFBB71 116895364839B0F2DACC955232ED8FC6D3C5C14004772758222366D7DF514D57B0B072E79EA C43FC60AF7F815F34ED6180E0BAD86CDD62E41E200F2D744EBC241E8DA75086C8C4FDA9C9C3 AFEEB46CAC7040CFF2D6B013EAA97EDC2DB92D23A97FA46017AAAD75592CDABDE3E9F98D3C8 25BB198C48021CE3592F800D0AB6EC0F044D5A7E95E68F8CFC6616A8A712B298F51A79671C4 49FA21521C168FE76043045A5A2F554502C5729831D342EA6F1061E48A"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
c:\windows\SysWOW64\lkads.exe
c:\windows\SysWOW64\lktsrv.exe
c:\a folder\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\SysWOW64\nisvcloc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-06-24 23:10:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-25 03:10
ComboFix2.txt 2012-06-03 11:59
.
Pre-Run: 69,650,292,736 bytes free
Post-Run: 69,436,702,720 bytes free
.
- - End Of File - - 5F6CFF57E1F25517C113DFE7F871AA81
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,270 posts.
 
Join Date: Mar 2001
Location: Bradford, England
27-Jun-2012, 06:35 AM #14
Thanks

Can you re-run aswMBR again, exactly as you did before, as I want to see if the same issues are being spotted, and post the log.

-----------

Download CKScanner from here

Important : Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

----------

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.
    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter
    .
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the Licence agreement and click on next
  • It will by default install it to your desktop folder.Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.
  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)
Leave the rest of the settings as they appear as default.
  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.
valis's Avatar
Moderator with 63,341 posts.
 
Join Date: Sep 2004
Location: as above
25-Sep-2012, 03:54 PM #15
reopening per request. Due to the time that has elapsed, you should probably start at the beginning and post the requested logs again.

thanks,

v
Email This Email  Print This Print  Bookmark This Bookmark  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑