Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Win32.Generic!BT / Cannot connect to SSL secure sites...


  • This topic is locked This topic is locked
12 replies to this topic

#1 spencerp

spencerp

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 24 May 2012 - 08:05 AM

Hello all,

The issue started about week ago, this computer was bought new about a month or so ago.. and just the other week, I think I accidentally downloaded a bad "Adobe Flasher Player" program and installed it, and it's been hell ever since. Was having TONS of spammer / malware cookies in my registry, redirecting going on in Google search, my facebook account was hacked, and someone sent a few porn links to friends/ family and i had to change my facebook password quick, and etc. The computer originally came with a 160GB HDD... and I took my 500GB HDD out of the other tower, and had added it in here in this tower... I basically was just using the 500GB as a backup storage... I moved all my necessary files / etc from the 500GB to the 160GB which contained my Windows 7 Home Premium on it. The 500GB HDD basically was cleaned/formatted.. The fake "Adobe Flash Player" was installed the 160GB HDD which originally had the OS on... I tried running all kinds of anti-spyware programs... Super Anti-spyware, Ad-Aware, Spybot, CCleaner to keep removing temp files/folders... cookies and etc... I tried doing the ComboFix.. as well as other "fixes" / scans that I've seen posted in here before... The computer was just at a dragging hault... So I swapped places for the Hard Drives... Made the 500GB a new/fresh install of Windows 7... just had the 160GB as a storage hard drive.. Installed the OS/WIN 7 on the 500GB... Everything was fine... moved over some normal files from the 160GB to the 500GB.. but I think some traces of trojans are back! :( I installed the ESET Antivirus 5... Spyware Blaster ... Super Antispyware and Ad-aware again. And the Ad-Aware / ESET picked up some things.... I have some logs here... From ComboFix, DDS, OTL, MBR Check, Catchme...The TDSSKiller log is too big to attach lmao... But I can later if need be.

Also, I'm not sure which programs were doing it, but I can't connect to SSL secure sites... when logging in to them... like Facebook.com, Deviantart.com... my email client Thunderbird... won't connect to get me my emails... Any ideas? Thanks.. :) I was thinking about moving all my "important files" back to the 160GB drive .. that I also formatted and etc... The hidden RECYCLE.BIN folder said it was "corrupted" before the formatting of that drive and I did a diskcheck on it.. appeared fine. I could just move my files to that drive... remove it from tower... then do a fresh install of Windows 7 again? If so, how would I totally remove / format this C:\ drive again of windows and replace it? I just want to have my files on here yet

Attached Files


Edited by spencerp, 24 May 2012 - 08:15 AM.


BC AdBot (Login to Remove)

 


#2 spencerp

spencerp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 24 May 2012 - 08:19 AM

Oops, I saw else where you rather have the logs posted in here instead of attachments... I'll do each one then... This is the TDSSkiller log

07:52:39.0702 1476 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
07:52:40.0110 1476 ============================================================
07:52:40.0110 1476 Current date / time: 2012/05/23 07:52:40.0110
07:52:40.0110 1476 SystemInfo:
07:52:40.0110 1476
07:52:40.0111 1476 OS Version: 6.1.7601 ServicePack: 1.0
07:52:40.0111 1476 Product type: Workstation
07:52:40.0111 1476 ComputerName: SPENCERMP
07:52:40.0111 1476 UserName: spencerpassmore
07:52:40.0111 1476 Windows directory: C:\Windows
07:52:40.0111 1476 System windows directory: C:\Windows
07:52:40.0111 1476 Processor architecture: Intel x86
07:52:40.0111 1476 Number of processors: 2
07:52:40.0111 1476 Page size: 0x1000
07:52:40.0111 1476 Boot type: Normal boot
07:52:40.0111 1476 ============================================================
07:52:41.0122 1476 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
07:52:41.0122 1476 Drive \Device\Harddisk0\DR0 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x16E1F, SectorsPerTrack: 0x34, TracksPerCylinder: 0x42, Type 'K0', Flags 0x00000050
07:52:41.0136 1476 Drive \Device\Harddisk2\DR2 - Size: 0x3B5980000 (14.84 Gb), SectorSize: 0x200, Cylinders: 0x790, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
07:52:41.0137 1476 ============================================================
07:52:41.0137 1476 \Device\Harddisk1\DR1:
07:52:41.0137 1476 MBR partitions:
07:52:41.0137 1476 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
07:52:41.0137 1476 \Device\Harddisk0\DR0:
07:52:41.0137 1476 MBR partitions:
07:52:41.0137 1476 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x132C4000
07:52:41.0137 1476 \Device\Harddisk2\DR2:
07:52:41.0137 1476 MBR partitions:
07:52:41.0137 1476 \Device\Harddisk2\DR2\Partition0: MBR, Type 0xC, StartLBA 0x800, BlocksNum 0x1DAC400
07:52:41.0137 1476 ============================================================
07:52:41.0165 1476 C: <-> \Device\Harddisk1\DR1\Partition0
07:52:41.0177 1476 E: <-> \Device\Harddisk0\DR0\Partition0
07:52:41.0177 1476 ============================================================
07:52:41.0177 1476 Initialize success
07:52:41.0177 1476 ============================================================
07:52:47.0157 2932 ============================================================
07:52:47.0157 2932 Scan started
07:52:47.0157 2932 Mode: Manual; SigCheck; TDLFS;
07:52:47.0157 2932 ============================================================
07:52:48.0007 2932 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
07:52:48.0059 2932 !SASCORE - ok
07:52:48.0178 2932 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
07:52:48.0258 2932 1394ohci - ok
07:52:48.0276 2932 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
07:52:48.0299 2932 ACPI - ok
07:52:48.0319 2932 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
07:52:48.0365 2932 AcpiPmi - ok
07:52:48.0471 2932 Ad-Aware Service (09e61047b0cef21559cfcedf4f14d216) C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
07:52:48.0517 2932 Ad-Aware Service - ok
07:52:48.0584 2932 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:52:48.0605 2932 AdobeFlashPlayerUpdateSvc - ok
07:52:48.0683 2932 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
07:52:48.0713 2932 adp94xx - ok
07:52:48.0735 2932 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
07:52:48.0774 2932 adpahci - ok
07:52:48.0783 2932 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
07:52:48.0798 2932 adpu320 - ok
07:52:48.0823 2932 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
07:52:48.0908 2932 AeLookupSvc - ok
07:52:48.0961 2932 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
07:52:49.0018 2932 AFD - ok
07:52:49.0034 2932 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
07:52:49.0049 2932 agp440 - ok
07:52:49.0072 2932 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
07:52:49.0088 2932 aic78xx - ok
07:52:49.0113 2932 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
07:52:49.0150 2932 ALG - ok
07:52:49.0153 2932 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
07:52:49.0168 2932 aliide - ok
07:52:49.0173 2932 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
07:52:49.0186 2932 amdagp - ok
07:52:49.0189 2932 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
07:52:49.0202 2932 amdide - ok
07:52:49.0207 2932 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
07:52:49.0230 2932 AmdK8 - ok
07:52:49.0234 2932 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
07:52:49.0260 2932 AmdPPM - ok
07:52:49.0286 2932 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
07:52:49.0299 2932 amdsata - ok
07:52:49.0308 2932 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
07:52:49.0323 2932 amdsbs - ok
07:52:49.0339 2932 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
07:52:49.0352 2932 amdxata - ok
07:52:49.0375 2932 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
07:52:49.0407 2932 AppID - ok
07:52:49.0420 2932 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
07:52:49.0478 2932 AppIDSvc - ok
07:52:49.0495 2932 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
07:52:49.0529 2932 Appinfo - ok
07:52:49.0559 2932 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
07:52:49.0572 2932 arc - ok
07:52:49.0578 2932 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
07:52:49.0592 2932 arcsas - ok
07:52:49.0596 2932 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
07:52:49.0676 2932 AsyncMac - ok
07:52:49.0681 2932 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
07:52:49.0693 2932 atapi - ok
07:52:49.0723 2932 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
07:52:49.0781 2932 AudioEndpointBuilder - ok
07:52:49.0786 2932 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
07:52:49.0817 2932 Audiosrv - ok
07:52:49.0839 2932 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
07:52:49.0894 2932 AxInstSV - ok
07:52:49.0930 2932 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
07:52:49.0971 2932 b06bdrv - ok
07:52:49.0999 2932 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
07:52:50.0034 2932 b57nd60x - ok
07:52:50.0049 2932 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
07:52:50.0076 2932 BDESVC - ok
07:52:50.0085 2932 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
07:52:50.0123 2932 Beep - ok
07:52:50.0168 2932 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
07:52:50.0215 2932 BFE - ok
07:52:50.0254 2932 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
07:52:50.0304 2932 BITS - ok
07:52:50.0319 2932 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
07:52:50.0335 2932 blbdrive - ok
07:52:50.0359 2932 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
07:52:50.0390 2932 bowser - ok
07:52:50.0393 2932 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
07:52:50.0411 2932 BrFiltLo - ok
07:52:50.0415 2932 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
07:52:50.0442 2932 BrFiltUp - ok
07:52:50.0458 2932 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
07:52:50.0492 2932 BridgeMP - ok
07:52:50.0510 2932 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
07:52:50.0542 2932 Browser - ok
07:52:50.0568 2932 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
07:52:50.0605 2932 Brserid - ok
07:52:50.0610 2932 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
07:52:50.0636 2932 BrSerWdm - ok
07:52:50.0639 2932 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:52:50.0661 2932 BrUsbMdm - ok
07:52:50.0666 2932 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
07:52:50.0690 2932 BrUsbSer - ok
07:52:50.0695 2932 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
07:52:50.0725 2932 BTHMODEM - ok
07:52:50.0761 2932 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
07:52:50.0793 2932 bthserv - ok
07:52:50.0856 2932 catchme - ok
07:52:50.0865 2932 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
07:52:50.0895 2932 cdfs - ok
07:52:50.0923 2932 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
07:52:50.0953 2932 cdrom - ok
07:52:50.0965 2932 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
07:52:51.0001 2932 CertPropSvc - ok
07:52:51.0016 2932 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
07:52:51.0045 2932 circlass - ok
07:52:51.0066 2932 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
07:52:51.0089 2932 CLFS - ok
07:52:51.0147 2932 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:52:51.0161 2932 clr_optimization_v2.0.50727_32 - ok
07:52:51.0309 2932 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:52:51.0326 2932 clr_optimization_v4.0.30319_32 - ok
07:52:51.0348 2932 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys
07:52:51.0378 2932 CmBatt - ok
07:52:51.0388 2932 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
07:52:51.0402 2932 cmdide - ok
07:52:51.0438 2932 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
07:52:51.0476 2932 CNG - ok
07:52:51.0480 2932 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys
07:52:51.0495 2932 Compbatt - ok
07:52:51.0529 2932 CompFilter (9704b9c442e3ef2989746d08f80a3743) C:\Windows\system32\DRIVERS\lvbusflt.sys
07:52:51.0599 2932 CompFilter - ok
07:52:51.0607 2932 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
07:52:51.0628 2932 CompositeBus - ok
07:52:51.0640 2932 COMSysApp - ok
07:52:51.0657 2932 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
07:52:51.0669 2932 crcdisk - ok
07:52:51.0688 2932 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
07:52:51.0735 2932 CryptSvc - ok
07:52:51.0770 2932 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
07:52:51.0802 2932 DcomLaunch - ok
07:52:51.0826 2932 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
07:52:51.0871 2932 defragsvc - ok
07:52:51.0882 2932 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
07:52:51.0917 2932 DfsC - ok
07:52:51.0941 2932 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
07:52:51.0975 2932 Dhcp - ok
07:52:51.0979 2932 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
07:52:52.0015 2932 discache - ok
07:52:52.0036 2932 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
07:52:52.0072 2932 Disk - ok
07:52:52.0101 2932 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
07:52:52.0125 2932 Dnscache - ok
07:52:52.0141 2932 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
07:52:52.0189 2932 dot3svc - ok
07:52:52.0198 2932 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
07:52:52.0242 2932 DPS - ok
07:52:52.0271 2932 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
07:52:52.0294 2932 drmkaud - ok
07:52:52.0333 2932 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
07:52:52.0358 2932 DXGKrnl - ok
07:52:52.0389 2932 e1express (0535bfbedb9378ddd15bdf9957d57d71) C:\Windows\system32\DRIVERS\e1e6232.sys
07:52:52.0410 2932 e1express - ok
07:52:52.0452 2932 eamonm (8a45015e85a4dce0086b9973f0fd9a20) C:\Windows\system32\DRIVERS\eamonm.sys
07:52:52.0474 2932 eamonm - ok
07:52:52.0497 2932 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
07:52:52.0530 2932 EapHost - ok
07:52:52.0681 2932 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
07:52:52.0761 2932 ebdrv - ok
07:52:52.0814 2932 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
07:52:52.0836 2932 EFS - ok
07:52:52.0889 2932 ehdrv (5412ed24fffca64e2f0168399b86c952) C:\Windows\system32\DRIVERS\ehdrv.sys
07:52:52.0904 2932 ehdrv - ok
07:52:52.0976 2932 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
07:52:53.0011 2932 ehRecvr - ok
07:52:53.0017 2932 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
07:52:53.0039 2932 ehSched - ok
07:52:53.0208 2932 ekrn (ad4faade819e0da9933bea7c01d2c763) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
07:52:53.0240 2932 ekrn - ok
07:52:53.0320 2932 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
07:52:53.0350 2932 elxstor - ok
07:52:53.0408 2932 epfw (774babcb1144513dc86992003740b774) C:\Windows\system32\DRIVERS\epfw.sys
07:52:53.0431 2932 epfw - ok
07:52:53.0439 2932 EpfwLWF (2c22cc39309ee06ae870c183bf2a769d) C:\Windows\system32\DRIVERS\EpfwLWF.sys
07:52:53.0450 2932 EpfwLWF - ok
07:52:53.0479 2932 epfwwfp (2b4e5f01a4e786b422f4d617b51fa7d9) C:\Windows\system32\DRIVERS\epfwwfp.sys
07:52:53.0489 2932 epfwwfp - ok
07:52:53.0502 2932 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
07:52:53.0523 2932 ErrDev - ok
07:52:53.0606 2932 esihdrv - ok
07:52:53.0633 2932 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
07:52:53.0678 2932 EventSystem - ok
07:52:53.0692 2932 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
07:52:53.0726 2932 exfat - ok
07:52:53.0734 2932 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
07:52:53.0768 2932 fastfat - ok
07:52:53.0804 2932 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
07:52:53.0831 2932 Fax - ok
07:52:53.0835 2932 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
07:52:53.0859 2932 fdc - ok
07:52:53.0870 2932 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
07:52:53.0902 2932 fdPHost - ok
07:52:53.0906 2932 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
07:52:53.0944 2932 FDResPub - ok
07:52:53.0959 2932 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
07:52:53.0973 2932 FileInfo - ok
07:52:53.0976 2932 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
07:52:54.0010 2932 Filetrace - ok
07:52:54.0025 2932 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
07:52:54.0041 2932 flpydisk - ok
07:52:54.0059 2932 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
07:52:54.0075 2932 FltMgr - ok
07:52:54.0134 2932 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
07:52:54.0190 2932 FontCache - ok
07:52:54.0262 2932 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
07:52:54.0274 2932 FontCache3.0.0.0 - ok
07:52:54.0279 2932 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
07:52:54.0294 2932 FsDepends - ok
07:52:54.0320 2932 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
07:52:54.0333 2932 Fs_Rec - ok
07:52:54.0352 2932 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
07:52:54.0369 2932 fvevol - ok
07:52:54.0376 2932 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
07:52:54.0390 2932 gagp30kx - ok
07:52:54.0423 2932 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
07:52:54.0475 2932 gpsvc - ok
07:52:54.0491 2932 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
07:52:54.0523 2932 hcw85cir - ok
07:52:54.0548 2932 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
07:52:54.0578 2932 HdAudAddService - ok
07:52:54.0601 2932 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
07:52:54.0628 2932 HDAudBus - ok
07:52:54.0632 2932 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
07:52:54.0653 2932 HidBatt - ok
07:52:54.0659 2932 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
07:52:54.0677 2932 HidBth - ok
07:52:54.0703 2932 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
07:52:54.0745 2932 HidIr - ok
07:52:54.0761 2932 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
07:52:54.0790 2932 hidserv - ok
07:52:54.0801 2932 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
07:52:54.0833 2932 HidUsb - ok
07:52:54.0852 2932 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
07:52:54.0880 2932 hkmsvc - ok
07:52:54.0899 2932 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
07:52:54.0943 2932 HomeGroupListener - ok
07:52:54.0963 2932 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
07:52:54.0988 2932 HomeGroupProvider - ok
07:52:54.0993 2932 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
07:52:55.0007 2932 HpSAMD - ok
07:52:55.0042 2932 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
07:52:55.0076 2932 HTTP - ok
07:52:55.0079 2932 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
07:52:55.0092 2932 hwpolicy - ok
07:52:55.0097 2932 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
07:52:55.0114 2932 i8042prt - ok
07:52:55.0151 2932 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
07:52:55.0172 2932 iaStorV - ok
07:52:55.0287 2932 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:52:55.0318 2932 idsvc - ok
07:52:55.0537 2932 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
07:52:55.0638 2932 igfx - ok
07:52:55.0733 2932 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
07:52:55.0749 2932 iirsp - ok
07:52:55.0801 2932 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
07:52:55.0857 2932 IKEEXT - ok
07:52:55.0863 2932 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
07:52:55.0876 2932 intelide - ok
07:52:55.0884 2932 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
07:52:55.0908 2932 intelppm - ok
07:52:55.0918 2932 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
07:52:55.0960 2932 IPBusEnum - ok
07:52:55.0971 2932 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:52:56.0008 2932 IpFilterDriver - ok
07:52:56.0073 2932 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
07:52:56.0183 2932 iphlpsvc - ok
07:52:56.0265 2932 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
07:52:56.0295 2932 IPMIDRV - ok
07:52:56.0301 2932 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
07:52:56.0344 2932 IPNAT - ok
07:52:56.0355 2932 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
07:52:56.0381 2932 IRENUM - ok
07:52:56.0390 2932 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
07:52:56.0403 2932 isapnp - ok
07:52:56.0428 2932 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
07:52:56.0450 2932 iScsiPrt - ok
07:52:56.0466 2932 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
07:52:56.0479 2932 kbdclass - ok
07:52:56.0483 2932 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
07:52:56.0499 2932 kbdhid - ok
07:52:56.0514 2932 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
07:52:56.0530 2932 KeyIso - ok
07:52:56.0545 2932 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
07:52:56.0558 2932 KSecDD - ok
07:52:56.0570 2932 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
07:52:56.0595 2932 KSecPkg - ok
07:52:56.0625 2932 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
07:52:56.0659 2932 KtmRm - ok
07:52:56.0696 2932 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
07:52:56.0732 2932 LanmanServer - ok
07:52:56.0746 2932 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
07:52:56.0778 2932 LanmanWorkstation - ok
07:52:56.0797 2932 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
07:52:56.0835 2932 lltdio - ok
07:52:56.0861 2932 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
07:52:56.0904 2932 lltdsvc - ok
07:52:56.0919 2932 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
07:52:56.0946 2932 lmhosts - ok
07:52:56.0958 2932 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
07:52:56.0972 2932 LSI_FC - ok
07:52:56.0978 2932 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
07:52:56.0992 2932 LSI_SAS - ok
07:52:56.0997 2932 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
07:52:57.0011 2932 LSI_SAS2 - ok
07:52:57.0018 2932 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
07:52:57.0033 2932 LSI_SCSI - ok
07:52:57.0039 2932 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
07:52:57.0067 2932 luafv - ok
07:52:57.0108 2932 LVRS (ed643e777ba3f7151ef3f0fb6be4f7f0) C:\Windows\system32\DRIVERS\lvrs.sys
07:52:57.0127 2932 LVRS - ok
07:52:57.0343 2932 LVUVC (5bc80451109a8dd7f2ddd35bce2929a3) C:\Windows\system32\DRIVERS\lvuvc.sys
07:52:57.0440 2932 LVUVC - ok
07:52:57.0513 2932 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
07:52:57.0543 2932 Mcx2Svc - ok
07:52:57.0568 2932 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
07:52:57.0580 2932 megasas - ok
07:52:57.0614 2932 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
07:52:57.0651 2932 MegaSR - ok
07:52:57.0675 2932 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
07:52:57.0709 2932 MMCSS - ok
07:52:57.0718 2932 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
07:52:57.0755 2932 Modem - ok
07:52:57.0760 2932 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
07:52:57.0786 2932 monitor - ok
07:52:57.0799 2932 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
07:52:57.0813 2932 mouclass - ok
07:52:57.0817 2932 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
07:52:57.0857 2932 mouhid - ok
07:52:57.0862 2932 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
07:52:57.0876 2932 mountmgr - ok
07:52:57.0970 2932 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
07:52:57.0994 2932 MozillaMaintenance - ok
07:52:58.0003 2932 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
07:52:58.0020 2932 mpio - ok
07:52:58.0024 2932 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
07:52:58.0065 2932 mpsdrv - ok
07:52:58.0096 2932 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
07:52:58.0134 2932 MpsSvc - ok
07:52:58.0146 2932 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
07:52:58.0175 2932 MRxDAV - ok
07:52:58.0202 2932 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:52:58.0231 2932 mrxsmb - ok
07:52:58.0242 2932 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:52:58.0266 2932 mrxsmb10 - ok
07:52:58.0272 2932 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:52:58.0287 2932 mrxsmb20 - ok
07:52:58.0291 2932 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
07:52:58.0304 2932 msahci - ok
07:52:58.0311 2932 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
07:52:58.0326 2932 msdsm - ok
07:52:58.0342 2932 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
07:52:58.0376 2932 MSDTC - ok
07:52:58.0382 2932 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
07:52:58.0416 2932 Msfs - ok
07:52:58.0424 2932 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
07:52:58.0457 2932 mshidkmdf - ok
07:52:58.0461 2932 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
07:52:58.0474 2932 msisadrv - ok
07:52:58.0500 2932 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
07:52:58.0540 2932 MSiSCSI - ok
07:52:58.0543 2932 msiserver - ok
07:52:58.0561 2932 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
07:52:58.0589 2932 MSKSSRV - ok
07:52:58.0597 2932 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
07:52:58.0625 2932 MSPCLOCK - ok
07:52:58.0629 2932 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
07:52:58.0664 2932 MSPQM - ok
07:52:58.0674 2932 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
07:52:58.0689 2932 MsRPC - ok
07:52:58.0694 2932 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
07:52:58.0708 2932 mssmbios - ok
07:52:58.0711 2932 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
07:52:58.0739 2932 MSTEE - ok
07:52:58.0750 2932 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
07:52:58.0769 2932 MTConfig - ok
07:52:58.0774 2932 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
07:52:58.0787 2932 Mup - ok
07:52:58.0823 2932 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
07:52:58.0856 2932 napagent - ok
07:52:58.0889 2932 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
07:52:58.0925 2932 NativeWifiP - ok
07:52:58.0960 2932 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
07:52:58.0985 2932 NDIS - ok
07:52:58.0996 2932 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
07:52:59.0025 2932 NdisCap - ok
07:52:59.0040 2932 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
07:52:59.0066 2932 NdisTapi - ok
07:52:59.0086 2932 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
07:52:59.0129 2932 Ndisuio - ok
07:52:59.0147 2932 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
07:52:59.0175 2932 NdisWan - ok
07:52:59.0179 2932 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
07:52:59.0216 2932 NDProxy - ok
07:52:59.0220 2932 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
07:52:59.0249 2932 NetBIOS - ok
07:52:59.0258 2932 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
07:52:59.0288 2932 NetBT - ok
07:52:59.0306 2932 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
07:52:59.0326 2932 Netlogon - ok
07:52:59.0377 2932 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
07:52:59.0429 2932 Netman - ok
07:52:59.0446 2932 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
07:52:59.0480 2932 netprofm - ok
07:52:59.0558 2932 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:52:59.0582 2932 NetTcpPortSharing - ok
07:52:59.0592 2932 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
07:52:59.0607 2932 nfrd960 - ok
07:52:59.0626 2932 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
07:52:59.0665 2932 NlaSvc - ok
07:52:59.0670 2932 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
07:52:59.0704 2932 Npfs - ok
07:52:59.0710 2932 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
07:52:59.0746 2932 nsi - ok
07:52:59.0749 2932 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
07:52:59.0776 2932 nsiproxy - ok
07:52:59.0858 2932 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
07:52:59.0906 2932 Ntfs - ok
07:52:59.0915 2932 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
07:52:59.0952 2932 Null - ok
07:52:59.0978 2932 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
07:52:59.0995 2932 nvraid - ok
07:53:00.0017 2932 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
07:53:00.0033 2932 nvstor - ok
07:53:00.0050 2932 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
07:53:00.0064 2932 nv_agp - ok
07:53:00.0069 2932 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
07:53:00.0091 2932 ohci1394 - ok
07:53:00.0122 2932 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
07:53:00.0155 2932 p2pimsvc - ok
07:53:00.0179 2932 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
07:53:00.0210 2932 p2psvc - ok
07:53:00.0236 2932 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
07:53:00.0252 2932 Parport - ok
07:53:00.0272 2932 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
07:53:00.0285 2932 partmgr - ok
07:53:00.0295 2932 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
07:53:00.0318 2932 Parvdm - ok
07:53:00.0327 2932 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
07:53:00.0348 2932 PcaSvc - ok
07:53:00.0356 2932 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
07:53:00.0371 2932 pci - ok
07:53:00.0375 2932 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
07:53:00.0388 2932 pciide - ok
07:53:00.0409 2932 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
07:53:00.0435 2932 pcmcia - ok
07:53:00.0467 2932 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
07:53:00.0510 2932 pcouffin - ok
07:53:00.0516 2932 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
07:53:00.0528 2932 pcw - ok
07:53:00.0571 2932 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
07:53:00.0604 2932 PEAUTH - ok
07:53:00.0692 2932 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
07:53:00.0738 2932 pla - ok
07:53:00.0810 2932 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
07:53:00.0851 2932 PlugPlay - ok
07:53:00.0864 2932 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
07:53:00.0893 2932 PNRPAutoReg - ok
07:53:00.0914 2932 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
07:53:00.0936 2932 PNRPsvc - ok
07:53:00.0990 2932 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
07:53:01.0003 2932 Point32 - ok
07:53:01.0044 2932 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
07:53:01.0085 2932 PolicyAgent - ok
07:53:01.0112 2932 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
07:53:01.0149 2932 Power - ok
07:53:01.0176 2932 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
07:53:01.0217 2932 PptpMiniport - ok
07:53:01.0229 2932 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
07:53:01.0245 2932 Processor - ok
07:53:01.0288 2932 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
07:53:01.0320 2932 ProfSvc - ok
07:53:01.0333 2932 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
07:53:01.0348 2932 ProtectedStorage - ok
07:53:01.0370 2932 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
07:53:01.0398 2932 Psched - ok
07:53:01.0461 2932 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
07:53:01.0499 2932 ql2300 - ok
07:53:01.0549 2932 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
07:53:01.0566 2932 ql40xx - ok
07:53:01.0592 2932 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
07:53:01.0632 2932 QWAVE - ok
07:53:01.0653 2932 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
07:53:01.0678 2932 QWAVEdrv - ok
07:53:01.0682 2932 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
07:53:01.0717 2932 RasAcd - ok
07:53:01.0738 2932 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:53:01.0774 2932 RasAgileVpn - ok
07:53:01.0788 2932 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
07:53:01.0818 2932 RasAuto - ok
07:53:01.0824 2932 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:53:01.0861 2932 Rasl2tp - ok
07:53:01.0893 2932 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
07:53:01.0934 2932 RasMan - ok
07:53:01.0940 2932 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
07:53:01.0978 2932 RasPppoe - ok
07:53:01.0994 2932 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
07:53:02.0021 2932 RasSstp - ok
07:53:02.0032 2932 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
07:53:02.0060 2932 rdbss - ok
07:53:02.0071 2932 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\drivers\rdpbus.sys
07:53:02.0096 2932 rdpbus - ok
07:53:02.0110 2932 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:53:02.0146 2932 RDPCDD - ok
07:53:02.0155 2932 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
07:53:02.0189 2932 RDPENCDD - ok
07:53:02.0194 2932 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
07:53:02.0221 2932 RDPREFMP - ok
07:53:02.0243 2932 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
07:53:02.0265 2932 RDPWD - ok
07:53:02.0274 2932 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
07:53:02.0288 2932 rdyboost - ok
07:53:02.0307 2932 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
07:53:02.0353 2932 RemoteAccess - ok
07:53:02.0376 2932 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
07:53:02.0416 2932 RemoteRegistry - ok
07:53:02.0442 2932 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
07:53:02.0471 2932 RpcEptMapper - ok
07:53:02.0491 2932 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
07:53:02.0518 2932 RpcLocator - ok
07:53:02.0545 2932 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
07:53:02.0575 2932 RpcSs - ok
07:53:02.0581 2932 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
07:53:02.0619 2932 rspndr - ok
07:53:02.0631 2932 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
07:53:02.0647 2932 SamSs - ok
07:53:02.0732 2932 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
07:53:02.0743 2932 SASDIFSV - ok
07:53:02.0761 2932 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
07:53:02.0773 2932 SASKUTIL - ok
07:53:02.0946 2932 SBAMSvc (bce943896289a91ad75cc5652620b1c6) C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
07:53:03.0029 2932 SBAMSvc - ok
07:53:03.0106 2932 sbapifs (3fff8cda4d2f29ca06f1557e85163c30) C:\Windows\system32\DRIVERS\sbapifs.sys
07:53:03.0118 2932 sbapifs - ok
07:53:03.0156 2932 SbFw (bcf3ba30c1cfa2942cf26c31384b37c7) C:\Windows\system32\drivers\SbFw.sys
07:53:03.0176 2932 SbFw - ok
07:53:03.0216 2932 SBFWIMCL (1dcad90cc9c0ddc7d060fd97854f8518) C:\Windows\system32\DRIVERS\sbfwim.sys
07:53:03.0228 2932 SBFWIMCL - ok
07:53:03.0232 2932 SBFWIMCLMP (1dcad90cc9c0ddc7d060fd97854f8518) C:\Windows\system32\DRIVERS\SBFWIM.sys
07:53:03.0243 2932 SBFWIMCLMP - ok
07:53:03.0268 2932 sbhips (1afd7178ab9c4fce2d332da7aa474fa6) C:\Windows\system32\drivers\sbhips.sys
07:53:03.0278 2932 sbhips - ok
07:53:03.0307 2932 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
07:53:03.0321 2932 sbp2port - ok
07:53:03.0344 2932 SBRE (1fd538c4feb36b793d2121f20bbdc16f) C:\Windows\system32\drivers\SBREdrv.sys
07:53:03.0355 2932 SBRE - ok
07:53:03.0362 2932 sbwtis (9bdf801a6c78e3f1e6fa1c5ca90baa8a) C:\Windows\system32\DRIVERS\sbwtis.sys
07:53:03.0372 2932 sbwtis - ok
07:53:03.0397 2932 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
07:53:03.0434 2932 SCardSvr - ok
07:53:03.0446 2932 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
07:53:03.0471 2932 scfilter - ok
07:53:03.0523 2932 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
07:53:03.0570 2932 Schedule - ok
07:53:03.0591 2932 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
07:53:03.0617 2932 SCPolicySvc - ok
07:53:03.0635 2932 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
07:53:03.0679 2932 SDRSVC - ok
07:53:03.0689 2932 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
07:53:03.0718 2932 secdrv - ok
07:53:03.0731 2932 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
07:53:03.0759 2932 seclogon - ok
07:53:03.0779 2932 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
07:53:03.0814 2932 SENS - ok
07:53:03.0829 2932 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
07:53:03.0851 2932 SensrSvc - ok
07:53:03.0857 2932 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
07:53:03.0873 2932 Serenum - ok
07:53:03.0882 2932 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
07:53:03.0904 2932 Serial - ok
07:53:03.0907 2932 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
07:53:03.0923 2932 sermouse - ok
07:53:03.0945 2932 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
07:53:03.0973 2932 SessionEnv - ok
07:53:03.0978 2932 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
07:53:04.0001 2932 sffdisk - ok
07:53:04.0010 2932 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
07:53:04.0026 2932 sffp_mmc - ok
07:53:04.0030 2932 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
07:53:04.0053 2932 sffp_sd - ok
07:53:04.0057 2932 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
07:53:04.0083 2932 sfloppy - ok
07:53:04.0115 2932 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
07:53:04.0156 2932 SharedAccess - ok
07:53:04.0180 2932 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
07:53:04.0211 2932 ShellHWDetection - ok
07:53:04.0216 2932 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
07:53:04.0230 2932 sisagp - ok
07:53:04.0243 2932 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
07:53:04.0256 2932 SiSRaid2 - ok
07:53:04.0264 2932 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
07:53:04.0278 2932 SiSRaid4 - ok
07:53:04.0284 2932 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
07:53:04.0336 2932 Smb - ok
07:53:04.0356 2932 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
07:53:04.0373 2932 SNMPTRAP - ok
07:53:04.0377 2932 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
07:53:04.0389 2932 spldr - ok
07:53:04.0423 2932 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
07:53:04.0463 2932 Spooler - ok
07:53:04.0603 2932 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
07:53:04.0666 2932 sppsvc - ok
07:53:04.0718 2932 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
07:53:04.0746 2932 sppuinotify - ok
07:53:04.0798 2932 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
07:53:04.0825 2932 srv - ok
07:53:04.0839 2932 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
07:53:04.0879 2932 srv2 - ok
07:53:04.0913 2932 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
07:53:04.0942 2932 srvnet - ok
07:53:04.0956 2932 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
07:53:04.0987 2932 SSDPSRV - ok
07:53:04.0994 2932 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
07:53:05.0023 2932 SstpSvc - ok
07:53:05.0045 2932 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
07:53:05.0057 2932 stexstor - ok
07:53:05.0097 2932 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
07:53:05.0131 2932 StiSvc - ok
07:53:05.0143 2932 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
07:53:05.0155 2932 swenum - ok
07:53:05.0176 2932 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
07:53:05.0209 2932 swprv - ok
07:53:05.0273 2932 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
07:53:05.0309 2932 SysMain - ok
07:53:05.0323 2932 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
07:53:05.0354 2932 TabletInputService - ok
07:53:05.0382 2932 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
07:53:05.0412 2932 TapiSrv - ok
07:53:05.0430 2932 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
07:53:05.0469 2932 TBS - ok
07:53:05.0588 2932 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
07:53:05.0621 2932 Tcpip - ok
07:53:05.0642 2932 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
07:53:05.0672 2932 TCPIP6 - ok
07:53:05.0683 2932 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
07:53:05.0711 2932 tcpipreg - ok
07:53:05.0722 2932 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
07:53:05.0747 2932 TDPIPE - ok
07:53:05.0770 2932 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
07:53:05.0791 2932 TDTCP - ok
07:53:05.0797 2932 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
07:53:05.0823 2932 tdx - ok
07:53:05.0828 2932 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
07:53:05.0842 2932 TermDD - ok
07:53:05.0877 2932 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
07:53:05.0909 2932 TermService - ok
07:53:05.0923 2932 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
07:53:05.0953 2932 Themes - ok
07:53:05.0976 2932 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
07:53:06.0004 2932 THREADORDER - ok
07:53:06.0023 2932 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
07:53:06.0056 2932 TrkWks - ok
07:53:06.0105 2932 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
07:53:06.0136 2932 TrustedInstaller - ok
07:53:06.0144 2932 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:53:06.0172 2932 tssecsrv - ok
07:53:06.0177 2932 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
07:53:06.0202 2932 TsUsbFlt - ok
07:53:06.0208 2932 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
07:53:06.0222 2932 TsUsbGD - ok
07:53:06.0239 2932 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
07:53:06.0277 2932 tunnel - ok
07:53:06.0288 2932 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
07:53:06.0302 2932 uagp35 - ok
07:53:06.0316 2932 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
07:53:06.0344 2932 udfs - ok
07:53:06.0359 2932 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
07:53:06.0375 2932 UI0Detect - ok
07:53:06.0381 2932 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
07:53:06.0394 2932 uliagpkx - ok
07:53:06.0409 2932 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
07:53:06.0425 2932 umbus - ok
07:53:06.0428 2932 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
07:53:06.0459 2932 UmPass - ok
07:53:06.0568 2932 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
07:53:06.0594 2932 UMVPFSrv - ok
07:53:06.0619 2932 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
07:53:06.0650 2932 upnphost - ok
07:53:06.0666 2932 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
07:53:06.0685 2932 usbaudio - ok
07:53:06.0706 2932 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
07:53:06.0727 2932 usbccgp - ok
07:53:06.0733 2932 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
07:53:06.0751 2932 usbcir - ok
07:53:06.0771 2932 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
07:53:06.0786 2932 usbehci - ok
07:53:06.0809 2932 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
07:53:06.0832 2932 usbhub - ok
07:53:06.0847 2932 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
07:53:06.0861 2932 usbohci - ok
07:53:06.0877 2932 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys
07:53:06.0893 2932 usbprint - ok
07:53:06.0920 2932 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
07:53:06.0949 2932 USBSTOR - ok
07:53:06.0963 2932 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
07:53:06.0977 2932 usbuhci - ok
07:53:07.0009 2932 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
07:53:07.0044 2932 usbvideo - ok
07:53:07.0061 2932 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
07:53:07.0089 2932 UxSms - ok
07:53:07.0106 2932 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
07:53:07.0126 2932 VaultSvc - ok
07:53:07.0138 2932 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
07:53:07.0151 2932 vdrvroot - ok
07:53:07.0183 2932 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
07:53:07.0229 2932 vds - ok
07:53:07.0233 2932 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
07:53:07.0255 2932 vga - ok
07:53:07.0261 2932 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
07:53:07.0288 2932 VgaSave - ok
07:53:07.0302 2932 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
07:53:07.0340 2932 vhdmp - ok
07:53:07.0354 2932 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
07:53:07.0368 2932 viaagp - ok
07:53:07.0374 2932 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
07:53:07.0391 2932 ViaC7 - ok
07:53:07.0395 2932 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
07:53:07.0408 2932 viaide - ok
07:53:07.0413 2932 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
07:53:07.0426 2932 volmgr - ok
07:53:07.0440 2932 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
07:53:07.0458 2932 volmgrx - ok
07:53:07.0481 2932 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
07:53:07.0516 2932 volsnap - ok
07:53:07.0530 2932 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
07:53:07.0545 2932 vsmraid - ok
07:53:07.0605 2932 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
07:53:07.0652 2932 VSS - ok
07:53:07.0664 2932 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
07:53:07.0687 2932 vwifibus - ok
07:53:07.0700 2932 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
07:53:07.0733 2932 W32Time - ok
07:53:07.0740 2932 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
07:53:07.0756 2932 WacomPen - ok
07:53:07.0779 2932 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
07:53:07.0805 2932 WANARP - ok
07:53:07.0810 2932 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
07:53:07.0836 2932 Wanarpv6 - ok
07:53:07.0918 2932 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
07:53:07.0975 2932 WatAdminSvc - ok
07:53:08.0029 2932 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
07:53:08.0076 2932 wbengine - ok
07:53:08.0094 2932 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
07:53:08.0114 2932 WbioSrvc - ok
07:53:08.0135 2932 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
07:53:08.0166 2932 wcncsvc - ok
07:53:08.0172 2932 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
07:53:08.0199 2932 WcsPlugInService - ok
07:53:08.0238 2932 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
07:53:08.0251 2932 Wd - ok
07:53:08.0270 2932 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
07:53:08.0288 2932 Wdf01000 - ok
07:53:08.0295 2932 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
07:53:08.0345 2932 WdiServiceHost - ok
07:53:08.0348 2932 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
07:53:08.0367 2932 WdiSystemHost - ok
07:53:08.0389 2932 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
07:53:08.0410 2932 WebClient - ok
07:53:08.0422 2932 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
07:53:08.0470 2932 Wecsvc - ok
07:53:08.0480 2932 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
07:53:08.0517 2932 wercplsupport - ok
07:53:08.0543 2932 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
07:53:08.0590 2932 WerSvc - ok
07:53:08.0608 2932 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
07:53:08.0644 2932 WfpLwf - ok
07:53:08.0655 2932 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
07:53:08.0667 2932 WIMMount - ok
07:53:08.0784 2932 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
07:53:08.0821 2932 WinDefend - ok
07:53:08.0826 2932 WinHttpAutoProxySvc - ok
07:53:08.0880 2932 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
07:53:08.0911 2932 Winmgmt - ok
07:53:08.0988 2932 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
07:53:09.0037 2932 WinRM - ok
07:53:09.0107 2932 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
07:53:09.0146 2932 Wlansvc - ok
07:53:09.0188 2932 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
07:53:09.0205 2932 WmiAcpi - ok
07:53:09.0224 2932 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
07:53:09.0240 2932 wmiApSrv - ok
07:53:09.0385 2932 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
07:53:09.0433 2932 WMPNetworkSvc - ok
07:53:09.0453 2932 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
07:53:09.0489 2932 WPCSvc - ok
07:53:09.0504 2932 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
07:53:09.0534 2932 WPDBusEnum - ok
07:53:09.0540 2932 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
07:53:09.0568 2932 ws2ifsl - ok
07:53:09.0584 2932 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
07:53:09.0605 2932 wscsvc - ok
07:53:09.0608 2932 WSearch - ok
07:53:09.0701 2932 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
07:53:09.0764 2932 wuauserv - ok
07:53:09.0828 2932 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
07:53:09.0867 2932 WudfPf - ok
07:53:09.0881 2932 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:53:09.0925 2932 WUDFRd - ok
07:53:09.0946 2932 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
07:53:09.0978 2932 wudfsvc - ok
07:53:09.0994 2932 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
07:53:10.0023 2932 WwanSvc - ok
07:53:10.0039 2932 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
07:53:10.0254 2932 \Device\Harddisk1\DR1 - ok
07:53:10.0257 2932 MBR (0x1B8) (b61ff8cbdc1d02e8294078333c67c3d5) \Device\Harddisk0\DR0
07:53:12.0486 2932 \Device\Harddisk0\DR0 - ok
07:53:12.0503 2932 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
07:53:12.0621 2932 \Device\Harddisk2\DR2 - ok
07:53:12.0623 2932 Boot (0x1200) (333697c66fdb5070bef7bf1c101a24d1) \Device\Harddisk1\DR1\Partition0
07:53:12.0625 2932 \Device\Harddisk1\DR1\Partition0 - ok
07:53:12.0627 2932 Boot (0x1200) (2159bc8cb23abe1177fdbcd47cf3ab08) \Device\Harddisk0\DR0\Partition0
07:53:12.0629 2932 \Device\Harddisk0\DR0\Partition0 - ok
07:53:12.0632 2932 Boot (0x1200) (6e4fbd092182c5f6cd238d53bb874122) \Device\Harddisk2\DR2\Partition0
07:53:12.0633 2932 \Device\Harddisk2\DR2\Partition0 - ok
07:53:12.0634 2932 ============================================================
07:53:12.0634 2932 Scan finished
07:53:12.0634 2932 ============================================================
07:53:12.0641 2276 Detected object count: 0
07:53:12.0641 2276 Actual detected object count: 0
07:53:18.0795 3264 Deinitialize success

COMBOFIX Log:

ComboFix 12-05-24.01 - spencerpassmore 05/23/2012 8:37.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3317.2029 [GMT -4:00]
Running from: c:\users\spencerpassmore\Desktop\ComboFix.exe
Command switches used :: c:\users\spencerpassmore\Desktop\CFScript.txt.txt
AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-23 to 2012-05-23 )))))))))))))))))))))))))))))))
.
.
2012-05-23 12:41 . 2012-05-23 12:41 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-05-23 09:51 . 2012-05-23 09:52 -------- d-----w- c:\windows\system32\catroot2
2012-05-23 09:00 . 2012-05-23 09:00 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\WinPatrol
2012-05-23 08:44 . 2012-05-23 08:44 -------- d-----w- c:\windows\system32\%LocalAppData%
2012-05-23 08:19 . 2012-05-23 08:23 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\adaware
2012-05-23 08:09 . 2012-05-23 08:09 -------- d-----w- c:\program files\FixAuto
2012-05-23 08:09 . 2003-09-23 16:00 608448 ----a-w- c:\windows\system32\COMCTL32.OCX
2012-05-23 06:32 . 2012-05-23 06:32 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Ad-Aware Antivirus
2012-05-23 06:16 . 2012-05-23 06:16 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-05-23 06:15 . 2011-12-19 16:44 93816 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-05-23 06:15 . 2011-12-19 16:44 223864 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-05-23 06:15 . 2011-09-29 16:16 94584 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-05-23 06:15 . 2012-05-23 06:15 -------- d-----w- c:\windows\system32\drivers\VDD
2012-05-23 06:15 . 2012-05-23 06:15 -------- d-----w- c:\programdata\Lavasoft
2012-05-23 06:15 . 2012-05-23 07:15 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-05-23 05:53 . 2012-05-23 05:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-23 05:53 . 2012-05-23 05:53 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-22 18:13 . 2012-05-22 18:13 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\ESET
2012-05-22 18:12 . 2012-05-22 18:12 -------- d-----w- c:\program files\ESET
2012-05-22 16:47 . 2012-05-22 16:47 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2012-05-22 14:54 . 2012-05-22 14:54 -------- d-----w- c:\program files\CCleaner
2012-05-22 14:31 . 2012-05-22 18:42 -------- d-----w- c:\program files\IObit
2012-05-22 14:00 . 2012-05-22 14:00 -------- d-----w- c:\programdata\InstallMate
2012-05-22 14:00 . 2012-05-22 14:00 -------- d-----w- c:\program files\BillP Studios
2012-05-22 11:11 . 2011-03-02 10:43 175616 ----a-w- c:\windows\system32\unrar.dll
2012-05-22 11:11 . 2012-05-22 11:11 -------- d-----w- c:\program files\K-Lite Codec Pack
2012-05-22 10:57 . 2011-03-11 05:39 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2012-05-22 10:57 . 2011-03-11 05:39 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-05-22 10:57 . 2011-03-11 05:39 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-05-22 10:57 . 2011-03-11 05:39 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-05-22 10:57 . 2011-03-11 05:31 74240 ----a-w- c:\windows\system32\fsutil.exe
2012-05-22 10:57 . 2011-03-11 05:38 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-05-22 10:57 . 2011-03-11 05:38 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-05-22 10:57 . 2011-03-11 05:38 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-05-22 10:57 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\system32\esent.dll
2012-05-22 10:09 . 2012-05-21 13:17 -------- d-----w- C:\Boot
2012-05-22 08:34 . 2012-05-23 10:18 -------- d-----r- c:\users\Public
2012-05-22 07:45 . 2011-03-25 02:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-05-22 07:45 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-05-22 07:45 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-05-22 07:45 . 2011-03-25 02:57 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-05-22 07:45 . 2011-03-25 02:57 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-05-22 07:45 . 2011-03-25 02:58 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-05-22 07:45 . 2011-03-25 02:57 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-05-22 07:42 . 2012-05-22 07:42 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-05-22 07:26 . 2012-05-22 08:42 -------- d-----w- c:\program files\Photoshop
2012-05-22 07:11 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2012-05-22 07:11 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-05-22 07:05 . 2012-05-22 07:05 -------- d-----w- c:\windows\system32\Wat
2012-05-22 07:01 . 2012-05-22 07:01 -------- d-----w- c:\program files\Microsoft.NET
2012-05-22 06:40 . 2012-05-23 05:31 -------- d-----w- c:\program files\SpywareBlaster
2012-05-22 06:40 . 2010-01-10 22:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2012-05-22 06:40 . 2010-01-10 22:40 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-05-22 06:40 . 2012-05-22 06:40 -------- d-----w- c:\program files\VS Revo Group
2012-05-22 06:38 . 2012-05-22 06:38 -------- d-----w- c:\program files\Intel
2012-05-22 06:30 . 2012-05-22 06:30 -------- d-----w- c:\program files\7-Zip
2012-05-22 06:19 . 2012-05-22 06:19 -------- d-----w- c:\program files\Gus Verdun
2012-05-22 06:13 . 2012-05-22 06:13 -------- d-----w- c:\program files\MessengerData WMP Plugin
2012-05-22 06:10 . 2012-05-22 06:18 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-22 06:10 . 2012-05-22 06:18 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-22 06:10 . 2012-05-22 06:10 -------- d-----w- c:\windows\system32\Macromed
2012-05-22 06:07 . 2012-05-22 07:07 -------- d-----w- c:\programdata\Yahoo!
2012-05-22 06:03 . 2012-05-22 06:03 -------- d-----w- c:\program files\AIM Music Link
2012-05-22 06:01 . 2012-05-22 06:01 -------- d-----w- c:\programdata\acccore
2012-05-22 06:01 . 2012-05-22 06:07 -------- d-----w- c:\program files\Yahoo!
2012-05-22 06:01 . 2012-05-22 06:02 -------- d-----w- c:\programdata\AOL OCP
2012-05-22 06:01 . 2012-05-22 06:01 -------- d-----w- c:\programdata\AOL
2012-05-22 06:01 . 2012-05-22 06:01 -------- d-----w- c:\program files\Common Files\AOL
2012-05-22 06:01 . 2012-05-22 06:01 -------- d-----w- c:\program files\AIM6
2012-05-22 05:58 . 2012-05-22 06:48 -------- d-----w- c:\program files\Unlocker
2012-05-22 05:54 . 2012-05-22 05:54 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-05-22 05:54 . 2012-05-22 05:54 -------- d-----w- c:\windows\PCHEALTH
2012-05-22 05:51 . 2012-05-22 05:51 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2012-05-22 05:51 . 2009-09-02 21:41 65602 ----a-w- c:\windows\system32\cook3260.dll
2012-05-22 05:51 . 2009-09-02 21:41 217127 ----a-w- c:\windows\system32\drv43260.dll
2012-05-22 05:51 . 2009-09-02 21:41 208935 ----a-w- c:\windows\system32\drv33260.dll
2012-05-22 05:51 . 2009-09-02 21:41 176165 ----a-w- c:\windows\system32\drv23260.dll
2012-05-22 05:51 . 2009-09-02 21:41 102439 ----a-w- c:\windows\system32\sipr3260.dll
2012-05-22 05:51 . 2009-09-02 21:41 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2012-05-22 05:51 . 2009-09-02 21:41 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2012-05-22 05:51 . 2012-05-22 05:51 -------- d-----w- c:\program files\VSO
2012-05-22 05:40 . 2012-05-22 05:40 -------- d-----w- c:\program files\Common Files\Java
2012-05-22 05:40 . 2012-05-22 05:40 -------- d-----w- c:\program files\Oracle
2012-05-22 05:40 . 2012-04-04 22:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-22 05:40 . 2012-04-04 22:47 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-22 05:40 . 2012-05-22 05:40 -------- d-----w- c:\program files\Java
2012-05-22 05:31 . 2012-05-22 05:31 -------- d-----w- c:\program files\Common Files\logishrd
2012-05-22 05:13 . 2012-05-22 08:42 -------- d-----w- c:\program files\Common Files\Adobe
2012-05-22 05:12 . 2012-05-23 07:29 -------- d-sh--w- c:\windows\Installer
2012-05-22 05:06 . 2012-05-22 05:06 -------- d-----w- c:\program files\VideoLAN
2012-05-22 04:16 . 2012-05-22 04:16 -------- d-----w- c:\program files\Mozilla Thunderbird
2012-05-22 04:11 . 2012-05-22 04:11 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-21 13:17 . 2012-05-22 14:55 -------- d-----w- c:\windows\Panther
2012-05-21 10:06 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2012-05-21 10:06 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-05-21 10:06 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-05-21 10:06 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-05-21 10:06 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-05-21 10:05 . 2011-02-18 05:39 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-05-21 10:03 . 2011-02-12 05:35 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-05-21 10:03 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2012-05-21 10:03 . 2011-03-12 11:23 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2012-05-21 10:03 . 2011-02-24 05:38 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-05-21 10:03 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2012-05-21 10:03 . 2010-12-23 05:54 850944 ----a-w- c:\windows\system32\sbe.dll
2012-05-21 10:03 . 2010-12-23 05:54 642048 ----a-w- c:\windows\system32\CPFilters.dll
2012-05-21 10:03 . 2010-12-23 05:50 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2012-05-21 10:03 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-05-21 10:03 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-05-21 10:03 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\explorer.exe
2012-05-21 10:01 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2012-05-21 10:01 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll
2012-05-21 10:01 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2012-05-21 10:01 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-05-21 10:01 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-05-21 09:58 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-05-21 09:48 . 2012-05-15 05:43 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC27C56A-118C-4147-9756-280D6520B650}\mpengine.dll
2012-05-21 09:48 . 2012-02-23 14:18 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-21 09:35 . 2012-05-21 09:35 -------- d-----w- c:\windows\system32\x64
2012-05-21 09:35 . 2009-09-23 23:30 1002008 ----a-w- c:\windows\system32\igxpun.exe
2012-05-21 09:31 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-21 09:31 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-21 09:31 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-05-21 09:31 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-05-21 09:31 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 12:40 . 2012-03-14 12:40 148504 ----a-w- c:\windows\system32\drivers\epfw.sys
2012-03-14 12:40 . 2012-03-14 12:40 50624 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2012-03-14 12:40 . 2012-03-14 12:40 33656 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2012-03-14 12:40 . 2012-03-14 12:40 169080 ----a-w- c:\windows\system32\drivers\eamonm.sys
2012-03-14 12:40 . 2012-03-14 12:40 120152 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2012-04-21 01:19 . 2012-05-22 04:11 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-05-22 3117344]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2012-04-15 374368]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= rund1132.exe
"2"= m5vbvm60.exe
"3"= Unoccupied.reg
"4"= Regedit32.com
"5"= Shell32.com
"6"= dllchache.exe
"7"= services_test.exe
"8"= New Folder.exe
"9"= systemio.exe
"10"= JK.exe
"11"= rundl132.exe
"12"= Logo1_.exe
"13"= RichDll.exe
"14"= loveRabbit.exe
"15"= msexch400.exe
"16"= Rabbit.exe
"17"= aut0exec.bat
"18"= ntde1ect.com
"19"= Mixa.exe
"20"= apvo.exe
"21"= expressav.exe
"22"= apv0.exe
"23"= l33na.exe
"24"= ed.exe
"25"= spooisv.exe
"26"= rttrwq.exe
"27"= _use.exe
"28"= 11-00.exe
"29"= wmibus.exe
"30"= wmisys.exe
"31"= Normal.exe
"32"= execute.exe
"33"= leena.job
"34"= leena.exe
"35"= aneel.exe
"36"= wuauc1t.exe
"37"= Win32dll.exe
"38"= Win32.dll.vbs
"39"= SteamDll32.exe
"40"= WinSteam.exe
"41"= SteamHelper.exe
"42"= kavo.exe
"43"= spoclsv.exe
"44"= dfqnabib.exe
"45"= sfsxachu.exe
"46"= stjxakin.exe
"47"= tjfyabyt.exe
"48"= kdaic.exe
"49"= zsdjabmp.exe
"50"= lpmxajkl.exe
"51"= dfqnabib.exe
"52"= WINLOG0N.exe
"53"= SVCH0ST.exe
"54"= System.exe
"55"= phim nguoi lon.exe
"56"= password_viewer.exe
"57"= SVCHOST555.exe
"58"= inst_vinh.exe
"59"= Bro_Act.exe
"60"= braviax.exe
"61"= CbEvtSvc.exe
"62"= MySexy.exe
"63"= msconfig.com
"64"= regedit.com
"65"= default__.pif
"66"= jvosoft.exe
"67"= 9sky8pia.exe
"68"= amvo0.exe
"69"= lphc9dkj0ec6a.exe
"70"= rhcahej0ej6v.exe
"71"= chiCkie.exe
"72"= ExeServ.exe
"73"= Av-Prev.exe
"74"= ati2avxx.exe
"75"= Sex Picture.scr
"76"= xpupdate.exe
"77"= comine.exe
"78"= autochl.exe
"79"= log.exe
"80"= comboClt.ocx.vbs
"81"= Sos.exe
"82"= kxvo.exe
"83"= zz.exe
"84"= lsasss.exe
"85"= order.exe
"86"= Flashy.exe
"87"= meex.exe
"88"= xibgptd.exe
"89"= xmjisnw.exe
"90"= asd0.exe
"91"= windowsupd2.exe
"92"= winhost.exe
"93"= quicken.exe
"94"= editpad.exe
"95"= nwonknu.exe
"96"= rasrun.exe
"97"= psdrv.exe
"98"= svci.exe
"99"= unknown.exe
"100"= castlecops[1].exe
"101"= 1014[1].exe
"102"= is[1].exe
"103"= wcs.exe
"104"= Sizhu.exe
"105"= ibrv.exe
"106"= vgguxso.exe
"107"= uitxjwa.exe
"108"= loadam.exe
"109"= sunny.exe
"110"= etialof.exe
"111"= sdjxeqi.exe
"112"= tsnqtjn.exe
"113"= dluxde.exe
"114"= Soft0
"115"= 1.exe
"116"= 10.exe
"117"= SVOHOST.exe
"118"= sxs.exe
"119"= phimnguoilon.exe
"120"= amvo.exe
"121"= n1deiect.com
"122"= qwc.exe
"123"= tknn6.bat
"124"= 6l6w8.com
"125"= hay.exe
"126"= more.exe
"127"= nontay.exe
"128"= boom.vbs
"129"= drivers.cab.exe
"130"= KEYBOARD.exe
"131"= Global.exe
"132"= jdbgmgr.exe
"133"= secret.exe
"134"= xdict.exe
"135"= algssl.exe
"136"= phimhot.exe
"137"= other.exe
"138"= fun.exe
"139"= winsit.exe
"140"= sal.xls.exe
"141"= msfir80.exe
"142"= .exe
"143"= MSconfigg.exe
"144"= servics.exe
"145"= expl0rer.exe
"146"= tel.xls.exe
"147"= funni.exe
"148"= kvosoft.exe
"149"= 4.exe
"150"= 2008.exe
"151"= folder.exe
"152"= knx32.exe
"153"= Mixa_I.exe
"154"= bleep.exe
"155"= Happy99.exe
"156"= SKA.EXE
"157"= sysmgr.exe
"158"= Mixa_1.exe
"159"= skynet.exe
"160"= Isass.exe
"161"= 8out.exe
"162"= lotto.exe
"163"= ieav.exe
"164"= win32.host.exe
"165"= osgjaaj.exe
"166"= info.exe
"167"= ads.jpg.exe
"168"= CKVO.EXE
"169"= a2.exe
"170"= rundii32.exe
"171"= cd.exe
"172"= ph.com
"173"= winivstr.exe
"174"= Default.exe
"175"= NTDETECH.com
"176"= l63snn8.exe
"177"= svhost.exe
"178"= svchot.exe
"179"= svch0t.exe
"180"= svh0st.exe
"181"= my_80004.exe
"182"= explorcr.exe
"183"= admin6_ver0424.exe
"184"= yeSetup.exe
"185"= dodolook591.exe
"186"= alexa240.exe
"187"= 1072.exe
"188"= atmpvcno.dll.exe
"189"= atmlib.dll.exe
"190"= musica.exe
"191"= ...exe
"192"= ..exe
"193"= crack.com
"194"= dwintl.dll.exe
"195"= explorer.zip.scr
"196"= pictures.exe
"197"= readme.com
"198"= 12520437.cpx.exe
"199"= 12520850.cpx.exe
"200"= 3com_dmi.exe
"201"= 6to4svc.dll.exe
"202"= access.cpl.exe
"203"= acctres.dll.exe
"204"= acelpdec.ax.exe
"205"= acledit.dll.exe
"206"= aclui.dll.exe
"207"= activeds.dll.exe
"208"= activeds.tlb.exe
"209"= actxprxy.dll.exe
"210"= admparse.dll.exe
"211"= adodc.srg.exe
"212"= adptif.dll.exe
"213"= adsldp.dll.exe
"214"= adsldpc.dll.exe
"215"= adsmsext.dll.exe
"216"= adsnds.dll.exe
"217"= adsnt.dll.exe
"218"= adsnw.dll.exe
"219"= advapi32.dll.exe
"220"= advpack.dll.exe
"221"= alrsvc.dll.exe
"222"= amcompat.tlb.exe
"223"= amstream.dll.exe
"224"= ansi.sys.exe
"225"= apcups.dll.exe
"226"= apphelp.dll.exe
"227"= appmgmts.dll.exe
"228"= appmgr.dll.exe
"229"= appwiz.cpl.exe
"230"= asctrls.ocx.exe
"231"= asferror.dll.exe
"232"= asycfilt.dll.exe
"233"= atkctrs.dll.exe
"234"= atl.dll.exe
"235"= atmfd.dll.exe
"236"= 100.exe
"237"= 101.exe
"238"= 102.exe
"239"= 103.exe
"240"= 104.exe
"241"= 105.exe
"242"= 106.exe
"243"= 107.exe
"244"= 108.exe
"245"= 109.exe
"246"= 11.exe
"247"= 110.exe
"248"= 111.exe
"249"= 112.exe
"250"= 113.exe
"251"= 114.exe
"252"= 115.exe
"253"= 116.exe
"254"= 117.exe
"255"= 118.exe
"256"= 119.exe
"257"= 12.exe
"258"= 120.exe
"259"= 122.exe
"260"= 123.exe
"261"= 124.exe
"262"= 125.exe
"263"= blastk.exe
"264"= 126.exe
"265"= 127.exe
"266"= 128.exe
"267"= 129.exe
"268"= 13.exe
"269"= 130.exe
"270"= 131.exe
"271"= 132.exe
"272"= 133.exe
"273"= 134.exe
"274"= 135.exe
"275"= 136.exe
"276"= 137.exe
"277"= 138.exe
"278"= 139.exe
"279"= 14.exe
"280"= 140.exe
"281"= 141.exe
"282"= 142.exe
"283"= 143.exe
"284"= 144.exe
"285"= 145.exe
"286"= 146.exe
"287"= 147.exe
"288"= 148.exe
"289"= 149.exe
"290"= 15.exe
"291"= 150.exe
"292"= 151.exe
"293"= 152.exe
"294"= 153.exe
"295"= 154.exe
"296"= 155.exe
"297"= 156.exe
"298"= 157.exe
"299"= 158.exe
"300"= 159.exe
"301"= 16.exe
"302"= 160.exe
"303"= 161.exe
"304"= 162.exe
"305"= 163.exe
"306"= 164.exe
"307"= 165.exe
"308"= 166.exe
"309"= 167.exe
"310"= 168.exe
"311"= 169.exe
"312"= 17.exe
"313"= 170.exe
"314"= 171.exe
"315"= 172.exe
"316"= 173.exe
"317"= 174.exe
"318"= 175.exe
"319"= 176.exe
"320"= 177.exe
"321"= 178.exe
"322"= 179.exe
"323"= 18.exe
"324"= 180.exe
"325"= 181.exe
"326"= 182.exe
"327"= 183.exe
"328"= 184.exe
"329"= 185.exe
"330"= 186.exe
"331"= 187.exe
"332"= 188.exe
"333"= 189.exe
"334"= 19.exe
"335"= 190.exe
"336"= 191.exe
"337"= 192.exe
"338"= 193.exe
"339"= 194.exe
"340"= 195.exe
"341"= 196.exe
"342"= 197.exe
"343"= 198.exe
"344"= 199.exe
"345"= 20.exe
"346"= 21.exe
"347"= 22.exe
"348"= 23.exe
"349"= 24.exe
"350"= 25.exe
"351"= 26.exe
"352"= 27.exe
"353"= 28.exe
"354"= 29.exe
"355"= 3.exe
"356"= 30.exe
"357"= 1000.exe
"358"= 1001.exe
"359"= 1002.exe
"360"= 1003.exe
"361"= 1004.exe
"362"= 1005.exe
"363"= 1006.exe
"364"= 1007.exe
"365"= 1008.exe
"366"= 1009.exe
"367"= 1010.exe
"368"= 1011.exe
"369"= 1012.exe
"370"= 1013.exe
"371"= 1014.exe
"372"= 1015.exe
"373"= 1016.exe
"374"= 1017.exe
"375"= 1018.exe
"376"= 1019.exe
"377"= 1020.exe
"378"= 1021.exe
"379"= 1022.exe
"380"= 1023.exe
"381"= 1024.exe
"382"= 1025.exe
"383"= 1026.exe
"384"= 1027.exe
"385"= 1028.exe
"386"= 1029.exe
"387"= 1030.exe
"388"= 1031.exe
"389"= 1032.exe
"390"= 1033.exe
"391"= 1034.exe
"392"= 1035.exe
"393"= 1036.exe
"394"= 1037.exe
"395"= 1038.exe
"396"= 1039.exe
"397"= 1040.exe
"398"= 1041.exe
"399"= 1042.exe
"400"= 1043.exe
"401"= 1044.exe
"402"= 1045.exe
"403"= 1046.exe
"404"= 1047.exe
"405"= 1048.exe
"406"= 1049.exe
"407"= 1050.exe
"408"= 1051.exe
"409"= 1052.exe
"410"= 1053.exe
"411"= 1054.exe
"412"= 1055.exe
"413"= 1056.exe
"414"= 1057.exe
"415"= 1058.exe
"416"= 1059.exe
"417"= 1060.exe
"418"= 1061.exe
"419"= 1062.exe
"420"= 1063.exe
"421"= 1064.exe
"422"= 1065.exe
"423"= 1066.exe
"424"= 1067.exe
"425"= 1068.exe
"426"= 1069.exe
"427"= 1070.exe
"428"= 1071.exe
"429"= 1072.exe
"430"= 1073.exe
"431"= 1074.exe
"432"= 1075.exe
"433"= 1076.exe
"434"= 1077.exe
"435"= 1078.exe
"436"= 1079.exe
"437"= 1080.exe
"438"= 1081.exe
"439"= 1082.exe
"440"= 1083.exe
"441"= 1084.exe
"442"= 1085.exe
"443"= 1086.exe
"444"= 1087.exe
"445"= 1088.exe
"446"= 1089.exe
"447"= 1090.exe
"448"= 1091.exe
"449"= 1092.exe
"450"= 1093.exe
"451"= 1094.exe
"452"= 1095.exe
"453"= 1096.exe
"454"= 1097.exe
"455"= 1099.exe
"456"= 6307.exe
"457"= 6308.exe
"458"= 6309.exe
"459"= 6310.exe
"460"= 6311.exe
"461"= 6312.exe
"462"= 6314.exe
"463"= 6313.exe
"464"= 6315.exe
"465"= 6316.exe
"466"= 6317.exe
"467"= 6318.exe
"468"= 6319.exe
"469"= 6320.exe
"470"= 6321.exe
"471"= 6322.exe
"472"= 6323.exe
"473"= 6324.exe
"474"= 6325.exe
"475"= 6326.exe
"476"= 6327.exe
"477"= 6328.exe
"478"= 6329.exe
"479"= 6330.exe
"480"= 6331.exe
"481"= 6332.exe
"482"= 6333.exe
"483"= 6334.exe
"484"= 6335.exe
"485"= 6336.exe
"486"= 6337.exe
"487"= 6338.exe
"488"= 6339.exe
"489"= 6340.exe
"490"= 6341.exe
"491"= 6342.exe
"492"= 6343.exe
"493"= 6344.exe
"494"= 6345.exe
"495"= 6346.exe
"496"= 6347.exe
"497"= 6348.exe
"498"= 6349.exe
"499"= 6350.exe
"500"= 6351.exe
"501"= 6352.exe
"502"= 6353.exe
"503"= 6354.exe
"504"= 6355.exe
"505"= 6356.exe
"506"= 6357.exe
"507"= 6358.exe
"508"= 6359.exe
"509"= 6360.exe
"510"= 6361.exe
"511"= 6362.exe
"512"= 6363.exe
"513"= 6364.exe
"514"= 6365.exe
"515"= 6366.exe
"516"= 6367.exe
"517"= 6369.exe
"518"= 6368.exe
"519"= 6370.exe
"520"= 6371.exe
"521"= 6372.exe
"522"= 6373.exe
"523"= 6374.exe
"524"= 6375.exe
"525"= 6376.exe
"526"= 6377.exe
"527"= 6378.exe
"528"= 6379.exe
"529"= 6380.exe
"530"= 6381.exe
"531"= 6382.exe
"532"= 6383.exe
"533"= 6384.exe
"534"= 6385.exe
"535"= 6386.exe
"536"= 6387.exe
"537"= 6388.exe
"538"= 6389.exe
"539"= 6390.exe
"540"= 6391.exe
"541"= 6392.exe
"542"= 6393.exe
"543"= 6394.exe
"544"= 6395.exe
"545"= 6396.exe
"546"= 6397.exe
"547"= 6398.exe
"548"= 6399.exe
"549"= 6400.exe
"550"= 6401.exe
"551"= 6402.exe
"552"= 6403.exe
"553"= 6404.exe
"554"= 6405.exe
"555"= 6406.exe
"556"= 6407.exe
"557"= regfixxsx.exe
"558"= documents.exe
"559"= favorites.exe
"560"= ernsjyi.exe
"561"= jjcmdrj.exe
"562"= nheste.exe
"563"= nxmwp.exe
"564"= rwmgh.exe
"565"= tbljxjk.exe
"566"= vohth.exe
"567"= vvpmyvaw.exe
"568"= aa.exe
"569"= _cw0srv.exe
"570"= links.exe
"571"= serivces01.exe
"572"= serivces05.exe
"573"= sruninstall.exe
"574"= serivcesb.exe
"575"= serivcesf.exe
"576"= servcies04.exe
"577"= jxzub5410451.exe
"578"= chert5-998.exe
"579"= kernel1.exe
"580"= beep.exe
"581"= iexpl0re.exe
"582"= crasos.exe
"583"= cmdbcs.exe
"584"= realschd.exe
"585"= wsvbs.exe
"586"= msdccrt.exe
"587"= run1132.exe
"588"= sysload3.exe
"589"= tempicon.exe
"590"= sysbmw.exe
"591"= rpcs.exe
"592"= msvce32.exe
"593"= svhost32.exe
"594"= internat.exe
"595"= ctmontv.exe
"596"= ncscv32.exe
"597"= spo0lsv.exe
"598"= wdfmgr32.exe
"599"= upxdnd.exe
"600"= ssopure.exe
"601"= c0nime.exe
"602"= nvscv32.exe
"603"= bleepjacks.exe
"604"= lying.exe
"605"= jbele1.com
"606"= vt2n8re.com
"607"= 0011E924.vbs
"608"= 672.exe
"609"= ciygje.exe
"610"= kmbbvua.exe
"611"= mkqn.exe
"612"= pajto.exe
"613"= rbgc.exe
"614"= rs32net.exe
"615"= vbmwi.exe
"616"= wfthnpkw.exe
"617"= wsxyguvs.exe
"618"= servcies9.exe
"619"= servciesa.exe
"620"= servciesaa.exe
"621"= Vxl.exe
"622"= ~.exe
"623"= YUR7.exe
"624"= YUR8.exe
"625"= YUR9.exe
"626"= YURA.exe
"627"= Rapid Antivirus.exe
"628"= zPharoh.exe
"629"= winiguard.exe
"630"= zPharaoh.exe
"631"= lphcns0j0e1av.exe
"632"= serverx.exe
"633"= Sulfnbk.exe
"634"= 11122oo7.exe
"635"= newfolder.exe
"636"= qq.exe
"637"= 75976W.exe
"638"= 75976L.exe
"639"= brastk.exe
"640"= lky.exe
"641"= whi.com
"642"= sq.com
"643"= kamsoft.exe
"644"= rs32net.exe
"645"= Gool.exe
"646"= brnu492.exe
"647"= apipr.exe
"648"= apiph32.exe
"649"= BNH1.EXE
"650"= ce1.exe
"651"= dq1.exe
"652"= purger.exe
"653"= s-1-5-21.exe
"654"= lockbar.exe
"655"= aa0.exe
"755"= zip0.exe
"855"= soft0.exe
"656"= aa1.exe
"756"= zip1.exe
"856"= soft1.exe
"657"= aa2.exe
"757"= zip2.exe
"857"= soft2.exe
"658"= aa3.exe
"758"= zip3.exe
"858"= soft3.exe
"659"= aa4.exe
"759"= zip4.exe
"859"= soft4.exe
"660"= aa5.exe
"760"= zip5.exe
"860"= soft5.exe
"661"= aa6.exe
"761"= zip6.exe
"861"= soft6.exe
"662"= aa7.exe
"762"= zip7.exe
"862"= soft7.exe
"663"= aa8.exe
"763"= zip8.exe
"863"= soft8.exe
"664"= aa9.exe
"764"= zip9.exe
"864"= soft9.exe
"665"= aa10.exe
"765"= zip10.exe
"865"= soft10.exe
"666"= aa11.exe
"766"= zip11.exe
"866"= soft11.exe
"667"= aa12.exe
"767"= zip12.exe
"867"= soft12.exe
"668"= aa13.exe
"768"= zip13.exe
"868"= soft13.exe
"669"= aa14.exe
"769"= zip14.exe
"869"= soft14.exe
"670"= aa15.exe
"770"= zip15.exe
"870"= soft15.exe
"671"= aa16.exe
"771"= zip16.exe
"871"= soft16.exe
"672"= aa17.exe
"772"= zip17.exe
"872"= soft17.exe
"673"= aa18.exe
"773"= zip18.exe
"873"= soft18.exe
"674"= aa19.exe
"774"= zip19.exe
"874"= soft19.exe
"675"= aa20.exe
"775"= zip20.exe
"875"= soft20.exe
"676"= aa21.exe
"776"= zip21.exe
"876"= soft21.exe
"677"= aa22.exe
"777"= zip22.exe
"877"= soft22.exe
"678"= aa23.exe
"778"= zip23.exe
"878"= soft23.exe
"679"= aa24.exe
"779"= zip24.exe
"879"= soft24.exe
"680"= aa25.exe
"780"= zip25.exe
"880"= soft25.exe
"681"= aa26.exe
"781"= zip26.exe
"881"= soft26.exe
"682"= aa27.exe
"782"= zip27.exe
"882"= soft27.exe
"683"= aa28.exe
"783"= zip28.exe
"883"= soft28.exe
"684"= aa29.exe
"784"= zip29.exe
"884"= soft29.exe
"685"= aa30.exe
"785"= zip30.exe
"885"= soft30.exe
"686"= aa31.exe
"786"= zip31.exe
"886"= soft31.exe
"687"= aa32.exe
"787"= zip32.exe
"887"= soft32.exe
"688"= aa33.exe
"788"= zip33.exe
"888"= soft33.exe
"689"= aa34.exe
"789"= zip34.exe
"889"= soft34.exe
"690"= aa35.exe
"790"= zip35.exe
"890"= soft35.exe
"691"= aa36.exe
"791"= zip36.exe
"891"= soft36.exe
"692"= aa37.exe
"792"= zip37.exe
"892"= soft37.exe
"693"= aa38.exe
"793"= zip38.exe
"893"= soft38.exe
"694"= aa39.exe
"794"= zip39.exe
"894"= soft39.exe
"695"= aa40.exe
"795"= zip40.exe
"895"= soft40.exe
"696"= aa41.exe
"796"= zip41.exe
"896"= soft41.exe
"697"= aa42.exe
"797"= zip42.exe
"897"= soft42.exe
"698"= aa43.exe
"798"= zip43.exe
"898"= soft43.exe
"699"= aa44.exe
"799"= zip44.exe
"899"= soft44.exe
"700"= aa45.exe
"800"= zip45.exe
"900"= soft45.exe
"701"= aa46.exe
"801"= zip46.exe
"901"= soft46.exe
"702"= aa47.exe
"802"= zip47.exe
"902"= soft47.exe
"703"= aa48.exe
"803"= zip48.exe
"903"= soft48.exe
"704"= aa49.exe
"804"= zip49.exe
"904"= soft49.exe
"705"= aa50.exe
"805"= zip50.exe
"905"= soft50.exe
"706"= aa51.exe
"806"= zip51.exe
"906"= soft51.exe
"707"= aa52.exe
"807"= zip52.exe
"907"= soft52.exe
"708"= aa53.exe
"808"= zip53.exe
"908"= soft53.exe
"709"= aa54.exe
"809"= zip54.exe
"909"= soft54.exe
"710"= aa55.exe
"810"= zip55.exe
"910"= soft55.exe
"711"= aa56.exe
"811"= zip56.exe
"911"= soft56.exe
"712"= aa57.exe
"812"= zip57.exe
"912"= soft57.exe
"713"= aa58.exe
"813"= zip58.exe
"913"= soft58.exe
"714"= aa59.exe
"814"= zip59.exe
"914"= soft59.exe
"715"= aa60.exe
"815"= zip60.exe
"915"= soft60.exe
"716"= aa61.exe
"816"= zip61.exe
"916"= soft61.exe
"717"= aa62.exe
"817"= zip62.exe
"917"= soft62.exe
"718"= aa63.exe
"818"= zip63.exe
"918"= soft63.exe
"719"= aa64.exe
"819"= zip64.exe
"919"= soft64.exe
"720"= aa65.exe
"820"= zip65.exe
"920"= soft65.exe
"721"= aa66.exe
"821"= zip66.exe
"921"= soft66.exe
"722"= aa67.exe
"822"= zip67.exe
"922"= soft67.exe
"723"= aa68.exe
"823"= zip68.exe
"923"= soft68.exe
"724"= aa69.exe
"824"= zip69.exe
"924"= soft69.exe
"725"= aa70.exe
"825"= zip70.exe
"925"= soft70.exe
"726"= aa71.exe
"826"= zip71.exe
"926"= soft71.exe
"727"= aa72.exe
"827"= zip72.exe
"927"= soft72.exe
"728"= aa73.exe
"828"= zip73.exe
"928"= soft73.exe
"729"= aa74.exe
"829"= zip74.exe
"929"= soft74.exe
"730"= aa75.exe
"830"= zip75.exe
"930"= soft75.exe
"731"= aa76.exe
"831"= zip76.exe
"931"= soft76.exe
"732"= aa77.exe
"832"= zip77.exe
"932"= soft77.exe
"733"= aa78.exe
"833"= zip78.exe
"933"= soft78.exe
"734"= aa79.exe
"834"= zip79.exe
"934"= soft79.exe
"735"= aa80.exe
"835"= zip80.exe
"935"= soft80.exe
"736"= aa81.exe
"836"= zip81.exe
"936"= soft81.exe
"737"= aa82.exe
"837"= zip82.exe
"937"= soft82.exe
"738"= aa83.exe
"838"= zip83.exe
"938"= soft83.exe
"739"= aa84.exe
"839"= zip84.exe
"939"= soft84.exe
"740"= aa85.exe
"840"= zip85.exe
"940"= soft85.exe
"741"= aa86.exe
"841"= zip86.exe
"941"= soft86.exe
"742"= aa87.exe
"842"= zip87.exe
"942"= soft87.exe
"743"= aa88.exe
"843"= zip88.exe
"943"= soft88.exe
"744"= aa89.exe
"844"= zip89.exe
"944"= soft89.exe
"745"= aa90.exe
"845"= zip90.exe
"945"= soft90.exe
"746"= aa91.exe
"846"= zip91.exe
"946"= soft91.exe
"747"= aa92.exe
"847"= zip92.exe
"947"= soft92.exe
"748"= aa93.exe
"848"= zip93.exe
"948"= soft93.exe
"749"= aa94.exe
"849"= zip94.exe
"949"= soft94.exe
"750"= aa95.exe
"850"= zip95.exe
"950"= soft95.exe
"751"= aa96.exe
"851"= zip96.exe
"951"= soft96.exe
"752"= aa97.exe
"852"= zip97.exe
"952"= soft97.exe
"753"= aa98.exe
"853"= zip98.exe
"953"= soft98.exe
"754"= aa99.exe
"854"= zip99.exe
"954"= soft99.exe
"955"= $sys$drv.exe
"956"= $sys$sos$sys$.exe
"957"= $sys$xp.exe
"958"= ~565.exe
"959"= 0.exe
"960"= 004.exe
"961"= 005.exe
"962"= 006.exe
"963"= 007.exe
"964"= 007ssinstall.exe
"965"= 008.exe
"966"= 009.exe
"967"= 01dopewars_update.exe
"968"= 01logo.exe
"969"= 04s28lat.exe
"970"= 06qytm1a.exe
"971"= 09857728.exe
"972"= 1004270.exe
"973"= 1054571.exe
"974"= 11421604.exe
"975"= 123bar.exe
"976"= 123hiddensender.exe
"977"= 12nail.exe
"978"= 14hi1qs8.exe
"979"= 17131762.exe
"980"= 180ax.exe
"981"= 180pack6480.exe
"982"= 180sa.exe
"983"= 180sainstallernusac.exe
"984"= 180stuninstaller.exe
"985"= 1lyu2k.exe
"986"= 1o32cwjn.exe
"987"= 2.sfx.exe.exe
"988"= 2005.exe
"989"= 202_app13.exe
"990"= 26-593.exe
"991"= 29904603.exe
"992"= 2search.exe
"993"= 302v2fp0.exe
"994"= 39987557.exe
"995"= 50cent.exe
"996"= 53648356.svd
"997"= 5thkf354.exe
"998"= 63de0cc3d01
"999"= 63mm.exe
"1000"= 666.exe
"1001"= 66978039.exe
"1002"= 69254441.exe
"1003"= 9spj1iiq.exe
"1004"= a_clearsearch.exe
"1005"= a0011142.exe
"1006"= a006.exe
"1007"= a006.exe
"1008"= a0067423.exe
"1009"= a0067428.exe
"1010"= a64sddd.exe
"1011"= abg-aceh.exe
"1012"= abox.exe
"1013"= abs.exe
"1014"= absr.exe
"1015"= access members area.exe
"1016"= access.exe
"1017"= accwizz.exe
"1018"= acespy331t.exe
"1019"= aclservice.exe
"1020"= aconti.exe
"1021"= actalert.exe
"1022"= activeds.exe
"1023"= activeplus.exe
"1024"= activex_300_it.exe
"1025"= actualspy.exe
"1026"= actx1.exe
"1027"= ad.exe
"1028"= adaware.exe
"1029"= adl_mteststub.exe
"1030"= adlinstallwin32.exe
"1031"= adm4005.exe
"1032"= admanctl.exe
"1033"= admilliserv.exe
"1034"= admlib32.exe
"1035"= adobe_flash.exe
"1036"= adobes.exe
"1037"= adp.exe
"1038"= adsetup.silent.1.13.exe
"1039"= adstatserv.exe
"1040"= adtech2006.exe
"1041"= adupdater.exe
"1042"= adv.exe
"1043"= advapi.exe
"1044"= adx.exe
"1045"= ahadp.exe
"1046"= aim spy plugin.exe
"1047"= ajrpbi.exe
"1048"= alchem.exe
"1049"= alevir.exe
"1050"= alp2plib.exe
"1051"= amero.exe
"1052"= amp2pl.exe
"1053"= angelex.exe
"1054"= anti_troj.exe
"1055"= antiav.exe
"1056"= antispy.exe
"1057"= antivirus update.exe
"1058"= antivirus32.exe
"1059"= aocbhm.exe
"1060"= aornum.exe
"1061"= ap0.exe
"1062"= ap2.exe
"1063"= apd123.exe
"1064"= app.exe
"1065"= appsetup.exe
"1066"= aq3hel~1.exe
"1067"= archive.exe
"1068"= arr.exe
"1069"= arupdate.exe
"1070"= arupld32.exe
"1071"= asd.exe
"1072"= asearchassist.exe
"1073"= asm.exe
"1074"= asmonitor.exe
"1075"= astart.exe
"1076"= atipta.exe
"1077"= atiupdate.exe
"1078"= atmsvc.exe
"1079"= aupdate_uninstall.exe
"1080"= aurora(1).exe
"1081"= aurora.exe
"1082"= aurora-wise1.exe
"1083"= ause3-decoded.exe
"1084"= ausvc.exe
"1085"= autoexec.exe
"1086"= automove.exe
"1087"= autoupdatev2.exe
"1088"= aux32.exe
"1089"= av.exe
"1090"= avghalsb.exe
"1091"= avserve.exe
"1092"= avserve2.exe
"1093"= b2search_v17.exe
"1094"= backdoor.prorat.13.exe
"1095"= backdoor.prorat.13_(57).exe
"1096"= backup-20040105-225929-414.exe
"1097"= backweb.exe
"1098"= banmanpro.exe
"1099"= bargain3.exe
"1100"= bargain4.exe
"1101"= bargainbuddy.exe
"1102"= bargains.exe
"1103"= basfipm.exe
"1104"= bazzi.exe
"1105"= bb.exe
"1106"= bbchk.exe
"1107"= bbfbeola.exe
"1108"= bbi8015.exe
"1109"= bbi8018.exe
"1110"= bbi8032.exe
"1111"= bbntqcbw.exe
"1112"= bboy.exe
"1113"= bdrqbac.exe
"1114"= bedo9iz1.exe
"1115"= belt.exe
"1116"= berasjatah.exe
"1117"= beta.exe
"1118"= bhp.exe
"1119"= bhsv.exe
"1120"= bi5.exe
"1121"= bifrost.exe
"1122"= bil.exe
"1123"= bindshell.exe
"1124"= bionet.exe
"1125"= bk.exe
"1126"= block-checker.exe
"1127"= blondes.exe
"1128"= bloodhound.exe
"1129"= blss.exe
"1130"= bman.exe
"1131"= bml8pjp7.exe
"1132"= bmupdate.exe
"1133"= bokja.exe
"1134"= bookedspace.exe
"1135"= boot.exe
"1136"= bootconf.exe
"1137"= bot.exe
"1138"= bp.exe
"1139"= bpc.exe
"1140"= safesys.exe
"1141"= bpsinstall.exe
"1142"= brasil.exe
"1143"= brengkolang.com
"1144"= bronstab.exe
"1145"= bsoft.exe
"1146"= buddy.exe
"1147"= bugsfix.exe
"1148"= bundle.exe
"1149"= bundle~1.exe
"1150"= bundleouter.exe
"1151"= bundleouter2501031120.exe
"1152"= bundleouter2601031121.exe
"1153"= bundles.exe
"1154"= bundles118.exe
"1155"= bxproxy.exe
"1156"= camviewer.exe
"1157"= card.exe
"1158"= cartao.exe
"1159"= cas2stub.exe
"1160"= casclient.exe
"1161"= cashsaverupdate.exe
"1162"= cb.exe
"1163"= cc.exe
"1164"= cd_install.exe
"1165"= cd_install_291.exe
"1166"= cd_load.exe
"1167"= cd5a8b2bd01
"1168"= cdaengine
"1169"= cdaengine0500
"1170"= cdf.exe
"1171"= cds.exe
"1172"= cdsm32.exe
"1173"= cfgmgr52.exe
"1174"= cfmon.exe
"1175"= cg.exe
"1176"= cgtask.exe
"1177"= check.exe
"1178"= checkreg.exe
"1179"= checkup.exe
"1180"= chkntsv.exe
"1181"= chkras.exe
"1182"= choke.exe
"1183"= chq7gv5g.exe
"1184"= cisvvc.exe
"1185"= cjqxe.exe
"1186"= ckusdll.exe
"1187"= clbcatex.exe
"1188"= client.exe
"1189"= clientax.exe
"1190"= cm.exe
"1191"= cmappsetup.exe
"1192"= cmappupdate.exe
"1193"= cmd32.exe
"1194"= cmdinst.exe
"1195"= cmesys.exe
"1196"= cmeupd.exe
"1197"= cmman.exe
"1198"= cmqcemmpm.exe
"1199"= cmrsr.exe
"1200"= cmrss.exe
"1201"= cmsystem.exe
"1202"= cnqmax.exe
"1203"= codecsetup.exe
"1204"= comctl_32.exe
"1205"= commando.exe
"1206"= conscorr.exe
"1207"= consol32.exe
"1208"= cool.exe
"1209"= copy of optimize.exe
"1210"= corpstats.exe
"1211"= cp.exe
"1212"= cpanel.exe
"1213"= cpr.exe
"1214"= crackserver-service.exe
"1215"= crmss.exe
"1216"= crss.exe
"1217"= crsss.exe
"1218"= cryptfg.exe
"1219"= csaolinst.exe
"1220"= csaolldr.exe
"1221"= csbiinst.exe
"1222"= csieinst.exe
"1223"= csmsv.exe
"1224"= csrcs.exe
"1225"= csrdeu32.exe
"1226"= csrrs.exe
"1227"= csrs.exe
"1228"= csrsc.exe
"1229"= csrse.exe
"1230"= csrss32.exe
"1231"= ctfmon32.exe
"1232"= cucu.exe
"1233"= cxq8ojka.exe
"1234"= cxtpls.exe
"1235"= cydoor.exe
"1236"= cydoor_uninstall.exe
"1237"= cz.exe
"1238"= czncin.exe
"1239"= d.exe
"1240"= d6.exe
"1241"= data2.exe
"1242"= data3.exe
"1243"= datemanager.exe
"1244"= dbaccess.exe
"1245"= dc1.exe
"1246"= dc37.exe
"1247"= dc38.exe
"1248"= dc39.exe
"1249"= dc42.exe
"1250"= dc43.exe
"1251"= dc44.exe
"1252"= dc82.exe
"1253"= dc83.exe
"1254"= dc84.exe
"1255"= dc85.exe
"1256"= dc86.exe
"1257"= dcomcfg.exe
"1258"= dcomx.exe
"1259"= ddcman.exe
"1260"= dealhelper.exe
"1261"= delmsbb.exe
"1262"= deskadkeep.exe
"1263"= deskadserv.exe
"1264"= desktop.exe
"1265"= dfe.exe
"1266"= dfrgsrv.exe
"1267"= dgwojz0h.exe
"1268"= dhbrwsr.exe
"1269"= dho.exe
"1270"= dhupdt.exe
"1271"= dial.exe
"1272"= dinst.exe
"1273"= dioxin.exe
"1274"= directs.exe
"1275"= directx.exe
"1276"= directxset.exe
"1277"= disp1150.exe
"1278"= display.exe
"1279"= divx.exe
"1280"= dlgli.exe
"1281"= dlhost.exe
"1282"= dll32.exe
"1283"= dllreg.exe
"1284"= dmserver.exe
"1285"= dodrrr.exe
"1286"= down.exe
"1287"= download.exe
"1288"= downloadplus.exe
"1289"= dp-b23011805.exe
"1290"= dpul6zoa.exe
"1291"= dr.exe
"1292"= dr_s.exe
"1293"= drpmon(1).exe
"1294"= drpmon.exe
"1295"= drv.exe
"1296"= drvddll.exe
"1297"= drwtsn16.exe
"1298"= ds.exe
"1299"= dscbtshl.exe
"1300"= dssagent.exe
"1301"= dtloader.exe
"1302"= duel.exe
"1303"= dun.exe
"1304"= dvbern.exe
"1305"= dvchost.exe
"1306"= dvdkeyauth.exe
"1307"= dvldr32.exe
"1308"= dvwnhd.exe
"1309"= dw.exe
"1310"= dwcg.exe
"1311"= dwe.exe
"1312"= dwnupdt.exe
"1313"= usbautotuner.exe
"1314"= dxnf.exe
"1315"= e85b8fb2d01.exe
"1316"= easy.windows.monitoring.exe
"1317"= easyav.exe
"1318"= ecodec.exe
"1319"= edit server.exe
"1320"= ee.exe
"1321"= ee1a8f91d01.exe
"1322"= ee248fa7d01.exe
"1323"= eeea8fa3d01.exe
"1324"= eeef8fa2d01.exe
"1325"= eetu.exe
"1326"= eksplorasi.exe
"1327"= elos.exe
"1328"= eml.exe
"1329"= emsw.exe
"1330"= enbiei.exe
"1331"= enuubwafo.exe
"1332"= epswad4.exe
"1333"= errorguard.exe
"1334"= ers.exe
"1335"= ersvc.exe
"1336"= escan.exe
"1337"= esyndicateinst.exe
"1338"= evr8gkxb.exe
"1339"= exchng32.exe
"1340"= exclean.exe
"1341"= exdl.exe
"1342"= exec.exe
"1343"= exp.exe
"1344"= expl32.exe
"1345"= explore.exe
"1346"= explored.exe
"1347"= exploreff.exe
"1348"= explorer32.exe
"1349"= explorere.exe
"1350"= exul.exe
"1351"= ezinstall.exe
"1352"= ezpopstub.exe
"1353"= ezstub.exe
"1354"= ezstub22.exe
"1355"= ezulumain.exe
"1356"= f3403484.exe
"1357"= f4bbfeaed01
"1358"= farmmext.exe
"1359"= fash.exe
"1360"= fasterxp.exe
"1361"= fbi_facebook.exe
"1362"= fc.exe
"1363"= fixtitle.exe
"1364"= fjdbfvk.exe
"1365"= flashtalk-wise1000.exe
"1366"= fntldr.exe
"1367"= fontloader.exe
"1368"= fontview.exe
"1369"= formulario.exe
"1370"= fph.exe
"1371"= fqc.exe
"1372"= freexxx.exe
"1373"= frsk.exe
"1374"= fservice.exe
"1375"= fsg.exe
"1376"= fsg_4104.exe
"1377"= fsjyhc5r.exe
"1378"= fsw.exe
"1379"= fullgames.exe
"1380"= fuwxenc.exe
"1381"= fvprotect.exe
"1382"= g181511.a.stub.exe
"1383"= g4eyp3kf.exe
"1384"= gaedzsxe.exe
"1385"= gah95on6.exe
"1386"= gain_trickler_3102.exe
"1387"= gain_trickler_3202.exe
"1388"= my music.exe
"1389"= gateway.exe
"1390"= gator.exe
"1391"= gatorstubsetup.exe
"1392"= get.exe
"1393"= get_flash_update.exe
"1394"= getbuys.exe
"1395"= gfjgj.exe
"1396"= ghost.bat
"1397"= ginst_001_1234_4201.exe
"1398"= gld.exe
"1399"= glf2fglf2f.exe
"1400"= gm.exe
"1401"= gmt.exe
"1402"= gogoaddisplay.exe
"1403"= gogoaddressbar.exe
"1404"= gogofileshare.exe
"1405"= gogotoolbar.exe
"1406"= gogotools.exe
"1407"= gogotools0.exe
"1408"= gogotoolsinstaller.exe
"1409"= gsohy92a.exe
"1410"= gstartup.exe
"1411"= szace.exe
"1412"= guninstaller.exe
"1413"= h2g140n1.exe
"1414"= hacker.exe
"1415"= haiyang.exe
"1416"= hbinst.exe
"1417"= hbtv.exe
"1418"= heat.exe
"1419"= hellmsn.exe
"1420"= helpexp.exe
"1421"= hgfedcba.exe
"1422"= hgqhp.exe
"1423"= hhs32.pif
"1424"= hidden32.exe
"1425"= hidedown.exe
"1426"= hidr.exe
"1427"= hloader.exe
"1428"= hnm_svc.exe
"1429"= hookdump.exe
"1430"= host.exe
"1431"= hot.exe
"1432"= hot_tarts_mc.exe
"1433"= hprog.exe
"1434"= hro.exe
"1435"= htmdeng.exe
"1436"= hwclock.exe
"1437"= hxdef.exe
"1438"= hxdl.exe
"1439"= hxiul.exe
"1440"= i3k0hgad.exe
"1441"= ibm00001.exe
"1442"= icon.exe
"1443"= idemlog.exe
"1444"= idleui.exe
"1445"= iebtm.exe
"1446"= iedll.exe
"1447"= iedriver.exe
"1448"= iegator.exe
"1449"= iehost.exe
"1450"= iep.exe
"1451"= iesetup.exe
"1452"= iexpiore.exe
"1453"= iexplor32.exe
"1454"= iexplore32.exe
"1455"= iexplorer.exe
"1456"= igetnet_3845_3645.exe
"1457"= igps.exe
"1458"= igpsdon6.exe
"1459"= iinstall.exe
"1460"= im_2.exe
"1461"= imguninst.exe
"1462"= infoctl.exe
"1463"= infus.exe
"1464"= infwin.exe
"1465"= init32m.exe
"1466"= ink.exe
"1467"= inst.exe
"1468"= install1.exe
"1469"= installdatemanager.exe
"1470"= installer1.exe
"1471"= instant access.exe
"1472"= intdel.exe
"1473"= intel32.exe
"1474"= intell321.exe
"1475"= intenat.exe
"1476"= internet.exe
"1477"= internetfeatures.exe
"1478"= ipfw.exe
"1479"= ipu.exe
"1480"= ipwins.exe
"1481"= irasyncd.exe
"1482"= iroffer.exe
"1483"= isamini.exe
"1484"= isamntr.exe
"1485"= isamonitor.exe
"1486"= isass.exe
"1487"= ishost.exe
"1488"= isinstalldonecrazy.exe
"1489"= ismon.exe
"1490"= isnotify.exe
"1491"= ispsupport.exe
"1492"= issearch.exe
"1493"= istsvc.exe
"1494"= itbill.exe
"1495"= itphwd.exe
"1496"= iwatch.exe
"1497"= j4g8w5m8.exe
"1498"= j7k8ug16.exe
"1499"= j95i15ei.exe
"1500"= jabber.exe
"1501"= jammer2nd.exe
"1502"= jawa32.exe
"1503"= jdbgmrg.exe
"1504"= jif.exe
"1505"= jkill.exe
"1506"= jmnmxr.exe
"1507"= jnfdtdi.exe
"1508"= jq34042x.exe
"1509"= jre4i3q6.exe
"1510"= jushed32.exe
"1511"= jxcevib2.exe
"1512"= k4eboy6.exe
"1513"= kaboom.exe
"1514"= kahlisetup_demo.exe
"1515"= kane.exe
"1516"= kazza.exe
"1517"= kb021119.exe
"1518"= keenvalue.exe
"1519"= kernal32.exe
"1520"= kerne1412.exe
"1521"= kernel32.exe
"1522"= kernels32.exe
"1523"= kernels64.exe
"1524"= keu2zfke.exe
"1525"= keylogger plugin.exe
"1526"= keyword.exe
"1527"= kl.exe
"1528"= kmwoa.exe
"1529"= kmwol.exe
"1530"= kmwop.exe
"1531"= knuzql.exe
"1532"= krxz.exe
"1533"= l6y07fu5.exe
"1534"= lass.exe
"1535"= launchadware.exe
"1536"= layer.exe
"1537"= lcc.exe
"1538"= lex.exe
"1539"= lexplore.exe
"1540"= license_manager.exe
"1541"= bmonq.exe
"1542"= live.exe
"1543"= lmu.exe
"1544"= load.exe
"1545"= load32.exe
"1546"= loader(1).exe
"1547"= l26.exe
"1548"= loader[1].exe
"1549"= lockx.exe
"1550"= lodctr32.exe
"1551"= Duel_v2.exe
"1552"= logon.exe
"1553"= loud.exe
"1554"= lp.exe
"1555"= lsa.exe
"1556"= lsas.exe
"1557"= lsass32.exe
"1558"= lsassa.exe
"1559"= lssas.exe
"1560"= lsserv.exe
"1561"= ma.exe
"1562"= mahtfi.exe
"1563"= mapisvc32.exe
"1564"= mario.exe
"1565"= matcli.exe
"1566"= mcafee.update.exe.exe
"1567"= mcf.exe
"1568"= md.exe
"1569"= mdms.exe
"1570"= me.exe
"1571"= medgs1.exe
"1572"= mediaaccess.exe
"1573"= mediaaccessinstpack.exe
"1574"= mediaacck.exe
"1575"= mediagateway.exe
"1576"= mediaman.exe
"1577"= mediapass.exe
"1578"= mediapassk.exe
"1579"= members-area.exe
"1580"= memorymeter.exe
"1581"= menu.exe
"1582"= mfc71.exe
"1583"= mfin32.exe
"1584"= mfx8k065.exe
"1585"= microsystem.exe
"1586"= minibug.exe
"1587"= mirc32.exe
"1588"= mirindaa1i.exe
"1589"= mirror_plugin.exe
"1590"= mksc.exe
"1591"= mm.exe
"1592"= mm15201518.stub.exe
"1593"= mmbun.exe
"1594"= mmm.exe
"1595"= mmod.exe
"1596"= mmsg.exe
"1597"= mmups.exe
"1598"= mnss.exe
"1599"= mostat.exe
"1600"= mousedrv.exe
"1601"= mp3serch.exe
"1602"= mp7eq7hx.exe
"1603"= mrjj.exe
"1604"= mrtstub.exe
"1605"= msaa.exe
"1606"= msapp.exe
"1607"= msbb.exe
"1608"= msbb[1].exe
"1609"= msblast.exe
"1610"= msc32.exe
"1611"= mscache.exe
"1612"= msccn32.exe
"1613"= msckin.exe
"1614"= mscman.exe
"1615"= mscnsz.exe
"1616"= mscommand.exe
"1617"= msconfgh.exe
"1618"= msconfig32.exe
"1619"= mscornet.exe
"1620"= mscvb32.exe
"1621"= msdm.exe
"1622"= msexreg.exe
"1623"= msgdmf.exe
"1624"= msgfix.exe
"1625"= msgrsv32.exe
"1626"= msiexec16.exe
"1627"= msinfo.exe
"1628"= mslagent.exe
"1629"= mslaugh.exe
"1630"= msmc.exe
"1631"= msmgs.exe
"1632"= msmgt.exe
"1633"= msmm.exe
"1634"= msmsg.exe
"1635"= msnlive.exe
"1636"= msnst32.exe
"1637"= msole32.exe
"1638"= mspath.exe
"1639"= mspmspv.exe
"1640"= msrexe.exe
"1641"= mssearchnet.exe
"1642"= mssecure.exe
"1643"= msshed32.exe
"1644"= mssvc32.exe
"1645"= mssvr.exe
"1646"= mssys.exe
"1647"= mstasks.exe
"1648"= mstc.exe
"1649"= mstcs.exe
"1650"= msupdate.exe
"1651"= msvc32.exe
"1652"= msvcrl.exe
"1653"= msvgr.exe
"1654"= msvxd.exe
"1655"= msw.exe
"1656"= mswin32.exe
"1657"= mswinb32.exe
"1658"= msxct.exe
"1659"= mt.exe
"1660"= mtask.exe
"1661"= mtjuhp.exe
"1662"= mudsc.exe
"1663"= murphy.exe
"1664"= mwd.exe
"1665"= mwfirewall.exe
"1666"= mwsoemon.exe
"1667"= mwsvm.exe
"1668"= mypcsearch.exe
"1669"= mysearch2.0.exe
"1670"= mysetp.exe
"1671"= myurlff.exe
"1672"= myurlsagain.exe
"1673"= n.exe
"1674"= n1hvjmy9.exe
"1675"= n20050308.exe
"1676"= nail(1).exe
"1677"= nail.exe
"1678"= namedpipe.exe
"1679"= nav32sp.exe
"1680"= navapp.exe
"1681"= nbthlp.exe
"1682"= ncaselib.exe
"1683"= ndcx3xyq.exe
"1684"= netclient.exe
"1685"= netddeclnt.exe
"1686"= netinfo.exe
"1687"= netlib.exe
"1688"= netmail.exe
"1689"= netmeeting.exe
"1690"= netmon.exe
"1691"= netserver.exe
"1692"= netsurf.exe
"1693"= netsvc.exe
"1694"= network.exe
"1695"= newdevin.exe
"1696"= newdot.exe
"1697"= newpop447.exe
"1698"= nfomon.exe
"1699"= nl.exe
"1700"= nlnp49.exe
"1701"= nls.exe
"1702"= noat.exe
"1703"= nomoreporn.exe
"1704"= nopat.exe
"1705"= norton update.exe
"1706"= note.exe
"1707"= notesweb.exe
"1708"= npkcsvc.exe
"1709"= nrcs.exe
"1710"= nrpc.exe
"1711"= nscheck.exe
"1712"= nssys32.exe
"1713"= nstask32.exe
"1714"= nsupdate.exe
"1715"= nsvsvc.exe
"1716"= ntdetect.exe
"1717"= ntfs64.exe
"1718"= ntosa32.exe
"1719"= ntsys.exe
"1720"= nvctrl.exe
"1721"= nvsc32.exe
"1722"= o84u7fwq.exe
"1723"= obllak.exe
"1724"= ocxdll.exe
"1725"= odcfg.exe
"1726"= oeet.exe
"1727"= oeloader.exe
"1728"= offers.exe
"1729"= The sky.exe
"1730"= nt.com
"1731"= office.exe
"1732"= offun.exe
"1733"= okpelq4p.exe
"1734"= olehelp.exe
"1735"= optimize.exe
"1736"= optimize313.exe
"1737"= osalogbe.exe
"1738"= othb.exe
"1739"= p23oorr3.exe
"1740"= p2p networking.exe
"1741"= p2p networking2.exe
"1742"= p2p networking3.exe
"1743"= p2pnetworking.exe
"1744"= p2pnetworking3.exe
"1745"= pagerevisor.exe
"1746"= paytime.exe
"1747"= pbl8ey0e.exe
"1748"= pchealth.exe
"1749"= pcsvc.exe
"1750"= pec.exe
"1751"= pgmonitr.exe
"1752"= phantom.exe
"1753"= phqghum.exe
"1754"= phqghume.exe
"1755"= pi1_??.exe
"1756"= picsvr.exe
"1757"= pictureshare.exe
"1758"= recycle.exe
"1759"= picx.exe
"1760"= pisf.exe
"1761"= piuw.exe
"1762"= 1ogf.exe
"1763"= gwr0lyd.bat
"1764"= play[2].exe
"1765"= play[3].exe
"1766"= play[4].exe
"1767"= play_mp3(2).exe
"1768"= play_mp3.exe
"1769"= play_mp3[1].exe
"1770"= play_mp3[2].exe
"1771"= play_mp3[3].exe
"1772"= play_mp3[4].exe
"1773"= WantsU.exe
"1774"= My heart.exe
"1775"= A smile.exe
"1776"= Forever.exe
"1777"= My love.exe
"1778"= CritProc.exe
"1779"= play_mp3[5].exe
"1780"= play_mp3[6].exe
"1781"= play_mp3-3.exe
"1782"= plscd.exe
"1783"= plugin compressor.exe
"1784"= pmmnt.exe
"1785"= pmmon.exe
"1786"= pmr.exe
"1787"= pmsngr.exe
"1788"= pmsnrr.exe
"1789"= pmt.exe
"1790"= points manager.exe
"1791"= pokapoka
"1792"= pokapoka66.exe
"1793"= pokapoka67.exe
"1794"= pokapoka70.exe
"1795"= pokapoka72.exe
"1796"= pokapoka73.exe
"1797"= pokapoka76.exe
"1798"= pokapoka79.exe
"1799"= poker.exe
"1800"= popuper.exe
"1801"= powerreg
"1802"= powerreg scheduler.exe
"1803"= powerscan.exe
"1804"= precisiontime.exe
"1805"= precisiontimesetup.exe
"1806"= prevadcomm.exe
"1807"= prizesurfer.exe
"1808"= prmt.exe
"1809"= prositefinder.exe
"1810"= prositefinder1.exe
"1811"= prositefinderh.exe
"1812"= prot.exe
"1813"= protector.exe
"1814"= pruttct.exe
"1815"= ps_install-grokster.exe
"1816"= ps_uninstaller.exe
"1817"= ps1.exe
"1818"= pscanw.exe
"1819"= psof1.exe
"1820"= psoft1.exe
"1821"= My desire.exe
"1822"= My hope.exe
"1823"= My wish.exe
"1824"= psqeelsr.exe
"1825"= ptop.exe
"1826"= ptuninstaller.exe
"1827"= purityscan install.exe
"1828"= purityscan.exe
"1829"= purityscan2.exe
"1830"= purityscanuninstall.exe
"1831"= puszinyuszi.exe
"1832"= pvxusmtu.exe
"1833"= pyr0.exe
"1834"= q17i9a4j.exe
"1835"= q7moyha2.exe
"1836"= qerbi.exe
"1837"= qerbif.exe
"1838"= qhutst.exe
"1839"= qi8lu5s9.exe
"1840"= qoologic.exe
"1841"= qqpr8h33.exe
"1842"= randreco.exe
"1843"= ravmond.exe
"1844"= ray.exe
"1845"= rb32.exe
"1846"= rcsync.exe
"1847"= realtray.exe
"1848"= realupd32.exe
"1849"= register.exe
"1850"= registration.exe
"1851"= regloadr.exe
"1852"= regmaping.exe
"1853"= regperf.exe
"1854"= regscan.exe
"1855"= regsrv.exe
"1856"= regsvc32.exe
"1857"= regsync.exe
"1858"= relatedsetup.exe
"1859"= remote.exe
"1860"= removed.exe
"1861"= removedisplayutility.exe
"1862"= removejk.exe
"1863"= requester.11.exe
"1864"= resetservice.exe
"1865"= richup.exe
"1866"= rk.exe
"1867"= rlid.exe
"1868"= rlvknlg.exe
"1869"= rogue.exe
"1870"= rpcmon.exe
"1871"= rtf32.exe
"1872"= svchost000.exe
"1873"= run32dll.exe
"1874"= rundl32.exe
"1875"= rundll16.exe
"1876"= ruxdll32.exe
"1877"= rxtoolbar.exe
"1878"= s.exe
"1879"= s1p1y_bad.exe
"1880"= saap.exe
"1881"= sac.exe
"1882"= sacc.exe
"1883"= saccu.exe
"1884"= sachostb.exe
"1885"= sachostc.exe
"1886"= sachostm.exe
"1887"= sachostp.exe
"1888"= sachosts.exe
"1889"= sachostw.exe
"1890"= sachostx.exe
"1891"= safemode.exe
"1892"= sahagent.exe
"1893"= sahdownloader_.exe
"1894"= saie.exe
"1895"= sais.exe
"1896"= salm.delete.exe
"1897"= salm.exe
"1898"= salmbundle.exe
"1899"= sass.exe
"1900"= satmat.exe
"1901"= scam32.exe
"1902"= scanregistry.exe
"1903"= scardsvr32.exe
"1904"= scbar.exe
"1905"= scchost.exe
"1906"= schedulingagent
"1907"= schost.exe
"1908"= screensaver.v.2.1.exe
"1909"= scrigz.exe
"1910"= scrss.exe
"1911"= scrsvr.exe
"1912"= scrtkfg.exe
"1913"= scvhost.exe
"1914"= se.exe
"1915"= se2ppc4you.exe
"1916"= search.exe
"1917"= searchnavversion.exe
"1918"= searchnugget.exe
"1919"= searchupdate33.exe
"1920"= searchupgrader.exe
"1921"= sectoriate.exe
"1922"= secure.exe
"1923"= sed.exe
"1924"= sedk.exe
"1925"= seekmo.exe
"1926"= seeve.exe
"1927"= semanticinsight.exe
"1928"= sempalong.exe
"1929"= senslogn.exe
"1930"= sepinst.exe
"1931"= servce.exe
"1932"= servercon.exe
"1933"= servic.exe
"1934"= service5.exe
"1935"= services32.exe
"1936"= setup_jalapeno.exe
"1937"= setup32i.exe
"1938"= sf.exe
"1939"= sfc32.exe
"1940"= sfgdulkp.exe
"1941"= sfwqi.exe
"1942"= shell32.exe
"1943"= shell386.exe
"1944"= shine.exe
"1945"= shlhook.exe
"1946"= shmgrate.exe
"1947"= shnlog.exe
"1948"= shutdownutility.exe
"1949"= si.exe
"1950"= sideb.exe
"1951"= sidedb_install.exe
"1952"= sksockserver.exe
"1953"= skynetave.exe
"1954"= skype32.exe
"1955"= slmss.exe
"1956"= slserve.exe
"1957"= slserves.exe
"1958"= slsk.exe
"1959"= smmss.exe
"1960"= sms.exe
"1961"= smschk.exe
"1962"= smsonx32.exe
"1963"= smsss.exe
"1964"= smszac32.exe
"1965"= soap.exe
"1966"= Cn911.exe
"1967"= soproc.exe
"1968"= sp.exe
"1969"= sp2ctr.exe
"1970"= spoler.exe
"1971"= spollsv.exe
"1972"= spool.exe
"1973"= spooler.exe
"1974"= spools.exe
"1975"= spoolsrv.exe
"1976"= spoolsrv32.exe
"1977"= spoolsvc.exe
"1978"= sprite.exe
"1979"= spvspool.exe
"1980"= spyagent.exe
"1981"= spyagent4.exe
"1982"= spyaxe.exe
"1983"= spybuddy.exe
"1984"= spysheriff.exe
"1985"= spytrooper.exe
"1986"= spyware.exe
"1987"= sqlexp.exe
"1988"= sqlexp1.exe
"1989"= sqlrep.exe
"1990"= sqlscan.exe
"1991"= sqlserver.exe
"1992"= sr.exe
"1993"= srng.exe
"1994"= srv1.exe
"1995"= srv2.exe
"1996"= srv32.exe
"1997"= srv4.exe
"1998"= srvc32.exe
"1999"= sservice.exe
"2000"= ssgrate.exe
"2001"= ssk.exe
"2002"= ssk3_b5.exe
"2003"= ssk3_installerv5.exe
"2004"= sskb5.exe
"2005"= sskupdater.exe
"2006"= ssl.exe
"2007"= ssrms.exe
"2008"= ssyszu2r.exe
"2009"= Home Video.avi.exe
"2010"= stcloader.exe
"2011"= stealth.dcom.exe
"2012"= stealth.ddos.exe
"2013"= stealth.exe
"2014"= stealth.injector.exe
"2015"= stealth.stat.exe
"2016"= stealth.worm.exe
"2017"= stmtdlr.exe
"2018"= str.exe
"2019"= stubinstaller.exe
"2020"= stubinstaller4292.exe
"2021"= suchost.exe
"2022"= supportinstall.exe
"2023"= surfsidekick.exe
"2024"= susp.exe
"2025"= svaplayer.exe
"2026"= svc.exe
"2027"= svcdata.exe
"2028"= 2j.cmd
"2029"= svchoost.exe
"2030"= svchos1.exe
"2031"= svchosl.exe
"2032"= svchostl.exe
"2033"= svchosts.exe
"2034"= svchosts.exe
"2035"= system volume.exe
"2036"= svcinit.exe
"2037"= svcman.exe
"2038"= svcproc.exe
"2039"= svhost.exe
"2040"= svhosts.exe
"2041"= svohcst.exe
"2042"= svshost.exe
"2043"= svshots.exe
"2044"= svwhost.exe
"2045"= svzhost.exe
"2046"= swin32.exe
"2047"= switpa.exe
"2048"= swrt01.exe
"2049"= sychost.exe
"2050"= sync.exe
"2051"= synchost.exe
"2052"= sys.exe
"2053"= sysai.exe
"2054"= syscfg32.exe
"2055"= sysconf.exe
"2056"= sysfit.exe
"2057"= syshost.exe
"2058"= sysldr32.exe
"2059"= syslog.exe
"2060"= sysmonitor.exe
"2061"= syspol.exe
"2062"= syspools.exe
"2063"= sysreg.exe
"2064"= syss.exe
"2065"= syssfitb.exe
"2066"= systask32l.exe
"2067"= systb.exe
"2068"= system plugin.exe
"2069"= system16.exe
"2070"= system32.exe
"2071"= system32win.exe
"2072"= systemdll.exe
"2073"= systemtray.exe
"2074"= systemup.exe
"2075"= systime.exe
"2076"= systool.exe
"2077"= systra.exe
"2078"= systray32.exe
"2079"= systune.exe
"2080"= sysupd.exe
"2081"= sysupdate.exe
"2082"= sysvcs.exe
"2083"= syswin.exe
"2084"= sywsvcs.exe
"2085"= szchost.exe
"2086"= t8nascmw.exe
"2087"= ta.exe
"2088"= tapicfg.exe
"2089"= targetsaver.exe
"2090"= task.exe
"2091"= task32.exe
"2092"= taskbar.exe
"2093"= taskcntr.exe
"2094"= taskdrv32.exe
"2095"= tasker.exe
"2096"= taskg.exe
"2097"= taskgmr.exe
"2098"= taskmngr.exe
"2099"= taskmon.exe
"2100"= tbon.exe
"2101"= tbps.exe
"2102"= tcpservice2.exe
"2103"= teekids.exe
"2104"= temp.exe
"2105"= testing.exe
"2106"= tmp.exe
"2107"= tmp11e.exe
"2108"= tmp333.exe
"2109"= tool.exe
"2110"= tool3.exe
"2111"= trans.exe
"2112"= translator.exe
"2113"= trickler.exe
"2114"= ts.exe
"2115"= ts2.exe
"2116"= tsa.exe
"2117"= tsadbot.exe
"2118"= tsinstall_4_0_3_8_b17.exe
"2119"= tskdbg.exe
"2120"= tskmgr32.exe
"2121"= tsl2.exe
"2122"= tsm2.exe
"2123"= tsuninst.exe
"2124"= tsupdate_4_0_3_9_b2.exe
"2125"= tsysytd8.exe
"2126"= tt_reco.exe
"2127"= tv media display.exe
"2128"= tvm.exe
"2129"= tvm_b5.exe
"2130"= tvm_b5_bundle_17.exe
"2131"= tvmedia.exe
"2132"= tvmupdater.exe
"2133"= twain_16.exe
"2134"= twunk_64.exe
"2135"= u6c9mpll.exe
"2136"= uc.exe
"2137"= uc1362.exe
"2138"= ucsi.exe
"2139"= udcpas.exe
"2140"= udcsdr.exe
"2141"= uinfo?.exe
"2142"= uj4tgbhc.exe
"2143"= umqltg4cl_.exe
"2144"= umxfwhlp.exe
"2145"= unins001.exe
"2146"= uninsc.exe
"2147"= uninstdsk.exe
"2148"= unpacked-svc.exe
"2149"= unstall.exe
"2150"= uopcjly.exe
"2151"= updater.exe
"2152"= updatexp.exe
"2153"= updinst.exe
"2154"= updmgr.exe
"2155"= updtscheduler.exe
"2156"= upgrade1.exe
"2157"= upgrade3.exe
"2158"= usbn.exe
"2159"= userint32.exe
"2160"= usofrpyqzgrhcumw.exe
"2161"= uvu-channel.exe
"2162"= uwfx5.exe
"2163"= vabctqp.exe
"2164"= vb2.exe
"2165"= vbouncer.exe
"2166"= vbstub.exe
"2167"= vcclient.exe
"2168"= vcmpin.exe
"2169"= vco8n6ix.exe
"2170"= video.exe
"2171"= vidmon.exe
"2172"= vmlib.exe
"2173"= vmss.exe
"2174"= voclslqn.exe
"2175"= vsnpstd2.exe
"2176"= w.exe
"2177"= w11150.exe
"2178"= w181609.stub.exe
"2179"= w32_systm.exe
"2180"= w32backdoor-axc.trojan.exe
"2181"= w32backdoor-axg.trojan.exe
"2182"= w32backdoor-axh.trojan.exe
"2183"= w32backdoor-dvl.exe
"2184"= w32backdoor-egl.exe
"2185"= pnc.exe
"2186"= w32backdoor-egv.exe
"2187"= w32backdoor-hd.trojan.exe
"2188"= w32backdoor-jz.trojan.exe
"2189"= w32backdoor-nt.exe
"2190"= w32backdoor-ny.exe
"2191"= w32backdoor-yx.exe
"2192"= w32banito-k.trojan.exe
"2193"= w32banito-p.exe
"2194"= w32downloader-ggs.exe
"2195"= w32downloader-gns.exe
"2196"= w32downloader-gpq.exe
"2197"= w32haxdoor-ft.exe
"2198"= w32hupigon-ar.exe
"2199"= w32hupigon-cj.exe
"2200"= w32istbar-la.exe
"2201"= w32lecna-a.exe
"2202"= w32time.exe
"2203"= wareout.exe
"2204"= watch_free_porn.exe
"2205"= wauclt.exe
"2206"= wdfmrg.exe
"2207"= weatherstudio desktop.exe
"2208"= web.exe
"2209"= webbullion.exe
"2210"= webinstall.exe
"2211"= weblookup.exe
"2212"= webpmger.exe
"2213"= webrebates.exe
"2214"= wfdmgr.exe
"2215"= whagent.exe
"2216"= whg14100.exe
"2217"= whse.exe
"2218"= whsurvey.exe
"2219"= wid32.exe
"2220"= wimanager.exe
"2221"= win.com
"2222"= win.exe
"2223"= win24.exe
"2224"= win32.exe
"2225"= win32api.exe
"2226"= win32debug.exe
"2227"= win32us.exe
"2228"= winactive.exe
"2229"= winad.exe
"2230"= winadalt.exe
"2231"= winadctl.exe
"2232"= winadm.exe
"2233"= winadserv.exe
"2234"= winadslave.exe
"2235"= winadtools.exe
"2236"= winav.exe
"2237"= win-bugsfix.exe
"2238"= wincfg32.exe
"2239"= wincomm.exe
"2240"= wincomp.exe
"2241"= winctlad.exe
"2242"= winctladalt.exe
"2243"= winctrl?.exe
"2244"= wind2ll2.exe
"2245"= windbg32.exe
"2246"= winde.exe
"2247"= windefault.exe
"2248"= windio778.exe
"2249"= windir32.exe
"2250"= windirect.exe
"2251"= windows.exe
"2252"= windowsupdated32.exe
"2253"= winds.exe
"2254"= windspl.exe
"2255"= winex.exe
"2256"= winexec.exe
"2257"= winexec32.exe
"2258"= winfixer
"2259"= winform.exe
"2260"= winfrw.exe
"2261"= wingate.exe
"2262"= wingo.exe
"2263"= winhost.exe
"2264"= winhound.exe
"2265"= wininfo.exe
"2266"= wininit32.exe
"2267"= winldr.exe
"2268"= winldra.exe
"2269"= winlock.exe
"2270"= winlogin.exe
"2271"= winlogonn.exe
"2272"= winlogons.exe
"2273"= winmain.exe
"2274"= winmgm32.exe
"2275"= winnet.exe
"2276"= winnt.exe
"2277"= winoie789.exe
"2278"= winole.exe
"2279"= winotify.exe
"2280"= winpack.exe
"2281"= winproc32.exe
"2282"= winpsd.exe
"2283"= winpup32.exe
"2284"= winrarshell32.exe
"2285"= winratchet.exe
"2286"= winrecon.exe
"2287"= winresw.exe
"2288"= winrpc.exe
"2289"= winsched.exe
"2290"= winserv.exe
"2291"= winservices.exe
"2292"= winservn.exe
"2293"= winservs.exe
"2294"= winservsuit.exe
"2295"= winsetup.exe
"2296"= winsfc.exe
"2297"= winshost.exe
"2298"= winsocks.exe
"2299"= winspector.exe
"2300"= winsrv32.exe
"2301"= winssk32.exe
"2302"= winstall.exe
"2303"= winstart.exe
"2304"= winstart001.exe
"2305"= winstat.exe
"2306"= winstatkeep.exe
"2307"= winsupdater.exe
"2308"= winsvc.exe
"2309"= winsvc32.exe
"2310"= winsvr.exe
"2311"= winsys.exe
"2312"= winsys2.exe
"2313"= winsys32.exe
"2314"= wintask.exe
"2315"= wintaskad.exe
"2316"= wintbp.exe
"2317"= wintems.exe
"2318"= wintime.exe
"2319"= wintools.exe
"2320"= wintoolsa.exe
"2321"= wintrust32.exe
"2322"= wintsk32.exe
"2323"= wintsvtr.exe
"2324"= winupdate.exe
"2325"= winupdates.exe
"2326"= winupdt.exe
"2327"= winupdtl.exe
"2328"= winwan.exe
"2329"= winxp.exe
"2330"= 81859749.EXE
"2331"= winzip_tmp.exe
"2332"= wiseupdt.exe
"2333"= wkssvc.exe
"2334"= wkssvc32.exe
"2335"= wmon32.exe
"2336"= wo.exe
"2337"= word.exe
"2338"= wovax.exe
"2339"= wp.exe
"2340"= wpa.exe
"2341"= wpd.exe
"2342"= wrapperouter.exe
"2343"= wrgrci.exe
"2344"= wsebate2.exe
"2345"= wsup.exe
"2346"= wsupdate.exe
"2347"= wsxsvc.exe
"2348"= wsys.exe
"2349"= wtools.exe
"2350"= wtoolsa 1.0.8.11.exe
"2351"= wtoolsa.exe
"2352"= wtoolss.exe
"2353"= wtssvtr.exe
"2354"= wuactl2.exe
"2355"= wuamgrd.exe
"2356"= wuamkop.exe
"2357"= wuauclt2.exe
"2358"= wupdate.exe
"2359"= wupdated.exe
"2360"= wupdater.exe
"2361"= wupdates.exe
"2362"= wupdt.exe
"2363"= wups.exe
"2364"= x234cpiroff.exe
"2365"= xfullgames.exe
"2366"= xhrmy.exe
"2367"= xmailer.exe
"2368"= xpujbkz6.exe
"2369"= xtcfgloader.exe
"2370"= xtmbgajp.exe
"2371"= xupiterstartup.exe
"2372"= xupitertoolbarloader.exe
"2373"= xvid-1.0.3-beta3-setup.exe
"2374"= xwrm.exe
"2375"= xxx.exe
"2376"= xzciqim.exe
"2377"= xzz.exe
"2378"= y.exe
"2379"= y38p3fqy.exe
"2380"= yaemu.exe
"2381"= ystckao32.exe
"2382"= zango.exe
"2383"= zangohook.exe
"2384"= zangoinstaller.exe
"2385"= zangotb.exe
"2386"= zangotbinstaller.exe
"2387"= zangotbuninstaller.exe
"2388"= zanu.exe
"2389"= zanuhook.exe
"2390"= zb9uu7p0.exe
"2391"= zcbridge.exe
"2392"= zcz.exe
"2393"= zeta.exe
"2394"= zhopaizdupla.exe
"2395"= lvhf.cmd
"2396"= 2aaxaiy.exe
"2397"= 2.bat
"2398"= 1utbfd.bat
"2399"= 0bcobed.exe
"2400"= ib8979.exe
"2401"= j6445622.exe
"2402"= o4445627.exe
"2403"= 2u.com
"2404"= program files.exe
"2405"= winsmss.exe
"2406"= document.exe
"2407"= Gerger_files.exe
"2408"= drvspace.com
"2409"= EraleuH.exe
"2410"= PowerPoint temlates.exe
"2411"= Excel templates.exe
"2412"= My Media Files.exe
"2413"= MP3 Files.exe
"2414"= Admin Files.exe
"2415"= filesrv32.exe
"2416"= My Documents.exe
"2417"= Important Documents.exe
"2418"= Saved Documents.exe
"2419"= My Videos.exe
"2420"= System Volume Information.cmd
"2421"= System Volume Information.bat
"2422"= System Volume Information.com
"2423"= System Volume Information.exe
"2424"= ChiNiu.exe
"2425"= winomc.exe
"2426"= vang anh.exe
"2427"= autorun.inf.bat
"2428"= autorun.inf.com
"2429"= autorun.inf.cmd
"2430"= autorun.inf.exe
"2431"= autorun.ini.bat
"2432"= autorun.ini.com
"2433"= autorun.ini.cmd
"2434"= autorun.ini.exe
"2435"= desktop.ini.exe
"2436"= desktop.ini.bat
"2437"= desktop.ini.com
"2438"= desktop.ini.cmd
"2439"= ntos.exe
"2440"= fqmcnfl.exe
"2441"= jscuup.exe
"2442"= msbootlog.exe
"2443"= website.exe
"2444"= Mr.kokoro.exe
"2445"= MR.KOKORO website.exe
"2446"= jjxzwzjy090223.exe
"2447"= usbmon.exe
"2448"= kb2006a.exe
"2449"= GOBACK.EXE
"2450"= SSERVER.EXE
"2451"= GOST.EXE
"2452"= lap.exe
"2453"= 91255398.EXE
"2454"= newdev.exe
"2455"= my game.exe
"2456"= my games.exe
"2457"= xn9uu8.exe
"2458"= xdw.com
"2459"= xcisvxl.com
"2460"= x2csvg.exe
"2461"= w.exe
"2462"= w98.com
"2463"= w2.com
"2464"= ve.exe
"2465"= uxkl0apt.bat
"2466"= uvsqfgwd.cmd
"2467"= ur0.com
"2468"= upw.bat
"2469"= ujyew68.cmd
"2470"= u.com
"2471"= tx.bat
"2472"= sbju2.exe
"2473"= rveunh.com
"2474"= rcvk.exe
"2475"= qxty9be.cmd
"2476"= qphdin.com
"2477"= qoes.bat
"2478"= q0dhfjf.exe
"2479"= pook.com
"2480"= opgde.exe
"2481"= o8.bat
"2482"= o3n9k.com
"2483"= mk.com
"2484"= minm.cmd
"2485"= m0vnonh.bat
"2486"= luk1ylq.com
"2487"= ltdjr2ia.exe
"2488"= lhylec9x.cmd
"2489"= jodi2nb.com
"2490"= jm3cx96.bat
"2491"= jeorels.cmd
"2492"= je9.com
"2493"= j60osk9.cmd
"2494"= iq.bat
"2495"= i.com
"2496"= i6g6x.cmd
"2497"= hyetn1i.exe
"2498"= hl80c6b1.com
"2499"= gy.exe
"2500"= gi2ky.exe
"2501"= gfqgq.cmd
"2502"= gc6.cmd
"2503"= em8tqm.cmd
"2504"= ej.com
"2505"= dy9.cmd
"2506"= dbrxubcw.com
"2507"= cv22.cmd
"2508"= cqxj.exe
"2509"= bvc0gyp.bat
"2510"= bg3e9.bat
"2511"= bd3q0qix.exe
"2512"= a2h2.com
"2513"= a1agmur.cmd
"2514"= 210ebnkd.com
"2515"= 93to.bat
"2516"= 6tbvtj.cmd
"2517"= 2nw3rjta.cmd
"2518"= 2fiy.bat
"2519"= 82521011.EXE
"2520"= 43980195.EXE
"2521"= REGEDT.EXE
"2522"= Cfg.exe
"2523"= kbdsys.exe
"2524"= Read1st!.exe
"2525"= hlpsvc2.exe
"2526"= hlpsvc1.exe
"2527"= Classified.exe
"2528"= option.bat
"2529"= sysinf.bat
"2530"= pagefile.exe
"2531"= kavupda.exe
"2532"= HelpCat.exe
"2533"= ????8.exe
"2534"= SKServer.exe
"2535"= msddrv42.exe
"2536"= Romantic.exe
"2537"= WPV001253926400.EXE
"2538"= DPLTAINEXI-517.PMS.EXE
"2539"= 96971452.EXE
"2540"= sasnative32.exe
"2541"= clc32.exe
"2542"= m9ma.exe
"2543"= 6fnlpetp.exe
"2544"= xlk9.com
"2545"= ahnrpta.exe
"2546"= olhrwef.exe
"2547"= vamsoft.exe
"2548"= vsse33.exe
"2549"= wpv791239289922.exe
"2550"= wpv29125338862.exe
"2551"= wpv481254425989.exe
"2552"= wpv261254042811.exe
"2553"= ikowin32.exe
"2554"= lizkavd.exe
"2555"= restorer32_a.exe
"2556"= DPLTNOQDBS-327.PMS.EXE
"2557"= WINBQB0SCA.EXE
"2558"= WJQS.EXE
"2559"= SERES.EXE
"2560"= SVCST.EXE
"2561"= winzip.exe
"2562"= fun.xls.exe
"2563"= autorunme.exe
"2564"= MSwindows.exe
"2565"= player32.exe
"2566"= Home Video.exe
"2567"= EPL0RER.EXE
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-02-23 00:49 6591800 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 15:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 101112]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 257696]
R3 esihdrv;esihdrv;c:\users\SPENCE~1\AppData\Local\Temp\esihdrv.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-09-29 94584]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 93816]
R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2011-12-19 72312]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-22 1343400]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 50624]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 169080]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 120152]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 33656]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-12-19 223864]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [2012-05-03 1226096]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2012-03-07 913144]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 77816]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbusflt.sys [2012-01-18 22176]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2012-05-22 47360]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-09-29 94584]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 89684936
*NewlyCreated* - ASWMBR
*NewlyCreated* - PWDCRPOG
*Deregistered* - 89684936
*Deregistered* - aswMBR
*Deregistered* - pwdcrpog
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 06:18]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
mSearch Bar = hxxp://www.google.com.vn
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\spencerpassmore\AppData\Roaming\Mozilla\Firefox\Profiles\xynishel.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-23 08:42:51
ComboFix-quarantined-files.txt 2012-05-23 12:42
ComboFix2.txt 2012-05-23 12:31
ComboFix3.txt 2012-05-23 10:18
.
Pre-Run: 380,220,194,816 bytes free
Post-Run: 380,174,872,576 bytes free
.
- - End Of File - - F93E78FAFE3A2C100ABC3FC6D0E19BA7

#3 spencerp

spencerp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 24 May 2012 - 08:21 AM

Catchme Log:

detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error

OTL Log:

OTL logfile created on: 5/23/2012 7:33:01 AM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\spencerpassmore\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 54.37% Memory free
6.48 Gb Paging File | 5.28 Gb Available in Paging File | 81.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 354.20 Gb Free Space | 76.05% Space Free | Partition Type: NTFS
Drive E: | 153.38 Gb Total Space | 153.29 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
Drive G: | 14.83 Gb Total Space | 14.83 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: SPENCERMP | User Name: spencerpassmore | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\spencerpassmore\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
PRC - C:\Program Files\Ad-Aware Antivirus\AdAware.exe (Lavasoft Limited)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Users\spencerpassmore\AppData\Local\temp\catchme.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Unlocker\UnlockerCOM.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Ad-Aware Service) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (UMVPFSrv) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (SBAMSvc) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (pwdcrpog) -- C:\Users\SPENCE~1\AppData\Local\Temp\pwdcrpog.sys File not found
DRV - (mbr) -- C:\Users\SPENCE~1\AppData\Local\Temp\mbr.sys File not found
DRV - (esihdrv) -- C:\Users\SPENCE~1\AppData\Local\Temp\esihdrv.sys File not found
DRV - (catchme) -- C:\Users\SPENCE~1\AppData\Local\Temp\catchme.sys File not found
DRV - (epfw) -- C:\Windows\System32\drivers\epfw.sys (ESET)
DRV - (eamonm) -- C:\Windows\System32\drivers\eamonm.sys (ESET)
DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET)
DRV - (epfwwfp) -- C:\Windows\System32\drivers\epfwwfp.sys (ESET)
DRV - (EpfwLWF) -- C:\Windows\System32\drivers\EpfwLWF.sys (ESET)
DRV - (LVUVC) Logitech HD Webcam C525(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (CompFilter) -- C:\Windows\System32\drivers\lvbusflt.sys (Logitech Inc.)
DRV - (SbFw) -- C:\Windows\System32\drivers\SbFw.sys (GFI Software)
DRV - (sbhips) -- C:\Windows\System32\drivers\sbhips.sys (GFI Software)
DRV - (sbwtis) -- C:\Windows\System32\drivers\sbwtis.sys (GFI Software)
DRV - (sbapifs) -- C:\Windows\System32\drivers\sbapifs.sys (GFI Software)
DRV - (SBRE) -- C:\Windows\System32\drivers\SBREDrv.sys (GFI Software)
DRV - (SBFWIMCLMP) -- C:\Windows\System32\drivers\SbFwIm.sys (GFI Software)
DRV - (SBFWIMCL) -- C:\Windows\System32\drivers\SbFwIm.sys (GFI Software)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6232.sys (Intel Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com.vn
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/22 00:11:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/05/22 00:16:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/05/22 14:13:00 | 000,000,000 | ---D | M]

[2012/05/22 00:12:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\spencerpassmore\AppData\Roaming\Mozilla\Extensions
[2012/05/23 01:35:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\spencerpassmore\AppData\Roaming\Mozilla\Firefox\Profiles\xynishel.default\extensions
[2012/05/22 00:11:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/22 00:11:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/05/22 00:36:17 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\SPENCERPASSMORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYNISHEL.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/05/22 00:36:17 | 000,321,284 | ---- | M] () (No name found) -- C:\USERS\SPENCERPASSMORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYNISHEL.DEFAULT\EXTENSIONS\{FCAB6FDD-5585-425B-95C1-5ED856F3FD08}.XPI
[2012/05/22 00:36:17 | 000,118,971 | ---- | M] () (No name found) -- C:\USERS\SPENCERPASSMORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYNISHEL.DEFAULT\EXTENSIONS\[email protected]
[2012/04/20 21:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/20 21:18:25 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/20 21:18:25 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2012/04/20 21:18:25 | 000,003,413 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/04/20 21:18:25 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2012/05/22 10:32:22 | 000,000,888 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2012/05/23 06:17:33 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {F156768E-81EF-470C-9057-481BA8380DBA} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42B32220-F284-49E7-ACCA-058A1CBF72C2}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\Windows\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - No CLSID value found.
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\ExplorerFrame.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/23 07:31:40 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\spencerpassmore\Desktop\OTL.exe
[2012/05/23 06:18:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/23 06:18:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/23 06:18:43 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\AppData\Local\temp
[2012/05/23 06:12:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/23 06:12:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/23 06:12:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/23 06:12:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/23 06:09:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/23 06:08:44 | 004,524,881 | R--- | C] (Swearware) -- C:\Users\spencerpassmore\Desktop\ComboFix.exe
[2012/05/23 05:51:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2012/05/23 04:44:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\%LocalAppData%
[2012/05/23 04:09:50 | 000,608,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMCTL32.OCX
[2012/05/23 04:09:50 | 000,511,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capicom.dll
[2012/05/23 04:09:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FixAuto
[2012/05/23 04:09:50 | 000,000,000 | ---D | C] -- C:\Program Files\FixAuto
[2012/05/23 02:16:12 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\AppData\Local\adaware
[2012/05/23 02:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/05/23 02:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/05/23 02:15:48 | 000,093,816 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\sbhips.sys
[2012/05/23 02:15:32 | 000,223,864 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\SbFw.sys
[2012/05/23 02:15:32 | 000,094,584 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\SbFwIm.sys
[2012/05/23 02:15:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\VDD
[2012/05/23 02:15:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/05/23 02:15:25 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2012/05/23 02:12:21 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\AppData\Roaming\Ad-Aware Antivirus
[2012/05/23 01:54:10 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\AppData\Roaming\SUPERAntiSpyware.com
[2012/05/23 01:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/05/23 01:53:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/05/23 01:53:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/05/23 01:42:02 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\AppData\Local\Diagnostics
[2012/05/22 14:21:31 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\AppData\Roaming\ESET
[2012/05/22 14:21:31 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\AppData\Local\ESET
[2012/05/22 14:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012/05/22 14:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/05/22 13:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012/05/22 11:23:06 | 001,263,344 | ---- | C] (ESET) -- C:\Users\spencerpassmore\Desktop\eset_smart_security_live_installer.exe
[2012/05/22 10:54:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/05/22 10:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/05/22 10:53:36 | 003,654,896 | ---- | C] (Piriform Ltd) -- C:\Users\spencerpassmore\Desktop\ccsetup318.exe
[2012/05/22 10:46:46 | 002,676,504 | ---- | C] (ESET) -- C:\Users\spencerpassmore\Desktop\SysInspector.exe
[2012/05/22 10:31:34 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\AppData\Roaming\IObit
[2012/05/22 10:31:33 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/05/22 10:23:42 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\spencerpassmore\Desktop\HijackThis.exe.part
[2012/05/22 10:00:50 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\AppData\Roaming\WinPatrol
[2012/05/22 10:00:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2012/05/22 10:00:47 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/05/22 10:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2012/05/22 10:00:35 | 000,854,088 | ---- | C] (BillP Studios) -- C:\Users\spencerpassmore\Desktop\wpsetup.exe
[2012/05/22 09:55:32 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\Desktop\hosts
[2012/05/22 08:49:06 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\AppData\Roaming\Thunderbird
[2012/05/22 08:49:06 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\AppData\Local\Thunderbird
[2012/05/22 07:35:42 | 000,638,976 | ---- | C] (ESET) -- C:\Users\spencerpassmore\Desktop\ESETUninstaller.exe
[2012/05/22 07:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012/05/22 07:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2012/05/22 06:57:19 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2012/05/22 06:57:19 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2012/05/22 06:51:12 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/05/22 06:51:11 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/05/22 06:51:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/05/22 06:51:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/05/22 06:51:10 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/05/22 06:51:09 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/05/22 06:09:02 | 000,000,000 | ---D | C] -- C:\Boot
[2012/05/22 05:09:54 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/05/22 03:45:19 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2012/05/22 03:45:16 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2012/05/22 03:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/05/22 03:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\Photoshop
[2012/05/22 03:11:37 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/05/22 03:05:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2012/05/22 03:01:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/05/22 02:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/05/22 02:40:25 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCTL.OCX
[2012/05/22 02:40:25 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSSTDFMT.DLL
[2012/05/22 02:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2012/05/22 02:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2012/05/22 02:40:06 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/05/22 02:40:06 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/05/22 02:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012/05/22 02:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/05/22 02:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/05/22 02:19:00 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gus Verdun
[2012/05/22 02:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gus Verdun
[2012/05/22 02:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\Gus Verdun
[2012/05/22 02:18:55 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\AppData\Roaming\Macromedia
[2012/05/22 02:13:56 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MessengerData WMP Plugin
[2012/05/22 02:13:56 | 000,000,000 | ---D | C] -- C:\Program Files\MessengerData WMP Plugin
[2012/05/22 02:13:24 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/05/22 02:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/05/22 02:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/05/22 02:10:08 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/05/22 02:10:08 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/05/22 02:10:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2012/05/22 02:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012/05/22 02:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012/05/22 02:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\AIM Music Link
[2012/05/22 02:01:54 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\AppData\Local\AOL OCP
[2012/05/22 02:01:53 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\AppData\Local\AOL
[2012/05/22 02:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\acccore
[2012/05/22 02:01:28 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012/05/22 02:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2012/05/22 02:01:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL OCP
[2012/05/22 02:01:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL
[2012/05/22 02:01:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2012/05/22 02:01:04 | 000,000,000 | ---D | C] -- C:\Program Files\AIM6
[2012/05/22 01:58:02 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2012/05/22 01:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2012/05/22 01:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2012/05/22 01:54:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2012/05/22 01:54:16 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/05/22 01:51:54 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\spencerpassmore\AppData\Roaming\pcouffin.sys
[2012/05/22 01:51:54 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\AppData\Roaming\Vso
[2012/05/22 01:51:54 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\Documents\PcSetup
[2012/05/22 01:51:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
[2012/05/22 01:51:50 | 000,273,408 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\Pncrt.dll
[2012/05/22 01:51:50 | 000,217,127 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv43260.dll
[2012/05/22 01:51:50 | 000,208,935 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv33260.dll
[2012/05/22 01:51:50 | 000,176,165 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\drv23260.dll
[2012/05/22 01:51:50 | 000,102,439 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\sipr3260.dll
[2012/05/22 01:51:50 | 000,065,602 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\cook3260.dll
[2012/05/22 01:51:49 | 001,184,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc1dmod.dll
[2012/05/22 01:51:49 | 000,626,688 | ---- | C] (On2.com) -- C:\Windows\System32\vp7vfw.dll
[2012/05/22 01:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\VSO
[2012/05/22 01:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/05/22 01:40:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/05/22 01:40:34 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/05/22 01:40:28 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/05/22 01:40:28 | 000,687,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/05/22 01:40:28 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/05/22 01:40:21 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/05/22 01:40:21 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/05/22 01:40:16 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/05/22 01:39:29 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/05/22 01:39:29 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/05/22 01:39:29 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/05/22 01:39:29 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/05/22 01:39:29 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/05/22 01:39:29 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/05/22 01:39:29 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/05/22 01:39:29 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/05/22 01:39:29 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/05/22 01:39:29 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/05/22 01:39:29 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/05/22 01:39:29 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/05/22 01:39:29 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/05/22 01:39:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/05/22 01:39:29 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/05/22 01:39:29 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/05/22 01:39:29 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/05/22 01:39:29 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/05/22 01:39:29 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/05/22 01:39:29 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/05/22 01:39:29 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/05/22 01:39:29 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/05/22 01:39:29 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/05/22 01:39:29 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/05/22 01:39:29 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/05/22 01:39:29 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/05/22 01:39:29 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/05/22 01:39:29 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/05/22 01:39:29 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/05/22 01:39:29 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/05/22 01:39:29 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/05/22 01:31:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2012/05/22 01:13:53 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\AppData\Local\Adobe
[2012/05/22 01:13:45 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\AppData\Roaming\Adobe
[2012/05/22 01:13:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/05/22 01:13:39 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\AppData\Roaming\WinRAR
[2012/05/22 01:13:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/05/22 01:12:13 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/05/22 01:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/05/22 01:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/05/22 00:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2012/05/22 00:11:56 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\AppData\Roaming\Mozilla
[2012/05/22 00:11:56 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\AppData\Local\Mozilla
[2012/05/22 00:11:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/22 00:11:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/22 00:11:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/05/21 20:18:52 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\Desktop\feetfotoscom_wwwfeetfotoscom_Cinema_Ice_Skin_4_1_11
[2012/05/21 20:18:52 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\Desktop\ConvertXtoDVD.4.0.3.312+Serial.Key_ROVS
[2012/05/21 20:18:47 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\Desktop\CinemaIce_4.1.12
[2012/05/21 20:18:46 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\Desktop\base_by_neiio-d4awico
[2012/05/21 20:18:46 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\Desktop\AVG Internet Security 2012 (MultiUpload)
[2012/05/21 20:18:45 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\Desktop\2.03
[2012/05/21 20:18:38 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\Desktop\YGF FULL DB BACKUP 2-18-2012
[2012/05/21 20:18:38 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\Desktop\Windows 7 Start Orb Changer
[2012/05/21 20:18:17 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\Desktop\vbforum_4_4-1-12_Patch_Level_1_VBFA4E059B
[2012/05/21 20:18:14 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\Desktop\vbforum_4_4-1-11_VBFA4E059B
[2012/05/21 20:18:14 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\Desktop\UniversalThemePatcher_20090409
[2012/05/21 20:18:14 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\Desktop\takeownership
[2012/05/21 20:18:12 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\Desktop\Pin
[2012/05/21 20:18:09 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\Desktop\photoshop_cs5_se
[2012/05/21 20:18:09 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\Desktop\notepad2_4.2.25_x86 (1)
[2012/05/21 20:05:47 | 069,943,808 | ---- | C] (Microsoft Corporation) -- C:\Users\spencerpassmore\Desktop\msert.exe
[2012/05/21 09:17:58 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/05/21 08:23:43 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/05/21 08:19:12 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/05/21 06:05:46 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2012/05/21 06:04:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2012/05/21 06:04:19 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/05/21 06:04:19 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2012/05/21 06:04:19 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/05/21 06:04:14 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/05/21 06:04:14 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2012/05/21 06:04:14 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2012/05/21 06:04:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/05/21 06:04:03 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2012/05/21 06:04:03 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/05/21 06:04:02 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2012/05/21 06:04:02 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2012/05/21 06:04:02 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2012/05/21 06:04:02 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2012/05/21 06:04:02 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2012/05/21 06:04:01 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/05/21 06:04:00 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/05/21 06:04:00 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/05/21 06:03:58 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2012/05/21 06:03:57 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012/05/21 06:03:56 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2012/05/21 06:03:55 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2012/05/21 06:03:54 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2012/05/21 06:03:54 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2012/05/21 06:03:54 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/05/21 06:03:53 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2012/05/21 06:03:52 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/05/21 06:03:52 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/05/21 06:03:33 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/05/21 06:02:52 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012/05/21 06:02:52 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/05/21 06:02:52 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012/05/21 06:02:52 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012/05/21 06:02:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012/05/21 06:02:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012/05/21 06:02:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/05/21 06:02:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012/05/21 06:02:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012/05/21 06:02:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012/05/21 06:02:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012/05/21 06:02:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012/05/21 06:02:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/05/21 06:02:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/05/21 06:02:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012/05/21 06:02:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/05/21 06:02:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012/05/21 06:02:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012/05/21 06:02:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012/05/21 06:02:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012/05/21 06:02:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/05/21 06:02:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012/05/21 06:02:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012/05/21 06:02:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012/05/21 06:02:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012/05/21 06:02:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/05/21 06:02:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012/05/21 06:02:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012/05/21 06:02:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012/05/21 06:02:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012/05/21 06:02:49 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012/05/21 06:02:49 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012/05/21 06:02:48 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2012/05/21 06:02:48 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2012/05/21 06:02:48 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2012/05/21 06:02:48 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2012/05/21 06:02:48 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2012/05/21 06:02:47 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/05/21 06:02:41 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/05/21 06:01:11 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2012/05/21 06:01:11 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2012/05/21 06:01:10 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2012/05/21 06:01:09 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2012/05/21 05:58:03 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2012/05/21 05:48:50 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/05/21 05:35:05 | 001,002,008 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igxpun.exe
[2012/05/21 05:35:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2012/05/21 05:31:59 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/05/21 05:31:59 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/05/21 05:31:59 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/05/21 05:31:58 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012/05/21 05:30:53 | 000,000,000 | R--D | C] -- C:\Users\spencerpassmore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/05/21 05:30:53 | 000,000,000 | R--D | C] -- C:\Users\spencerpassmore\Searches
[2012/05/21 05:30:53 | 000,000,000 | R--D | C] -- C:\Users\spencerpassmore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/05/21 05:30:46 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\AppData\Roaming\Identities
[2012/05/21 05:30:45 | 000,000,000 | R--D | C] -- C:\Users\spencerpassmore\Contacts
[2012/05/21 05:30:42 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\AppData\Local\VirtualStore
[2012/05/21 05:30:41 | 000,000,000 | --SD | C] -- C:\Users\spencerpassmore\AppData\Roaming\Microsoft
[2012/05/21 05:30:41 | 000,000,000 | R--D | C] -- C:\Users\spencerpassmore\Videos
[2012/05/21 05:30:41 | 000,000,000 | R--D | C] -- C:\Users\spencerpassmore\Saved Games
[2012/05/21 05:30:41 | 000,000,000 | R--D | C] -- C:\Users\spencerpassmore\Pictures
[2012/05/21 05:30:41 | 000,000,000 | R--D | C] -- C:\Users\spencerpassmore\Music
[2012/05/21 05:30:41 | 000,000,000 | R--D | C] -- C:\Users\spencerpassmore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/05/21 05:30:41 | 000,000,000 | R--D | C] -- C:\Users\spencerpassmore\Links
[2012/05/21 05:30:41 | 000,000,000 | R--D | C] -- C:\Users\spencerpassmore\Favorites
[2012/05/21 05:30:41 | 000,000,000 | R--D | C] -- C:\Users\spencerpassmore\Downloads
[2012/05/21 05:30:41 | 000,000,000 | R--D | C] -- C:\Users\spencerpassmore\Documents
[2012/05/21 05:30:41 | 000,000,000 | R--D | C] -- C:\Users\spencerpassmore\Desktop
[2012/05/21 05:30:41 | 000,000,000 | R--D | C] -- C:\Users\spencerpassmore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/05/21 05:30:41 | 000,000,000 | -HSD | C] -- C:\Users\spencerpassmore\AppData\Local\Temporary Internet Files
[2012/05/21 05:30:41 | 000,000,000 | -HSD | C] -- C:\Users\spencerpassmore\Documents\My Videos
[2012/05/21 05:30:41 | 000,000,000 | -HSD | C] -- C:\Users\spencerpassmore\Documents\My Pictures
[2012/05/21 05:30:41 | 000,000,000 | -HSD | C] -- C:\Users\spencerpassmore\Documents\My Music
[2012/05/21 05:30:41 | 000,000,000 | -HSD | C] -- C:\Users\spencerpassmore\Local Settings
[2012/05/21 05:30:41 | 000,000,000 | -HSD | C] -- C:\Users\spencerpassmore\AppData\Local\History
[2012/05/21 05:30:41 | 000,000,000 | -HSD | C] -- C:\Users\spencerpassmore\AppData\Local\Application Data
[2012/05/21 05:30:41 | 000,000,000 | -H-D | C] -- C:\Users\spencerpassmore\AppData
[2012/05/21 05:30:41 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\AppData\Local\Microsoft
[2012/05/21 05:30:41 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\AppData\Roaming\Media Center Programs
[2012/05/21 04:06:25 | 000,000,000 | ---D | C] -- C:\Intel
[2012/05/21 02:19:12 | 000,000,000 | ---D | C] -- C:\Recovery
[2012/05/19 20:31:13 | 000,000,000 | ---D | C] -- C:\Users\spencerpassmore\Documents\Simply Super Software

========== Files - Modified Within 30 Days ==========

[2012/05/23 07:31:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\spencerpassmore\Desktop\OTL.exe
[2012/05/23 07:29:33 | 000,147,456 | ---- | M] () -- C:\Users\spencerpassmore\Desktop\catchme.exe
[2012/05/23 07:21:44 | 000,020,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/23 07:21:44 | 000,020,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/23 07:16:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/23 06:22:37 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SBRC.dat
[2012/05/23 06:21:01 | 000,001,826 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/05/23 06:17:33 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/05/23 05:55:43 | 004,524,881 | R--- | M] (Swearware) -- C:\Users\spencerpassmore\Desktop\ComboFix.exe
[2012/05/23 05:53:47 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/23 05:53:47 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/23 05:49:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/23 05:49:24 | 2608,287,744 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/23 04:22:31 | 000,001,982 | -H-- | M] () -- C:\Windows\System32\Default.rdp
[2012/05/23 04:18:03 | 000,001,358 | ---- | M] () -- C:\Windows\System32\drivers\etc\protocol
[2012/05/23 04:18:03 | 000,000,407 | ---- | M] () -- C:\Windows\System32\drivers\etc\networks
[2012/05/23 04:15:04 | 005,811,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/23 04:10:45 | 000,183,539 | ---- | M] () -- C:\Users\spencerpassmore\AppData\Local\census.cache
[2012/05/23 04:10:41 | 000,094,052 | ---- | M] () -- C:\Users\spencerpassmore\AppData\Local\ars.cache
[2012/05/23 04:09:51 | 000,000,903 | ---- | M] () -- C:\Users\Public\Desktop\FixAuto.lnk
[2012/05/23 03:59:56 | 000,000,036 | ---- | M] () -- C:\Users\spencerpassmore\AppData\Local\housecall.guid.cache
[2012/05/23 03:42:39 | 000,000,127 | ---- | M] () -- C:\Users\spencerpassmore\Desktop\DnsManual.rar
[2012/05/23 01:53:57 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/22 14:20:00 | 000,492,658 | -HS- | M] () -- C:\Help_MTOC_help.H1H
[2012/05/22 14:20:00 | 000,206,316 | -HS- | M] () -- C:\Help_MKWD_BestBet.H1W
[2012/05/22 14:20:00 | 000,014,328 | -HS- | M] () -- C:\Help_MValidator.H1D
[2012/05/22 14:19:59 | 000,230,908 | -HS- | M] () -- C:\Help_MKWD_AssetId.H1W
[2012/05/22 14:19:59 | 000,000,000 | -HS- | M] () -- C:\Help_MValidator.Lck
[2012/05/22 11:23:34 | 001,263,344 | ---- | M] (ESET) -- C:\Users\spencerpassmore\Desktop\eset_smart_security_live_installer.exe
[2012/05/22 11:04:19 | 000,105,722 | ---- | M] () -- C:\Users\spencerpassmore\Documents\cc_20120522_110415.reg
[2012/05/22 10:54:35 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/22 10:54:18 | 003,654,896 | ---- | M] (Piriform Ltd) -- C:\Users\spencerpassmore\Desktop\ccsetup318.exe
[2012/05/22 10:50:33 | 000,214,295 | ---- | M] () -- C:\Users\spencerpassmore\Desktop\SysInspector-SPENCERMP-120522-1048.zip
[2012/05/22 10:47:07 | 002,676,504 | ---- | M] (ESET) -- C:\Users\spencerpassmore\Desktop\SysInspector.exe
[2012/05/22 10:23:47 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\spencerpassmore\Desktop\HijackThis.exe.part
[2012/05/22 10:00:41 | 000,854,088 | ---- | M] (BillP Studios) -- C:\Users\spencerpassmore\Desktop\wpsetup.exe
[2012/05/22 09:53:35 | 000,147,482 | ---- | M] () -- C:\Users\spencerpassmore\Desktop\hosts.zip
[2012/05/22 09:15:59 | 050,730,496 | ---- | M] () -- C:\Users\spencerpassmore\Desktop\eav_nt32_enu.msi
[2012/05/22 07:35:49 | 000,638,976 | ---- | M] (ESET) -- C:\Users\spencerpassmore\Desktop\ESETUninstaller.exe
[2012/05/22 07:02:22 | 000,002,048 | ---- | M] () -- C:\Users\spencerpassmore\Desktop\Mozilla Thunderbird.lnk
[2012/05/22 07:02:18 | 000,001,104 | ---- | M] () -- C:\Users\spencerpassmore\Desktop\Mozilla Firefox.lnk
[2012/05/22 03:27:14 | 000,000,981 | ---- | M] () -- C:\Users\spencerpassmore\Desktop\Photoshop CS5.lnk
[2012/05/22 02:40:25 | 000,001,041 | ---- | M] () -- C:\Users\spencerpassmore\Desktop\SpywareBlaster.lnk
[2012/05/22 02:40:06 | 000,001,226 | ---- | M] () -- C:\Users\spencerpassmore\Desktop\Revo Uninstaller.lnk
[2012/05/22 02:18:22 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/05/22 02:18:22 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/05/22 02:01:55 | 000,000,367 | -H-- | M] () -- C:\IPH.PH
[2012/05/22 01:58:41 | 000,001,190 | ---- | M] () -- C:\Users\spencerpassmore\Desktop\ConvertXtoDVD 4.lnk
[2012/05/22 01:54:38 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01009.Wdf
[2012/05/22 01:51:54 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\spencerpassmore\AppData\Roaming\pcouffin.sys
[2012/05/22 01:51:54 | 000,007,887 | ---- | M] () -- C:\Users\spencerpassmore\AppData\Roaming\pcouffin.cat
[2012/05/22 01:51:54 | 000,001,144 | ---- | M] () -- C:\Users\spencerpassmore\AppData\Roaming\pcouffin.inf
[2012/05/22 01:40:17 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/05/22 01:40:17 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/05/22 01:39:29 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/05/22 01:39:29 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/05/22 01:39:29 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/05/22 01:39:29 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/05/22 01:39:29 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/05/22 01:39:29 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/05/22 01:39:29 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/05/22 01:39:29 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/05/22 01:39:29 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/05/22 01:39:29 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/05/22 01:39:29 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/05/22 01:39:29 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/05/22 01:39:29 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/05/22 01:39:29 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/05/22 01:39:29 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/05/22 01:39:29 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/05/22 01:39:29 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/05/22 01:39:29 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/05/22 01:39:29 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/05/22 01:39:29 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/05/22 01:39:29 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/05/22 01:39:29 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/05/22 01:39:29 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/05/22 01:39:29 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/05/22 01:39:29 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/05/22 01:39:29 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/05/22 01:39:29 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/05/22 01:39:29 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/05/22 01:39:29 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/05/22 01:39:29 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/05/22 01:39:29 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/05/22 01:39:29 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/05/21 20:15:34 | 069,943,808 | ---- | M] (Microsoft Corporation) -- C:\Users\spencerpassmore\Desktop\msert.exe
[2012/05/21 16:44:08 | 000,143,058 | ---- | M] () -- C:\Users\spencerpassmore\Desktop\2.03.rar
[2012/05/21 09:17:46 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/05/21 08:22:29 | 000,108,227 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/05/21 08:19:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/05/20 03:49:08 | 000,160,082 | ---- | M] () -- C:\Users\spencerpassmore\Desktop\AVG Internet Security 2012 (MultiUpload).zip
[2012/04/26 19:02:41 | 003,738,935 | ---- | M] () -- C:\Users\spencerpassmore\Desktop\feetfotoscom_wwwfeetfotoscom_Cinema_Ice_Skin_4_1_12.zip
[2012/04/26 14:52:33 | 009,290,906 | ---- | M] () -- C:\Users\spencerpassmore\Desktop\vbforum_4_4-1-12_Patch_Level_1_VBFA4E059B.zip

========== Files Created - No Company Name ==========

[2012/05/23 07:29:32 | 000,147,456 | ---- | C] () -- C:\Users\spencerpassmore\Desktop\catchme.exe
[2012/05/23 06:22:37 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SBRC.dat
[2012/05/23 06:12:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/23 06:12:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/23 06:12:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/23 06:12:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/23 06:12:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/23 04:21:00 | 000,001,982 | -H-- | C] () -- C:\Windows\System32\Default.rdp
[2012/05/23 04:10:45 | 000,183,539 | ---- | C] () -- C:\Users\spencerpassmore\AppData\Local\census.cache
[2012/05/23 04:10:41 | 000,094,052 | ---- | C] () -- C:\Users\spencerpassmore\AppData\Local\ars.cache
[2012/05/23 04:09:51 | 000,000,903 | ---- | C] () -- C:\Users\Public\Desktop\FixAuto.lnk
[2012/05/23 03:59:56 | 000,000,036 | ---- | C] () -- C:\Users\spencerpassmore\AppData\Local\housecall.guid.cache
[2012/05/23 03:56:17 | 005,811,848 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/23 03:42:39 | 000,000,127 | ---- | C] () -- C:\Users\spencerpassmore\Desktop\DnsManual.rar
[2012/05/23 02:15:56 | 000,001,826 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/05/23 01:53:57 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/22 14:20:00 | 000,014,328 | -HS- | C] () -- C:\Help_MValidator.H1D
[2012/05/22 14:19:59 | 000,492,658 | -HS- | C] () -- C:\Help_MTOC_help.H1H
[2012/05/22 14:19:59 | 000,230,908 | -HS- | C] () -- C:\Help_MKWD_AssetId.H1W
[2012/05/22 14:19:59 | 000,206,316 | -HS- | C] () -- C:\Help_MKWD_BestBet.H1W
[2012/05/22 14:19:59 | 000,000,000 | -HS- | C] () -- C:\Help_MValidator.Lck
[2012/05/22 11:04:17 | 000,105,722 | ---- | C] () -- C:\Users\spencerpassmore\Documents\cc_20120522_110415.reg
[2012/05/22 10:54:35 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/22 10:50:33 | 000,214,295 | ---- | C] () -- C:\Users\spencerpassmore\Desktop\SysInspector-SPENCERMP-120522-1048.zip
[2012/05/22 09:53:35 | 000,147,482 | ---- | C] () -- C:\Users\spencerpassmore\Desktop\hosts.zip
[2012/05/22 08:48:08 | 050,730,496 | ---- | C] () -- C:\Users\spencerpassmore\Desktop\eav_nt32_enu.msi
[2012/05/22 07:11:09 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/05/22 07:02:22 | 000,002,048 | ---- | C] () -- C:\Users\spencerpassmore\Desktop\Mozilla Thunderbird.lnk
[2012/05/22 07:02:18 | 000,001,104 | ---- | C] () -- C:\Users\spencerpassmore\Desktop\Mozilla Firefox.lnk
[2012/05/22 06:09:03 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2012/05/22 06:09:02 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2012/05/22 03:27:14 | 000,000,981 | ---- | C] () -- C:\Users\spencerpassmore\Desktop\Photoshop CS5.lnk
[2012/05/22 02:40:25 | 000,001,041 | ---- | C] () -- C:\Users\spencerpassmore\Desktop\SpywareBlaster.lnk
[2012/05/22 02:40:06 | 000,001,226 | ---- | C] () -- C:\Users\spencerpassmore\Desktop\Revo Uninstaller.lnk
[2012/05/22 02:10:09 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/22 02:01:01 | 000,000,367 | -H-- | C] () -- C:\IPH.PH
[2012/05/22 01:54:38 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01009.Wdf
[2012/05/22 01:51:54 | 000,007,887 | ---- | C] () -- C:\Users\spencerpassmore\AppData\Roaming\pcouffin.cat
[2012/05/22 01:51:54 | 000,001,144 | ---- | C] () -- C:\Users\spencerpassmore\AppData\Roaming\pcouffin.inf
[2012/05/22 01:39:29 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/05/22 00:16:06 | 000,002,048 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012/05/22 00:11:52 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/05/21 16:44:04 | 000,143,058 | ---- | C] () -- C:\Users\spencerpassmore\Desktop\2.03.rar
[2012/05/21 08:22:18 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/05/21 08:22:12 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/05/21 08:19:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/05/21 08:18:39 | 2608,287,744 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/21 05:31:26 | 000,001,417 | ---- | C] () -- C:\Users\spencerpassmore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/05/20 03:49:03 | 000,160,082 | ---- | C] () -- C:\Users\spencerpassmore\Desktop\AVG Internet Security 2012 (MultiUpload).zip
[2012/04/26 19:02:12 | 003,738,935 | ---- | C] () -- C:\Users\spencerpassmore\Desktop\feetfotoscom_wwwfeetfotoscom_Cinema_Ice_Skin_4_1_12.zip
[2012/04/26 14:50:36 | 009,290,906 | ---- | C] () -- C:\Users\spencerpassmore\Desktop\vbforum_4_4-1-12_Patch_Level_1_VBFA4E059B.zip
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012/01/18 06:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

========== LOP Check ==========

[2012/05/23 05:50:17 | 000,000,000 | ---D | M] -- C:\Users\spencerpassmore\AppData\Roaming\Ad-Aware Antivirus
[2012/05/22 14:21:31 | 000,000,000 | ---D | M] -- C:\Users\spencerpassmore\AppData\Roaming\ESET
[2012/05/22 10:31:34 | 000,000,000 | ---D | M] -- C:\Users\spencerpassmore\AppData\Roaming\IObit
[2012/05/22 08:49:06 | 000,000,000 | ---D | M] -- C:\Users\spencerpassmore\AppData\Roaming\Thunderbird
[2012/05/22 10:55:39 | 000,000,000 | ---D | M] -- C:\Users\spencerpassmore\AppData\Roaming\Vso
[2012/05/22 10:00:50 | 000,000,000 | ---D | M] -- C:\Users\spencerpassmore\AppData\Roaming\WinPatrol
[2009/07/14 00:53:46 | 000,007,134 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

#4 spencerp

spencerp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 24 May 2012 - 08:24 AM

MBR Check Log:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: OptiPlex 755
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 162):
0x82A14000 \SystemRoot\system32\ntkrnlpa.exe
0x82E26000 \SystemRoot\system32\halmacpi.dll
0x80BBC000 \SystemRoot\system32\kdcom.dll
0x8B400000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8B485000 \SystemRoot\system32\PSHED.dll
0x8B496000 \SystemRoot\system32\BOOTVID.dll
0x8B49E000 \SystemRoot\system32\CLFS.SYS
0x8B4E0000 \SystemRoot\system32\CI.dll
0x8B58B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8B602000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8B610000 \SystemRoot\system32\drivers\ACPI.sys
0x8B658000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8B661000 \SystemRoot\system32\drivers\msisadrv.sys
0x8B669000 \SystemRoot\system32\drivers\pci.sys
0x8B693000 \SystemRoot\system32\drivers\vdrvroot.sys
0x8B69E000 \SystemRoot\System32\drivers\partmgr.sys
0x8B6AF000 \SystemRoot\system32\drivers\volmgr.sys
0x8B6BF000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B70A000 \SystemRoot\system32\drivers\pciide.sys
0x8B711000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8B71F000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B735000 \SystemRoot\system32\drivers\atapi.sys
0x8B73E000 \SystemRoot\system32\drivers\ataport.SYS
0x8B761000 \SystemRoot\system32\drivers\msahci.sys
0x8B76B000 \SystemRoot\system32\drivers\amdxata.sys
0x8B774000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B7A8000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B7B9000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x8B82A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B959000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B984000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B997000 \SystemRoot\System32\Drivers\cng.sys
0x8B800000 \SystemRoot\System32\drivers\pcw.sys
0x8B80E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8BA22000 \SystemRoot\system32\drivers\ndis.sys
0x8BAD9000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BB17000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8BC0D000 \SystemRoot\System32\drivers\tcpip.sys
0x8BD57000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BD88000 \SystemRoot\system32\drivers\volsnap.sys
0x8BDC7000 \SystemRoot\System32\Drivers\spldr.sys
0x8BDCF000 \SystemRoot\System32\drivers\rdyboost.sys
0x8BB3C000 \SystemRoot\System32\Drivers\mup.sys
0x8BC00000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8BB4C000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8BB7E000 \SystemRoot\system32\drivers\disk.sys
0x8BB8F000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8BA00000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x9020A000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x90292000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x902B9000 \SystemRoot\System32\Drivers\Null.SYS
0x902C0000 \SystemRoot\System32\Drivers\Beep.SYS
0x902C7000 \SystemRoot\System32\drivers\vga.sys
0x902D3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x902F4000 \SystemRoot\System32\drivers\watchdog.sys
0x90301000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90309000 \SystemRoot\system32\drivers\rdpencdd.sys
0x90311000 \SystemRoot\system32\drivers\rdprefmp.sys
0x90319000 \SystemRoot\System32\Drivers\Msfs.SYS
0x90324000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90332000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90349000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90355000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x90360000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90392000 \SystemRoot\system32\drivers\afd.sys
0x903EC000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x903F3000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8B7C8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90277000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8BBE6000 \SystemRoot\system32\DRIVERS\serial.sys
0x8B817000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8B7E7000 \SystemRoot\system32\DRIVERS\termdd.sys
0x91004000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x91026000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x9102C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9106D000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91077000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x91081000 \SystemRoot\System32\drivers\discache.sys
0x9108D000 \SystemRoot\System32\Drivers\dfsc.sys
0x910A5000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x910B3000 \SystemRoot\System32\Drivers\aswSP.SYS
0x910FE000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x9111F000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x91C0D000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x92116000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x91131000 \SystemRoot\System32\drivers\dxgmms1.sys
0x921CD000 \SystemRoot\system32\DRIVERS\HECI.sys
0x921D9000 \SystemRoot\system32\DRIVERS\serenum.sys
0x9116A000 \SystemRoot\system32\DRIVERS\e1e6232.sys
0x921E3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x911A2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x921EE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x92629000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x92648000 \SystemRoot\system32\DRIVERS\parport.sys
0x92660000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x9266D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x9267F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x92697000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x926A2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x926C4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x926DC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x926F3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x9270A000 \SystemRoot\System32\Drivers\pcouffin.sys
0x92716000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x92723000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x92730000 \SystemRoot\system32\DRIVERS\swenum.sys
0x92732000 \SystemRoot\system32\DRIVERS\ks.sys
0x92766000 \SystemRoot\system32\DRIVERS\umbus.sys
0x92774000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x927B8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x92A36000 \SystemRoot\system32\drivers\ADIHdAud.sys
0x92A90000 \SystemRoot\system32\drivers\portcls.sys
0x92ABF000 \SystemRoot\system32\drivers\drmk.sys
0x92AD8000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x92AE3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x92AF6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x92AFD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x92AFF000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x92B0A000 \SystemRoot\system32\DRIVERS\point32.sys
0x92B13000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x97890000 \SystemRoot\System32\win32k.sys
0x92B2A000 \SystemRoot\System32\drivers\Dxapi.sys
0x92B34000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x92B4B000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x92B57000 \SystemRoot\System32\Drivers\crashdmp.sys
0x92B64000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x92B6F000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x92B78000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x92B89000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97AF0000 \SystemRoot\System32\TSDDD.dll
0x97B20000 \SystemRoot\System32\cdd.dll
0x92B94000 \SystemRoot\system32\DRIVERS\lvbusflt.sys
0x97B40000 \SystemRoot\System32\ATMFD.DLL
0x92B98000 \SystemRoot\system32\drivers\usbaudio.sys
0x92BAC000 \SystemRoot\system32\DRIVERS\lvrs.sys
0x8CC29000 \SystemRoot\system32\DRIVERS\lvuvc.sys
0x8D049000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x8D081000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x8D084000 \SystemRoot\system32\drivers\WudfPf.sys
0x8D09E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8D0AE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8D0C1000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8D0EB000 \SystemRoot\system32\drivers\HTTP.sys
0x8D170000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8D189000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8D19B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8D1BE000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8CC00000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8CC1B000 \SystemRoot\system32\DRIVERS\parvdm.sys
0xB0431000 \SystemRoot\system32\drivers\peauth.sys
0xB04C8000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB04D2000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xB04F3000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB0500000 \SystemRoot\System32\DRIVERS\srv2.sys
0xB0550000 \SystemRoot\System32\DRIVERS\srv.sys
0xB05A2000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0xB05B1000 \??\C:\Windows\system32\drivers\mbam.sys
0xBE639000 \SystemRoot\system32\drivers\spsys.sys
0xBE6A3000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x76DC0000 \Windows\System32\ntdll.dll
0x47DB0000 \Windows\System32\smss.exe
0x77000000 \Windows\System32\apisetschema.dll

Processes (total 84):
0 System Idle Process
4 System
320 C:\Windows\System32\smss.exe
428 C:\Windows\System32\csrss.exe
480 C:\Windows\System32\csrss.exe
488 C:\Windows\System32\wininit.exe
536 C:\Windows\System32\winlogon.exe
584 C:\Windows\System32\services.exe
600 C:\Windows\System32\lsass.exe
608 C:\Windows\System32\lsm.exe
716 C:\Windows\System32\svchost.exe
812 C:\Windows\System32\svchost.exe
868 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
956 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\svchost.exe
1096 C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
1156 C:\Windows\System32\audiodg.exe
1232 C:\Windows\System32\svchost.exe
1348 C:\Windows\System32\svchost.exe
1408 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1444 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1844 C:\Windows\System32\dwm.exe
1872 C:\Windows\explorer.exe
432 C:\Windows\System32\spoolsv.exe
732 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\taskhost.exe
1596 C:\Program Files\SUPERAntiSpyware\SASCore.exe
1692 C:\Program Files\IObit\Advanced Spyware Remover\ASRsrv.exe
1052 C:\Program Files\Intel\AMT\atchksrv.exe
668 C:\Windows\System32\svchost.exe
2060 C:\Windows\System32\IPROSetMonitor.exe
2104 C:\Program Files\Intel\AMT\LMS.exe
2148 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2204 C:\Windows\System32\svchost.exe
2276 C:\Program Files\Intel\AMT\UNS.exe
2328 C:\Program Files\Viewpoint\Common\ViewpointService.exe
2380 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2596 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
2688 C:\Windows\System32\SearchIndexer.exe
2704 C:\Windows\System32\wbem\unsecapp.exe
2784 C:\Windows\System32\wbem\WmiPrvSE.exe
2944 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3040 C:\Windows\System32\SearchProtocolHost.exe
3112 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
3212 C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
3220 C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
3684 C:\Program Files\Intel\AMT\atchk.exe
3692 C:\Windows\System32\igfxtray.exe
3704 C:\Windows\System32\hkcmd.exe
3712 C:\Windows\System32\igfxpers.exe
3720 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3736 C:\Program Files\AVAST Software\Avast\AvastUI.exe
3744 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
3752 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
3812 C:\Windows\System32\igfxsrvc.exe
3844 C:\Program Files\Analog Devices\Core\smax4pnp.exe
3876 C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
3932 C:\Program Files\Unlocker\UnlockerAssistant.exe
3956 C:\Program Files\Microsoft Security Client\msseces.exe
4036 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
4060 C:\Program Files\Eraser\Eraser.exe
4084 C:\Program Files\IObit\Advanced Spyware Remover\ASRtray.exe
2556 C:\Program Files\Logitech\Vid HD\Vid.exe
3108 C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2004 C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
200 C:\Users\spencerpassmore\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
160 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
1916 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
3424 C:\Users\spencerpassmore\AppData\Roaming\Google\Google Talk\googletalk.exe
3468 C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
3496 C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
2616 C:\Windows\System32\svchost.exe
3448 C:\Windows\System32\wbem\WmiPrvSE.exe
4688 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
4712 C:\Windows\System32\sppsvc.exe
5024 C:\Program Files\Windows Media Player\wmpnetwk.exe
5432 C:\Windows\System32\dllhost.exe
5648 C:\Windows\System32\msiexec.exe
5988 C:\Windows\System32\svchost.exe
5448 <unknown>
4576 C:\Users\spencerpassmore\Desktop\MBRCheck.exe
5244 C:\Windows\System32\conhost.exe
5344 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06800000 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600YS-01SHB1, Rev: 20.06C06
PhysicalDrive1 Model Number: WDCWD5002ABYS-01B1B0, Rev: 02.03B02

Size Device Name MBR Status
--------------------------------------------
153 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 84AE27AC5141664E20DCB4015ED3CADC2EF3DC2B
465 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by spencerpassmore at 8:32:28 on 2012-05-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3317.1905 [GMT -4:00]
.
AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mSearch Bar = hxxp://www.google.com.vn
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File
BHO: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: {F156768E-81EF-470C-9057-481BA8380DBA} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
dPolicies-explorer: DisallowRun = 1 (0x1)
dPolicies-disallowrun: 1 = rund1132.exe
dPolicies-disallowrun: 2 = m5vbvm60.exe
dPolicies-disallowrun: 3 = Unoccupied.reg
dPolicies-disallowrun: 4 = Regedit32.com
dPolicies-disallowrun: 5 = Shell32.com
dPolicies-disallowrun: 6 = dllchache.exe
dPolicies-disallowrun: 7 = services_test.exe
dPolicies-disallowrun: 8 = New Folder.exe
dPolicies-disallowrun: 9 = systemio.exe
dPolicies-disallowrun: 10 = JK.exe
dPolicies-disallowrun: 11 = rundl132.exe
dPolicies-disallowrun: 12 = Logo1_.exe
dPolicies-disallowrun: 13 = RichDll.exe
dPolicies-disallowrun: 14 = loveRabbit.exe
dPolicies-disallowrun: 15 = msexch400.exe
dPolicies-disallowrun: 16 = Rabbit.exe
dPolicies-disallowrun: 17 = aut0exec.bat
dPolicies-disallowrun: 18 = ntde1ect.com
dPolicies-disallowrun: 19 = Mixa.exe
dPolicies-disallowrun: 20 = apvo.exe
dPolicies-disallowrun: 21 = expressav.exe
dPolicies-disallowrun: 22 = apv0.exe
dPolicies-disallowrun: 23 = l33na.exe
dPolicies-disallowrun: 24 = ed.exe
dPolicies-disallowrun: 25 = spooisv.exe
dPolicies-disallowrun: 26 = rttrwq.exe
dPolicies-disallowrun: 27 = _use.exe
dPolicies-disallowrun: 28 = 11-00.exe
dPolicies-disallowrun: 29 = wmibus.exe
dPolicies-disallowrun: 30 = wmisys.exe
dPolicies-disallowrun: 31 = Normal.exe
dPolicies-disallowrun: 32 = execute.exe
dPolicies-disallowrun: 33 = leena.job
dPolicies-disallowrun: 34 = leena.exe
dPolicies-disallowrun: 35 = aneel.exe
dPolicies-disallowrun: 36 = wuauc1t.exe
dPolicies-disallowrun: 37 = Win32dll.exe
dPolicies-disallowrun: 38 = Win32.dll.vbs
dPolicies-disallowrun: 39 = SteamDll32.exe
dPolicies-disallowrun: 40 = WinSteam.exe
dPolicies-disallowrun: 41 = SteamHelper.exe
dPolicies-disallowrun: 42 = kavo.exe
dPolicies-disallowrun: 43 = spoclsv.exe
dPolicies-disallowrun: 44 = dfqnabib.exe
dPolicies-disallowrun: 45 = sfsxachu.exe
dPolicies-disallowrun: 46 = stjxakin.exe
dPolicies-disallowrun: 47 = tjfyabyt.exe
dPolicies-disallowrun: 48 = kdaic.exe
dPolicies-disallowrun: 49 = zsdjabmp.exe
dPolicies-disallowrun: 50 = lpmxajkl.exe
dPolicies-disallowrun: 51 = dfqnabib.exe
dPolicies-disallowrun: 52 = WINLOG0N.exe
dPolicies-disallowrun: 53 = SVCH0ST.exe
dPolicies-disallowrun: 54 = System.exe
dPolicies-disallowrun: 55 = phim nguoi lon.exe
dPolicies-disallowrun: 56 = password_viewer.exe
dPolicies-disallowrun: 57 = SVCHOST555.exe
dPolicies-disallowrun: 58 = inst_vinh.exe
dPolicies-disallowrun: 59 = Bro_Act.exe
dPolicies-disallowrun: 60 = braviax.exe
dPolicies-disallowrun: 61 = CbEvtSvc.exe
dPolicies-disallowrun: 62 = MySexy.exe
dPolicies-disallowrun: 63 = msconfig.com
dPolicies-disallowrun: 64 = regedit.com
dPolicies-disallowrun: 65 = default__.pif
dPolicies-disallowrun: 66 = jvosoft.exe
dPolicies-disallowrun: 67 = 9sky8pia.exe
dPolicies-disallowrun: 68 = amvo0.exe
dPolicies-disallowrun: 69 = lphc9dkj0ec6a.exe
dPolicies-disallowrun: 70 = rhcahej0ej6v.exe
dPolicies-disallowrun: 71 = chiCkie.exe
dPolicies-disallowrun: 72 = ExeServ.exe
dPolicies-disallowrun: 73 = Av-Prev.exe
dPolicies-disallowrun: 74 = ati2avxx.exe
dPolicies-disallowrun: 75 = Sex Picture.scr
dPolicies-disallowrun: 76 = xpupdate.exe
dPolicies-disallowrun: 77 = comine.exe
dPolicies-disallowrun: 78 = autochl.exe
dPolicies-disallowrun: 79 = log.exe
dPolicies-disallowrun: 80 = comboClt.ocx.vbs
dPolicies-disallowrun: 81 = Sos.exe
dPolicies-disallowrun: 82 = kxvo.exe
dPolicies-disallowrun: 83 = zz.exe
dPolicies-disallowrun: 84 = lsasss.exe
dPolicies-disallowrun: 85 = order.exe
dPolicies-disallowrun: 86 = Flashy.exe
dPolicies-disallowrun: 87 = meex.exe
dPolicies-disallowrun: 88 = xibgptd.exe
dPolicies-disallowrun: 89 = xmjisnw.exe
dPolicies-disallowrun: 90 = asd0.exe
dPolicies-disallowrun: 91 = windowsupd2.exe
dPolicies-disallowrun: 92 = winhost.exe
dPolicies-disallowrun: 93 = quicken.exe
dPolicies-disallowrun: 94 = editpad.exe
dPolicies-disallowrun: 95 = nwonknu.exe
dPolicies-disallowrun: 96 = rasrun.exe
dPolicies-disallowrun: 97 = psdrv.exe
dPolicies-disallowrun: 98 = svci.exe
dPolicies-disallowrun: 99 = unknown.exe
dPolicies-disallowrun: 100 = castlecops[1].exe
dPolicies-disallowrun: 101 = 1014[1].exe
dPolicies-disallowrun: 102 = is[1].exe
dPolicies-disallowrun: 103 = wcs.exe
dPolicies-disallowrun: 104 = Sizhu.exe
dPolicies-disallowrun: 105 = ibrv.exe
dPolicies-disallowrun: 106 = vgguxso.exe
dPolicies-disallowrun: 107 = uitxjwa.exe
dPolicies-disallowrun: 108 = loadam.exe
dPolicies-disallowrun: 109 = sunny.exe
dPolicies-disallowrun: 110 = etialof.exe
dPolicies-disallowrun: 111 = sdjxeqi.exe
dPolicies-disallowrun: 112 = tsnqtjn.exe
dPolicies-disallowrun: 113 = dluxde.exe
dPolicies-disallowrun: 114 = Soft0
dPolicies-disallowrun: 115 = 1.exe
dPolicies-disallowrun: 116 = 10.exe
dPolicies-disallowrun: 117 = SVOHOST.exe
dPolicies-disallowrun: 118 = sxs.exe
dPolicies-disallowrun: 119 = phimnguoilon.exe
dPolicies-disallowrun: 120 = amvo.exe
dPolicies-disallowrun: 121 = n1deiect.com
dPolicies-disallowrun: 122 = qwc.exe
dPolicies-disallowrun: 123 = tknn6.bat
dPolicies-disallowrun: 124 = 6l6w8.com
dPolicies-disallowrun: 125 = hay.exe
dPolicies-disallowrun: 126 = more.exe
dPolicies-disallowrun: 127 = nontay.exe
dPolicies-disallowrun: 128 = boom.vbs
dPolicies-disallowrun: 129 = drivers.cab.exe
dPolicies-disallowrun: 130 = KEYBOARD.exe
dPolicies-disallowrun: 131 = Global.exe
dPolicies-disallowrun: 132 = jdbgmgr.exe
dPolicies-disallowrun: 133 = secret.exe
dPolicies-disallowrun: 134 = xdict.exe
dPolicies-disallowrun: 135 = algssl.exe
dPolicies-disallowrun: 136 = phimhot.exe
dPolicies-disallowrun: 137 = other.exe
dPolicies-disallowrun: 138 = fun.exe
dPolicies-disallowrun: 139 = winsit.exe
dPolicies-disallowrun: 140 = sal.xls.exe
dPolicies-disallowrun: 141 = msfir80.exe
dPolicies-disallowrun: 142 = .exe
dPolicies-disallowrun: 143 = MSconfigg.exe
dPolicies-disallowrun: 144 = servics.exe
dPolicies-disallowrun: 145 = expl0rer.exe
dPolicies-disallowrun: 146 = tel.xls.exe
dPolicies-disallowrun: 147 = funni.exe
dPolicies-disallowrun: 148 = kvosoft.exe
dPolicies-disallowrun: 149 = 4.exe
dPolicies-disallowrun: 150 = 2008.exe
dPolicies-disallowrun: 151 = folder.exe
dPolicies-disallowrun: 152 = knx32.exe
dPolicies-disallowrun: 153 = Mixa_I.exe
dPolicies-disallowrun: 154 = bleep.exe
dPolicies-disallowrun: 155 = Happy99.exe
dPolicies-disallowrun: 156 = SKA.EXE
dPolicies-disallowrun: 157 = sysmgr.exe
dPolicies-disallowrun: 158 = Mixa_1.exe
dPolicies-disallowrun: 159 = skynet.exe
dPolicies-disallowrun: 160 = Isass.exe
dPolicies-disallowrun: 161 = 8out.exe
dPolicies-disallowrun: 162 = lotto.exe
dPolicies-disallowrun: 163 = ieav.exe
dPolicies-disallowrun: 164 = win32.host.exe
dPolicies-disallowrun: 165 = osgjaaj.exe
dPolicies-disallowrun: 166 = info.exe
dPolicies-disallowrun: 167 = ads.jpg.exe
dPolicies-disallowrun: 168 = CKVO.EXE
dPolicies-disallowrun: 169 = a2.exe
dPolicies-disallowrun: 170 = rundii32.exe
dPolicies-disallowrun: 171 = cd.exe
dPolicies-disallowrun: 172 = ph.com
dPolicies-disallowrun: 173 = winivstr.exe
dPolicies-disallowrun: 174 = Default.exe
dPolicies-disallowrun: 175 = NTDETECH.com
dPolicies-disallowrun: 176 = l63snn8.exe
dPolicies-disallowrun: 177 = svhost.exe
dPolicies-disallowrun: 178 = svchot.exe
dPolicies-disallowrun: 179 = svch0t.exe
dPolicies-disallowrun: 180 = svh0st.exe
dPolicies-disallowrun: 181 = my_80004.exe
dPolicies-disallowrun: 182 = explorcr.exe
dPolicies-disallowrun: 183 = admin6_ver0424.exe
dPolicies-disallowrun: 184 = yeSetup.exe
dPolicies-disallowrun: 185 = dodolook591.exe
dPolicies-disallowrun: 186 = alexa240.exe
dPolicies-disallowrun: 187 = 1072.exe
dPolicies-disallowrun: 188 = atmpvcno.dll.exe
dPolicies-disallowrun: 189 = atmlib.dll.exe
dPolicies-disallowrun: 190 = musica.exe
dPolicies-disallowrun: 191 = ...exe
dPolicies-disallowrun: 192 = ..exe
dPolicies-disallowrun: 193 = crack.com
dPolicies-disallowrun: 194 = dwintl.dll.exe
dPolicies-disallowrun: 195 = explorer.zip.scr
dPolicies-disallowrun: 196 = pictures.exe
dPolicies-disallowrun: 197 = readme.com
dPolicies-disallowrun: 198 = 12520437.cpx.exe
dPolicies-disallowrun: 199 = 12520850.cpx.exe
dPolicies-disallowrun: 200 = 3com_dmi.exe
dPolicies-disallowrun: 201 = 6to4svc.dll.exe
dPolicies-disallowrun: 202 = access.cpl.exe
dPolicies-disallowrun: 203 = acctres.dll.exe
dPolicies-disallowrun: 204 = acelpdec.ax.exe
dPolicies-disallowrun: 205 = acledit.dll.exe
dPolicies-disallowrun: 206 = aclui.dll.exe
dPolicies-disallowrun: 207 = activeds.dll.exe
dPolicies-disallowrun: 208 = activeds.tlb.exe
dPolicies-disallowrun: 209 = actxprxy.dll.exe
dPolicies-disallowrun: 210 = admparse.dll.exe
dPolicies-disallowrun: 211 = adodc.srg.exe
dPolicies-disallowrun: 212 = adptif.dll.exe
dPolicies-disallowrun: 213 = adsldp.dll.exe
dPolicies-disallowrun: 214 = adsldpc.dll.exe
dPolicies-disallowrun: 215 = adsmsext.dll.exe
dPolicies-disallowrun: 216 = adsnds.dll.exe
dPolicies-disallowrun: 217 = adsnt.dll.exe
dPolicies-disallowrun: 218 = adsnw.dll.exe
dPolicies-disallowrun: 219 = advapi32.dll.exe
dPolicies-disallowrun: 220 = advpack.dll.exe
dPolicies-disallowrun: 221 = alrsvc.dll.exe
dPolicies-disallowrun: 222 = amcompat.tlb.exe
dPolicies-disallowrun: 223 = amstream.dll.exe
dPolicies-disallowrun: 224 = ansi.sys.exe
dPolicies-disallowrun: 225 = apcups.dll.exe
dPolicies-disallowrun: 226 = apphelp.dll.exe
dPolicies-disallowrun: 227 = appmgmts.dll.exe
dPolicies-disallowrun: 228 = appmgr.dll.exe
dPolicies-disallowrun: 229 = appwiz.cpl.exe
dPolicies-disallowrun: 230 = asctrls.ocx.exe
dPolicies-disallowrun: 231 = asferror.dll.exe
dPolicies-disallowrun: 232 = asycfilt.dll.exe
dPolicies-disallowrun: 233 = atkctrs.dll.exe
dPolicies-disallowrun: 234 = atl.dll.exe
dPolicies-disallowrun: 235 = atmfd.dll.exe
dPolicies-disallowrun: 236 = 100.exe
dPolicies-disallowrun: 237 = 101.exe
dPolicies-disallowrun: 238 = 102.exe
dPolicies-disallowrun: 239 = 103.exe
dPolicies-disallowrun: 240 = 104.exe
dPolicies-disallowrun: 241 = 105.exe
dPolicies-disallowrun: 242 = 106.exe
dPolicies-disallowrun: 243 = 107.exe
dPolicies-disallowrun: 244 = 108.exe
dPolicies-disallowrun: 245 = 109.exe
dPolicies-disallowrun: 246 = 11.exe
dPolicies-disallowrun: 247 = 110.exe
dPolicies-disallowrun: 248 = 111.exe
dPolicies-disallowrun: 249 = 112.exe
dPolicies-disallowrun: 250 = 113.exe
dPolicies-disallowrun: 251 = 114.exe
dPolicies-disallowrun: 252 = 115.exe
dPolicies-disallowrun: 253 = 116.exe
dPolicies-disallowrun: 254 = 117.exe
dPolicies-disallowrun: 255 = 118.exe
dPolicies-disallowrun: 256 = 119.exe
dPolicies-disallowrun: 257 = 12.exe
dPolicies-disallowrun: 258 = 120.exe
dPolicies-disallowrun: 259 = 122.exe
dPolicies-disallowrun: 260 = 123.exe
dPolicies-disallowrun: 261 = 124.exe
dPolicies-disallowrun: 262 = 125.exe
dPolicies-disallowrun: 263 = blastk.exe
dPolicies-disallowrun: 264 = 126.exe
dPolicies-disallowrun: 265 = 127.exe
dPolicies-disallowrun: 266 = 128.exe
dPolicies-disallowrun: 267 = 129.exe
dPolicies-disallowrun: 268 = 13.exe
dPolicies-disallowrun: 269 = 130.exe
dPolicies-disallowrun: 270 = 131.exe
dPolicies-disallowrun: 271 = 132.exe
dPolicies-disallowrun: 272 = 133.exe
dPolicies-disallowrun: 273 = 134.exe
dPolicies-disallowrun: 274 = 135.exe
dPolicies-disallowrun: 275 = 136.exe
dPolicies-disallowrun: 276 = 137.exe
dPolicies-disallowrun: 277 = 138.exe
dPolicies-disallowrun: 278 = 139.exe
dPolicies-disallowrun: 279 = 14.exe
dPolicies-disallowrun: 280 = 140.exe
dPolicies-disallowrun: 281 = 141.exe
dPolicies-disallowrun: 282 = 142.exe
dPolicies-disallowrun: 283 = 143.exe
dPolicies-disallowrun: 284 = 144.exe
dPolicies-disallowrun: 285 = 145.exe
dPolicies-disallowrun: 286 = 146.exe
dPolicies-disallowrun: 287 = 147.exe
dPolicies-disallowrun: 288 = 148.exe
dPolicies-disallowrun: 289 = 149.exe
dPolicies-disallowrun: 290 = 15.exe
dPolicies-disallowrun: 291 = 150.exe
dPolicies-disallowrun: 292 = 151.exe
dPolicies-disallowrun: 293 = 152.exe
dPolicies-disallowrun: 294 = 153.exe
dPolicies-disallowrun: 295 = 154.exe
dPolicies-disallowrun: 296 = 155.exe
dPolicies-disallowrun: 297 = 156.exe
dPolicies-disallowrun: 298 = 157.exe
dPolicies-disallowrun: 299 = 158.exe
dPolicies-disallowrun: 300 = 159.exe
dPolicies-disallowrun: 301 = 16.exe
dPolicies-disallowrun: 302 = 160.exe
dPolicies-disallowrun: 303 = 161.exe
dPolicies-disallowrun: 304 = 162.exe
dPolicies-disallowrun: 305 = 163.exe
dPolicies-disallowrun: 306 = 164.exe
dPolicies-disallowrun: 307 = 165.exe
dPolicies-disallowrun: 308 = 166.exe
dPolicies-disallowrun: 309 = 167.exe
dPolicies-disallowrun: 310 = 168.exe
dPolicies-disallowrun: 311 = 169.exe
dPolicies-disallowrun: 312 = 17.exe
dPolicies-disallowrun: 313 = 170.exe
dPolicies-disallowrun: 314 = 171.exe
dPolicies-disallowrun: 315 = 172.exe
dPolicies-disallowrun: 316 = 173.exe
dPolicies-disallowrun: 317 = 174.exe
dPolicies-disallowrun: 318 = 175.exe
dPolicies-disallowrun: 319 = 176.exe
dPolicies-disallowrun: 320 = 177.exe
dPolicies-disallowrun: 321 = 178.exe
dPolicies-disallowrun: 322 = 179.exe
dPolicies-disallowrun: 323 = 18.exe
dPolicies-disallowrun: 324 = 180.exe
dPolicies-disallowrun: 325 = 181.exe
dPolicies-disallowrun: 326 = 182.exe
dPolicies-disallowrun: 327 = 183.exe
dPolicies-disallowrun: 328 = 184.exe
dPolicies-disallowrun: 329 = 185.exe
dPolicies-disallowrun: 330 = 186.exe
dPolicies-disallowrun: 331 = 187.exe
dPolicies-disallowrun: 332 = 188.exe
dPolicies-disallowrun: 333 = 189.exe
dPolicies-disallowrun: 334 = 19.exe
dPolicies-disallowrun: 335 = 190.exe
dPolicies-disallowrun: 336 = 191.exe
dPolicies-disallowrun: 337 = 192.exe
dPolicies-disallowrun: 338 = 193.exe
dPolicies-disallowrun: 339 = 194.exe
dPolicies-disallowrun: 340 = 195.exe
dPolicies-disallowrun: 341 = 196.exe
dPolicies-disallowrun: 342 = 197.exe
dPolicies-disallowrun: 343 = 198.exe
dPolicies-disallowrun: 344 = 199.exe
dPolicies-disallowrun: 345 = 20.exe
dPolicies-disallowrun: 346 = 21.exe
dPolicies-disallowrun: 347 = 22.exe
dPolicies-disallowrun: 348 = 23.exe
dPolicies-disallowrun: 349 = 24.exe
dPolicies-disallowrun: 350 = 25.exe
dPolicies-disallowrun: 351 = 26.exe
dPolicies-disallowrun: 352 = 27.exe
dPolicies-disallowrun: 353 = 28.exe
dPolicies-disallowrun: 354 = 29.exe
dPolicies-disallowrun: 355 = 3.exe
dPolicies-disallowrun: 356 = 30.exe
dPolicies-disallowrun: 357 = 1000.exe
dPolicies-disallowrun: 358 = 1001.exe
dPolicies-disallowrun: 359 = 1002.exe
dPolicies-disallowrun: 360 = 1003.exe
dPolicies-disallowrun: 361 = 1004.exe
dPolicies-disallowrun: 362 = 1005.exe
dPolicies-disallowrun: 363 = 1006.exe
dPolicies-disallowrun: 364 = 1007.exe
dPolicies-disallowrun: 365 = 1008.exe
dPolicies-disallowrun: 366 = 1009.exe
dPolicies-disallowrun: 367 = 1010.exe
dPolicies-disallowrun: 368 = 1011.exe
dPolicies-disallowrun: 369 = 1012.exe
dPolicies-disallowrun: 370 = 1013.exe
dPolicies-disallowrun: 371 = 1014.exe
dPolicies-disallowrun: 372 = 1015.exe
dPolicies-disallowrun: 373 = 1016.exe
dPolicies-disallowrun: 374 = 1017.exe
dPolicies-disallowrun: 375 = 1018.exe
dPolicies-disallowrun: 376 = 1019.exe
dPolicies-disallowrun: 377 = 1020.exe
dPolicies-disallowrun: 378 = 1021.exe
dPolicies-disallowrun: 379 = 1022.exe
dPolicies-disallowrun: 380 = 1023.exe
dPolicies-disallowrun: 381 = 1024.exe
dPolicies-disallowrun: 382 = 1025.exe
dPolicies-disallowrun: 383 = 1026.exe
dPolicies-disallowrun: 384 = 1027.exe
dPolicies-disallowrun: 385 = 1028.exe
dPolicies-disallowrun: 386 = 1029.exe
dPolicies-disallowrun: 387 = 1030.exe
dPolicies-disallowrun: 388 = 1031.exe
dPolicies-disallowrun: 389 = 1032.exe
dPolicies-disallowrun: 390 = 1033.exe
dPolicies-disallowrun: 391 = 1034.exe
dPolicies-disallowrun: 392 = 1035.exe
dPolicies-disallowrun: 393 = 1036.exe
dPolicies-disallowrun: 394 = 1037.exe
dPolicies-disallowrun: 395 = 1038.exe
dPolicies-disallowrun: 396 = 1039.exe
dPolicies-disallowrun: 397 = 1040.exe
dPolicies-disallowrun: 398 = 1041.exe
dPolicies-disallowrun: 399 = 1042.exe
dPolicies-disallowrun: 400 = 1043.exe
dPolicies-disallowrun: 401 = 1044.exe
dPolicies-disallowrun: 402 = 1045.exe
dPolicies-disallowrun: 403 = 1046.exe
dPolicies-disallowrun: 404 = 1047.exe
dPolicies-disallowrun: 405 = 1048.exe
dPolicies-disallowrun: 406 = 1049.exe
dPolicies-disallowrun: 407 = 1050.exe
dPolicies-disallowrun: 408 = 1051.exe
dPolicies-disallowrun: 409 = 1052.exe
dPolicies-disallowrun: 410 = 1053.exe
dPolicies-disallowrun: 411 = 1054.exe
dPolicies-disallowrun: 412 = 1055.exe
dPolicies-disallowrun: 413 = 1056.exe
dPolicies-disallowrun: 414 = 1057.exe
dPolicies-disallowrun: 415 = 1058.exe
dPolicies-disallowrun: 416 = 1059.exe
dPolicies-disallowrun: 417 = 1060.exe
dPolicies-disallowrun: 418 = 1061.exe
dPolicies-disallowrun: 419 = 1062.exe
dPolicies-disallowrun: 420 = 1063.exe
dPolicies-disallowrun: 421 = 1064.exe
dPolicies-disallowrun: 422 = 1065.exe
dPolicies-disallowrun: 423 = 1066.exe
dPolicies-disallowrun: 424 = 1067.exe
dPolicies-disallowrun: 425 = 1068.exe
dPolicies-disallowrun: 426 = 1069.exe
dPolicies-disallowrun: 427 = 1070.exe
dPolicies-disallowrun: 428 = 1071.exe
dPolicies-disallowrun: 429 = 1072.exe
dPolicies-disallowrun: 430 = 1073.exe
dPolicies-disallowrun: 431 = 1074.exe
dPolicies-disallowrun: 432 = 1075.exe
dPolicies-disallowrun: 433 = 1076.exe
dPolicies-disallowrun: 434 = 1077.exe
dPolicies-disallowrun: 435 = 1078.exe
dPolicies-disallowrun: 436 = 1079.exe
dPolicies-disallowrun: 437 = 1080.exe
dPolicies-disallowrun: 438 = 1081.exe
dPolicies-disallowrun: 439 = 1082.exe
dPolicies-disallowrun: 440 = 1083.exe
dPolicies-disallowrun: 441 = 1084.exe
dPolicies-disallowrun: 442 = 1085.exe
dPolicies-disallowrun: 443 = 1086.exe
dPolicies-disallowrun: 444 = 1087.exe
dPolicies-disallowrun: 445 = 1088.exe
dPolicies-disallowrun: 446 = 1089.exe
dPolicies-disallowrun: 447 = 1090.exe
dPolicies-disallowrun: 448 = 1091.exe
dPolicies-disallowrun: 449 = 1092.exe
dPolicies-disallowrun: 450 = 1093.exe
dPolicies-disallowrun: 451 = 1094.exe
dPolicies-disallowrun: 452 = 1095.exe
dPolicies-disallowrun: 453 = 1096.exe
dPolicies-disallowrun: 454 = 1097.exe
dPolicies-disallowrun: 455 = 1099.exe
dPolicies-disallowrun: 456 = 6307.exe
dPolicies-disallowrun: 457 = 6308.exe
dPolicies-disallowrun: 458 = 6309.exe
dPolicies-disallowrun: 459 = 6310.exe
dPolicies-disallowrun: 460 = 6311.exe
dPolicies-disallowrun: 461 = 6312.exe
dPolicies-disallowrun: 462 = 6314.exe
dPolicies-disallowrun: 463 = 6313.exe
dPolicies-disallowrun: 464 = 6315.exe
dPolicies-disallowrun: 465 = 6316.exe
dPolicies-disallowrun: 466 = 6317.exe
dPolicies-disallowrun: 467 = 6318.exe
dPolicies-disallowrun: 468 = 6319.exe
dPolicies-disallowrun: 469 = 6320.exe
dPolicies-disallowrun: 470 = 6321.exe
dPolicies-disallowrun: 471 = 6322.exe
dPolicies-disallowrun: 472 = 6323.exe
dPolicies-disallowrun: 473 = 6324.exe
dPolicies-disallowrun: 474 = 6325.exe
dPolicies-disallowrun: 475 = 6326.exe
dPolicies-disallowrun: 476 = 6327.exe
dPolicies-disallowrun: 477 = 6328.exe
dPolicies-disallowrun: 478 = 6329.exe
dPolicies-disallowrun: 479 = 6330.exe
dPolicies-disallowrun: 480 = 6331.exe
dPolicies-disallowrun: 481 = 6332.exe
dPolicies-disallowrun: 482 = 6333.exe
dPolicies-disallowrun: 483 = 6334.exe
dPolicies-disallowrun: 484 = 6335.exe
dPolicies-disallowrun: 485 = 6336.exe
dPolicies-disallowrun: 486 = 6337.exe
dPolicies-disallowrun: 487 = 6338.exe
dPolicies-disallowrun: 488 = 6339.exe
dPolicies-disallowrun: 489 = 6340.exe
dPolicies-disallowrun: 490 = 6341.exe
dPolicies-disallowrun: 491 = 6342.exe
dPolicies-disallowrun: 492 = 6343.exe
dPolicies-disallowrun: 493 = 6344.exe
dPolicies-disallowrun: 494 = 6345.exe
dPolicies-disallowrun: 495 = 6346.exe
dPolicies-disallowrun: 496 = 6347.exe
dPolicies-disallowrun: 497 = 6348.exe
dPolicies-disallowrun: 498 = 6349.exe
dPolicies-disallowrun: 499 = 6350.exe
dPolicies-disallowrun: 500 = 6351.exe
dPolicies-disallowrun: 501 = 6352.exe
dPolicies-disallowrun: 502 = 6353.exe
dPolicies-disallowrun: 503 = 6354.exe
dPolicies-disallowrun: 504 = 6355.exe
dPolicies-disallowrun: 505 = 6356.exe
dPolicies-disallowrun: 506 = 6357.exe
dPolicies-disallowrun: 507 = 6358.exe
dPolicies-disallowrun: 508 = 6359.exe
dPolicies-disallowrun: 509 = 6360.exe
dPolicies-disallowrun: 510 = 6361.exe
dPolicies-disallowrun: 511 = 6362.exe
dPolicies-disallowrun: 512 = 6363.exe
dPolicies-disallowrun: 513 = 6364.exe
dPolicies-disallowrun: 514 = 6365.exe
dPolicies-disallowrun: 515 = 6366.exe
dPolicies-disallowrun: 516 = 6367.exe
dPolicies-disallowrun: 517 = 6369.exe
dPolicies-disallowrun: 518 = 6368.exe
dPolicies-disallowrun: 519 = 6370.exe
dPolicies-disallowrun: 520 = 6371.exe
dPolicies-disallowrun: 521 = 6372.exe
dPolicies-disallowrun: 522 = 6373.exe
dPolicies-disallowrun: 523 = 6374.exe
dPolicies-disallowrun: 524 = 6375.exe
dPolicies-disallowrun: 525 = 6376.exe
dPolicies-disallowrun: 526 = 6377.exe
dPolicies-disallowrun: 527 = 6378.exe
dPolicies-disallowrun: 528 = 6379.exe
dPolicies-disallowrun: 529 = 6380.exe
dPolicies-disallowrun: 530 = 6381.exe
dPolicies-disallowrun: 531 = 6382.exe
dPolicies-disallowrun: 532 = 6383.exe
dPolicies-disallowrun: 533 = 6384.exe
dPolicies-disallowrun: 534 = 6385.exe
dPolicies-disallowrun: 535 = 6386.exe
dPolicies-disallowrun: 536 = 6387.exe
dPolicies-disallowrun: 537 = 6388.exe
dPolicies-disallowrun: 538 = 6389.exe
dPolicies-disallowrun: 539 = 6390.exe
dPolicies-disallowrun: 540 = 6391.exe
dPolicies-disallowrun: 541 = 6392.exe
dPolicies-disallowrun: 542 = 6393.exe
dPolicies-disallowrun: 543 = 6394.exe
dPolicies-disallowrun: 544 = 6395.exe
dPolicies-disallowrun: 545 = 6396.exe
dPolicies-disallowrun: 546 = 6397.exe
dPolicies-disallowrun: 547 = 6398.exe
dPolicies-disallowrun: 548 = 6399.exe
dPolicies-disallowrun: 549 = 6400.exe
dPolicies-disallowrun: 550 = 6401.exe
dPolicies-disallowrun: 551 = 6402.exe
dPolicies-disallowrun: 552 = 6403.exe
dPolicies-disallowrun: 553 = 6404.exe
dPolicies-disallowrun: 554 = 6405.exe
dPolicies-disallowrun: 555 = 6406.exe
dPolicies-disallowrun: 556 = 6407.exe
dPolicies-disallowrun: 557 = regfixxsx.exe
dPolicies-disallowrun: 558 = documents.exe
dPolicies-disallowrun: 559 = favorites.exe
dPolicies-disallowrun: 560 = ernsjyi.exe
dPolicies-disallowrun: 561 = jjcmdrj.exe
dPolicies-disallowrun: 562 = nheste.exe
dPolicies-disallowrun: 563 = nxmwp.exe
dPolicies-disallowrun: 564 = rwmgh.exe
dPolicies-disallowrun: 565 = tbljxjk.exe
dPolicies-disallowrun: 566 = vohth.exe
dPolicies-disallowrun: 567 = vvpmyvaw.exe
dPolicies-disallowrun: 568 = aa.exe
dPolicies-disallowrun: 569 = _cw0srv.exe
dPolicies-disallowrun: 570 = links.exe
dPolicies-disallowrun: 571 = serivces01.exe
dPolicies-disallowrun: 572 = serivces05.exe
dPolicies-disallowrun: 573 = sruninstall.exe
dPolicies-disallowrun: 574 = serivcesb.exe
dPolicies-disallowrun: 575 = serivcesf.exe
dPolicies-disallowrun: 576 = servcies04.exe
dPolicies-disallowrun: 577 = jxzub5410451.exe
dPolicies-disallowrun: 578 = chert5-998.exe
dPolicies-disallowrun: 579 = kernel1.exe
dPolicies-disallowrun: 580 = beep.exe
dPolicies-disallowrun: 581 = iexpl0re.exe
dPolicies-disallowrun: 582 = crasos.exe
dPolicies-disallowrun: 583 = cmdbcs.exe
dPolicies-disallowrun: 584 = realschd.exe
dPolicies-disallowrun: 585 = wsvbs.exe
dPolicies-disallowrun: 586 = msdccrt.exe
dPolicies-disallowrun: 587 = run1132.exe
dPolicies-disallowrun: 588 = sysload3.exe
dPolicies-disallowrun: 589 = tempicon.exe
dPolicies-disallowrun: 590 = sysbmw.exe
dPolicies-disallowrun: 591 = rpcs.exe
dPolicies-disallowrun: 592 = msvce32.exe
dPolicies-disallowrun: 593 = svhost32.exe
dPolicies-disallowrun: 594 = internat.exe
dPolicies-disallowrun: 595 = ctmontv.exe
dPolicies-disallowrun: 596 = ncscv32.exe
dPolicies-disallowrun: 597 = spo0lsv.exe
dPolicies-disallowrun: 598 = wdfmgr32.exe
dPolicies-disallowrun: 599 = upxdnd.exe
dPolicies-disallowrun: 600 = ssopure.exe
dPolicies-disallowrun: 601 = c0nime.exe
dPolicies-disallowrun: 602 = nvscv32.exe
dPolicies-disallowrun: 603 = bleepjacks.exe
dPolicies-disallowrun: 604 = lying.exe
dPolicies-disallowrun: 605 = jbele1.com
dPolicies-disallowrun: 606 = vt2n8re.com
dPolicies-disallowrun: 607 = 0011E924.vbs
dPolicies-disallowrun: 608 = 672.exe
dPolicies-disallowrun: 609 = ciygje.exe
dPolicies-disallowrun: 610 = kmbbvua.exe
dPolicies-disallowrun: 611 = mkqn.exe
dPolicies-disallowrun: 612 = pajto.exe
dPolicies-disallowrun: 613 = rbgc.exe
dPolicies-disallowrun: 614 = rs32net.exe
dPolicies-disallowrun: 615 = vbmwi.exe
dPolicies-disallowrun: 616 = wfthnpkw.exe
dPolicies-disallowrun: 617 = wsxyguvs.exe
dPolicies-disallowrun: 618 = servcies9.exe
dPolicies-disallowrun: 619 = servciesa.exe
dPolicies-disallowrun: 620 = servciesaa.exe
dPolicies-disallowrun: 621 = Vxl.exe
dPolicies-disallowrun: 622 = ~.exe
dPolicies-disallowrun: 623 = YUR7.exe
dPolicies-disallowrun: 624 = YUR8.exe
dPolicies-disallowrun: 625 = YUR9.exe
dPolicies-disallowrun: 626 = YURA.exe
dPolicies-disallowrun: 627 = Rapid Antivirus.exe
dPolicies-disallowrun: 628 = zPharoh.exe
dPolicies-disallowrun: 629 = winiguard.exe
dPolicies-disallowrun: 630 = zPharaoh.exe
dPolicies-disallowrun: 631 = lphcns0j0e1av.exe
dPolicies-disallowrun: 632 = serverx.exe
dPolicies-disallowrun: 633 = Sulfnbk.exe
dPolicies-disallowrun: 634 = 11122oo7.exe
dPolicies-disallowrun: 635 = newfolder.exe
dPolicies-disallowrun: 636 = qq.exe
dPolicies-disallowrun: 637 = 75976W.exe
dPolicies-disallowrun: 638 = 75976L.exe
dPolicies-disallowrun: 639 = brastk.exe
dPolicies-disallowrun: 640 = lky.exe
dPolicies-disallowrun: 641 = whi.com
dPolicies-disallowrun: 642 = sq.com
dPolicies-disallowrun: 643 = kamsoft.exe
dPolicies-disallowrun: 644 = rs32net.exe
dPolicies-disallowrun: 645 = Gool.exe
dPolicies-disallowrun: 646 = brnu492.exe
dPolicies-disallowrun: 647 = apipr.exe
dPolicies-disallowrun: 648 = apiph32.exe
dPolicies-disallowrun: 649 = BNH1.EXE
dPolicies-disallowrun: 650 = ce1.exe
dPolicies-disallowrun: 651 = dq1.exe
dPolicies-disallowrun: 652 = purger.exe
dPolicies-disallowrun: 653 = s-1-5-21.exe
dPolicies-disallowrun: 654 = lockbar.exe
dPolicies-disallowrun: 655 = aa0.exe
dPolicies-disallowrun: 755 = zip0.exe
dPolicies-disallowrun: 855 = soft0.exe
dPolicies-disallowrun: 656 = aa1.exe
dPolicies-disallowrun: 756 = zip1.exe
dPolicies-disallowrun: 856 = soft1.exe
dPolicies-disallowrun: 657 = aa2.exe
dPolicies-disallowrun: 757 = zip2.exe
dPolicies-disallowrun: 857 = soft2.exe
dPolicies-disallowrun: 658 = aa3.exe
dPolicies-disallowrun: 758 = zip3.exe
dPolicies-disallowrun: 858 = soft3.exe
dPolicies-disallowrun: 659 = aa4.exe
dPolicies-disallowrun: 759 = zip4.exe
dPolicies-disallowrun: 859 = soft4.exe
dPolicies-disallowrun: 660 = aa5.exe
dPolicies-disallowrun: 760 = zip5.exe
dPolicies-disallowrun: 860 = soft5.exe
dPolicies-disallowrun: 661 = aa6.exe
dPolicies-disallowrun: 761 = zip6.exe
dPolicies-disallowrun: 861 = soft6.exe
dPolicies-disallowrun: 662 = aa7.exe
dPolicies-disallowrun: 762 = zip7.exe
dPolicies-disallowrun: 862 = soft7.exe
dPolicies-disallowrun: 663 = aa8.exe
dPolicies-disallowrun: 763 = zip8.exe
dPolicies-disallowrun: 863 = soft8.exe
dPolicies-disallowrun: 664 = aa9.exe
dPolicies-disallowrun: 764 = zip9.exe
dPolicies-disallowrun: 864 = soft9.exe
dPolicies-disallowrun: 665 = aa10.exe
dPolicies-disallowrun: 765 = zip10.exe
dPolicies-disallowrun: 865 = soft10.exe
dPolicies-disallowrun: 666 = aa11.exe
dPolicies-disallowrun: 766 = zip11.exe
dPolicies-disallowrun: 866 = soft11.exe
dPolicies-disallowrun: 667 = aa12.exe
dPolicies-disallowrun: 767 = zip12.exe
dPolicies-disallowrun: 867 = soft12.exe
dPolicies-disallowrun: 668 = aa13.exe
dPolicies-disallowrun: 768 = zip13.exe
dPolicies-disallowrun: 868 = soft13.exe
dPolicies-disallowrun: 669 = aa14.exe
dPolicies-disallowrun: 769 = zip14.exe
dPolicies-disallowrun: 869 = soft14.exe
dPolicies-disallowrun: 670 = aa15.exe
dPolicies-disallowrun: 770 = zip15.exe
dPolicies-disallowrun: 870 = soft15.exe
dPolicies-disallowrun: 671 = aa16.exe
dPolicies-disallowrun: 771 = zip16.exe
dPolicies-disallowrun: 871 = soft16.exe
dPolicies-disallowrun: 672 = aa17.exe
dPolicies-disallowrun: 772 = zip17.exe
dPolicies-disallowrun: 872 = soft17.exe
dPolicies-disallowrun: 673 = aa18.exe
dPolicies-disallowrun: 773 = zip18.exe
dPolicies-disallowrun: 873 = soft18.exe
dPolicies-disallowrun: 674 = aa19.exe
dPolicies-disallowrun: 774 = zip19.exe
dPolicies-disallowrun: 874 = soft19.exe
dPolicies-disallowrun: 675 = aa20.exe
dPolicies-disallowrun: 775 = zip20.exe
dPolicies-disallowrun: 875 = soft20.exe
dPolicies-disallowrun: 676 = aa21.exe
dPolicies-disallowrun: 776 = zip21.exe
dPolicies-disallowrun: 876 = soft21.exe
dPolicies-disallowrun: 677 = aa22.exe
dPolicies-disallowrun: 777 = zip22.exe
dPolicies-disallowrun: 877 = soft22.exe
dPolicies-disallowrun: 678 = aa23.exe
dPolicies-disallowrun: 778 = zip23.exe
dPolicies-disallowrun: 878 = soft23.exe
dPolicies-disallowrun: 679 = aa24.exe
dPolicies-disallowrun: 779 = zip24.exe
dPolicies-disallowrun: 879 = soft24.exe
dPolicies-disallowrun: 680 = aa25.exe
dPolicies-disallowrun: 780 = zip25.exe
dPolicies-disallowrun: 880 = soft25.exe
dPolicies-disallowrun: 681 = aa26.exe
dPolicies-disallowrun: 781 = zip26.exe
dPolicies-disallowrun: 881 = soft26.exe
dPolicies-disallowrun: 682 = aa27.exe
dPolicies-disallowrun: 782 = zip27.exe
dPolicies-disallowrun: 882 = soft27.exe
dPolicies-disallowrun: 683 = aa28.exe
dPolicies-disallowrun: 783 = zip28.exe
dPolicies-disallowrun: 883 = soft28.exe
dPolicies-disallowrun: 684 = aa29.exe
dPolicies-disallowrun: 784 = zip29.exe
dPolicies-disallowrun: 884 = soft29.exe
dPolicies-disallowrun: 685 = aa30.exe
dPolicies-disallowrun: 785 = zip30.exe
dPolicies-disallowrun: 885 = soft30.exe
dPolicies-disallowrun: 686 = aa31.exe
dPolicies-disallowrun: 786 = zip31.exe
dPolicies-disallowrun: 886 = soft31.exe
dPolicies-disallowrun: 687 = aa32.exe
dPolicies-disallowrun: 787 = zip32.exe
dPolicies-disallowrun: 887 = soft32.exe
dPolicies-disallowrun: 688 = aa33.exe
dPolicies-disallowrun: 788 = zip33.exe
dPolicies-disallowrun: 888 = soft33.exe
dPolicies-disallowrun: 689 = aa34.exe
dPolicies-disallowrun: 789 = zip34.exe
dPolicies-disallowrun: 889 = soft34.exe
dPolicies-disallowrun: 690 = aa35.exe
dPolicies-disallowrun: 790 = zip35.exe
dPolicies-disallowrun: 890 = soft35.exe
dPolicies-disallowrun: 691 = aa36.exe
dPolicies-disallowrun: 791 = zip36.exe
dPolicies-disallowrun: 891 = soft36.exe
dPolicies-disallowrun: 692 = aa37.exe
dPolicies-disallowrun: 792 = zip37.exe
dPolicies-disallowrun: 892 = soft37.exe
dPolicies-disallowrun: 693 = aa38.exe
dPolicies-disallowrun: 793 = zip38.exe
dPolicies-disallowrun: 893 = soft38.exe
dPolicies-disallowrun: 694 = aa39.exe
dPolicies-disallowrun: 794 = zip39.exe
dPolicies-disallowrun: 894 = soft39.exe
dPolicies-disallowrun: 695 = aa40.exe
dPolicies-disallowrun: 795 = zip40.exe
dPolicies-disallowrun: 895 = soft40.exe
dPolicies-disallowrun: 696 = aa41.exe
dPolicies-disallowrun: 796 = zip41.exe
dPolicies-disallowrun: 896 = soft41.exe
dPolicies-disallowrun: 697 = aa42.exe
dPolicies-disallowrun: 797 = zip42.exe
dPolicies-disallowrun: 897 = soft42.exe
dPolicies-disallowrun: 698 = aa43.exe
dPolicies-disallowrun: 798 = zip43.exe
dPolicies-disallowrun: 898 = soft43.exe
dPolicies-disallowrun: 699 = aa44.exe
dPolicies-disallowrun: 799 = zip44.exe
dPolicies-disallowrun: 899 = soft44.exe
dPolicies-disallowrun: 700 = aa45.exe
dPolicies-disallowrun: 800 = zip45.exe
dPolicies-disallowrun: 900 = soft45.exe
dPolicies-disallowrun: 701 = aa46.exe
dPolicies-disallowrun: 801 = zip46.exe
dPolicies-disallowrun: 901 = soft46.exe
dPolicies-disallowrun: 702 = aa47.exe
dPolicies-disallowrun: 802 = zip47.exe
dPolicies-disallowrun: 902 = soft47.exe
dPolicies-disallowrun: 703 = aa48.exe
dPolicies-disallowrun: 803 = zip48.exe
dPolicies-disallowrun: 903 = soft48.exe
dPolicies-disallowrun: 704 = aa49.exe
dPolicies-disallowrun: 804 = zip49.exe
dPolicies-disallowrun: 904 = soft49.exe
dPolicies-disallowrun: 705 = aa50.exe
dPolicies-disallowrun: 805 = zip50.exe
dPolicies-disallowrun: 905 = soft50.exe
dPolicies-disallowrun: 706 = aa51.exe
dPolicies-disallowrun: 806 = zip51.exe
dPolicies-disallowrun: 906 = soft51.exe
dPolicies-disallowrun: 707 = aa52.exe
dPolicies-disallowrun: 807 = zip52.exe
dPolicies-disallowrun: 907 = soft52.exe
dPolicies-disallowrun: 708 = aa53.exe
dPolicies-disallowrun: 808 = zip53.exe
dPolicies-disallowrun: 908 = soft53.exe
dPolicies-disallowrun: 709 = aa54.exe
dPolicies-disallowrun: 809 = zip54.exe
dPolicies-disallowrun: 909 = soft54.exe
dPolicies-disallowrun: 710 = aa55.exe
dPolicies-disallowrun: 810 = zip55.exe
dPolicies-disallowrun: 910 = soft55.exe
dPolicies-disallowrun: 711 = aa56.exe
dPolicies-disallowrun: 811 = zip56.exe
dPolicies-disallowrun: 911 = soft56.exe
dPolicies-disallowrun: 712 = aa57.exe
dPolicies-disallowrun: 812 = zip57.exe
dPolicies-disallowrun: 912 = soft57.exe
dPolicies-disallowrun: 713 = aa58.exe
dPolicies-disallowrun: 813 = zip58.exe
dPolicies-disallowrun: 913 = soft58.exe
dPolicies-disallowrun: 714 = aa59.exe
dPolicies-disallowrun: 814 = zip59.exe
dPolicies-disallowrun: 914 = soft59.exe
dPolicies-disallowrun: 715 = aa60.exe
dPolicies-disallowrun: 815 = zip60.exe
dPolicies-disallowrun: 915 = soft60.exe
dPolicies-disallowrun: 716 = aa61.exe
dPolicies-disallowrun: 816 = zip61.exe
dPolicies-disallowrun: 916 = soft61.exe
dPolicies-disallowrun: 717 = aa62.exe
dPolicies-disallowrun: 817 = zip62.exe
dPolicies-disallowrun: 917 = soft62.exe
dPolicies-disallowrun: 718 = aa63.exe
dPolicies-disallowrun: 818 = zip63.exe
dPolicies-disallowrun: 918 = soft63.exe
dPolicies-disallowrun: 719 = aa64.exe
dPolicies-disallowrun: 819 = zip64.exe
dPolicies-disallowrun: 919 = soft64.exe
dPolicies-disallowrun: 720 = aa65.exe
dPolicies-disallowrun: 820 = zip65.exe
dPolicies-disallowrun: 920 = soft65.exe
dPolicies-disallowrun: 721 = aa66.exe
dPolicies-disallowrun: 821 = zip66.exe
dPolicies-disallowrun: 921 = soft66.exe
dPolicies-disallowrun: 722 = aa67.exe
dPolicies-disallowrun: 822 = zip67.exe
dPolicies-disallowrun: 922 = soft67.exe
dPolicies-disallowrun: 723 = aa68.exe
dPolicies-disallowrun: 823 = zip68.exe
dPolicies-disallowrun: 923 = soft68.exe
dPolicies-disallowrun: 724 = aa69.exe
dPolicies-disallowrun: 824 = zip69.exe
dPolicies-disallowrun: 924 = soft69.exe
dPolicies-disallowrun: 725 = aa70.exe
dPolicies-disallowrun: 825 = zip70.exe
dPolicies-disallowrun: 925 = soft70.exe
dPolicies-disallowrun: 726 = aa71.exe
dPolicies-disallowrun: 826 = zip71.exe
dPolicies-disallowrun: 926 = soft71.exe
dPolicies-disallowrun: 727 = aa72.exe
dPolicies-disallowrun: 827 = zip72.exe
dPolicies-disallowrun: 927 = soft72.exe
dPolicies-disallowrun: 728 = aa73.exe
dPolicies-disallowrun: 828 = zip73.exe
dPolicies-disallowrun: 928 = soft73.exe
dPolicies-disallowrun: 729 = aa74.exe
dPolicies-disallowrun: 829 = zip74.exe
dPolicies-disallowrun: 929 = soft74.exe
dPolicies-disallowrun: 730 = aa75.exe
dPolicies-disallowrun: 830 = zip75.exe
dPolicies-disallowrun: 930 = soft75.exe
dPolicies-disallowrun: 731 = aa76.exe
dPolicies-disallowrun: 831 = zip76.exe
dPolicies-disallowrun: 931 = soft76.exe
dPolicies-disallowrun: 732 = aa77.exe
dPolicies-disallowrun: 832 = zip77.exe
dPolicies-disallowrun: 932 = soft77.exe
dPolicies-disallowrun: 733 = aa78.exe
dPolicies-disallowrun: 833 = zip78.exe
dPolicies-disallowrun: 933 = soft78.exe
dPolicies-disallowrun: 734 = aa79.exe
dPolicies-disallowrun: 834 = zip79.exe
dPolicies-disallowrun: 934 = soft79.exe
dPolicies-disallowrun: 735 = aa80.exe
dPolicies-disallowrun: 835 = zip80.exe
dPolicies-disallowrun: 935 = soft80.exe
dPolicies-disallowrun: 736 = aa81.exe
dPolicies-disallowrun: 836 = zip81.exe
dPolicies-disallowrun: 936 = soft81.exe
dPolicies-disallowrun: 737 = aa82.exe
dPolicies-disallowrun: 837 = zip82.exe
dPolicies-disallowrun: 937 = soft82.exe
dPolicies-disallowrun: 738 = aa83.exe
dPolicies-disallowrun: 838 = zip83.exe
dPolicies-disallowrun: 938 = soft83.exe
dPolicies-disallowrun: 739 = aa84.exe
dPolicies-disallowrun: 839 = zip84.exe
dPolicies-disallowrun: 939 = soft84.exe
dPolicies-disallowrun: 740 = aa85.exe
dPolicies-disallowrun: 840 = zip85.exe
dPolicies-disallowrun: 940 = soft85.exe
dPolicies-disallowrun: 741 = aa86.exe
dPolicies-disallowrun: 841 = zip86.exe
dPolicies-disallowrun: 941 = soft86.exe
dPolicies-disallowrun: 742 = aa87.exe
dPolicies-disallowrun: 842 = zip87.exe
dPolicies-disallowrun: 942 = soft87.exe
dPolicies-disallowrun: 743 = aa88.exe
dPolicies-disallowrun: 843 = zip88.exe
dPolicies-disallowrun: 943 = soft88.exe
dPolicies-disallowrun: 744 = aa89.exe
dPolicies-disallowrun: 844 = zip89.exe
dPolicies-disallowrun: 944 = soft89.exe
dPolicies-disallowrun: 745 = aa90.exe
dPolicies-disallowrun: 845 = zip90.exe
dPolicies-disallowrun: 945 = soft90.exe
dPolicies-disallowrun: 746 = aa91.exe
dPolicies-disallowrun: 846 = zip91.exe
dPolicies-disallowrun: 946 = soft91.exe
dPolicies-disallowrun: 747 = aa92.exe
dPolicies-disallowrun: 847 = zip92.exe
dPolicies-disallowrun: 947 = soft92.exe
dPolicies-disallowrun: 748 = aa93.exe
dPolicies-disallowrun: 848 = zip93.exe
dPolicies-disallowrun: 948 = soft93.exe
dPolicies-disallowrun: 749 = aa94.exe
dPolicies-disallowrun: 849 = zip94.exe
dPolicies-disallowrun: 949 = soft94.exe
dPolicies-disallowrun: 750 = aa95.exe
dPolicies-disallowrun: 850 = zip95.exe
dPolicies-disallowrun: 950 = soft95.exe
dPolicies-disallowrun: 751 = aa96.exe
dPolicies-disallowrun: 851 = zip96.exe
dPolicies-disallowrun: 951 = soft96.exe
dPolicies-disallowrun: 752 = aa97.exe
dPolicies-disallowrun: 852 = zip97.exe
dPolicies-disallowrun: 952 = soft97.exe
dPolicies-disallowrun: 753 = aa98.exe
dPolicies-disallowrun: 853 = zip98.exe
dPolicies-disallowrun: 953 = soft98.exe
dPolicies-disallowrun: 754 = aa99.exe
dPolicies-disallowrun: 854 = zip99.exe
dPolicies-disallowrun: 954 = soft99.exe
dPolicies-disallowrun: 955 = $sys$drv.exe
dPolicies-disallowrun: 956 = $sys$sos$sys$.exe
dPolicies-disallowrun: 957 = $sys$xp.exe
dPolicies-disallowrun: 958 = ~565.exe
dPolicies-disallowrun: 959 = 0.exe
dPolicies-disallowrun: 960 = 004.exe
dPolicies-disallowrun: 961 = 005.exe
dPolicies-disallowrun: 962 = 006.exe
dPolicies-disallowrun: 963 = 007.exe
dPolicies-disallowrun: 964 = 007ssinstall.exe
dPolicies-disallowrun: 965 = 008.exe
dPolicies-disallowrun: 966 = 009.exe
dPolicies-disallowrun: 967 = 01dopewars_update.exe
dPolicies-disallowrun: 968 = 01logo.exe
dPolicies-disallowrun: 969 = 04s28lat.exe
dPolicies-disallowrun: 970 = 06qytm1a.exe
dPolicies-disallowrun: 971 = 09857728.exe
dPolicies-disallowrun: 972 = 1004270.exe
dPolicies-disallowrun: 973 = 1054571.exe
dPolicies-disallowrun: 974 = 11421604.exe
dPolicies-disallowrun: 975 = 123bar.exe
dPolicies-disallowrun: 976 = 123hiddensender.exe
dPolicies-disallowrun: 977 = 12nail.exe
dPolicies-disallowrun: 978 = 14hi1qs8.exe
dPolicies-disallowrun: 979 = 17131762.exe
dPolicies-disallowrun: 980 = 180ax.exe
dPolicies-disallowrun: 981 = 180pack6480.exe
dPolicies-disallowrun: 982 = 180sa.exe
dPolicies-disallowrun: 983 = 180sainstallernusac.exe
dPolicies-disallowrun: 984 = 180stuninstaller.exe
dPolicies-disallowrun: 985 = 1lyu2k.exe
dPolicies-disallowrun: 986 = 1o32cwjn.exe
dPolicies-disallowrun: 987 = 2.sfx.exe.exe
dPolicies-disallowrun: 988 = 2005.exe
dPolicies-disallowrun: 989 = 202_app13.exe
dPolicies-disallowrun: 990 = 26-593.exe
dPolicies-disallowrun: 991 = 29904603.exe
dPolicies-disallowrun: 992 = 2search.exe
dPolicies-disallowrun: 993 = 302v2fp0.exe
dPolicies-disallowrun: 994 = 39987557.exe
dPolicies-disallowrun: 995 = 50cent.exe
dPolicies-disallowrun: 996 = 53648356.svd
dPolicies-disallowrun: 997 = 5thkf354.exe
dPolicies-disallowrun: 998 = 63de0cc3d01
dPolicies-disallowrun: 999 = 63mm.exe
dPolicies-disallowrun: 1000 = 666.exe
dPolicies-disallowrun: 1001 = 66978039.exe
dPolicies-disallowrun: 1002 = 69254441.exe
dPolicies-disallowrun: 1003 = 9spj1iiq.exe
dPolicies-disallowrun: 1004 = a_clearsearch.exe
dPolicies-disallowrun: 1005 = a0011142.exe
dPolicies-disallowrun: 1006 = a006.exe
dPolicies-disallowrun: 1007 = a006.exe
dPolicies-disallowrun: 1008 = a0067423.exe
dPolicies-disallowrun: 1009 = a0067428.exe
dPolicies-disallowrun: 1010 = a64sddd.exe
dPolicies-disallowrun: 1011 = abg-aceh.exe
dPolicies-disallowrun: 1012 = abox.exe
dPolicies-disallowrun: 1013 = abs.exe
dPolicies-disallowrun: 1014 = absr.exe
dPolicies-disallowrun: 1015 = access members area.exe
dPolicies-disallowrun: 1016 = access.exe
dPolicies-disallowrun: 1017 = accwizz.exe
dPolicies-disallowrun: 1018 = acespy331t.exe
dPolicies-disallowrun: 1019 = aclservice.exe
dPolicies-disallowrun: 1020 = aconti.exe
dPolicies-disallowrun: 1021 = actalert.exe
dPolicies-disallowrun: 1022 = activeds.exe
dPolicies-disallowrun: 1023 = activeplus.exe
dPolicies-disallowrun: 1024 = activex_300_it.exe
dPolicies-disallowrun: 1025 = actualspy.exe
dPolicies-disallowrun: 1026 = actx1.exe
dPolicies-disallowrun: 1027 = ad.exe
dPolicies-disallowrun: 1028 = adaware.exe
dPolicies-disallowrun: 1029 = adl_mteststub.exe
dPolicies-disallowrun: 1030 = adlinstallwin32.exe
dPolicies-disallowrun: 1031 = adm4005.exe
dPolicies-disallowrun: 1032 = admanctl.exe
dPolicies-disallowrun: 1033 = admilliserv.exe
dPolicies-disallowrun: 1034 = admlib32.exe
dPolicies-disallowrun: 1035 = adobe_flash.exe
dPolicies-disallowrun: 1036 = adobes.exe
dPolicies-disallowrun: 1037 = adp.exe
dPolicies-disallowrun: 1038 = adsetup.silent.1.13.exe
dPolicies-disallowrun: 1039 = adstatserv.exe
dPolicies-disallowrun: 1040 = adtech2006.exe
dPolicies-disallowrun: 1041 = adupdater.exe
dPolicies-disallowrun: 1042 = adv.exe
dPolicies-disallowrun: 1043 = advapi.exe
dPolicies-disallowrun: 1044 = adx.exe
dPolicies-disallowrun: 1045 = ahadp.exe
dPolicies-disallowrun: 1046 = aim spy plugin.exe
dPolicies-disallowrun: 1047 = ajrpbi.exe
dPolicies-disallowrun: 1048 = alchem.exe
dPolicies-disallowrun: 1049 = alevir.exe
dPolicies-disallowrun: 1050 = alp2plib.exe
dPolicies-disallowrun: 1051 = amero.exe
dPolicies-disallowrun: 1052 = amp2pl.exe
dPolicies-disallowrun: 1053 = angelex.exe
dPolicies-disallowrun: 1054 = anti_troj.exe
dPolicies-disallowrun: 1055 = antiav.exe
dPolicies-disallowrun: 1056 = antispy.exe
dPolicies-disallowrun: 1057 = antivirus update.exe
dPolicies-disallowrun: 1058 = antivirus32.exe
dPolicies-disallowrun: 1059 = aocbhm.exe
dPolicies-disallowrun: 1060 = aornum.exe
dPolicies-disallowrun: 1061 = ap0.exe
dPolicies-disallowrun: 1062 = ap2.exe
dPolicies-disallowrun: 1063 = apd123.exe
dPolicies-disallowrun: 1064 = app.exe
dPolicies-disallowrun: 1065 = appsetup.exe
dPolicies-disallowrun: 1066 = aq3hel~1.exe
dPolicies-disallowrun: 1067 = archive.exe
dPolicies-disallowrun: 1068 = arr.exe
dPolicies-disallowrun: 1069 = arupdate.exe
dPolicies-disallowrun: 1070 = arupld32.exe
dPolicies-disallowrun: 1071 = asd.exe
dPolicies-disallowrun: 1072 = asearchassist.exe
dPolicies-disallowrun: 1073 = asm.exe
dPolicies-disallowrun: 1074 = asmonitor.exe
dPolicies-disallowrun: 1075 = astart.exe
dPolicies-disallowrun: 1076 = atipta.exe
dPolicies-disallowrun: 1077 = atiupdate.exe
dPolicies-disallowrun: 1078 = atmsvc.exe
dPolicies-disallowrun: 1079 = aupdate_uninstall.exe
dPolicies-disallowrun: 1080 = aurora(1).exe
dPolicies-disallowrun: 1081 = aurora.exe
dPolicies-disallowrun: 1082 = aurora-wise1.exe
dPolicies-disallowrun: 1083 = ause3-decoded.exe
dPolicies-disallowrun: 1084 = ausvc.exe
dPolicies-disallowrun: 1085 = autoexec.exe
dPolicies-disallowrun: 1086 = automove.exe
dPolicies-disallowrun: 1087 = autoupdatev2.exe
dPolicies-disallowrun: 1088 = aux32.exe
dPolicies-disallowrun: 1089 = av.exe
dPolicies-disallowrun: 1090 = avghalsb.exe
dPolicies-disallowrun: 1091 = avserve.exe
dPolicies-disallowrun: 1092 = avserve2.exe
dPolicies-disallowrun: 1093 = b2search_v17.exe
dPolicies-disallowrun: 1094 = backdoor.prorat.13.exe
dPolicies-disallowrun: 1095 = backdoor.prorat.13_(57).exe
dPolicies-disallowrun: 1096 = backup-20040105-225929-414.exe
dPolicies-disallowrun: 1097 = backweb.exe
dPolicies-disallowrun: 1098 = banmanpro.exe
dPolicies-disallowrun: 1099 = bargain3.exe
dPolicies-disallowrun: 1100 = bargain4.exe
dPolicies-disallowrun: 1101 = bargainbuddy.exe
dPolicies-disallowrun: 1102 = bargains.exe
dPolicies-disallowrun: 1103 = basfipm.exe
dPolicies-disallowrun: 1104 = bazzi.exe
dPolicies-disallowrun: 1105 = bb.exe
dPolicies-disallowrun: 1106 = bbchk.exe
dPolicies-disallowrun: 1107 = bbfbeola.exe
dPolicies-disallowrun: 1108 = bbi8015.exe
dPolicies-disallowrun: 1109 = bbi8018.exe
dPolicies-disallowrun: 1110 = bbi8032.exe
dPolicies-disallowrun: 1111 = bbntqcbw.exe
dPolicies-disallowrun: 1112 = bboy.exe
dPolicies-disallowrun: 1113 = bdrqbac.exe
dPolicies-disallowrun: 1114 = bedo9iz1.exe
dPolicies-disallowrun: 1115 = belt.exe
dPolicies-disallowrun: 1116 = berasjatah.exe
dPolicies-disallowrun: 1117 = beta.exe
dPolicies-disallowrun: 1118 = bhp.exe
dPolicies-disallowrun: 1119 = bhsv.exe
dPolicies-disallowrun: 1120 = bi5.exe
dPolicies-disallowrun: 1121 = bifrost.exe
dPolicies-disallowrun: 1122 = bil.exe
dPolicies-disallowrun: 1123 = bindshell.exe
dPolicies-disallowrun: 1124 = bionet.exe
dPolicies-disallowrun: 1125 = bk.exe
dPolicies-disallowrun: 1126 = block-checker.exe
dPolicies-disallowrun: 1127 = blondes.exe
dPolicies-disallowrun: 1128 = bloodhound.exe
dPolicies-disallowrun: 1129 = blss.exe
dPolicies-disallowrun: 1130 = bman.exe
dPolicies-disallowrun: 1131 = bml8pjp7.exe
dPolicies-disallowrun: 1132 = bmupdate.exe
dPolicies-disallowrun: 1133 = bokja.exe
dPolicies-disallowrun: 1134 = bookedspace.exe
dPolicies-disallowrun: 1135 = boot.exe
dPolicies-disallowrun: 1136 = bootconf.exe
dPolicies-disallowrun: 1137 = bot.exe
dPolicies-disallowrun: 1138 = bp.exe
dPolicies-disallowrun: 1139 = bpc.exe
dPolicies-disallowrun: 1140 = safesys.exe
dPolicies-disallowrun: 1141 = bpsinstall.exe
dPolicies-disallowrun: 1142 = brasil.exe
dPolicies-disallowrun: 1143 = brengkolang.com
dPolicies-disallowrun: 1144 = bronstab.exe
dPolicies-disallowrun: 1145 = bsoft.exe
dPolicies-disallowrun: 1146 = buddy.exe
dPolicies-disallowrun: 1147 = bugsfix.exe
dPolicies-disallowrun: 1148 = bundle.exe
dPolicies-disallowrun: 1149 = bundle~1.exe
dPolicies-disallowrun: 1150 = bundleouter.exe
dPolicies-disallowrun: 1151 = bundleouter2501031120.exe
dPolicies-disallowrun: 1152 = bundleouter2601031121.exe
dPolicies-disallowrun: 1153 = bundles.exe
dPolicies-disallowrun: 1154 = bundles118.exe
dPolicies-disallowrun: 1155 = bxproxy.exe
dPolicies-disallowrun: 1156 = camviewer.exe
dPolicies-disallowrun: 1157 = card.exe
dPolicies-disallowrun: 1158 = cartao.exe
dPolicies-disallowrun: 1159 = cas2stub.exe
dPolicies-disallowrun: 1160 = casclient.exe
dPolicies-disallowrun: 1161 = cashsaverupdate.exe
dPolicies-disallowrun: 1162 = cb.exe
dPolicies-disallowrun: 1163 = cc.exe
dPolicies-disallowrun: 1164 = cd_install.exe
dPolicies-disallowrun: 1165 = cd_install_291.exe
dPolicies-disallowrun: 1166 = cd_load.exe
dPolicies-disallowrun: 1167 = cd5a8b2bd01
dPolicies-disallowrun: 1168 = cdaengine
dPolicies-disallowrun: 1169 = cdaengine0500
dPolicies-disallowrun: 1170 = cdf.exe
dPolicies-disallowrun: 1171 = cds.exe
dPolicies-disallowrun: 1172 = cdsm32.exe
dPolicies-disallowrun: 1173 = cfgmgr52.exe
dPolicies-disallowrun: 1174 = cfmon.exe
dPolicies-disallowrun: 1175 = cg.exe
dPolicies-disallowrun: 1176 = cgtask.exe
dPolicies-disallowrun: 1177 = check.exe
dPolicies-disallowrun: 1178 = checkreg.exe
dPolicies-disallowrun: 1179 = checkup.exe
dPolicies-disallowrun: 1180 = chkntsv.exe
dPolicies-disallowrun: 1181 = chkras.exe
dPolicies-disallowrun: 1182 = choke.exe
dPolicies-disallowrun: 1183 = chq7gv5g.exe
dPolicies-disallowrun: 1184 = cisvvc.exe
dPolicies-disallowrun: 1185 = cjqxe.exe
dPolicies-disallowrun: 1186 = ckusdll.exe
dPolicies-disallowrun: 1187 = clbcatex.exe
dPolicies-disallowrun: 1188 = client.exe
dPolicies-disallowrun: 1189 = clientax.exe
dPolicies-disallowrun: 1190 = cm.exe
dPolicies-disallowrun: 1191 = cmappsetup.exe
dPolicies-disallowrun: 1192 = cmappupdate.exe
dPolicies-disallowrun: 1193 = cmd32.exe
dPolicies-disallowrun: 1194 = cmdinst.exe
dPolicies-disallowrun: 1195 = cmesys.exe
dPolicies-disallowrun: 1196 = cmeupd.exe
dPolicies-disallowrun: 1197 = cmman.exe
dPolicies-disallowrun: 1198 = cmqcemmpm.exe
dPolicies-disallowrun: 1199 = cmrsr.exe
dPolicies-disallowrun: 1200 = cmrss.exe
dPolicies-disallowrun: 1201 = cmsystem.exe
dPolicies-disallowrun: 1202 = cnqmax.exe
dPolicies-disallowrun: 1203 = codecsetup.exe
dPolicies-disallowrun: 1204 = comctl_32.exe
dPolicies-disallowrun: 1205 = commando.exe
dPolicies-disallowrun: 1206 = conscorr.exe
dPolicies-disallowrun: 1207 = consol32.exe
dPolicies-disallowrun: 1208 = cool.exe
dPolicies-disallowrun: 1209 = copy of optimize.exe
dPolicies-disallowrun: 1210 = corpstats.exe
dPolicies-disallowrun: 1211 = cp.exe
dPolicies-disallowrun: 1212 = cpanel.exe
dPolicies-disallowrun: 1213 = cpr.exe
dPolicies-disallowrun: 1214 = crackserver-service.exe
dPolicies-disallowrun: 1215 = crmss.exe
dPolicies-disallowrun: 1216 = crss.exe
dPolicies-disallowrun: 1217 = crsss.exe
dPolicies-disallowrun: 1218 = cryptfg.exe
dPolicies-disallowrun: 1219 = csaolinst.exe
dPolicies-disallowrun: 1220 = csaolldr.exe
dPolicies-disallowrun: 1221 = csbiinst.exe
dPolicies-disallowrun: 1222 = csieinst.exe
dPolicies-disallowrun: 1223 = csmsv.exe
dPolicies-disallowrun: 1224 = csrcs.exe
dPolicies-disallowrun: 1225 = csrdeu32.exe
dPolicies-disallowrun: 1226 = csrrs.exe
dPolicies-disallowrun: 1227 = csrs.exe
dPolicies-disallowrun: 1228 = csrsc.exe
dPolicies-disallowrun: 1229 = csrse.exe
dPolicies-disallowrun: 1230 = csrss32.exe
dPolicies-disallowrun: 1231 = ctfmon32.exe
dPolicies-disallowrun: 1232 = cucu.exe
dPolicies-disallowrun: 1233 = cxq8ojka.exe
dPolicies-disallowrun: 1234 = cxtpls.exe
dPolicies-disallowrun: 1235 = cydoor.exe
dPolicies-disallowrun: 1236 = cydoor_uninstall.exe
dPolicies-disallowrun: 1237 = cz.exe
dPolicies-disallowrun: 1238 = czncin.exe
dPolicies-disallowrun: 1239 = d.exe
dPolicies-disallowrun: 1240 = d6.exe
dPolicies-disallowrun: 1241 = data2.exe
dPolicies-disallowrun: 1242 = data3.exe
dPolicies-disallowrun: 1243 = datemanager.exe
dPolicies-disallowrun: 1244 = dbaccess.exe
dPolicies-disallowrun: 1245 = dc1.exe
dPolicies-disallowrun: 1246 = dc37.exe
dPolicies-disallowrun: 1247 = dc38.exe
dPolicies-disallowrun: 1248 = dc39.exe
dPolicies-disallowrun: 1249 = dc42.exe
dPolicies-disallowrun: 1250 = dc43.exe
dPolicies-disallowrun: 1251 = dc44.exe
dPolicies-disallowrun: 1252 = dc82.exe
dPolicies-disallowrun: 1253 = dc83.exe
dPolicies-disallowrun: 1254 = dc84.exe
dPolicies-disallowrun: 1255 = dc85.exe
dPolicies-disallowrun: 1256 = dc86.exe
dPolicies-disallowrun: 1257 = dcomcfg.exe
dPolicies-disallowrun: 1258 = dcomx.exe
dPolicies-disallowrun: 1259 = ddcman.exe
dPolicies-disallowrun: 1260 = dealhelper.exe
dPolicies-disallowrun: 1261 = delmsbb.exe
dPolicies-disallowrun: 1262 = deskadkeep.exe
dPolicies-disallowrun: 1263 = deskadserv.exe
dPolicies-disallowrun: 1264 = desktop.exe
dPolicies-disallowrun: 1265 = dfe.exe
dPolicies-disallowrun: 1266 = dfrgsrv.exe
dPolicies-disallowrun: 1267 = dgwojz0h.exe
dPolicies-disallowrun: 1268 = dhbrwsr.exe
dPolicies-disallowrun: 1269 = dho.exe
dPolicies-disallowrun: 1270 = dhupdt.exe
dPolicies-disallowrun: 1271 = dial.exe
dPolicies-disallowrun: 1272 = dinst.exe
dPolicies-disallowrun: 1273 = dioxin.exe
dPolicies-disallowrun: 1274 = directs.exe
dPolicies-disallowrun: 1275 = directx.exe
dPolicies-disallowrun: 1276 = directxset.exe
dPolicies-disallowrun: 1277 = disp1150.exe
dPolicies-disallowrun: 1278 = display.exe
dPolicies-disallowrun: 1279 = divx.exe
dPolicies-disallowrun: 1280 = dlgli.exe
dPolicies-disallowrun: 1281 = dlhost.exe
dPolicies-disallowrun: 1282 = dll32.exe
dPolicies-disallowrun: 1283 = dllreg.exe
dPolicies-disallowrun: 1284 = dmserver.exe
dPolicies-disallowrun: 1285 = dodrrr.exe
dPolicies-disallowrun: 1286 = down.exe
dPolicies-disallowrun: 1287 = download.exe
dPolicies-disallowrun: 1288 = downloadplus.exe
dPolicies-disallowrun: 1289 = dp-b23011805.exe
dPolicies-disallowrun: 1290 = dpul6zoa.exe
dPolicies-disallowrun: 1291 = dr.exe
dPolicies-disallowrun: 1292 = dr_s.exe
dPolicies-disallowrun: 1293 = drpmon(1).exe
dPolicies-disallowrun: 1294 = drpmon.exe
dPolicies-disallowrun: 1295 = drv.exe
dPolicies-disallowrun: 1296 = drvddll.exe
dPolicies-disallowrun: 1297 = drwtsn16.exe
dPolicies-disallowrun: 1298 = ds.exe
dPolicies-disallowrun: 1299 = dscbtshl.exe
dPolicies-disallowrun: 1300 = dssagent.exe
dPolicies-disallowrun: 1301 = dtloader.exe
dPolicies-disallowrun: 1302 = duel.exe
dPolicies-disallowrun: 1303 = dun.exe
dPolicies-disallowrun: 1304 = dvbern.exe
dPolicies-disallowrun: 1305 = dvchost.exe
dPolicies-disallowrun: 1306 = dvdkeyauth.exe
dPolicies-disallowrun: 1307 = dvldr32.exe
dPolicies-disallowrun: 1308 = dvwnhd.exe
dPolicies-disallowrun: 1309 = dw.exe
dPolicies-disallowrun: 1310 = dwcg.exe
dPolicies-disallowrun: 1311 = dwe.exe
dPolicies-disallowrun: 1312 = dwnupdt.exe
dPolicies-disallowrun: 1313 = usbautotuner.exe
dPolicies-disallowrun: 1314 = dxnf.exe
dPolicies-disallowrun: 1315 = e85b8fb2d01.exe
dPolicies-disallowrun: 1316 = easy.windows.monitoring.exe
dPolicies-disallowrun: 1317 = easyav.exe
dPolicies-disallowrun: 1318 = ecodec.exe
dPolicies-disallowrun: 1319 = edit server.exe
dPolicies-disallowrun: 1320 = ee.exe
dPolicies-disallowrun: 1321 = ee1a8f91d01.exe
dPolicies-disallowrun: 1322 = ee248fa7d01.exe
dPolicies-disallowrun: 1323 = eeea8fa3d01.exe
dPolicies-disallowrun: 1324 = eeef8fa2d01.exe
dPolicies-disallowrun: 1325 = eetu.exe
dPolicies-disallowrun: 1326 = eksplorasi.exe
dPolicies-disallowrun: 1327 = elos.exe
dPolicies-disallowrun: 1328 = eml.exe
dPolicies-disallowrun: 1329 = emsw.exe
dPolicies-disallowrun: 1330 = enbiei.exe
dPolicies-disallowrun: 1331 = enuubwafo.exe
dPolicies-disallowrun: 1332 = epswad4.exe
dPolicies-disallowrun: 1333 = errorguard.exe
dPolicies-disallowrun: 1334 = ers.exe
dPolicies-disallowrun: 1335 = ersvc.exe
dPolicies-disallowrun: 1336 = escan.exe
dPolicies-disallowrun: 1337 = esyndicateinst.exe
dPolicies-disallowrun: 1338 = evr8gkxb.exe
dPolicies-disallowrun: 1339 = exchng32.exe
dPolicies-disallowrun: 1340 = exclean.exe
dPolicies-disallowrun: 1341 = exdl.exe
dPolicies-disallowrun: 1342 = exec.exe
dPolicies-disallowrun: 1343 = exp.exe
dPolicies-disallowrun: 1344 = expl32.exe
dPolicies-disallowrun: 1345 = explore.exe
dPolicies-disallowrun: 1346 = explored.exe
dPolicies-disallowrun: 1347 = exploreff.exe
dPolicies-disallowrun: 1348 = explorer32.exe
dPolicies-disallowrun: 1349 = explorere.exe
dPolicies-disallowrun: 1350 = exul.exe
dPolicies-disallowrun: 1351 = ezinstall.exe
dPolicies-disallowrun: 1352 = ezpopstub.exe
dPolicies-disallowrun: 1353 = ezstub.exe
dPolicies-disallowrun: 1354 = ezstub22.exe
dPolicies-disallowrun: 1355 = ezulumain.exe
dPolicies-disallowrun: 1356 = f3403484.exe
dPolicies-disallowrun: 1357 = f4bbfeaed01
dPolicies-disallowrun: 1358 = farmmext.exe
dPolicies-disallowrun: 1359 = fash.exe
dPolicies-disallowrun: 1360 = fasterxp.exe
dPolicies-disallowrun: 1361 = fbi_facebook.exe
dPolicies-disallowrun: 1362 = fc.exe
dPolicies-disallowrun: 1363 = fixtitle.exe
dPolicies-disallowrun: 1364 = fjdbfvk.exe
dPolicies-disallowrun: 1365 = flashtalk-wise1000.exe
dPolicies-disallowrun: 1366 = fntldr.exe
dPolicies-disallowrun: 1367 = fontloader.exe
dPolicies-disallowrun: 1368 = fontview.exe
dPolicies-disallowrun: 1369 = formulario.exe
dPolicies-disallowrun: 1370 = fph.exe
dPolicies-disallowrun: 1371 = fqc.exe
dPolicies-disallowrun: 1372 = freexxx.exe
dPolicies-disallowrun: 1373 = frsk.exe
dPolicies-disallowrun: 1374 = fservice.exe
dPolicies-disallowrun: 1375 = fsg.exe
dPolicies-disallowrun: 1376 = fsg_4104.exe
dPolicies-disallowrun: 1377 = fsjyhc5r.exe
dPolicies-disallowrun: 1378 = fsw.exe
dPolicies-disallowrun: 1379 = fullgames.exe
dPolicies-disallowrun: 1380 = fuwxenc.exe
dPolicies-disallowrun: 1381 = fvprotect.exe
dPolicies-disallowrun: 1382 = g181511.a.stub.exe
dPolicies-disallowrun: 1383 = g4eyp3kf.exe
dPolicies-disallowrun: 1384 = gaedzsxe.exe
dPolicies-disallowrun: 1385 = gah95on6.exe
dPolicies-disallowrun: 1386 = gain_trickler_3102.exe
dPolicies-disallowrun: 1387 = gain_trickler_3202.exe
dPolicies-disallowrun: 1388 = my music.exe
dPolicies-disallowrun: 1389 = gateway.exe
dPolicies-disallowrun: 1390 = gator.exe
dPolicies-disallowrun: 1391 = gatorstubsetup.exe
dPolicies-disallowrun: 1392 = get.exe
dPolicies-disallowrun: 1393 = get_flash_update.exe
dPolicies-disallowrun: 1394 = getbuys.exe
dPolicies-disallowrun: 1395 = gfjgj.exe
dPolicies-disallowrun: 1396 = ghost.bat
dPolicies-disallowrun: 1397 = ginst_001_1234_4201.exe
dPolicies-disallowrun: 1398 = gld.exe
dPolicies-disallowrun: 1399 = glf2fglf2f.exe
dPolicies-disallowrun: 1400 = gm.exe
dPolicies-disallowrun: 1401 = gmt.exe
dPolicies-disallowrun: 1402 = gogoaddisplay.exe
dPolicies-disallowrun: 1403 = gogoaddressbar.exe
dPolicies-disallowrun: 1404 = gogofileshare.exe
dPolicies-disallowrun: 1405 = gogotoolbar.exe
dPolicies-disallowrun: 1406 = gogotools.exe
dPolicies-disallowrun: 1407 = gogotools0.exe
dPolicies-disallowrun: 1408 = gogotoolsinstaller.exe
dPolicies-disallowrun: 1409 = gsohy92a.exe
dPolicies-disallowrun: 1410 = gstartup.exe
dPolicies-disallowrun: 1411 = szace.exe
dPolicies-disallowrun: 1412 = guninstaller.exe
dPolicies-disallowrun: 1413 = h2g140n1.exe
dPolicies-disallowrun: 1414 = hacker.exe
dPolicies-disallowrun: 1415 = haiyang.exe
dPolicies-disallowrun: 1416 = hbinst.exe
dPolicies-disallowrun: 1417 = hbtv.exe
dPolicies-disallowrun: 1418 = heat.exe
dPolicies-disallowrun: 1419 = hellmsn.exe
dPolicies-disallowrun: 1420 = helpexp.exe
dPolicies-disallowrun: 1421 = hgfedcba.exe
dPolicies-disallowrun: 1422 = hgqhp.exe
dPolicies-disallowrun: 1423 = hhs32.pif
dPolicies-disallowrun: 1424 = hidden32.exe
dPolicies-disallowrun: 1425 = hidedown.exe
dPolicies-disallowrun: 1426 = hidr.exe
dPolicies-disallowrun: 1427 = hloader.exe
dPolicies-disallowrun: 1428 = hnm_svc.exe
dPolicies-disallowrun: 1429 = hookdump.exe
dPolicies-disallowrun: 1430 = host.exe
dPolicies-disallowrun: 1431 = hot.exe
dPolicies-disallowrun: 1432 = hot_tarts_mc.exe
dPolicies-disallowrun: 1433 = hprog.exe
dPolicies-disallowrun: 1434 = hro.exe
dPolicies-disallowrun: 1435 = htmdeng.exe
dPolicies-disallowrun: 1436 = hwclock.exe
dPolicies-disallowrun: 1437 = hxdef.exe
dPolicies-disallowrun: 1438 = hxdl.exe
dPolicies-disallowrun: 1439 = hxiul.exe
dPolicies-disallowrun: 1440 = i3k0hgad.exe
dPolicies-disallowrun: 1441 = ibm00001.exe
dPolicies-disallowrun: 1442 = icon.exe
dPolicies-disallowrun: 1443 = idemlog.exe
dPolicies-disallowrun: 1444 = idleui.exe
dPolicies-disallowrun: 1445 = iebtm.exe
dPolicies-disallowrun: 1446 = iedll.exe
dPolicies-disallowrun: 1447 = iedriver.exe
dPolicies-disallowrun: 1448 = iegator.exe
dPolicies-disallowrun: 1449 = iehost.exe
dPolicies-disallowrun: 1450 = iep.exe
dPolicies-disallowrun: 1451 = iesetup.exe
dPolicies-disallowrun: 1452 = iexpiore.exe
dPolicies-disallowrun: 1453 = iexplor32.exe
dPolicies-disallowrun: 1454 = iexplore32.exe
dPolicies-disallowrun: 1455 = iexplorer.exe
dPolicies-disallowrun: 1456 = igetnet_3845_3645.exe
dPolicies-disallowrun: 1457 = igps.exe
dPolicies-disallowrun: 1458 = igpsdon6.exe
dPolicies-disallowrun: 1459 = iinstall.exe
dPolicies-disallowrun: 1460 = im_2.exe
dPolicies-disallowrun: 1461 = imguninst.exe
dPolicies-disallowrun: 1462 = infoctl.exe
dPolicies-disallowrun: 1463 = infus.exe
dPolicies-disallowrun: 1464 = infwin.exe
dPolicies-disallowrun: 1465 = init32m.exe
dPolicies-disallowrun: 1466 = ink.exe
dPolicies-disallowrun: 1467 = inst.exe
dPolicies-disallowrun: 1468 = install1.exe
dPolicies-disallowrun: 1469 = installdatemanager.exe
dPolicies-disallowrun: 1470 = installer1.exe
dPolicies-disallowrun: 1471 = instant access.exe
dPolicies-disallowrun: 1472 = intdel.exe
dPolicies-disallowrun: 1473 = intel32.exe
dPolicies-disallowrun: 1474 = intell321.exe
dPolicies-disallowrun: 1475 = intenat.exe
dPolicies-disallowrun: 1476 = internet.exe
dPolicies-disallowrun: 1477 = internetfeatures.exe
dPolicies-disallowrun: 1478 = ipfw.exe
dPolicies-disallowrun: 1479 = ipu.exe
dPolicies-disallowrun: 1480 = ipwins.exe
dPolicies-disallowrun: 1481 = irasyncd.exe
dPolicies-disallowrun: 1482 = iroffer.exe
dPolicies-disallowrun: 1483 = isamini.exe
dPolicies-disallowrun: 1484 = isamntr.exe
dPolicies-disallowrun: 1485 = isamonitor.exe
dPolicies-disallowrun: 1486 = isass.exe
dPolicies-disallowrun: 1487 = ishost.exe
dPolicies-disallowrun: 1488 = isinstalldonecrazy.exe
dPolicies-disallowrun: 1489 = ismon.exe
dPolicies-disallowrun: 1490 = isnotify.exe
dPolicies-disallowrun: 1491 = ispsupport.exe
dPolicies-disallowrun: 1492 = issearch.exe
dPolicies-disallowrun: 1493 = istsvc.exe
dPolicies-disallowrun: 1494 = itbill.exe
dPolicies-disallowrun: 1495 = itphwd.exe
dPolicies-disallowrun: 1496 = iwatch.exe
dPolicies-disallowrun: 1497 = j4g8w5m8.exe
dPolicies-disallowrun: 1498 = j7k8ug16.exe
dPolicies-disallowrun: 1499 = j95i15ei.exe
dPolicies-disallowrun: 1500 = jabber.exe
dPolicies-disallowrun: 1501 = jammer2nd.exe
dPolicies-disallowrun: 1502 = jawa32.exe
dPolicies-disallowrun: 1503 = jdbgmrg.exe
dPolicies-disallowrun: 1504 = jif.exe
dPolicies-disallowrun: 1505 = jkill.exe
dPolicies-disallowrun: 1506 = jmnmxr.exe
dPolicies-disallowrun: 1507 = jnfdtdi.exe
dPolicies-disallowrun: 1508 = jq34042x.exe
dPolicies-disallowrun: 1509 = jre4i3q6.exe
dPolicies-disallowrun: 1510 = jushed32.exe
dPolicies-disallowrun: 1511 = jxcevib2.exe
dPolicies-disallowrun: 1512 = k4eboy6.exe
dPolicies-disallowrun: 1513 = kaboom.exe
dPolicies-disallowrun: 1514 = kahlisetup_demo.exe
dPolicies-disallowrun: 1515 = kane.exe
dPolicies-disallowrun: 1516 = kazza.exe
dPolicies-disallowrun: 1517 = kb021119.exe
dPolicies-disallowrun: 1518 = keenvalue.exe
dPolicies-disallowrun: 1519 = kernal32.exe
dPolicies-disallowrun: 1520 = kerne1412.exe
dPolicies-disallowrun: 1521 = kernel32.exe
dPolicies-disallowrun: 1522 = kernels32.exe
dPolicies-disallowrun: 1523 = kernels64.exe
dPolicies-disallowrun: 1524 = keu2zfke.exe
dPolicies-disallowrun: 1525 = keylogger plugin.exe
dPolicies-disallowrun: 1526 = keyword.exe
dPolicies-disallowrun: 1527 = kl.exe
dPolicies-disallowrun: 1528 = kmwoa.exe
dPolicies-disallowrun: 1529 = kmwol.exe
dPolicies-disallowrun: 1530 = kmwop.exe
dPolicies-disallowrun: 1531 = knuzql.exe
dPolicies-disallowrun: 1532 = krxz.exe
dPolicies-disallowrun: 1533 = l6y07fu5.exe
dPolicies-disallowrun: 1534 = lass.exe
dPolicies-disallowrun: 1535 = launchadware.exe
dPolicies-disallowrun: 1536 = layer.exe
dPolicies-disallowrun: 1537 = lcc.exe
dPolicies-disallowrun: 1538 = lex.exe
dPolicies-disallowrun: 1539 = lexplore.exe
dPolicies-disallowrun: 1540 = license_manager.exe
dPolicies-disallowrun: 1541 = bmonq.exe
dPolicies-disallowrun: 1542 = live.exe
dPolicies-disallowrun: 1543 = lmu.exe
dPolicies-disallowrun: 1544 = load.exe
dPolicies-disallowrun: 1545 = load32.exe
dPolicies-disallowrun: 1546 = loader(1).exe
dPolicies-disallowrun: 1547 = l26.exe
dPolicies-disallowrun: 1548 = loader[1].exe
dPolicies-disallowrun: 1549 = lockx.exe
dPolicies-disallowrun: 1550 = lodctr32.exe
dPolicies-disallowrun: 1551 = Duel_v2.exe
dPolicies-disallowrun: 1552 = logon.exe
dPolicies-disallowrun: 1553 = loud.exe
dPolicies-disallowrun: 1554 = lp.exe
dPolicies-disallowrun: 1555 = lsa.exe
dPolicies-disallowrun: 1556 = lsas.exe
dPolicies-disallowrun: 1557 = lsass32.exe
dPolicies-disallowrun: 1558 = lsassa.exe
dPolicies-disallowrun: 1559 = lssas.exe
dPolicies-disallowrun: 1560 = lsserv.exe
dPolicies-disallowrun: 1561 = ma.exe
dPolicies-disallowrun: 1562 = mahtfi.exe
dPolicies-disallowrun: 1563 = mapisvc32.exe
dPolicies-disallowrun: 1564 = mario.exe
dPolicies-disallowrun: 1565 = matcli.exe
dPolicies-disallowrun: 1566 = mcafee.update.exe.exe
dPolicies-disallowrun: 1567 = mcf.exe
dPolicies-disallowrun: 1568 = md.exe
dPolicies-disallowrun: 1569 = mdms.exe
dPolicies-disallowrun: 1570 = me.exe
dPolicies-disallowrun: 1571 = medgs1.exe
dPolicies-disallowrun: 1572 = mediaaccess.exe
dPolicies-disallowrun: 1573 = mediaaccessinstpack.exe
dPolicies-disallowrun: 1574 = mediaacck.exe
dPolicies-disallowrun: 1575 = mediagateway.exe
dPolicies-disallowrun: 1576 = mediaman.exe
dPolicies-disallowrun: 1577 = mediapass.exe
dPolicies-disallowrun: 1578 = mediapassk.exe
dPolicies-disallowrun: 1579 = members-area.exe
dPolicies-disallowrun: 1580 = memorymeter.exe
dPolicies-disallowrun: 1581 = menu.exe
dPolicies-disallowrun: 1582 = mfc71.exe
dPolicies-disallowrun: 1583 = mfin32.exe
dPolicies-disallowrun: 1584 = mfx8k065.exe
dPolicies-disallowrun: 1585 = microsystem.exe
dPolicies-disallowrun: 1586 = minibug.exe
dPolicies-disallowrun: 1587 = mirc32.exe
dPolicies-disallowrun: 1588 = mirindaa1i.exe
dPolicies-disallowrun: 1589 = mirror_plugin.exe
dPolicies-disallowrun: 1590 = mksc.exe
dPolicies-disallowrun: 1591 = mm.exe
dPolicies-disallowrun: 1592 = mm15201518.stub.exe
dPolicies-disallowrun: 1593 = mmbun.exe
dPolicies-disallowrun: 1594 = mmm.exe
dPolicies-disallowrun: 1595 = mmod.exe
dPolicies-disallowrun: 1596 = mmsg.exe
dPolicies-disallowrun: 1597 = mmups.exe
dPolicies-disallowrun: 1598 = mnss.exe
dPolicies-disallowrun: 1599 = mostat.exe
dPolicies-disallowrun: 1600 = mousedrv.exe
dPolicies-disallowrun: 1601 = mp3serch.exe
dPolicies-disallowrun: 1602 = mp7eq7hx.exe
dPolicies-disallowrun: 1603 = mrjj.exe
dPolicies-disallowrun: 1604 = mrtstub.exe
dPolicies-disallowrun: 1605 = msaa.exe
dPolicies-disallowrun: 1606 = msapp.exe
dPolicies-disallowrun: 1607 = msbb.exe
dPolicies-disallowrun: 1608 = msbb[1].exe
dPolicies-disallowrun: 1609 = msblast.exe
dPolicies-disallowrun: 1610 = msc32.exe
dPolicies-disallowrun: 1611 = mscache.exe
dPolicies-disallowrun: 1612 = msccn32.exe
dPolicies-disallowrun: 1613 = msckin.exe
dPolicies-disallowrun: 1614 = mscman.exe
dPolicies-disallowrun: 1615 = mscnsz.exe
dPolicies-disallowrun: 1616 = mscommand.exe
dPolicies-disallowrun: 1617 = msconfgh.exe
dPolicies-disallowrun: 1618 = msconfig32.exe
dPolicies-disallowrun: 1619 = mscornet.exe
dPolicies-disallowrun: 1620 = mscvb32.exe
dPolicies-disallowrun: 1621 = msdm.exe
dPolicies-disallowrun: 1622 = msexreg.exe
dPolicies-disallowrun: 1623 = msgdmf.exe
dPolicies-disallowrun: 1624 = msgfix.exe
dPolicies-disallowrun: 1625 = msgrsv32.exe
dPolicies-disallowrun: 1626 = msiexec16.exe
dPolicies-disallowrun: 1627 = msinfo.exe
dPolicies-disallowrun: 1628 = mslagent.exe
dPolicies-disallowrun: 1629 = mslaugh.exe
dPolicies-disallowrun: 1630 = msmc.exe
dPolicies-disallowrun: 1631 = msmgs.exe
dPolicies-disallowrun: 1632 = msmgt.exe
dPolicies-disallowrun: 1633 = msmm.exe
dPolicies-disallowrun: 1634 = msmsg.exe
dPolicies-disallowrun: 1635 = msnlive.exe
dPolicies-disallowrun: 1636 = msnst32.exe
dPolicies-disallowrun: 1637 = msole32.exe
dPolicies-disallowrun: 1638 = mspath.exe
dPolicies-disallowrun: 1639 = mspmspv.exe
dPolicies-disallowrun: 1640 = msrexe.exe
dPolicies-disallowrun: 1641 = mssearchnet.exe
dPolicies-disallowrun: 1642 = mssecure.exe
dPolicies-disallowrun: 1643 = msshed32.exe
dPolicies-disallowrun: 1644 = mssvc32.exe
dPolicies-disallowrun: 1645 = mssvr.exe
dPolicies-disallowrun: 1646 = mssys.exe
dPolicies-disallowrun: 1647 = mstasks.exe
dPolicies-disallowrun: 1648 = mstc.exe
dPolicies-disallowrun: 1649 = mstcs.exe
dPolicies-disallowrun: 1650 = msupdate.exe
dPolicies-disallowrun: 1651 = msvc32.exe
dPolicies-disallowrun: 1652 = msvcrl.exe
dPolicies-disallowrun: 1653 = msvgr.exe
dPolicies-disallowrun: 1654 = msvxd.exe
dPolicies-disallowrun: 1655 = msw.exe
dPolicies-disallowrun: 1656 = mswin32.exe
dPolicies-disallowrun: 1657 = mswinb32.exe
dPolicies-disallowrun: 1658 = msxct.exe
dPolicies-disallowrun: 1659 = mt.exe
dPolicies-disallowrun: 1660 = mtask.exe
dPolicies-disallowrun: 1661 = mtjuhp.exe
dPolicies-disallowrun: 1662 = mudsc.exe
dPolicies-disallowrun: 1663 = murphy.exe
dPolicies-disallowrun: 1664 = mwd.exe
dPolicies-disallowrun: 1665 = mwfirewall.exe
dPolicies-disallowrun: 1666 = mwsoemon.exe
dPolicies-disallowrun: 1667 = mwsvm.exe
dPolicies-disallowrun: 1668 = mypcsearch.exe
dPolicies-disallowrun: 1669 = mysearch2.0.exe
dPolicies-disallowrun: 1670 = mysetp.exe
dPolicies-disallowrun: 1671 = myurlff.exe
dPolicies-disallowrun: 1672 = myurlsagain.exe
dPolicies-disallowrun: 1673 = n.exe
dPolicies-disallowrun: 1674 = n1hvjmy9.exe
dPolicies-disallowrun: 1675 = n20050308.exe
dPolicies-disallowrun: 1676 = nail(1).exe
dPolicies-disallowrun: 1677 = nail.exe
dPolicies-disallowrun: 1678 = namedpipe.exe
dPolicies-disallowrun: 1679 = nav32sp.exe
dPolicies-disallowrun: 1680 = navapp.exe
dPolicies-disallowrun: 1681 = nbthlp.exe
dPolicies-disallowrun: 1682 = ncaselib.exe
dPolicies-disallowrun: 1683 = ndcx3xyq.exe
dPolicies-disallowrun: 1684 = netclient.exe
dPolicies-disallowrun: 1685 = netddeclnt.exe
dPolicies-disallowrun: 1686 = netinfo.exe
dPolicies-disallowrun: 1687 = netlib.exe
dPolicies-disallowrun: 1688 = netmail.exe
dPolicies-disallowrun: 1689 = netmeeting.exe
dPolicies-disallowrun: 1690 = netmon.exe
dPolicies-disallowrun: 1691 = netserver.exe
dPolicies-disallowrun: 1692 = netsurf.exe
dPolicies-disallowrun: 1693 = netsvc.exe
dPolicies-disallowrun: 1694 = network.exe
dPolicies-disallowrun: 1695 = newdevin.exe
dPolicies-disallowrun: 1696 = newdot.exe
dPolicies-disallowrun: 1697 = newpop447.exe
dPolicies-disallowrun: 1698 = nfomon.exe
dPolicies-disallowrun: 1699 = nl.exe
dPolicies-disallowrun: 1700 = nlnp49.exe
dPolicies-disallowrun: 1701 = nls.exe
dPolicies-disallowrun: 1702 = noat.exe
dPolicies-disallowrun: 1703 = nomoreporn.exe
dPolicies-disallowrun: 1704 = nopat.exe
dPolicies-disallowrun: 1705 = norton update.exe
dPolicies-disallowrun: 1706 = note.exe
dPolicies-disallowrun: 1707 = notesweb.exe
dPolicies-disallowrun: 1708 = npkcsvc.exe
dPolicies-disallowrun: 1709 = nrcs.exe
dPolicies-disallowrun: 1710 = nrpc.exe
dPolicies-disallowrun: 1711 = nscheck.exe
dPolicies-disallowrun: 1712 = nssys32.exe
dPolicies-disallowrun: 1713 = nstask32.exe
dPolicies-disallowrun: 1714 = nsupdate.exe
dPolicies-disallowrun: 1715 = nsvsvc.exe
dPolicies-disallowrun: 1716 = ntdetect.exe
dPolicies-disallowrun: 1717 = ntfs64.exe
dPolicies-disallowrun: 1718 = ntosa32.exe
dPolicies-disallowrun: 1719 = ntsys.exe
dPolicies-disallowrun: 1720 = nvctrl.exe
dPolicies-disallowrun: 1721 = nvsc32.exe
dPolicies-disallowrun: 1722 = o84u7fwq.exe
dPolicies-disallowrun: 1723 = obllak.exe
dPolicies-disallowrun: 1724 = ocxdll.exe
dPolicies-disallowrun: 1725 = odcfg.exe
dPolicies-disallowrun: 1726 = oeet.exe
dPolicies-disallowrun: 1727 = oeloader.exe
dPolicies-disallowrun: 1728 = offers.exe
dPolicies-disallowrun: 1729 = The sky.exe
dPolicies-disallowrun: 1730 = nt.com
dPolicies-disallowrun: 1731 = office.exe
dPolicies-disallowrun: 1732 = offun.exe
dPolicies-disallowrun: 1733 = okpelq4p.exe
dPolicies-disallowrun: 1734 = olehelp.exe
dPolicies-disallowrun: 1735 = optimize.exe
dPolicies-disallowrun: 1736 = optimize313.exe
dPolicies-disallowrun: 1737 = osalogbe.exe
dPolicies-disallowrun: 1738 = othb.exe
dPolicies-disallowrun: 1739 = p23oorr3.exe
dPolicies-disallowrun: 1740 = p2p networking.exe
dPolicies-disallowrun: 1741 = p2p networking2.exe
dPolicies-disallowrun: 1742 = p2p networking3.exe
dPolicies-disallowrun: 1743 = p2pnetworking.exe
dPolicies-disallowrun: 1744 = p2pnetworking3.exe
dPolicies-disallowrun: 1745 = pagerevisor.exe
dPolicies-disallowrun: 1746 = paytime.exe
dPolicies-disallowrun: 1747 = pbl8ey0e.exe
dPolicies-disallowrun: 1748 = pchealth.exe
dPolicies-disallowrun: 1749 = pcsvc.exe
dPolicies-disallowrun: 1750 = pec.exe
dPolicies-disallowrun: 1751 = pgmonitr.exe
dPolicies-disallowrun: 1752 = phantom.exe
dPolicies-disallowrun: 1753 = phqghum.exe
dPolicies-disallowrun: 1754 = phqghume.exe
dPolicies-disallowrun: 1755 = pi1_??.exe
dPolicies-disallowrun: 1756 = picsvr.exe
dPolicies-disallowrun: 1757 = pictureshare.exe
dPolicies-disallowrun: 1758 = recycle.exe
dPolicies-disallowrun: 1759 = picx.exe
dPolicies-disallowrun: 1760 = pisf.exe
dPolicies-disallowrun: 1761 = piuw.exe
dPolicies-disallowrun: 1762 = 1ogf.exe
dPolicies-disallowrun: 1763 = gwr0lyd.bat
dPolicies-disallowrun: 1764 = play[2].exe
dPolicies-disallowrun: 1765 = play[3].exe
dPolicies-disallowrun: 1766 = play[4].exe
dPolicies-disallowrun: 1767 = play_mp3(2).exe
dPolicies-disallowrun: 1768 = play_mp3.exe
dPolicies-disallowrun: 1769 = play_mp3[1].exe
dPolicies-disallowrun: 1770 = play_mp3[2].exe
dPolicies-disallowrun: 1771 = play_mp3[3].exe
dPolicies-disallowrun: 1772 = play_mp3[4].exe
dPolicies-disallowrun: 1773 = WantsU.exe
dPolicies-disallowrun: 1774 = My heart.exe
dPolicies-disallowrun: 1775 = A smile.exe
dPolicies-disallowrun: 1776 = Forever.exe
dPolicies-disallowrun: 1777 = My love.exe
dPolicies-disallowrun: 1778 = CritProc.exe
dPolicies-disallowrun: 1779 = play_mp3[5].exe
dPolicies-disallowrun: 1780 = play_mp3[6].exe
dPolicies-disallowrun: 1781 = play_mp3-3.exe
dPolicies-disallowrun: 1782 = plscd.exe
dPolicies-disallowrun: 1783 = plugin compressor.exe
dPolicies-disallowrun: 1784 = pmmnt.exe
dPolicies-disallowrun: 1785 = pmmon.exe
dPolicies-disallowrun: 1786 = pmr.exe
dPolicies-disallowrun: 1787 = pmsngr.exe
dPolicies-disallowrun: 1788 = pmsnrr.exe
dPolicies-disallowrun: 1789 = pmt.exe
dPolicies-disallowrun: 1790 = points manager.exe
dPolicies-disallowrun: 1791 = pokapoka
dPolicies-disallowrun: 1792 = pokapoka66.exe
dPolicies-disallowrun: 1793 = pokapoka67.exe
dPolicies-disallowrun: 1794 = pokapoka70.exe
dPolicies-disallowrun: 1795 = pokapoka72.exe
dPolicies-disallowrun: 1796 = pokapoka73.exe
dPolicies-disallowrun: 1797 = pokapoka76.exe
dPolicies-disallowrun: 1798 = pokapoka79.exe
dPolicies-disallowrun: 1799 = poker.exe
dPolicies-disallowrun: 1800 = popuper.exe
dPolicies-disallowrun: 1801 = powerreg
dPolicies-disallowrun: 1802 = powerreg scheduler.exe
dPolicies-disallowrun: 1803 = powerscan.exe
dPolicies-disallowrun: 1804 = precisiontime.exe
dPolicies-disallowrun: 1805 = precisiontimesetup.exe
dPolicies-disallowrun: 1806 = prevadcomm.exe
dPolicies-disallowrun: 1807 = prizesurfer.exe
dPolicies-disallowrun: 1808 = prmt.exe
dPolicies-disallowrun: 1809 = prositefinder.exe
dPolicies-disallowrun: 1810 = prositefinder1.exe
dPolicies-disallowrun: 1811 = prositefinderh.exe
dPolicies-disallowrun: 1812 = prot.exe
dPolicies-disallowrun: 1813 = protector.exe
dPolicies-disallowrun: 1814 = pruttct.exe
dPolicies-disallowrun: 1815 = ps_install-grokster.exe
dPolicies-disallowrun: 1816 = ps_uninstaller.exe
dPolicies-disallowrun: 1817 = ps1.exe
dPolicies-disallowrun: 1818 = pscanw.exe
dPolicies-disallowrun: 1819 = psof1.exe
dPolicies-disallowrun: 1820 = psoft1.exe
dPolicies-disallowrun: 1821 = My desire.exe
dPolicies-disallowrun: 1822 = My hope.exe
dPolicies-disallowrun: 1823 = My wish.exe
dPolicies-disallowrun: 1824 = psqeelsr.exe
dPolicies-disallowrun: 1825 = ptop.exe
dPolicies-disallowrun: 1826 = ptuninstaller.exe
dPolicies-disallowrun: 1827 = purityscan install.exe
dPolicies-disallowrun: 1828 = purityscan.exe
dPolicies-disallowrun: 1829 = purityscan2.exe
dPolicies-disallowrun: 1830 = purityscanuninstall.exe
dPolicies-disallowrun: 1831 = puszinyuszi.exe
dPolicies-disallowrun: 1832 = pvxusmtu.exe
dPolicies-disallowrun: 1833 = pyr0.exe
dPolicies-disallowrun: 1834 = q17i9a4j.exe
dPolicies-disallowrun: 1835 = q7moyha2.exe
dPolicies-disallowrun: 1836 = qerbi.exe
dPolicies-disallowrun: 1837 = qerbif.exe
dPolicies-disallowrun: 1838 = qhutst.exe
dPolicies-disallowrun: 1839 = qi8lu5s9.exe
dPolicies-disallowrun: 1840 = qoologic.exe
dPolicies-disallowrun: 1841 = qqpr8h33.exe
dPolicies-disallowrun: 1842 = randreco.exe
dPolicies-disallowrun: 1843 = ravmond.exe
dPolicies-disallowrun: 1844 = ray.exe
dPolicies-disallowrun: 1845 = rb32.exe
dPolicies-disallowrun: 1846 = rcsync.exe
dPolicies-disallowrun: 1847 = realtray.exe
dPolicies-disallowrun: 1848 = realupd32.exe
dPolicies-disallowrun: 1849 = register.exe
dPolicies-disallowrun: 1850 = registration.exe
dPolicies-disallowrun: 1851 = regloadr.exe
dPolicies-disallowrun: 1852 = regmaping.exe
dPolicies-disallowrun: 1853 = regperf.exe
dPolicies-disallowrun: 1854 = regscan.exe
dPolicies-disallowrun: 1855 = regsrv.exe
dPolicies-disallowrun: 1856 = regsvc32.exe
dPolicies-disallowrun: 1857 = regsync.exe
dPolicies-disallowrun: 1858 = relatedsetup.exe
dPolicies-disallowrun: 1859 = remote.exe
dPolicies-disallowrun: 1860 = removed.exe
dPolicies-disallowrun: 1861 = removedisplayutility.exe
dPolicies-disallowrun: 1862 = removejk.exe
dPolicies-disallowrun: 1863 = requester.11.exe
dPolicies-disallowrun: 1864 = resetservice.exe
dPolicies-disallowrun: 1865 = richup.exe
dPolicies-disallowrun: 1866 = rk.exe
dPolicies-disallowrun: 1867 = rlid.exe
dPolicies-disallowrun: 1868 = rlvknlg.exe
dPolicies-disallowrun: 1869 = rogue.exe
dPolicies-disallowrun: 1870 = rpcmon.exe
dPolicies-disallowrun: 1871 = rtf32.exe
dPolicies-disallowrun: 1872 = svchost000.exe
dPolicies-disallowrun: 1873 = run32dll.exe
dPolicies-disallowrun: 1874 = rundl32.exe
dPolicies-disallowrun: 1875 = rundll16.exe
dPolicies-disallowrun: 1876 = ruxdll32.exe
dPolicies-disallowrun: 1877 = rxtoolbar.exe
dPolicies-disallowrun: 1878 = s.exe
dPolicies-disallowrun: 1879 = s1p1y_bad.exe
dPolicies-disallowrun: 1880 = saap.exe
dPolicies-disallowrun: 1881 = sac.exe
dPolicies-disallowrun: 1882 = sacc.exe
dPolicies-disallowrun: 1883 = saccu.exe
dPolicies-disallowrun: 1884 = sachostb.exe
dPolicies-disallowrun: 1885 = sachostc.exe
dPolicies-disallowrun: 1886 = sachostm.exe
dPolicies-disallowrun: 1887 = sachostp.exe
dPolicies-disallowrun: 1888 = sachosts.exe
dPolicies-disallowrun: 1889 = sachostw.exe
dPolicies-disallowrun: 1890 = sachostx.exe
dPolicies-disallowrun: 1891 = safemode.exe
dPolicies-disallowrun: 1892 = sahagent.exe
dPolicies-disallowrun: 1893 = sahdownloader_.exe
dPolicies-disallowrun: 1894 = saie.exe
dPolicies-disallowrun: 1895 = sais.exe
dPolicies-disallowrun: 1896 = salm.delete.exe
dPolicies-disallowrun: 1897 = salm.exe
dPolicies-disallowrun: 1898 = salmbundle.exe
dPolicies-disallowrun: 1899 = sass.exe
dPolicies-disallowrun: 1900 = satmat.exe
dPolicies-disallowrun: 1901 = scam32.exe
dPolicies-disallowrun: 1902 = scanregistry.exe
dPolicies-disallowrun: 1903 = scardsvr32.exe
dPolicies-disallowrun: 1904 = scbar.exe
dPolicies-disallowrun: 1905 = scchost.exe
dPolicies-disallowrun: 1906 = schedulingagent
dPolicies-disallowrun: 1907 = schost.exe
dPolicies-disallowrun: 1908 = screensaver.v.2.1.exe
dPolicies-disallowrun: 1909 = scrigz.exe
dPolicies-disallowrun: 1910 = scrss.exe
dPolicies-disallowrun: 1911 = scrsvr.exe
dPolicies-disallowrun: 1912 = scrtkfg.exe
dPolicies-disallowrun: 1913 = scvhost.exe
dPolicies-disallowrun: 1914 = se.exe
dPolicies-disallowrun: 1915 = se2ppc4you.exe
dPolicies-disallowrun: 1916 = search.exe
dPolicies-disallowrun: 1917 = searchnavversion.exe
dPolicies-disallowrun: 1918 = searchnugget.exe
dPolicies-disallowrun: 1919 = searchupdate33.exe
dPolicies-disallowrun: 1920 = searchupgrader.exe
dPolicies-disallowrun: 1921 = sectoriate.exe
dPolicies-disallowrun: 1922 = secure.exe
dPolicies-disallowrun: 1923 = sed.exe
dPolicies-disallowrun: 1924 = sedk.exe
dPolicies-disallowrun: 1925 = seekmo.exe
dPolicies-disallowrun: 1926 = seeve.exe
dPolicies-disallowrun: 1927 = semanticinsight.exe
dPolicies-disallowrun: 1928 = sempalong.exe
dPolicies-disallowrun: 1929 = senslogn.exe
dPolicies-disallowrun: 1930 = sepinst.exe
dPolicies-disallowrun: 1931 = servce.exe
dPolicies-disallowrun: 1932 = servercon.exe
dPolicies-disallowrun: 1933 = servic.exe
dPolicies-disallowrun: 1934 = service5.exe
dPolicies-disallowrun: 1935 = services32.exe
dPolicies-disallowrun: 1936 = setup_jalapeno.exe
dPolicies-disallowrun: 1937 = setup32i.exe
dPolicies-disallowrun: 1938 = sf.exe
dPolicies-disallowrun: 1939 = sfc32.exe
dPolicies-disallowrun: 1940 = sfgdulkp.exe
dPolicies-disallowrun: 1941 = sfwqi.exe
dPolicies-disallowrun: 1942 = shell32.exe
dPolicies-disallowrun: 1943 = shell386.exe
dPolicies-disallowrun: 1944 = shine.exe
dPolicies-disallowrun: 1945 = shlhook.exe
dPolicies-disallowrun: 1946 = shmgrate.exe
dPolicies-disallowrun: 1947 = shnlog.exe
dPolicies-disallowrun: 1948 = shutdownutility.exe
dPolicies-disallowrun: 1949 = si.exe
dPolicies-disallowrun: 1950 = sideb.exe
dPolicies-disallowrun: 1951 = sidedb_install.exe
dPolicies-disallowrun: 1952 = sksockserver.exe
dPolicies-disallowrun: 1953 = skynetave.exe
dPolicies-disallowrun: 1954 = skype32.exe
dPolicies-disallowrun: 1955 = slmss.exe
dPolicies-disallowrun: 1956 = slserve.exe
dPolicies-disallowrun: 1957 = slserves.exe
dPolicies-disallowrun: 1958 = slsk.exe
dPolicies-disallowrun: 1959 = smmss.exe
dPolicies-disallowrun: 1960 = sms.exe
dPolicies-disallowrun: 1961 = smschk.exe
dPolicies-disallowrun: 1962 = smsonx32.exe
dPolicies-disallowrun: 1963 = smsss.exe
dPolicies-disallowrun: 1964 = smszac32.exe
dPolicies-disallowrun: 1965 = soap.exe
dPolicies-disallowrun: 1966 = Cn911.exe
dPolicies-disallowrun: 1967 = soproc.exe
dPolicies-disallowrun: 1968 = sp.exe
dPolicies-disallowrun: 1969 = sp2ctr.exe
dPolicies-disallowrun: 1970 = spoler.exe
dPolicies-disallowrun: 1971 = spollsv.exe
dPolicies-disallowrun: 1972 = spool.exe
dPolicies-disallowrun: 1973 = spooler.exe
dPolicies-disallowrun: 1974 = spools.exe
dPolicies-disallowrun: 1975 = spoolsrv.exe
dPolicies-disallowrun: 1976 = spoolsrv32.exe
dPolicies-disallowrun: 1977 = spoolsvc.exe
dPolicies-disallowrun: 1978 = sprite.exe
dPolicies-disallowrun: 1979 = spvspool.exe
dPolicies-disallowrun: 1980 = spyagent.exe
dPolicies-disallowrun: 1981 = spyagent4.exe
dPolicies-disallowrun: 1982 = spyaxe.exe
dPolicies-disallowrun: 1983 = spybuddy.exe
dPolicies-disallowrun: 1984 = spysheriff.exe
dPolicies-disallowrun: 1985 = spytrooper.exe
dPolicies-disallowrun: 1986 = spyware.exe
dPolicies-disallowrun: 1987 = sqlexp.exe
dPolicies-disallowrun: 1988 = sqlexp1.exe
dPolicies-disallowrun: 1989 = sqlrep.exe
dPolicies-disallowrun: 1990 = sqlscan.exe
dPolicies-disallowrun: 1991 = sqlserver.exe
dPolicies-disallowrun: 1992 = sr.exe
dPolicies-disallowrun: 1993 = srng.exe
dPolicies-disallowrun: 1994 = srv1.exe
dPolicies-disallowrun: 1995 = srv2.exe
dPolicies-disallowrun: 1996 = srv32.exe
dPolicies-disallowrun: 1997 = srv4.exe
dPolicies-disallowrun: 1998 = srvc32.exe
dPolicies-disallowrun: 1999 = sservice.exe
dPolicies-disallowrun: 2000 = ssgrate.exe
dPolicies-disallowrun: 2001 = ssk.exe
dPolicies-disallowrun: 2002 = ssk3_b5.exe
dPolicies-disallowrun: 2003 = ssk3_installerv5.exe
dPolicies-disallowrun: 2004 = sskb5.exe
dPolicies-disallowrun: 2005 = sskupdater.exe
dPolicies-disallowrun: 2006 = ssl.exe
dPolicies-disallowrun: 2007 = ssrms.exe
dPolicies-disallowrun: 2008 = ssyszu2r.exe
dPolicies-disallowrun: 2009 = Home Video.avi.exe
dPolicies-disallowrun: 2010 = stcloader.exe
dPolicies-disallowrun: 2011 = stealth.dcom.exe
dPolicies-disallowrun: 2012 = stealth.ddos.exe
dPolicies-disallowrun: 2013 = stealth.exe
dPolicies-disallowrun: 2014 = stealth.injector.exe
dPolicies-disallowrun: 2015 = stealth.stat.exe
dPolicies-disallowrun: 2016 = stealth.worm.exe
dPolicies-disallowrun: 2017 = stmtdlr.exe
dPolicies-disallowrun: 2018 = str.exe
dPolicies-disallowrun: 2019 = stubinstaller.exe
dPolicies-disallowrun: 2020 = stubinstaller4292.exe
dPolicies-disallowrun: 2021 = suchost.exe
dPolicies-disallowrun: 2022 = supportinstall.exe
dPolicies-disallowrun: 2023 = surfsidekick.exe
dPolicies-disallowrun: 2024 = susp.exe
dPolicies-disallowrun: 2025 = svaplayer.exe
dPolicies-disallowrun: 2026 = svc.exe
dPolicies-disallowrun: 2027 = svcdata.exe
dPolicies-disallowrun: 2028 = 2j.cmd
dPolicies-disallowrun: 2029 = svchoost.exe
dPolicies-disallowrun: 2030 = svchos1.exe
dPolicies-disallowrun: 2031 = svchosl.exe
dPolicies-disallowrun: 2032 = svchostl.exe
dPolicies-disallowrun: 2033 = svchosts.exe
dPolicies-disallowrun: 2034 = svchosts.exe
dPolicies-disallowrun: 2035 = system volume.exe
dPolicies-disallowrun: 2036 = svcinit.exe
dPolicies-disallowrun: 2037 = svcman.exe
dPolicies-disallowrun: 2038 = svcproc.exe
dPolicies-disallowrun: 2039 = svhost.exe
dPolicies-disallowrun: 2040 = svhosts.exe
dPolicies-disallowrun: 2041 = svohcst.exe
dPolicies-disallowrun: 2042 = svshost.exe
dPolicies-disallowrun: 2043 = svshots.exe
dPolicies-disallowrun: 2044 = svwhost.exe
dPolicies-disallowrun: 2045 = svzhost.exe
dPolicies-disallowrun: 2046 = swin32.exe
dPolicies-disallowrun: 2047 = switpa.exe
dPolicies-disallowrun: 2048 = swrt01.exe
dPolicies-disallowrun: 2049 = sychost.exe
dPolicies-disallowrun: 2050 = sync.exe
dPolicies-disallowrun: 2051 = synchost.exe
dPolicies-disallowrun: 2052 = sys.exe
dPolicies-disallowrun: 2053 = sysai.exe
dPolicies-disallowrun: 2054 = syscfg32.exe
dPolicies-disallowrun: 2055 = sysconf.exe
dPolicies-disallowrun: 2056 = sysfit.exe
dPolicies-disallowrun: 2057 = syshost.exe
dPolicies-disallowrun: 2058 = sysldr32.exe
dPolicies-disallowrun: 2059 = syslog.exe
dPolicies-disallowrun: 2060 = sysmonitor.exe
dPolicies-disallowrun: 2061 = syspol.exe
dPolicies-disallowrun: 2062 = syspools.exe
dPolicies-disallowrun: 2063 = sysreg.exe
dPolicies-disallowrun: 2064 = syss.exe
dPolicies-disallowrun: 2065 = syssfitb.exe
dPolicies-disallowrun: 2066 = systask32l.exe
dPolicies-disallowrun: 2067 = systb.exe
dPolicies-disallowrun: 2068 = system plugin.exe
dPolicies-disallowrun: 2069 = system16.exe
dPolicies-disallowrun: 2070 = system32.exe
dPolicies-disallowrun: 2071 = system32win.exe
dPolicies-disallowrun: 2072 = systemdll.exe
dPolicies-disallowrun: 2073 = systemtray.exe
dPolicies-disallowrun: 2074 = systemup.exe
dPolicies-disallowrun: 2075 = systime.exe
dPolicies-disallowrun: 2076 = systool.exe
dPolicies-disallowrun: 2077 = systra.exe
dPolicies-disallowrun: 2078 = systray32.exe
dPolicies-disallowrun: 2079 = systune.exe
dPolicies-disallowrun: 2080 = sysupd.exe
dPolicies-disallowrun: 2081 = sysupdate.exe
dPolicies-disallowrun: 2082 = sysvcs.exe
dPolicies-disallowrun: 2083 = syswin.exe
dPolicies-disallowrun: 2084 = sywsvcs.exe
dPolicies-disallowrun: 2085 = szchost.exe
dPolicies-disallowrun: 2086 = t8nascmw.exe
dPolicies-disallowrun: 2087 = ta.exe
dPolicies-disallowrun: 2088 = tapicfg.exe
dPolicies-disallowrun: 2089 = targetsaver.exe
dPolicies-disallowrun: 2090 = task.exe
dPolicies-disallowrun: 2091 = task32.exe
dPolicies-disallowrun: 2092 = taskbar.exe
dPolicies-disallowrun: 2093 = taskcntr.exe
dPolicies-disallowrun: 2094 = taskdrv32.exe
dPolicies-disallowrun: 2095 = tasker.exe
dPolicies-disallowrun: 2096 = taskg.exe
dPolicies-disallowrun: 2097 = taskgmr.exe
dPolicies-disallowrun: 2098 = taskmngr.exe
dPolicies-disallowrun: 2099 = taskmon.exe
dPolicies-disallowrun: 2100 = tbon.exe
dPolicies-disallowrun: 2101 = tbps.exe
dPolicies-disallowrun: 2102 = tcpservice2.exe
dPolicies-disallowrun: 2103 = teekids.exe
dPolicies-disallowrun: 2104 = temp.exe
dPolicies-disallowrun: 2105 = testing.exe
dPolicies-disallowrun: 2106 = tmp.exe
dPolicies-disallowrun: 2107 = tmp11e.exe
dPolicies-disallowrun: 2108 = tmp333.exe
dPolicies-disallowrun: 2109 = tool.exe
dPolicies-disallowrun: 2110 = tool3.exe
dPolicies-disallowrun: 2111 = trans.exe
dPolicies-disallowrun: 2112 = translator.exe
dPolicies-disallowrun: 2113 = trickler.exe
dPolicies-disallowrun: 2114 = ts.exe
dPolicies-disallowrun: 2115 = ts2.exe
dPolicies-disallowrun: 2116 = tsa.exe
dPolicies-disallowrun: 2117 = tsadbot.exe
dPolicies-disallowrun: 2118 = tsinstall_4_0_3_8_b17.exe
dPolicies-disallowrun: 2119 = tskdbg.exe
dPolicies-disallowrun: 2120 = tskmgr32.exe
dPolicies-disallowrun: 2121 = tsl2.exe
dPolicies-disallowrun: 2122 = tsm2.exe
dPolicies-disallowrun: 2123 = tsuninst.exe
dPolicies-disallowrun: 2124 = tsupdate_4_0_3_9_b2.exe
dPolicies-disallowrun: 2125 = tsysytd8.exe
dPolicies-disallowrun: 2126 = tt_reco.exe
dPolicies-disallowrun: 2127 = tv media display.exe
dPolicies-disallowrun: 2128 = tvm.exe
dPolicies-disallowrun: 2129 = tvm_b5.exe
dPolicies-disallowrun: 2130 = tvm_b5_bundle_17.exe
dPolicies-disallowrun: 2131 = tvmedia.exe
dPolicies-disallowrun: 2132 = tvmupdater.exe
dPolicies-disallowrun: 2133 = twain_16.exe
dPolicies-disallowrun: 2134 = twunk_64.exe
dPolicies-disallowrun: 2135 = u6c9mpll.exe
dPolicies-disallowrun: 2136 = uc.exe
dPolicies-disallowrun: 2137 = uc1362.exe
dPolicies-disallowrun: 2138 = ucsi.exe
dPolicies-disallowrun: 2139 = udcpas.exe
dPolicies-disallowrun: 2140 = udcsdr.exe
dPolicies-disallowrun: 2141 = uinfo?.exe
dPolicies-disallowrun: 2142 = uj4tgbhc.exe
dPolicies-disallowrun: 2143 = umqltg4cl_.exe
dPolicies-disallowrun: 2144 = umxfwhlp.exe
dPolicies-disallowrun: 2145 = unins001.exe
dPolicies-disallowrun: 2146 = uninsc.exe
dPolicies-disallowrun: 2147 = uninstdsk.exe
dPolicies-disallowrun: 2148 = unpacked-svc.exe
dPolicies-disallowrun: 2149 = unstall.exe
dPolicies-disallowrun: 2150 = uopcjly.exe
dPolicies-disallowrun: 2151 = updater.exe
dPolicies-disallowrun: 2152 = updatexp.exe
dPolicies-disallowrun: 2153 = updinst.exe
dPolicies-disallowrun: 2154 = updmgr.exe
dPolicies-disallowrun: 2155 = updtscheduler.exe
dPolicies-disallowrun: 2156 = upgrade1.exe
dPolicies-disallowrun: 2157 = upgrade3.exe
dPolicies-disallowrun: 2158 = usbn.exe
dPolicies-disallowrun: 2159 = userint32.exe
dPolicies-disallowrun: 2160 = usofrpyqzgrhcumw.exe
dPolicies-disallowrun: 2161 = uvu-channel.exe
dPolicies-disallowrun: 2162 = uwfx5.exe
dPolicies-disallowrun: 2163 = vabctqp.exe
dPolicies-disallowrun: 2164 = vb2.exe
dPolicies-disallowrun: 2165 = vbouncer.exe
dPolicies-disallowrun: 2166 = vbstub.exe
dPolicies-disallowrun: 2167 = vcclient.exe
dPolicies-disallowrun: 2168 = vcmpin.exe
dPolicies-disallowrun: 2169 = vco8n6ix.exe
dPolicies-disallowrun: 2170 = video.exe
dPolicies-disallowrun: 2171 = vidmon.exe
dPolicies-disallowrun: 2172 = vmlib.exe
dPolicies-disallowrun: 2173 = vmss.exe
dPolicies-disallowrun: 2174 = voclslqn.exe
dPolicies-disallowrun: 2175 = vsnpstd2.exe
dPolicies-disallowrun: 2176 = w.exe
dPolicies-disallowrun: 2177 = w11150.exe
dPolicies-disallowrun: 2178 = w181609.stub.exe
dPolicies-disallowrun: 2179 = w32_systm.exe
dPolicies-disallowrun: 2180 = w32backdoor-axc.trojan.exe
dPolicies-disallowrun: 2181 = w32backdoor-axg.trojan.exe
dPolicies-disallowrun: 2182 = w32backdoor-axh.trojan.exe
dPolicies-disallowrun: 2183 = w32backdoor-dvl.exe
dPolicies-disallowrun: 2184 = w32backdoor-egl.exe
dPolicies-disallowrun: 2185 = pnc.exe
dPolicies-disallowrun: 2186 = w32backdoor-egv.exe
dPolicies-disallowrun: 2187 = w32backdoor-hd.trojan.exe
dPolicies-disallowrun: 2188 = w32backdoor-jz.trojan.exe
dPolicies-disallowrun: 2189 = w32backdoor-nt.exe
dPolicies-disallowrun: 2190 = w32backdoor-ny.exe
dPolicies-disallowrun: 2191 = w32backdoor-yx.exe
dPolicies-disallowrun: 2192 = w32banito-k.trojan.exe
dPolicies-disallowrun: 2193 = w32banito-p.exe
dPolicies-disallowrun: 2194 = w32downloader-ggs.exe
dPolicies-disallowrun: 2195 = w32downloader-gns.exe
dPolicies-disallowrun: 2196 = w32downloader-gpq.exe
dPolicies-disallowrun: 2197 = w32haxdoor-ft.exe
dPolicies-disallowrun: 2198 = w32hupigon-ar.exe
dPolicies-disallowrun: 2199 = w32hupigon-cj.exe
dPolicies-disallowrun: 2200 = w32istbar-la.exe
dPolicies-disallowrun: 2201 = w32lecna-a.exe
dPolicies-disallowrun: 2202 = w32time.exe
dPolicies-disallowrun: 2203 = wareout.exe
dPolicies-disallowrun: 2204 = watch_free_porn.exe
dPolicies-disallowrun: 2205 = wauclt.exe
dPolicies-disallowrun: 2206 = wdfmrg.exe
dPolicies-disallowrun: 2207 = weatherstudio desktop.exe
dPolicies-disallowrun: 2208 = web.exe
dPolicies-disallowrun: 2209 = webbullion.exe
dPolicies-disallowrun: 2210 = webinstall.exe
dPolicies-disallowrun: 2211 = weblookup.exe
dPolicies-disallowrun: 2212 = webpmger.exe
dPolicies-disallowrun: 2213 = webrebates.exe
dPolicies-disallowrun: 2214 = wfdmgr.exe
dPolicies-disallowrun: 2215 = whagent.exe
dPolicies-disallowrun: 2216 = whg14100.exe
dPolicies-disallowrun: 2217 = whse.exe
dPolicies-disallowrun: 2218 = whsurvey.exe
dPolicies-disallowrun: 2219 = wid32.exe
dPolicies-disallowrun: 2220 = wimanager.exe
dPolicies-disallowrun: 2221 = win.com
dPolicies-disallowrun: 2222 = win.exe
dPolicies-disallowrun: 2223 = win24.exe
dPolicies-disallowrun: 2224 = win32.exe
dPolicies-disallowrun: 2225 = win32api.exe
dPolicies-disallowrun: 2226 = win32debug.exe
dPolicies-disallowrun: 2227 = win32us.exe
dPolicies-disallowrun: 2228 = winactive.exe
dPolicies-disallowrun: 2229 = winad.exe
dPolicies-disallowrun: 2230 = winadalt.exe
dPolicies-disallowrun: 2231 = winadctl.exe
dPolicies-disallowrun: 2232 = winadm.exe
dPolicies-disallowrun: 2233 = winadserv.exe
dPolicies-disallowrun: 2234 = winadslave.exe
dPolicies-disallowrun: 2235 = winadtools.exe
dPolicies-disallowrun: 2236 = winav.exe
dPolicies-disallowrun: 2237 = win-bugsfix.exe
dPolicies-disallowrun: 2238 = wincfg32.exe
dPolicies-disallowrun: 2239 = wincomm.exe
dPolicies-disallowrun: 2240 = wincomp.exe
dPolicies-disallowrun: 2241 = winctlad.exe
dPolicies-disallowrun: 2242 = winctladalt.exe
dPolicies-disallowrun: 2243 = winctrl?.exe
dPolicies-disallowrun: 2244 = wind2ll2.exe
dPolicies-disallowrun: 2245 = windbg32.exe
dPolicies-disallowrun: 2246 = winde.exe
dPolicies-disallowrun: 2247 = windefault.exe
dPolicies-disallowrun: 2248 = windio778.exe
dPolicies-disallowrun: 2249 = windir32.exe
dPolicies-disallowrun: 2250 = windirect.exe
dPolicies-disallowrun: 2251 = windows.exe
dPolicies-disallowrun: 2252 = windowsupdated32.exe
dPolicies-disallowrun: 2253 = winds.exe
dPolicies-disallowrun: 2254 = windspl.exe
dPolicies-disallowrun: 2255 = winex.exe
dPolicies-disallowrun: 2256 = winexec.exe
dPolicies-disallowrun: 2257 = winexec32.exe
dPolicies-disallowrun: 2258 = winfixer
dPolicies-disallowrun: 2259 = winform.exe
dPolicies-disallowrun: 2260 = winfrw.exe
dPolicies-disallowrun: 2261 = wingate.exe
dPolicies-disallowrun: 2262 = wingo.exe
dPolicies-disallowrun: 2263 = winhost.exe
dPolicies-disallowrun: 2264 = winhound.exe
dPolicies-disallowrun: 2265 = wininfo.exe
dPolicies-disallowrun: 2266 = wininit32.exe
dPolicies-disallowrun: 2267 = winldr.exe
dPolicies-disallowrun: 2268 = winldra.exe
dPolicies-disallowrun: 2269 = winlock.exe
dPolicies-disallowrun: 2270 = winlogin.exe
dPolicies-disallowrun: 2271 = winlogonn.exe
dPolicies-disallowrun: 2272 = winlogons.exe
dPolicies-disallowrun: 2273 = winmain.exe
dPolicies-disallowrun: 2274 = winmgm32.exe
dPolicies-disallowrun: 2275 = winnet.exe
dPolicies-disallowrun: 2276 = winnt.exe
dPolicies-disallowrun: 2277 = winoie789.exe
dPolicies-disallowrun: 2278 = winole.exe
dPolicies-disallowrun: 2279 = winotify.exe
dPolicies-disallowrun: 2280 = winpack.exe
dPolicies-disallowrun: 2281 = winproc32.exe
dPolicies-disallowrun: 2282 = winpsd.exe
dPolicies-disallowrun: 2283 = winpup32.exe
dPolicies-disallowrun: 2284 = winrarshell32.exe
dPolicies-disallowrun: 2285 = winratchet.exe
dPolicies-disallowrun: 2286 = winrecon.exe
dPolicies-disallowrun: 2287 = winresw.exe
dPolicies-disallowrun: 2288 = winrpc.exe
dPolicies-disallowrun: 2289 = winsched.exe
dPolicies-disallowrun: 2290 = winserv.exe
dPolicies-disallowrun: 2291 = winservices.exe
dPolicies-disallowrun: 2292 = winservn.exe
dPolicies-disallowrun: 2293 = winservs.exe
dPolicies-disallowrun: 2294 = winservsuit.exe
dPolicies-disallowrun: 2295 = winsetup.exe
dPolicies-disallowrun: 2296 = winsfc.exe
dPolicies-disallowrun: 2297 = winshost.exe
dPolicies-disallowrun: 2298 = winsocks.exe
dPolicies-disallowrun: 2299 = winspector.exe
dPolicies-disallowrun: 2300 = winsrv32.exe
dPolicies-disallowrun: 2301 = winssk32.exe
dPolicies-disallowrun: 2302 = winstall.exe
dPolicies-disallowrun: 2303 = winstart.exe
dPolicies-disallowrun: 2304 = winstart001.exe
dPolicies-disallowrun: 2305 = winstat.exe
dPolicies-disallowrun: 2306 = winstatkeep.exe
dPolicies-disallowrun: 2307 = winsupdater.exe
dPolicies-disallowrun: 2308 = winsvc.exe
dPolicies-disallowrun: 2309 = winsvc32.exe
dPolicies-disallowrun: 2310 = winsvr.exe
dPolicies-disallowrun: 2311 = winsys.exe
dPolicies-disallowrun: 2312 = winsys2.exe
dPolicies-disallowrun: 2313 = winsys32.exe
dPolicies-disallowrun: 2314 = wintask.exe
dPolicies-disallowrun: 2315 = wintaskad.exe
dPolicies-disallowrun: 2316 = wintbp.exe
dPolicies-disallowrun: 2317 = wintems.exe
dPolicies-disallowrun: 2318 = wintime.exe
dPolicies-disallowrun: 2319 = wintools.exe
dPolicies-disallowrun: 2320 = wintoolsa.exe
dPolicies-disallowrun: 2321 = wintrust32.exe
dPolicies-disallowrun: 2322 = wintsk32.exe
dPolicies-disallowrun: 2323 = wintsvtr.exe
dPolicies-disallowrun: 2324 = winupdate.exe
dPolicies-disallowrun: 2325 = winupdates.exe
dPolicies-disallowrun: 2326 = winupdt.exe
dPolicies-disallowrun: 2327 = winupdtl.exe
dPolicies-disallowrun: 2328 = winwan.exe
dPolicies-disallowrun: 2329 = winxp.exe
dPolicies-disallowrun: 2330 = 81859749.EXE
dPolicies-disallowrun: 2331 = winzip_tmp.exe
dPolicies-disallowrun: 2332 = wiseupdt.exe
dPolicies-disallowrun: 2333 = wkssvc.exe
dPolicies-disallowrun: 2334 = wkssvc32.exe
dPolicies-disallowrun: 2335 = wmon32.exe
dPolicies-disallowrun: 2336 = wo.exe
dPolicies-disallowrun: 2337 = word.exe
dPolicies-disallowrun: 2338 = wovax.exe
dPolicies-disallowrun: 2339 = wp.exe
dPolicies-disallowrun: 2340 = wpa.exe
dPolicies-disallowrun: 2341 = wpd.exe
dPolicies-disallowrun: 2342 = wrapperouter.exe
dPolicies-disallowrun: 2343 = wrgrci.exe
dPolicies-disallowrun: 2344 = wsebate2.exe
dPolicies-disallowrun: 2345 = wsup.exe
dPolicies-disallowrun: 2346 = wsupdate.exe
dPolicies-disallowrun: 2347 = wsxsvc.exe
dPolicies-disallowrun: 2348 = wsys.exe
dPolicies-disallowrun: 2349 = wtools.exe
dPolicies-disallowrun: 2350 = wtoolsa 1.0.8.11.exe
dPolicies-disallowrun: 2351 = wtoolsa.exe
dPolicies-disallowrun: 2352 = wtoolss.exe
dPolicies-disallowrun: 2353 = wtssvtr.exe
dPolicies-disallowrun: 2354 = wuactl2.exe
dPolicies-disallowrun: 2355 = wuamgrd.exe
dPolicies-disallowrun: 2356 = wuamkop.exe
dPolicies-disallowrun: 2357 = wuauclt2.exe
dPolicies-disallowrun: 2358 = wupdate.exe
dPolicies-disallowrun: 2359 = wupdated.exe
dPolicies-disallowrun: 2360 = wupdater.exe
dPolicies-disallowrun: 2361 = wupdates.exe
dPolicies-disallowrun: 2362 = wupdt.exe
dPolicies-disallowrun: 2363 = wups.exe
dPolicies-disallowrun: 2364 = x234cpiroff.exe
dPolicies-disallowrun: 2365 = xfullgames.exe
dPolicies-disallowrun: 2366 = xhrmy.exe
dPolicies-disallowrun: 2367 = xmailer.exe
dPolicies-disallowrun: 2368 = xpujbkz6.exe
dPolicies-disallowrun: 2369 = xtcfgloader.exe
dPolicies-disallowrun: 2370 = xtmbgajp.exe
dPolicies-disallowrun: 2371 = xupiterstartup.exe
dPolicies-disallowrun: 2372 = xupitertoolbarloader.exe
dPolicies-disallowrun: 2373 = xvid-1.0.3-beta3-setup.exe
dPolicies-disallowrun: 2374 = xwrm.exe
dPolicies-disallowrun: 2375 = xxx.exe
dPolicies-disallowrun: 2376 = xzciqim.exe
dPolicies-disallowrun: 2377 = xzz.exe
dPolicies-disallowrun: 2378 = y.exe
dPolicies-disallowrun: 2379 = y38p3fqy.exe
dPolicies-disallowrun: 2380 = yaemu.exe
dPolicies-disallowrun: 2381 = ystckao32.exe
dPolicies-disallowrun: 2382 = zango.exe
dPolicies-disallowrun: 2383 = zangohook.exe
dPolicies-disallowrun: 2384 = zangoinstaller.exe
dPolicies-disallowrun: 2385 = zangotb.exe
dPolicies-disallowrun: 2386 = zangotbinstaller.exe
dPolicies-disallowrun: 2387 = zangotbuninstaller.exe
dPolicies-disallowrun: 2388 = zanu.exe
dPolicies-disallowrun: 2389 = zanuhook.exe
dPolicies-disallowrun: 2390 = zb9uu7p0.exe
dPolicies-disallowrun: 2391 = zcbridge.exe
dPolicies-disallowrun: 2392 = zcz.exe
dPolicies-disallowrun: 2393 = zeta.exe
dPolicies-disallowrun: 2394 = zhopaizdupla.exe
dPolicies-disallowrun: 2395 = lvhf.cmd
dPolicies-disallowrun: 2396 = 2aaxaiy.exe
dPolicies-disallowrun: 2397 = 2.bat
dPolicies-disallowrun: 2398 = 1utbfd.bat
dPolicies-disallowrun: 2399 = 0bcobed.exe
dPolicies-disallowrun: 2400 = ib8979.exe
dPolicies-disallowrun: 2401 = j6445622.exe
dPolicies-disallowrun: 2402 = o4445627.exe
dPolicies-disallowrun: 2403 = 2u.com
dPolicies-disallowrun: 2404 = program files.exe
dPolicies-disallowrun: 2405 = winsmss.exe
dPolicies-disallowrun: 2406 = document.exe
dPolicies-disallowrun: 2407 = Gerger_files.exe
dPolicies-disallowrun: 2408 = drvspace.com
dPolicies-disallowrun: 2409 = EraleuH.exe
dPolicies-disallowrun: 2410 = PowerPoint temlates.exe
dPolicies-disallowrun: 2411 = Excel templates.exe
dPolicies-disallowrun: 2412 = My Media Files.exe
dPolicies-disallowrun: 2413 = MP3 Files.exe
dPolicies-disallowrun: 2414 = Admin Files.exe
dPolicies-disallowrun: 2415 = filesrv32.exe
dPolicies-disallowrun: 2416 = My Documents.exe
dPolicies-disallowrun: 2417 = Important Documents.exe
dPolicies-disallowrun: 2418 = Saved Documents.exe
dPolicies-disallowrun: 2419 = My Videos.exe
dPolicies-disallowrun: 2420 = System Volume Information.cmd
dPolicies-disallowrun: 2421 = System Volume Information.bat
dPolicies-disallowrun: 2422 = System Volume Information.com
dPolicies-disallowrun: 2423 = System Volume Information.exe
dPolicies-disallowrun: 2424 = ChiNiu.exe
dPolicies-disallowrun: 2425 = winomc.exe
dPolicies-disallowrun: 2426 = vang anh.exe
dPolicies-disallowrun: 2427 = autorun.inf.bat
dPolicies-disallowrun: 2428 = autorun.inf.com
dPolicies-disallowrun: 2429 = autorun.inf.cmd
dPolicies-disallowrun: 2430 = autorun.inf.exe
dPolicies-disallowrun: 2431 = autorun.ini.bat
dPolicies-disallowrun: 2432 = autorun.ini.com
dPolicies-disallowrun: 2433 = autorun.ini.cmd
dPolicies-disallowrun: 2434 = autorun.ini.exe
dPolicies-disallowrun: 2435 = desktop.ini.exe
dPolicies-disallowrun: 2436 = desktop.ini.bat
dPolicies-disallowrun: 2437 = desktop.ini.com
dPolicies-disallowrun: 2438 = desktop.ini.cmd
dPolicies-disallowrun: 2439 = ntos.exe
dPolicies-disallowrun: 2440 = fqmcnfl.exe
dPolicies-disallowrun: 2441 = jscuup.exe
dPolicies-disallowrun: 2442 = msbootlog.exe
dPolicies-disallowrun: 2443 = website.exe
dPolicies-disallowrun: 2444 = Mr.kokoro.exe
dPolicies-disallowrun: 2445 = MR.KOKORO website.exe
dPolicies-disallowrun: 2446 = jjxzwzjy090223.exe
dPolicies-disallowrun: 2447 = usbmon.exe
dPolicies-disallowrun: 2448 = kb2006a.exe
dPolicies-disallowrun: 2449 = GOBACK.EXE
dPolicies-disallowrun: 2450 = SSERVER.EXE
dPolicies-disallowrun: 2451 = GOST.EXE
dPolicies-disallowrun: 2452 = lap.exe
dPolicies-disallowrun: 2453 = 91255398.EXE
dPolicies-disallowrun: 2454 = newdev.exe
dPolicies-disallowrun: 2455 = my game.exe
dPolicies-disallowrun: 2456 = my games.exe
dPolicies-disallowrun: 2457 = xn9uu8.exe
dPolicies-disallowrun: 2458 = xdw.com
dPolicies-disallowrun: 2459 = xcisvxl.com
dPolicies-disallowrun: 2460 = x2csvg.exe
dPolicies-disallowrun: 2461 = w.exe
dPolicies-disallowrun: 2462 = w98.com
dPolicies-disallowrun: 2463 = w2.com
dPolicies-disallowrun: 2464 = ve.exe
dPolicies-disallowrun: 2465 = uxkl0apt.bat
dPolicies-disallowrun: 2466 = uvsqfgwd.cmd
dPolicies-disallowrun: 2467 = ur0.com
dPolicies-disallowrun: 2468 = upw.bat
dPolicies-disallowrun: 2469 = ujyew68.cmd
dPolicies-disallowrun: 2470 = u.com
dPolicies-disallowrun: 2471 = tx.bat
dPolicies-disallowrun: 2472 = sbju2.exe
dPolicies-disallowrun: 2473 = rveunh.com
dPolicies-disallowrun: 2474 = rcvk.exe
dPolicies-disallowrun: 2475 = qxty9be.cmd
dPolicies-disallowrun: 2476 = qphdin.com
dPolicies-disallowrun: 2477 = qoes.bat
dPolicies-disallowrun: 2478 = q0dhfjf.exe
dPolicies-disallowrun: 2479 = pook.com
dPolicies-disallowrun: 2480 = opgde.exe
dPolicies-disallowrun: 2481 = o8.bat
dPolicies-disallowrun: 2482 = o3n9k.com
dPolicies-disallowrun: 2483 = mk.com
dPolicies-disallowrun: 2484 = minm.cmd
dPolicies-disallowrun: 2485 = m0vnonh.bat
dPolicies-disallowrun: 2486 = luk1ylq.com
dPolicies-disallowrun: 2487 = ltdjr2ia.exe
dPolicies-disallowrun: 2488 = lhylec9x.cmd
dPolicies-disallowrun: 2489 = jodi2nb.com
dPolicies-disallowrun: 2490 = jm3cx96.bat
dPolicies-disallowrun: 2491 = jeorels.cmd
dPolicies-disallowrun: 2492 = je9.com
dPolicies-disallowrun: 2493 = j60osk9.cmd
dPolicies-disallowrun: 2494 = iq.bat
dPolicies-disallowrun: 2495 = i.com
dPolicies-disallowrun: 2496 = i6g6x.cmd
dPolicies-disallowrun: 2497 = hyetn1i.exe
dPolicies-disallowrun: 2498 = hl80c6b1.com
dPolicies-disallowrun: 2499 = gy.exe
dPolicies-disallowrun: 2500 = gi2ky.exe
dPolicies-disallowrun: 2501 = gfqgq.cmd
dPolicies-disallowrun: 2502 = gc6.cmd
dPolicies-disallowrun: 2503 = em8tqm.cmd
dPolicies-disallowrun: 2504 = ej.com
dPolicies-disallowrun: 2505 = dy9.cmd
dPolicies-disallowrun: 2506 = dbrxubcw.com
dPolicies-disallowrun: 2507 = cv22.cmd
dPolicies-disallowrun: 2508 = cqxj.exe
dPolicies-disallowrun: 2509 = bvc0gyp.bat
dPolicies-disallowrun: 2510 = bg3e9.bat
dPolicies-disallowrun: 2511 = bd3q0qix.exe
dPolicies-disallowrun: 2512 = a2h2.com
dPolicies-disallowrun: 2513 = a1agmur.cmd
dPolicies-disallowrun: 2514 = 210ebnkd.com
dPolicies-disallowrun: 2515 = 93to.bat
dPolicies-disallowrun: 2516 = 6tbvtj.cmd
dPolicies-disallowrun: 2517 = 2nw3rjta.cmd
dPolicies-disallowrun: 2518 = 2fiy.bat
dPolicies-disallowrun: 2519 = 82521011.EXE
dPolicies-disallowrun: 2520 = 43980195.EXE
dPolicies-disallowrun: 2521 = REGEDT.EXE
dPolicies-disallowrun: 2522 = Cfg.exe
dPolicies-disallowrun: 2523 = kbdsys.exe
dPolicies-disallowrun: 2524 = Read1st!.exe
dPolicies-disallowrun: 2525 = hlpsvc2.exe
dPolicies-disallowrun: 2526 = hlpsvc1.exe
dPolicies-disallowrun: 2527 = Classified.exe
dPolicies-disallowrun: 2528 = option.bat
dPolicies-disallowrun: 2529 = sysinf.bat
dPolicies-disallowrun: 2530 = pagefile.exe
dPolicies-disallowrun: 2531 = kavupda.exe
dPolicies-disallowrun: 2532 = HelpCat.exe
dPolicies-disallowrun: 2533 = ????8.exe
dPolicies-disallowrun: 2534 = SKServer.exe
dPolicies-disallowrun: 2535 = msddrv42.exe
dPolicies-disallowrun: 2536 = Romantic.exe
dPolicies-disallowrun: 2537 = WPV001253926400.EXE
dPolicies-disallowrun: 2538 = DPLTAINEXI-517.PMS.EXE
dPolicies-disallowrun: 2539 = 96971452.EXE
dPolicies-disallowrun: 2540 = sasnative32.exe
dPolicies-disallowrun: 2541 = clc32.exe
dPolicies-disallowrun: 2542 = m9ma.exe
dPolicies-disallowrun: 2543 = 6fnlpetp.exe
dPolicies-disallowrun: 2544 = xlk9.com
dPolicies-disallowrun: 2545 = ahnrpta.exe
dPolicies-disallowrun: 2546 = olhrwef.exe
dPolicies-disallowrun: 2547 = vamsoft.exe
dPolicies-disallowrun: 2548 = vsse33.exe
dPolicies-disallowrun: 2549 = wpv791239289922.exe
dPolicies-disallowrun: 2550 = wpv29125338862.exe
dPolicies-disallowrun: 2551 = wpv481254425989.exe
dPolicies-disallowrun: 2552 = wpv261254042811.exe
dPolicies-disallowrun: 2553 = ikowin32.exe
dPolicies-disallowrun: 2554 = lizkavd.exe
dPolicies-disallowrun: 2555 = restorer32_a.exe
dPolicies-disallowrun: 2556 = DPLTNOQDBS-327.PMS.EXE
dPolicies-disallowrun: 2557 = WINBQB0SCA.EXE
dPolicies-disallowrun: 2558 = WJQS.EXE
dPolicies-disallowrun: 2559 = SERES.EXE
dPolicies-disallowrun: 2560 = SVCST.EXE
dPolicies-disallowrun: 2561 = winzip.exe
dPolicies-disallowrun: 2562 = fun.xls.exe
dPolicies-disallowrun: 2563 = autorunme.exe
dPolicies-disallowrun: 2564 = MSwindows.exe
dPolicies-disallowrun: 2565 = player32.exe
dPolicies-disallowrun: 2566 = Home Video.exe
dPolicies-disallowrun: 2567 = EPL0RER.EXE
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{42B32220-F284-49E7-ACCA-058A1CBF72C2} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\spencerpassmore\appdata\roaming\mozilla\firefox\profiles\xynishel.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2012-3-14 50624]
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2012-3-14 169080]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\drivers\EpfwLWF.sys [2012-3-14 33656]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-5-23 223864]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-5-3 1226096]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2012-3-7 913144]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-11-29 77816]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2012-1-18 22176]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-5-23 94584]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2011-12-19 3289032]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-22 257696]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-22 129976]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-5-23 94584]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-5-23 93816]
S3 sbwtis;sbwtis;c:\windows\system32\drivers\sbwtis.sys [2011-12-19 72312]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-5-22 1343400]
.
=============== Created Last 30 ================
.
2012-05-23 12:30:55 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-23 10:18:43 -------- d-----w- c:\users\spencerpassmore\appdata\local\temp
2012-05-23 10:12:08 98816 ----a-w- c:\windows\sed.exe
2012-05-23 10:12:08 518144 ----a-w- c:\windows\SWREG.exe
2012-05-23 10:12:08 256000 ----a-w- c:\windows\PEV.exe
2012-05-23 10:12:08 208896 ----a-w- c:\windows\MBR.exe
2012-05-23 09:51:44 -------- d-----w- c:\windows\system32\catroot2
2012-05-23 08:44:31 -------- d-----w- c:\windows\system32\%LocalAppData%
2012-05-23 08:09:50 608448 ----a-w- c:\windows\system32\COMCTL32.OCX
2012-05-23 08:09:50 -------- d-----w- c:\program files\FixAuto
2012-05-23 06:16:12 -------- d-----w- c:\users\spencerpassmore\appdata\local\adaware
2012-05-23 06:16:10 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-05-23 06:15:48 93816 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-05-23 06:15:32 94584 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-05-23 06:15:32 223864 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-05-23 06:15:30 -------- d-----w- c:\windows\system32\drivers\VDD
2012-05-23 06:15:25 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-05-23 06:12:21 -------- d-----w- c:\users\spencerpassmore\appdata\roaming\Ad-Aware Antivirus
2012-05-23 05:54:10 -------- d-----w- c:\users\spencerpassmore\appdata\roaming\SUPERAntiSpyware.com
2012-05-23 05:53:53 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-23 05:53:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-23 05:42:02 -------- d-----w- c:\users\spencerpassmore\appdata\local\Diagnostics
2012-05-22 18:21:31 -------- d-----w- c:\users\spencerpassmore\appdata\roaming\ESET
2012-05-22 18:21:31 -------- d-----w- c:\users\spencerpassmore\appdata\local\ESET
2012-05-22 18:12:53 -------- d-----w- c:\program files\ESET
2012-05-22 14:54:34 -------- d-----w- c:\program files\CCleaner
2012-05-22 14:31:34 -------- d-----w- c:\users\spencerpassmore\appdata\roaming\IObit
2012-05-22 14:31:33 -------- d-----w- c:\program files\IObit
2012-05-22 14:00:50 -------- d-----w- c:\users\spencerpassmore\appdata\roaming\WinPatrol
2012-05-22 14:00:47 -------- d-----w- c:\programdata\InstallMate
2012-05-22 14:00:47 -------- d-----w- c:\program files\BillP Studios
2012-05-22 12:49:06 -------- d-----w- c:\users\spencerpassmore\appdata\local\Thunderbird
2012-05-22 11:11:09 175616 ----a-w- c:\windows\system32\unrar.dll
2012-05-22 11:11:06 -------- d-----w- c:\program files\K-Lite Codec Pack
2012-05-22 10:57:19 74240 ----a-w- c:\windows\system32\fsutil.exe
2012-05-22 10:57:19 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2012-05-22 10:57:19 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-05-22 10:57:19 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-05-22 10:57:19 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-05-22 10:57:18 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-05-22 10:57:18 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-05-22 10:57:18 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-05-22 10:57:18 1699328 ----a-w- c:\windows\system32\esent.dll
2012-05-22 10:09:02 -------- d-----w- C:\Boot
2012-05-22 07:45:19 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-05-22 07:45:19 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-05-22 07:45:18 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-05-22 07:45:17 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-05-22 07:45:17 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-05-22 07:45:16 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-05-22 07:45:16 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-05-22 07:42:09 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-05-22 07:26:44 -------- d-----w- c:\program files\Photoshop
2012-05-22 07:11:37 805376 ----a-w- c:\windows\system32\FntCache.dll
2012-05-22 07:11:37 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-05-22 07:05:06 -------- d-----w- c:\windows\system32\Wat
2012-05-22 06:40:25 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2012-05-22 06:40:25 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-05-22 06:40:25 -------- d-----w- c:\program files\SpywareBlaster
2012-05-22 06:40:06 -------- d-----w- c:\program files\VS Revo Group
2012-05-22 06:19:00 -------- d-----w- c:\program files\Gus Verdun
2012-05-22 06:13:56 -------- d-----w- c:\program files\MessengerData WMP Plugin
2012-05-22 06:10:08 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-22 06:10:08 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-22 06:03:22 -------- d-----w- c:\program files\AIM Music Link
2012-05-22 06:01:54 -------- d-----w- c:\users\spencerpassmore\appdata\local\AOL OCP
2012-05-22 06:01:53 -------- d-----w- c:\users\spencerpassmore\appdata\local\AOL
2012-05-22 06:01:29 -------- d-----w- c:\programdata\acccore
2012-05-22 06:01:28 -------- d-----w- c:\program files\Yahoo!
2012-05-22 06:01:16 -------- d-----w- c:\program files\common files\AOL
2012-05-22 06:01:04 -------- d-----w- c:\program files\AIM6
2012-05-22 05:58:02 -------- d-----w- c:\program files\Unlocker
2012-05-22 05:54:32 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-05-22 05:54:16 -------- d-----w- c:\windows\PCHEALTH
2012-05-22 05:51:54 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2012-05-22 05:51:54 47360 ----a-w- c:\users\spencerpassmore\appdata\roaming\pcouffin.sys
2012-05-22 05:51:50 65602 ----a-w- c:\windows\system32\cook3260.dll
2012-05-22 05:51:50 217127 ----a-w- c:\windows\system32\drv43260.dll
2012-05-22 05:51:50 208935 ----a-w- c:\windows\system32\drv33260.dll
2012-05-22 05:51:50 176165 ----a-w- c:\windows\system32\drv23260.dll
2012-05-22 05:51:50 102439 ----a-w- c:\windows\system32\sipr3260.dll
2012-05-22 05:51:49 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2012-05-22 05:51:49 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2012-05-22 05:51:48 -------- d-----w- c:\program files\VSO
2012-05-22 05:40:34 -------- d-----w- c:\program files\Oracle
2012-05-22 05:40:28 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-22 05:40:28 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-22 05:13:53 -------- d-----w- c:\users\spencerpassmore\appdata\local\Adobe
2012-05-22 05:12:13 -------- d-sh--w- c:\windows\Installer
2012-05-22 05:06:58 -------- d-----w- c:\program files\VideoLAN
2012-05-21 13:17:58 -------- d-----w- c:\windows\Panther
2012-05-21 10:06:12 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2012-05-21 10:06:12 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-05-21 10:06:12 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-05-21 10:06:11 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-05-21 10:06:11 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-05-21 10:05:46 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-05-21 10:03:58 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-05-21 10:03:57 534528 ----a-w- c:\windows\system32\EncDec.dll
2012-05-21 10:03:56 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2012-05-21 10:03:55 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-05-21 10:03:54 850944 ----a-w- c:\windows\system32\sbe.dll
2012-05-21 10:03:54 642048 ----a-w- c:\windows\system32\CPFilters.dll
2012-05-21 10:03:54 38912 ----a-w- c:\windows\system32\csrsrv.dll
2012-05-21 10:03:53 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2012-05-21 10:03:52 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-05-21 10:03:52 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-05-21 10:03:33 2616320 ----a-w- c:\windows\explorer.exe
2012-05-21 10:01:11 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2012-05-21 10:01:11 1137664 ----a-w- c:\windows\system32\mfc42.dll
2012-05-21 10:01:10 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-05-21 10:01:10 123904 ----a-w- c:\windows\system32\poqexec.exe
2012-05-21 10:01:09 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-05-21 09:58:03 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-05-21 09:48:50 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ac27c56a-118c-4147-9756-280d6520b650}\mpengine.dll
2012-05-21 09:48:50 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-21 09:35:05 1002008 ----a-w- c:\windows\system32\igxpun.exe
2012-05-21 09:35:05 -------- d-----w- c:\windows\system32\x64
2012-05-21 09:31:59 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-05-21 09:31:59 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-21 09:31:59 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-21 09:31:58 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-05-21 09:31:58 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-05-21 09:31:58 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-21 08:06:25 -------- d-----w- C:\Intel
2012-05-21 06:19:12 -------- d-----w- C:\Recovery
.
==================== Find3M ====================
.
2012-03-31 04:39:37 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 02:36:11 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 10:23:11 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-17 07:27:18 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-03-14 12:40:04 148504 ----a-w- c:\windows\system32\drivers\epfw.sys
2012-03-14 12:40:02 50624 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2012-03-14 12:40:02 33656 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2012-03-14 12:40:02 169080 ----a-w- c:\windows\system32\drivers\eamonm.sys
2012-03-14 12:40:02 120152 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2012-03-03 05:31:19 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-01 05:46:57 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37:41 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 8:32:45.90 ===============

#5 spencerp

spencerp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 24 May 2012 - 08:26 AM

Extra's Log:

OTL Extras logfile created on: 5/23/2012 7:33:01 AM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\spencerpassmore\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 54.37% Memory free
6.48 Gb Paging File | 5.28 Gb Available in Paging File | 81.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 354.20 Gb Free Space | 76.05% Space Free | Partition Type: NTFS
Drive E: | 153.38 Gb Total Space | 153.29 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
Drive G: | 14.83 Gb Total Space | 14.83 Gb Free Space | 99.99% Space Free | Partition Type: FAT32

Computer Name: SPENCERMP | User Name: spencerpassmore | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FBA623-955A-45B0-BED2-C116461B6A47}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{06BC12BA-7BAA-4BC0-B66A-0CF09921478D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{11BFB5CC-004E-4044-941D-7F845F045DA2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{12E48E75-430F-4AEA-8713-CE372EC2C4EE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{19597CB4-6FAD-4208-9A53-1BBD3CB92700}" = lport=10244 | protocol=6 | dir=in | app=system |
"{19F4F63D-65BA-424E-92ED-BC26D0E8024B}" = lport=3390 | protocol=6 | dir=in | app=system |
"{1DA877E9-EC91-4C8D-BACC-385A78D977AD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2ECAD405-7BEA-43CC-B186-F601A3EBD473}" = lport=2869 | protocol=6 | dir=in | app=system |
"{32B4BF07-8639-44CE-AF83-714BD6607D16}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3D674621-CC31-4DB8-9872-057886437F1C}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{42A06ABD-EEBF-4A60-A943-1347047BE806}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BD0095F-2E53-41BF-B15F-74BFAFDE989A}" = rport=139 | protocol=6 | dir=out | app=system |
"{5543EAB8-CCEF-4A1D-A475-46176356979A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{657B9247-D8FA-48D3-9EDC-BE6FBE95469A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7D76DF42-A9F8-4D06-B586-491ED8416C2C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8E6C7628-33C4-4ACB-B798-65168B439455}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{8EB96887-36E7-4534-B1EF-AF0282A19C2E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9514289F-4EDB-4D1C-94F5-F6C1C885094B}" = rport=138 | protocol=17 | dir=out | app=system |
"{9BAC4029-28B3-457A-959F-77820F73C9AB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9E25C8F4-5505-402D-B53A-AC41543ACD86}" = rport=137 | protocol=17 | dir=out | app=system |
"{A5BAD62E-FEE9-4A19-874C-0924ED0E1370}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{AA63EC14-C458-4519-ACA8-824913B4E3B0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C2432446-0959-495D-91CB-9FA11229E6D9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C359657F-5AA3-4355-BA0B-1EF7C31BC1E9}" = lport=138 | protocol=17 | dir=in | app=system |
"{C7DC031F-FE71-4A84-ABE9-49F12A19050D}" = rport=445 | protocol=6 | dir=out | app=system |
"{CBC747CB-7EF5-46A1-BBF3-B51446ADD9D4}" = lport=137 | protocol=17 | dir=in | app=system |
"{CDFF4B7C-25CE-4955-9BF4-1BE318EF4D20}" = lport=445 | protocol=6 | dir=in | app=system |
"{D6A9A089-0C7F-4BAE-97A5-FB2D1759ADCC}" = lport=139 | protocol=6 | dir=in | app=system |
"{DC6FDF17-BD3F-46FB-836E-215127F874EF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F5EF0672-1A93-41AF-91B6-C04F948C917A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F70A946C-1034-40B3-97C4-8B76C188A158}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FC5A3BE5-1940-41F6-BE2C-37D922A3EEB8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FF749BFA-6951-4006-A1EA-11A7D8FCA97A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{139B9FD9-DE6E-4D1C-99D4-0DF8ED8E6EB7}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{1AA9E6B8-C3D2-45C8-9B81-36F6D2B4DFA3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1E5DE680-95D6-4701-9170-335988597B23}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1E98E5C8-1C4F-4BBB-9747-FAAD3B4D859A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1EF319BF-FC51-48BC-8423-0DE19845BCF6}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{26E981E8-AD7D-44CE-A755-D2E5A4C7D840}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3CB83A74-FC63-4D0F-A63F-A8BD1F4B5FFB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{42B43C6D-FAAB-4A47-927D-859E87146B21}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{44F6C3FE-7012-478B-9287-AE86EB92B433}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{51779C98-587E-4815-A49F-179F383B5B99}" = protocol=6 | dir=in | svc=msiscsi | app=%systemroot%\system32\svchost.exe |
"{6026AB3A-CD26-4AEF-BD89-03330BBE647C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{670B21E8-ED2E-4E41-9C7A-D74530B47523}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{67AD0D58-768D-4156-94CC-2A20E8E3EABB}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{80C41594-9352-4410-9980-11995A944849}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{8A2B9D4F-BF21-4533-A732-D365AB60727C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{96950B68-0069-45F3-A11F-74F2169E4B43}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{9700DDB5-F0FF-4541-9F65-9CC45F1BC03D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{98E0E262-C2FD-4C2B-BFCC-DCF9694AA908}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{9C33994E-036E-41E1-A1E2-CA9039774BD3}" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"{A13056AC-85C4-46D3-8676-E19DC30C01B1}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{A9761639-028F-44BD-A630-A64B7E4F7F46}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B7B38393-9A18-4204-AA29-8DCFA8EBF83A}" = protocol=6 | dir=out | svc=msiscsi | app=%systemroot%\system32\svchost.exe |
"{CBEE4950-CAD4-45DA-8229-64FB11147DC4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CDEAB56D-CF6E-48DA-9186-D8EE2EFC0AFD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D0997782-20CB-487B-B2EA-2E0981316C55}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{D151205D-C36E-4B3F-93A1-FACCB2642440}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D32DF048-56B5-4CBC-BE0B-F817CEF85E6D}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{DC84D141-347F-47EC-B52B-15FF0FF73D10}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DFC68541-33B8-454E-A456-91EFB02E68F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EAC046C2-01AA-4CAC-9A6B-9D9C15D8382E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F0CDF643-C9A3-47AB-A0A8-1D67A6568D04}" = protocol=6 | dir=out | app=system |
"{F5E7231B-490E-493C-80D8-BAAE641C9226}" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"{FD64B1A7-E343-4E1A-9265-65B1577E2A47}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06283453-7826-2168-5324-689421793582}" = MessengerData WMP Plugin
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{23170F69-40C1-2701-0920-000001000000}" = 7-Zip 9.20
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{302A1E2E-DD58-4673-BC99-9CC10EC2637A}" = WinPatrol
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{84C9CD33-1525-4500-BC16-139522A71B98}_is1" = FixAuto 1.1.7
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
"{EF181DC1-0ECB-4546-9772-C3C3F58E5747}" = ESET Smart Security
"{fc8208f2-b1c1-4253-9e89-d518e983b7bb}" = Ad-Aware Antivirus
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIM MusicLink 4.1.0.0" = AIM MusicLink 4.1.0.0
"AIM_6" = AIM 6
"CCleaner" = CCleaner
"Gus Verdun's IM Tweaks Plugin" = Gus Verdun's IM Tweaks Plugin
"HDMI" = Intel® Graphics Media Accelerator Driver
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.8.0 (Full)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"Mozilla Thunderbird 12.0.1 (x86 en-US)" = Mozilla Thunderbird 12.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Revo Uninstaller" = Revo Uninstaller 1.94
"SpywareBlaster_is1" = SpywareBlaster 4.6
"Unlocker" = Unlocker 1.9.1
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/23/2012 5:54:02 AM | Computer Name = spencermp | Source = Windows Search Service | ID = 1006
Description =

Error - 5/23/2012 5:54:09 AM | Computer Name = spencermp | Source = Windows Search Service | ID = 1006
Description =

Error - 5/23/2012 5:54:33 AM | Computer Name = spencermp | Source = Windows Search Service | ID = 1006
Description =

Error - 5/23/2012 5:56:50 AM | Computer Name = spencermp | Source = Windows Search Service | ID = 1006
Description =

Error - 5/23/2012 5:57:16 AM | Computer Name = spencermp | Source = Windows Search Service | ID = 1006
Description =

Error - 5/23/2012 5:57:22 AM | Computer Name = spencermp | Source = Windows Search Service | ID = 1006
Description =

Error - 5/23/2012 5:57:29 AM | Computer Name = spencermp | Source = Windows Search Service | ID = 1006
Description =

Error - 5/23/2012 6:08:40 AM | Computer Name = spencermp | Source = Windows Search Service | ID = 1006
Description =

Error - 5/23/2012 6:08:59 AM | Computer Name = spencermp | Source = Windows Search Service | ID = 1006
Description =

Error - 5/23/2012 6:09:24 AM | Computer Name = spencermp | Source = Windows Search Service | ID = 1006
Description =

[ System Events ]
Error - 5/23/2012 6:34:21 AM | Computer Name = spencermp | Source = Service Control Manager | ID = 7023
Description = The Windows Search service terminated with the following error: %%5

Error - 5/23/2012 6:34:21 AM | Computer Name = spencermp | Source = Service Control Manager | ID = 7034
Description = The Windows Search service terminated unexpectedly. It has done this
32 time(s).

Error - 5/23/2012 6:34:30 AM | Computer Name = spencermp | Source = Service Control Manager | ID = 7023
Description = The Windows Search service terminated with the following error: %%5

Error - 5/23/2012 6:34:30 AM | Computer Name = spencermp | Source = Service Control Manager | ID = 7034
Description = The Windows Search service terminated unexpectedly. It has done this
33 time(s).

Error - 5/23/2012 6:34:35 AM | Computer Name = spencermp | Source = Service Control Manager | ID = 7023
Description = The Windows Search service terminated with the following error: %%5

Error - 5/23/2012 6:34:35 AM | Computer Name = spencermp | Source = Service Control Manager | ID = 7034
Description = The Windows Search service terminated unexpectedly. It has done this
34 time(s).

Error - 5/23/2012 6:36:05 AM | Computer Name = spencermp | Source = Service Control Manager | ID = 7023
Description = The Windows Search service terminated with the following error: %%5

Error - 5/23/2012 6:36:05 AM | Computer Name = spencermp | Source = Service Control Manager | ID = 7034
Description = The Windows Search service terminated unexpectedly. It has done this
35 time(s).

Error - 5/23/2012 6:36:12 AM | Computer Name = spencermp | Source = Service Control Manager | ID = 7023
Description = The Windows Search service terminated with the following error: %%5

Error - 5/23/2012 6:36:12 AM | Computer Name = spencermp | Source = Service Control Manager | ID = 7034
Description = The Windows Search service terminated unexpectedly. It has done this
36 time(s).


< End of report >


I have the Attach log too... if needed

#6 spencerp

spencerp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 24 May 2012 - 09:56 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-23 09:09:02
-----------------------------
09:09:02.273 OS Version: Windows 6.1.7601 Service Pack 1
09:09:02.273 Number of processors: 2 586 0xF0B
09:09:02.274 ComputerName: SPENCERMP UserName:
09:09:03.305 Initialize success
09:16:51.631 AVAST engine defs: 12052400
09:17:10.462 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-6
09:17:10.464 Disk 0 Vendor: WDC_WD1600YS-01SHB1 20.06C06 Size: 157066MB BusType: 11
09:17:10.466 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-4
09:17:10.468 Disk 1 Vendor: WDC_WD5002ABYS-01B1B0 02.03B02 Size: 476940MB BusType: 11
09:17:10.524 Disk 1 MBR read successfully
09:17:10.527 Disk 1 MBR scan
09:17:10.532 Disk 1 Windows 7 default MBR code
09:17:10.541 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 63
09:17:10.559 Disk 1 scanning sectors +976768065
09:17:10.634 Disk 1 scanning C:\Windows\system32\drivers
09:17:29.411 Service scanning
09:17:40.334 Modules scanning
09:18:03.906 Disk 1 trace - called modules:
09:18:03.919 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
09:18:03.920 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x85f647b8]
09:18:03.920 3 CLASSPNP.SYS[8b9b959e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x8519e030]
09:18:05.232 AVAST engine scan C:\Windows
09:18:33.508 AVAST engine scan C:\Windows\system32
09:26:37.493 AVAST engine scan C:\Windows\system32\drivers
09:27:24.642 AVAST engine scan C:\Users\spencerpassmore
09:36:00.120 AVAST engine scan C:\ProgramData
09:37:21.330 Scan finished successfully
10:32:25.838 Disk 1 MBR has been saved successfully to "C:\Users\spencerpassmore\Desktop\MBR.dat"
10:32:25.843 The log file has been saved successfully to "C:\Users\spencerpassmore\Desktop\aswMBR.txt"

#7 spencerp

spencerp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 24 May 2012 - 02:02 PM

I ran RemoveIt Pro SE Pro trial... it found 70 to 79 viruses and trojans... and only removed like 50 some of them... :( Not sure what to do.. except maybe move important files to my other Sata Hard Drive again... and do another fresh install of windows 7... ugh!!

I'm trying to google all these damn things here.. and finding fixes and bleep to remove em... :(

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= rund1132.exe
"2"= m5vbvm60.exe
"3"= Unoccupied.reg
"4"= Regedit32.com
"5"= Shell32.com
"6"= dllchache.exe
"7"= services_test.exe
"8"= New Folder.exe
"9"= systemio.exe
"10"= JK.exe
"11"= rundl132.exe
"12"= Logo1_.exe
"13"= RichDll.exe
"14"= loveRabbit.exe
"15"= msexch400.exe
"16"= Rabbit.exe
"17"= aut0exec.bat
"18"= ntde1ect.com
"19"= Mixa.exe
"20"= apvo.exe
"21"= expressav.exe
"22"= apv0.exe
"23"= l33na.exe
"24"= ed.exe
"25"= spooisv.exe
"26"= rttrwq.exe
"27"= _use.exe
"28"= 11-00.exe
"29"= wmibus.exe
"30"= wmisys.exe
"31"= Normal.exe
"32"= execute.exe
"33"= leena.job
"34"= leena.exe
"35"= aneel.exe
"36"= wuauc1t.exe
"37"= Win32dll.exe
"38"= Win32.dll.vbs
"39"= SteamDll32.exe
"40"= WinSteam.exe
"41"= SteamHelper.exe
"42"= kavo.exe
"43"= spoclsv.exe
"44"= dfqnabib.exe
"45"= sfsxachu.exe
"46"= stjxakin.exe
"47"= tjfyabyt.exe
"48"= kdaic.exe
"49"= zsdjabmp.exe
"50"= lpmxajkl.exe
"51"= dfqnabib.exe
"52"= WINLOG0N.exe
"53"= SVCH0ST.exe
"54"= System.exe
"55"= phim nguoi lon.exe
"56"= password_viewer.exe
"57"= SVCHOST555.exe
"58"= inst_vinh.exe
"59"= Bro_Act.exe
"60"= braviax.exe
"61"= CbEvtSvc.exe
"62"= MySexy.exe
"63"= msconfig.com
"64"= regedit.com
"65"= default__.pif
"66"= jvosoft.exe
"67"= 9sky8pia.exe
"68"= amvo0.exe
"69"= lphc9dkj0ec6a.exe
"70"= rhcahej0ej6v.exe
"71"= chiCkie.exe
"72"= ExeServ.exe
"73"= Av-Prev.exe
"74"= ati2avxx.exe
"75"= Sex Picture.scr
"76"= xpupdate.exe
"77"= comine.exe
"78"= autochl.exe
"79"= log.exe
"80"= comboClt.ocx.vbs
"81"= Sos.exe
"82"= kxvo.exe
"83"= zz.exe
"84"= lsasss.exe
"85"= order.exe
"86"= Flashy.exe
"87"= meex.exe
"88"= xibgptd.exe
"89"= xmjisnw.exe
"90"= asd0.exe
"91"= windowsupd2.exe
"92"= winhost.exe
"93"= quicken.exe
"94"= editpad.exe
"95"= nwonknu.exe
"96"= rasrun.exe
"97"= psdrv.exe
"98"= svci.exe
"99"= unknown.exe
"100"= castlecops[1].exe
"101"= 1014[1].exe
"102"= is[1].exe
"103"= wcs.exe
"104"= Sizhu.exe
"105"= ibrv.exe
"106"= vgguxso.exe
"107"= uitxjwa.exe
"108"= loadam.exe
"109"= sunny.exe
"110"= etialof.exe
"111"= sdjxeqi.exe
"112"= tsnqtjn.exe
"113"= dluxde.exe
"114"= Soft0
"115"= 1.exe
"116"= 10.exe
"117"= SVOHOST.exe
"118"= sxs.exe
"119"= phimnguoilon.exe
"120"= amvo.exe
"121"= n1deiect.com
"122"= qwc.exe
"123"= tknn6.bat
"124"= 6l6w8.com
"125"= hay.exe
"126"= more.exe
"127"= nontay.exe
"128"= boom.vbs
"129"= drivers.cab.exe
"130"= KEYBOARD.exe
"131"= Global.exe
"132"= jdbgmgr.exe
"133"= secret.exe
"134"= xdict.exe
"135"= algssl.exe
"136"= phimhot.exe
"137"= other.exe
"138"= fun.exe
"139"= winsit.exe
"140"= sal.xls.exe
"141"= msfir80.exe
"142"= .exe
"143"= MSconfigg.exe
"144"= servics.exe
"145"= expl0rer.exe
"146"= tel.xls.exe
"147"= funni.exe
"148"= kvosoft.exe
"149"= 4.exe
"150"= 2008.exe
"151"= folder.exe
"152"= knx32.exe
"153"= Mixa_I.exe
"154"= bleep.exe
"155"= Happy99.exe
"156"= SKA.EXE
"157"= sysmgr.exe
"158"= Mixa_1.exe
"159"= skynet.exe
"160"= Isass.exe
"161"= 8out.exe
"162"= lotto.exe
"163"= ieav.exe
"164"= win32.host.exe
"165"= osgjaaj.exe
"166"= info.exe
"167"= ads.jpg.exe
"168"= CKVO.EXE
"169"= a2.exe
"170"= rundii32.exe
"171"= cd.exe
"172"= ph.com
"173"= winivstr.exe
"174"= Default.exe
"175"= NTDETECH.com
"176"= l63snn8.exe
"177"= svhost.exe
"178"= svchot.exe
"179"= svch0t.exe
"180"= svh0st.exe
"181"= my_80004.exe
"182"= explorcr.exe
"183"= admin6_ver0424.exe
"184"= yeSetup.exe
"185"= dodolook591.exe
"186"= alexa240.exe
"187"= 1072.exe
"188"= atmpvcno.dll.exe
"189"= atmlib.dll.exe
"190"= musica.exe
"191"= ...exe
"192"= ..exe
"193"= crack.com
"194"= dwintl.dll.exe
"195"= explorer.zip.scr
"196"= pictures.exe
"197"= readme.com
"198"= 12520437.cpx.exe
"199"= 12520850.cpx.exe
"200"= 3com_dmi.exe
"201"= 6to4svc.dll.exe
"202"= access.cpl.exe
"203"= acctres.dll.exe
"204"= acelpdec.ax.exe
"205"= acledit.dll.exe
"206"= aclui.dll.exe
"207"= activeds.dll.exe
"208"= activeds.tlb.exe
"209"= actxprxy.dll.exe
"210"= admparse.dll.exe
"211"= adodc.srg.exe
"212"= adptif.dll.exe
"213"= adsldp.dll.exe
"214"= adsldpc.dll.exe
"215"= adsmsext.dll.exe
"216"= adsnds.dll.exe
"217"= adsnt.dll.exe
"218"= adsnw.dll.exe
"219"= advapi32.dll.exe
"220"= advpack.dll.exe
"221"= alrsvc.dll.exe
"222"= amcompat.tlb.exe
"223"= amstream.dll.exe
"224"= ansi.sys.exe
"225"= apcups.dll.exe
"226"= apphelp.dll.exe
"227"= appmgmts.dll.exe
"228"= appmgr.dll.exe
"229"= appwiz.cpl.exe
"230"= asctrls.ocx.exe
"231"= asferror.dll.exe
"232"= asycfilt.dll.exe
"233"= atkctrs.dll.exe
"234"= atl.dll.exe
"235"= atmfd.dll.exe
"236"= 100.exe
"237"= 101.exe
"238"= 102.exe
"239"= 103.exe
"240"= 104.exe
"241"= 105.exe
"242"= 106.exe
"243"= 107.exe
"244"= 108.exe
"245"= 109.exe
"246"= 11.exe
"247"= 110.exe
"248"= 111.exe
"249"= 112.exe
"250"= 113.exe
"251"= 114.exe
"252"= 115.exe
"253"= 116.exe
"254"= 117.exe
"255"= 118.exe
"256"= 119.exe
"257"= 12.exe
"258"= 120.exe
"259"= 122.exe
"260"= 123.exe
"261"= 124.exe
"262"= 125.exe
"263"= blastk.exe
"264"= 126.exe
"265"= 127.exe
"266"= 128.exe
"267"= 129.exe
"268"= 13.exe
"269"= 130.exe
"270"= 131.exe
"271"= 132.exe
"272"= 133.exe
"273"= 134.exe
"274"= 135.exe
"275"= 136.exe
"276"= 137.exe
"277"= 138.exe
"278"= 139.exe
"279"= 14.exe
"280"= 140.exe
"281"= 141.exe
"282"= 142.exe
"283"= 143.exe
"284"= 144.exe
"285"= 145.exe
"286"= 146.exe
"287"= 147.exe
"288"= 148.exe
"289"= 149.exe
"290"= 15.exe
"291"= 150.exe
"292"= 151.exe
"293"= 152.exe
"294"= 153.exe
"295"= 154.exe
"296"= 155.exe
"297"= 156.exe
"298"= 157.exe
"299"= 158.exe
"300"= 159.exe
"301"= 16.exe
"302"= 160.exe
"303"= 161.exe
"304"= 162.exe
"305"= 163.exe
"306"= 164.exe
"307"= 165.exe
"308"= 166.exe
"309"= 167.exe
"310"= 168.exe
"311"= 169.exe
"312"= 17.exe
"313"= 170.exe
"314"= 171.exe
"315"= 172.exe
"316"= 173.exe
"317"= 174.exe
"318"= 175.exe
"319"= 176.exe
"320"= 177.exe
"321"= 178.exe
"322"= 179.exe
"323"= 18.exe
"324"= 180.exe
"325"= 181.exe
"326"= 182.exe
"327"= 183.exe
"328"= 184.exe
"329"= 185.exe
"330"= 186.exe
"331"= 187.exe
"332"= 188.exe
"333"= 189.exe
"334"= 19.exe
"335"= 190.exe
"336"= 191.exe
"337"= 192.exe
"338"= 193.exe
"339"= 194.exe
"340"= 195.exe
"341"= 196.exe
"342"= 197.exe
"343"= 198.exe
"344"= 199.exe
"345"= 20.exe
"346"= 21.exe
"347"= 22.exe
"348"= 23.exe
"349"= 24.exe
"350"= 25.exe
"351"= 26.exe
"352"= 27.exe
"353"= 28.exe
"354"= 29.exe
"355"= 3.exe
"356"= 30.exe
"357"= 1000.exe
"358"= 1001.exe
"359"= 1002.exe
"360"= 1003.exe
"361"= 1004.exe
"362"= 1005.exe
"363"= 1006.exe
"364"= 1007.exe
"365"= 1008.exe
"366"= 1009.exe
"367"= 1010.exe
"368"= 1011.exe
"369"= 1012.exe
"370"= 1013.exe
"371"= 1014.exe
"372"= 1015.exe
"373"= 1016.exe
"374"= 1017.exe
"375"= 1018.exe
"376"= 1019.exe
"377"= 1020.exe
"378"= 1021.exe
"379"= 1022.exe
"380"= 1023.exe
"381"= 1024.exe
"382"= 1025.exe
"383"= 1026.exe
"384"= 1027.exe
"385"= 1028.exe
"386"= 1029.exe
"387"= 1030.exe
"388"= 1031.exe
"389"= 1032.exe
"390"= 1033.exe
"391"= 1034.exe
"392"= 1035.exe
"393"= 1036.exe
"394"= 1037.exe
"395"= 1038.exe
"396"= 1039.exe
"397"= 1040.exe
"398"= 1041.exe
"399"= 1042.exe
"400"= 1043.exe
"401"= 1044.exe
"402"= 1045.exe
"403"= 1046.exe
"404"= 1047.exe
"405"= 1048.exe
"406"= 1049.exe
"407"= 1050.exe
"408"= 1051.exe
"409"= 1052.exe
"410"= 1053.exe
"411"= 1054.exe
"412"= 1055.exe
"413"= 1056.exe
"414"= 1057.exe
"415"= 1058.exe
"416"= 1059.exe
"417"= 1060.exe
"418"= 1061.exe
"419"= 1062.exe
"420"= 1063.exe
"421"= 1064.exe
"422"= 1065.exe
"423"= 1066.exe
"424"= 1067.exe
"425"= 1068.exe
"426"= 1069.exe
"427"= 1070.exe
"428"= 1071.exe
"429"= 1072.exe
"430"= 1073.exe
"431"= 1074.exe
"432"= 1075.exe
"433"= 1076.exe
"434"= 1077.exe
"435"= 1078.exe
"436"= 1079.exe
"437"= 1080.exe
"438"= 1081.exe
"439"= 1082.exe
"440"= 1083.exe
"441"= 1084.exe
"442"= 1085.exe
"443"= 1086.exe
"444"= 1087.exe
"445"= 1088.exe
"446"= 1089.exe
"447"= 1090.exe
"448"= 1091.exe
"449"= 1092.exe
"450"= 1093.exe
"451"= 1094.exe
"452"= 1095.exe
"453"= 1096.exe
"454"= 1097.exe
"455"= 1099.exe
"456"= 6307.exe
"457"= 6308.exe
"458"= 6309.exe
"459"= 6310.exe
"460"= 6311.exe
"461"= 6312.exe
"462"= 6314.exe
"463"= 6313.exe
"464"= 6315.exe
"465"= 6316.exe
"466"= 6317.exe
"467"= 6318.exe
"468"= 6319.exe
"469"= 6320.exe
"470"= 6321.exe
"471"= 6322.exe
"472"= 6323.exe
"473"= 6324.exe
"474"= 6325.exe
"475"= 6326.exe
"476"= 6327.exe
"477"= 6328.exe
"478"= 6329.exe
"479"= 6330.exe
"480"= 6331.exe
"481"= 6332.exe
"482"= 6333.exe
"483"= 6334.exe
"484"= 6335.exe
"485"= 6336.exe
"486"= 6337.exe
"487"= 6338.exe
"488"= 6339.exe
"489"= 6340.exe
"490"= 6341.exe
"491"= 6342.exe
"492"= 6343.exe
"493"= 6344.exe
"494"= 6345.exe
"495"= 6346.exe
"496"= 6347.exe
"497"= 6348.exe
"498"= 6349.exe
"499"= 6350.exe
"500"= 6351.exe
"501"= 6352.exe
"502"= 6353.exe
"503"= 6354.exe
"504"= 6355.exe
"505"= 6356.exe
"506"= 6357.exe
"507"= 6358.exe
"508"= 6359.exe
"509"= 6360.exe
"510"= 6361.exe
"511"= 6362.exe
"512"= 6363.exe
"513"= 6364.exe
"514"= 6365.exe
"515"= 6366.exe
"516"= 6367.exe
"517"= 6369.exe
"518"= 6368.exe
"519"= 6370.exe
"520"= 6371.exe
"521"= 6372.exe
"522"= 6373.exe
"523"= 6374.exe
"524"= 6375.exe
"525"= 6376.exe
"526"= 6377.exe
"527"= 6378.exe
"528"= 6379.exe
"529"= 6380.exe
"530"= 6381.exe
"531"= 6382.exe
"532"= 6383.exe
"533"= 6384.exe
"534"= 6385.exe
"535"= 6386.exe
"536"= 6387.exe
"537"= 6388.exe
"538"= 6389.exe
"539"= 6390.exe
"540"= 6391.exe
"541"= 6392.exe
"542"= 6393.exe
"543"= 6394.exe
"544"= 6395.exe
"545"= 6396.exe
"546"= 6397.exe
"547"= 6398.exe
"548"= 6399.exe
"549"= 6400.exe
"550"= 6401.exe
"551"= 6402.exe
"552"= 6403.exe
"553"= 6404.exe
"554"= 6405.exe
"555"= 6406.exe
"556"= 6407.exe
"557"= regfixxsx.exe
"558"= documents.exe
"559"= favorites.exe
"560"= ernsjyi.exe
"561"= jjcmdrj.exe
"562"= nheste.exe
"563"= nxmwp.exe
"564"= rwmgh.exe
"565"= tbljxjk.exe
"566"= vohth.exe
"567"= vvpmyvaw.exe
"568"= aa.exe
"569"= _cw0srv.exe
"570"= links.exe
"571"= serivces01.exe
"572"= serivces05.exe
"573"= sruninstall.exe
"574"= serivcesb.exe
"575"= serivcesf.exe
"576"= servcies04.exe
"577"= jxzub5410451.exe
"578"= chert5-998.exe
"579"= kernel1.exe
"580"= beep.exe
"581"= iexpl0re.exe
"582"= crasos.exe
"583"= cmdbcs.exe
"584"= realschd.exe
"585"= wsvbs.exe
"586"= msdccrt.exe
"587"= run1132.exe
"588"= sysload3.exe
"589"= tempicon.exe
"590"= sysbmw.exe
"591"= rpcs.exe
"592"= msvce32.exe
"593"= svhost32.exe
"594"= internat.exe
"595"= ctmontv.exe
"596"= ncscv32.exe
"597"= spo0lsv.exe
"598"= wdfmgr32.exe
"599"= upxdnd.exe
"600"= ssopure.exe
"601"= c0nime.exe
"602"= nvscv32.exe
"603"= bleepjacks.exe
"604"= lying.exe
"605"= jbele1.com
"606"= vt2n8re.com
"607"= 0011E924.vbs
"608"= 672.exe
"609"= ciygje.exe
"610"= kmbbvua.exe
"611"= mkqn.exe
"612"= pajto.exe
"613"= rbgc.exe
"614"= rs32net.exe
"615"= vbmwi.exe
"616"= wfthnpkw.exe
"617"= wsxyguvs.exe
"618"= servcies9.exe
"619"= servciesa.exe
"620"= servciesaa.exe
"621"= Vxl.exe
"622"= ~.exe
"623"= YUR7.exe
"624"= YUR8.exe
"625"= YUR9.exe
"626"= YURA.exe
"627"= Rapid Antivirus.exe
"628"= zPharoh.exe
"629"= winiguard.exe
"630"= zPharaoh.exe
"631"= lphcns0j0e1av.exe
"632"= serverx.exe
"633"= Sulfnbk.exe
"634"= 11122oo7.exe
"635"= newfolder.exe
"636"= qq.exe
"637"= 75976W.exe
"638"= 75976L.exe
"639"= brastk.exe
"640"= lky.exe
"641"= whi.com
"642"= sq.com
"643"= kamsoft.exe
"644"= rs32net.exe
"645"= Gool.exe
"646"= brnu492.exe
"647"= apipr.exe
"648"= apiph32.exe
"649"= BNH1.EXE
"650"= ce1.exe
"651"= dq1.exe
"652"= purger.exe
"653"= s-1-5-21.exe
"654"= lockbar.exe
"655"= aa0.exe
"755"= zip0.exe
"855"= soft0.exe
"656"= aa1.exe
"756"= zip1.exe
"856"= soft1.exe
"657"= aa2.exe
"757"= zip2.exe
"857"= soft2.exe
"658"= aa3.exe
"758"= zip3.exe
"858"= soft3.exe
"659"= aa4.exe
"759"= zip4.exe
"859"= soft4.exe
"660"= aa5.exe
"760"= zip5.exe
"860"= soft5.exe
"661"= aa6.exe
"761"= zip6.exe
"861"= soft6.exe
"662"= aa7.exe
"762"= zip7.exe
"862"= soft7.exe
"663"= aa8.exe
"763"= zip8.exe
"863"= soft8.exe
"664"= aa9.exe
"764"= zip9.exe
"864"= soft9.exe
"665"= aa10.exe
"765"= zip10.exe
"865"= soft10.exe
"666"= aa11.exe
"766"= zip11.exe
"866"= soft11.exe
"667"= aa12.exe
"767"= zip12.exe
"867"= soft12.exe
"668"= aa13.exe
"768"= zip13.exe
"868"= soft13.exe
"669"= aa14.exe
"769"= zip14.exe
"869"= soft14.exe
"670"= aa15.exe
"770"= zip15.exe
"870"= soft15.exe
"671"= aa16.exe
"771"= zip16.exe
"871"= soft16.exe
"672"= aa17.exe
"772"= zip17.exe
"872"= soft17.exe
"673"= aa18.exe
"773"= zip18.exe
"873"= soft18.exe
"674"= aa19.exe
"774"= zip19.exe
"874"= soft19.exe
"675"= aa20.exe
"775"= zip20.exe
"875"= soft20.exe
"676"= aa21.exe
"776"= zip21.exe
"876"= soft21.exe
"677"= aa22.exe
"777"= zip22.exe
"877"= soft22.exe
"678"= aa23.exe
"778"= zip23.exe
"878"= soft23.exe
"679"= aa24.exe
"779"= zip24.exe
"879"= soft24.exe
"680"= aa25.exe
"780"= zip25.exe
"880"= soft25.exe
"681"= aa26.exe
"781"= zip26.exe
"881"= soft26.exe
"682"= aa27.exe
"782"= zip27.exe
"882"= soft27.exe
"683"= aa28.exe
"783"= zip28.exe
"883"= soft28.exe
"684"= aa29.exe
"784"= zip29.exe
"884"= soft29.exe
"685"= aa30.exe
"785"= zip30.exe
"885"= soft30.exe
"686"= aa31.exe
"786"= zip31.exe
"886"= soft31.exe
"687"= aa32.exe
"787"= zip32.exe
"887"= soft32.exe
"688"= aa33.exe
"788"= zip33.exe
"888"= soft33.exe
"689"= aa34.exe
"789"= zip34.exe
"889"= soft34.exe
"690"= aa35.exe
"790"= zip35.exe
"890"= soft35.exe
"691"= aa36.exe
"791"= zip36.exe
"891"= soft36.exe
"692"= aa37.exe
"792"= zip37.exe
"892"= soft37.exe
"693"= aa38.exe
"793"= zip38.exe
"893"= soft38.exe
"694"= aa39.exe
"794"= zip39.exe
"894"= soft39.exe
"695"= aa40.exe
"795"= zip40.exe
"895"= soft40.exe
"696"= aa41.exe
"796"= zip41.exe
"896"= soft41.exe
"697"= aa42.exe
"797"= zip42.exe
"897"= soft42.exe
"698"= aa43.exe
"798"= zip43.exe
"898"= soft43.exe
"699"= aa44.exe
"799"= zip44.exe
"899"= soft44.exe
"700"= aa45.exe
"800"= zip45.exe
"900"= soft45.exe
"701"= aa46.exe
"801"= zip46.exe
"901"= soft46.exe
"702"= aa47.exe
"802"= zip47.exe
"902"= soft47.exe
"703"= aa48.exe
"803"= zip48.exe
"903"= soft48.exe
"704"= aa49.exe
"804"= zip49.exe
"904"= soft49.exe
"705"= aa50.exe
"805"= zip50.exe
"905"= soft50.exe
"706"= aa51.exe
"806"= zip51.exe
"906"= soft51.exe
"707"= aa52.exe
"807"= zip52.exe
"907"= soft52.exe
"708"= aa53.exe
"808"= zip53.exe
"908"= soft53.exe
"709"= aa54.exe
"809"= zip54.exe
"909"= soft54.exe
"710"= aa55.exe
"810"= zip55.exe
"910"= soft55.exe
"711"= aa56.exe
"811"= zip56.exe
"911"= soft56.exe
"712"= aa57.exe
"812"= zip57.exe
"912"= soft57.exe
"713"= aa58.exe
"813"= zip58.exe
"913"= soft58.exe
"714"= aa59.exe
"814"= zip59.exe
"914"= soft59.exe
"715"= aa60.exe
"815"= zip60.exe
"915"= soft60.exe
"716"= aa61.exe
"816"= zip61.exe
"916"= soft61.exe
"717"= aa62.exe
"817"= zip62.exe
"917"= soft62.exe
"718"= aa63.exe
"818"= zip63.exe
"918"= soft63.exe
"719"= aa64.exe
"819"= zip64.exe
"919"= soft64.exe
"720"= aa65.exe
"820"= zip65.exe
"920"= soft65.exe
"721"= aa66.exe
"821"= zip66.exe
"921"= soft66.exe
"722"= aa67.exe
"822"= zip67.exe
"922"= soft67.exe
"723"= aa68.exe
"823"= zip68.exe
"923"= soft68.exe
"724"= aa69.exe
"824"= zip69.exe
"924"= soft69.exe
"725"= aa70.exe
"825"= zip70.exe
"925"= soft70.exe
"726"= aa71.exe
"826"= zip71.exe
"926"= soft71.exe
"727"= aa72.exe
"827"= zip72.exe
"927"= soft72.exe
"728"= aa73.exe
"828"= zip73.exe
"928"= soft73.exe
"729"= aa74.exe
"829"= zip74.exe
"929"= soft74.exe
"730"= aa75.exe
"830"= zip75.exe
"930"= soft75.exe
"731"= aa76.exe
"831"= zip76.exe
"931"= soft76.exe
"732"= aa77.exe
"832"= zip77.exe
"932"= soft77.exe
"733"= aa78.exe
"833"= zip78.exe
"933"= soft78.exe
"734"= aa79.exe
"834"= zip79.exe
"934"= soft79.exe
"735"= aa80.exe
"835"= zip80.exe
"935"= soft80.exe
"736"= aa81.exe
"836"= zip81.exe
"936"= soft81.exe
"737"= aa82.exe
"837"= zip82.exe
"937"= soft82.exe
"738"= aa83.exe
"838"= zip83.exe
"938"= soft83.exe
"739"= aa84.exe
"839"= zip84.exe
"939"= soft84.exe
"740"= aa85.exe
"840"= zip85.exe
"940"= soft85.exe
"741"= aa86.exe
"841"= zip86.exe
"941"= soft86.exe
"742"= aa87.exe
"842"= zip87.exe
"942"= soft87.exe
"743"= aa88.exe
"843"= zip88.exe
"943"= soft88.exe
"744"= aa89.exe
"844"= zip89.exe
"944"= soft89.exe
"745"= aa90.exe
"845"= zip90.exe
"945"= soft90.exe
"746"= aa91.exe
"846"= zip91.exe
"946"= soft91.exe
"747"= aa92.exe
"847"= zip92.exe
"947"= soft92.exe
"748"= aa93.exe
"848"= zip93.exe
"948"= soft93.exe
"749"= aa94.exe
"849"= zip94.exe
"949"= soft94.exe
"750"= aa95.exe
"850"= zip95.exe
"950"= soft95.exe
"751"= aa96.exe
"851"= zip96.exe
"951"= soft96.exe
"752"= aa97.exe
"852"= zip97.exe
"952"= soft97.exe
"753"= aa98.exe
"853"= zip98.exe
"953"= soft98.exe
"754"= aa99.exe
"854"= zip99.exe
"954"= soft99.exe
"955"= $sys$drv.exe
"956"= $sys$sos$sys$.exe
"957"= $sys$xp.exe
"958"= ~565.exe
"959"= 0.exe
"960"= 004.exe
"961"= 005.exe
"962"= 006.exe
"963"= 007.exe
"964"= 007ssinstall.exe
"965"= 008.exe
"966"= 009.exe
"967"= 01dopewars_update.exe
"968"= 01logo.exe
"969"= 04s28lat.exe
"970"= 06qytm1a.exe
"971"= 09857728.exe
"972"= 1004270.exe
"973"= 1054571.exe
"974"= 11421604.exe
"975"= 123bar.exe
"976"= 123hiddensender.exe
"977"= 12nail.exe
"978"= 14hi1qs8.exe
"979"= 17131762.exe
"980"= 180ax.exe
"981"= 180pack6480.exe
"982"= 180sa.exe
"983"= 180sainstallernusac.exe
"984"= 180stuninstaller.exe
"985"= 1lyu2k.exe
"986"= 1o32cwjn.exe
"987"= 2.sfx.exe.exe
"988"= 2005.exe
"989"= 202_app13.exe
"990"= 26-593.exe
"991"= 29904603.exe
"992"= 2search.exe
"993"= 302v2fp0.exe
"994"= 39987557.exe
"995"= 50cent.exe
"996"= 53648356.svd
"997"= 5thkf354.exe
"998"= 63de0cc3d01
"999"= 63mm.exe
"1000"= 666.exe
"1001"= 66978039.exe
"1002"= 69254441.exe
"1003"= 9spj1iiq.exe
"1004"= a_clearsearch.exe
"1005"= a0011142.exe
"1006"= a006.exe
"1007"= a006.exe
"1008"= a0067423.exe
"1009"= a0067428.exe
"1010"= a64sddd.exe
"1011"= abg-aceh.exe
"1012"= abox.exe
"1013"= abs.exe
"1014"= absr.exe
"1015"= access members area.exe
"1016"= access.exe
"1017"= accwizz.exe
"1018"= acespy331t.exe
"1019"= aclservice.exe
"1020"= aconti.exe
"1021"= actalert.exe
"1022"= activeds.exe
"1023"= activeplus.exe
"1024"= activex_300_it.exe
"1025"= actualspy.exe
"1026"= actx1.exe
"1027"= ad.exe
"1028"= adaware.exe
"1029"= adl_mteststub.exe
"1030"= adlinstallwin32.exe
"1031"= adm4005.exe
"1032"= admanctl.exe
"1033"= admilliserv.exe
"1034"= admlib32.exe
"1035"= adobe_flash.exe
"1036"= adobes.exe
"1037"= adp.exe
"1038"= adsetup.silent.1.13.exe
"1039"= adstatserv.exe
"1040"= adtech2006.exe
"1041"= adupdater.exe
"1042"= adv.exe
"1043"= advapi.exe
"1044"= adx.exe
"1045"= ahadp.exe
"1046"= aim spy plugin.exe
"1047"= ajrpbi.exe
"1048"= alchem.exe
"1049"= alevir.exe
"1050"= alp2plib.exe
"1051"= amero.exe
"1052"= amp2pl.exe
"1053"= angelex.exe
"1054"= anti_troj.exe
"1055"= antiav.exe
"1056"= antispy.exe
"1057"= antivirus update.exe
"1058"= antivirus32.exe
"1059"= aocbhm.exe
"1060"= aornum.exe
"1061"= ap0.exe
"1062"= ap2.exe
"1063"= apd123.exe
"1064"= app.exe
"1065"= appsetup.exe
"1066"= aq3hel~1.exe
"1067"= archive.exe
"1068"= arr.exe
"1069"= arupdate.exe
"1070"= arupld32.exe
"1071"= asd.exe
"1072"= asearchassist.exe
"1073"= asm.exe
"1074"= asmonitor.exe
"1075"= astart.exe
"1076"= atipta.exe
"1077"= atiupdate.exe
"1078"= atmsvc.exe
"1079"= aupdate_uninstall.exe
"1080"= aurora(1).exe
"1081"= aurora.exe
"1082"= aurora-wise1.exe
"1083"= ause3-decoded.exe
"1084"= ausvc.exe
"1085"= autoexec.exe
"1086"= automove.exe
"1087"= autoupdatev2.exe
"1088"= aux32.exe
"1089"= av.exe
"1090"= avghalsb.exe
"1091"= avserve.exe
"1092"= avserve2.exe
"1093"= b2search_v17.exe
"1094"= backdoor.prorat.13.exe
"1095"= backdoor.prorat.13_(57).exe
"1096"= backup-20040105-225929-414.exe
"1097"= backweb.exe
"1098"= banmanpro.exe
"1099"= bargain3.exe
"1100"= bargain4.exe
"1101"= bargainbuddy.exe
"1102"= bargains.exe
"1103"= basfipm.exe
"1104"= bazzi.exe
"1105"= bb.exe
"1106"= bbchk.exe
"1107"= bbfbeola.exe
"1108"= bbi8015.exe
"1109"= bbi8018.exe
"1110"= bbi8032.exe
"1111"= bbntqcbw.exe
"1112"= bboy.exe
"1113"= bdrqbac.exe
"1114"= bedo9iz1.exe
"1115"= belt.exe
"1116"= berasjatah.exe
"1117"= beta.exe
"1118"= bhp.exe
"1119"= bhsv.exe
"1120"= bi5.exe
"1121"= bifrost.exe
"1122"= bil.exe
"1123"= bindshell.exe
"1124"= bionet.exe
"1125"= bk.exe
"1126"= block-checker.exe
"1127"= blondes.exe
"1128"= bloodhound.exe
"1129"= blss.exe
"1130"= bman.exe
"1131"= bml8pjp7.exe
"1132"= bmupdate.exe
"1133"= bokja.exe
"1134"= bookedspace.exe
"1135"= boot.exe
"1136"= bootconf.exe
"1137"= bot.exe
"1138"= bp.exe
"1139"= bpc.exe
"1140"= safesys.exe
"1141"= bpsinstall.exe
"1142"= brasil.exe
"1143"= brengkolang.com
"1144"= bronstab.exe
"1145"= bsoft.exe
"1146"= buddy.exe
"1147"= bugsfix.exe
"1148"= bundle.exe
"1149"= bundle~1.exe
"1150"= bundleouter.exe
"1151"= bundleouter2501031120.exe
"1152"= bundleouter2601031121.exe
"1153"= bundles.exe
"1154"= bundles118.exe
"1155"= bxproxy.exe
"1156"= camviewer.exe
"1157"= card.exe
"1158"= cartao.exe
"1159"= cas2stub.exe
"1160"= casclient.exe
"1161"= cashsaverupdate.exe
"1162"= cb.exe
"1163"= cc.exe
"1164"= cd_install.exe
"1165"= cd_install_291.exe
"1166"= cd_load.exe
"1167"= cd5a8b2bd01
"1168"= cdaengine
"1169"= cdaengine0500
"1170"= cdf.exe
"1171"= cds.exe
"1172"= cdsm32.exe
"1173"= cfgmgr52.exe
"1174"= cfmon.exe
"1175"= cg.exe
"1176"= cgtask.exe
"1177"= check.exe
"1178"= checkreg.exe
"1179"= checkup.exe
"1180"= chkntsv.exe
"1181"= chkras.exe
"1182"= choke.exe
"1183"= chq7gv5g.exe
"1184"= cisvvc.exe
"1185"= cjqxe.exe
"1186"= ckusdll.exe
"1187"= clbcatex.exe
"1188"= client.exe
"1189"= clientax.exe
"1190"= cm.exe
"1191"= cmappsetup.exe
"1192"= cmappupdate.exe
"1193"= cmd32.exe
"1194"= cmdinst.exe
"1195"= cmesys.exe
"1196"= cmeupd.exe
"1197"= cmman.exe
"1198"= cmqcemmpm.exe
"1199"= cmrsr.exe
"1200"= cmrss.exe
"1201"= cmsystem.exe
"1202"= cnqmax.exe
"1203"= codecsetup.exe
"1204"= comctl_32.exe
"1205"= commando.exe
"1206"= conscorr.exe
"1207"= consol32.exe
"1208"= cool.exe
"1209"= copy of optimize.exe
"1210"= corpstats.exe
"1211"= cp.exe
"1212"= cpanel.exe
"1213"= cpr.exe
"1214"= crackserver-service.exe
"1215"= crmss.exe
"1216"= crss.exe
"1217"= crsss.exe
"1218"= cryptfg.exe
"1219"= csaolinst.exe
"1220"= csaolldr.exe
"1221"= csbiinst.exe
"1222"= csieinst.exe
"1223"= csmsv.exe
"1224"= csrcs.exe
"1225"= csrdeu32.exe
"1226"= csrrs.exe
"1227"= csrs.exe
"1228"= csrsc.exe
"1229"= csrse.exe
"1230"= csrss32.exe
"1231"= ctfmon32.exe
"1232"= cucu.exe
"1233"= cxq8ojka.exe
"1234"= cxtpls.exe
"1235"= cydoor.exe
"1236"= cydoor_uninstall.exe
"1237"= cz.exe
"1238"= czncin.exe
"1239"= d.exe
"1240"= d6.exe
"1241"= data2.exe
"1242"= data3.exe
"1243"= datemanager.exe
"1244"= dbaccess.exe
"1245"= dc1.exe
"1246"= dc37.exe
"1247"= dc38.exe
"1248"= dc39.exe
"1249"= dc42.exe
"1250"= dc43.exe
"1251"= dc44.exe
"1252"= dc82.exe
"1253"= dc83.exe
"1254"= dc84.exe
"1255"= dc85.exe
"1256"= dc86.exe
"1257"= dcomcfg.exe
"1258"= dcomx.exe
"1259"= ddcman.exe
"1260"= dealhelper.exe
"1261"= delmsbb.exe
"1262"= deskadkeep.exe
"1263"= deskadserv.exe
"1264"= desktop.exe
"1265"= dfe.exe
"1266"= dfrgsrv.exe
"1267"= dgwojz0h.exe
"1268"= dhbrwsr.exe
"1269"= dho.exe
"1270"= dhupdt.exe
"1271"= dial.exe
"1272"= dinst.exe
"1273"= dioxin.exe
"1274"= directs.exe
"1275"= directx.exe
"1276"= directxset.exe
"1277"= disp1150.exe
"1278"= display.exe
"1279"= divx.exe
"1280"= dlgli.exe
"1281"= dlhost.exe
"1282"= dll32.exe
"1283"= dllreg.exe
"1284"= dmserver.exe
"1285"= dodrrr.exe
"1286"= down.exe
"1287"= download.exe
"1288"= downloadplus.exe
"1289"= dp-b23011805.exe
"1290"= dpul6zoa.exe
"1291"= dr.exe
"1292"= dr_s.exe
"1293"= drpmon(1).exe
"1294"= drpmon.exe
"1295"= drv.exe
"1296"= drvddll.exe
"1297"= drwtsn16.exe
"1298"= ds.exe
"1299"= dscbtshl.exe
"1300"= dssagent.exe
"1301"= dtloader.exe
"1302"= duel.exe
"1303"= dun.exe
"1304"= dvbern.exe
"1305"= dvchost.exe
"1306"= dvdkeyauth.exe
"1307"= dvldr32.exe
"1308"= dvwnhd.exe
"1309"= dw.exe
"1310"= dwcg.exe
"1311"= dwe.exe
"1312"= dwnupdt.exe
"1313"= usbautotuner.exe
"1314"= dxnf.exe
"1315"= e85b8fb2d01.exe
"1316"= easy.windows.monitoring.exe
"1317"= easyav.exe
"1318"= ecodec.exe
"1319"= edit server.exe
"1320"= ee.exe
"1321"= ee1a8f91d01.exe
"1322"= ee248fa7d01.exe
"1323"= eeea8fa3d01.exe
"1324"= eeef8fa2d01.exe
"1325"= eetu.exe
"1326"= eksplorasi.exe
"1327"= elos.exe
"1328"= eml.exe
"1329"= emsw.exe
"1330"= enbiei.exe
"1331"= enuubwafo.exe
"1332"= epswad4.exe
"1333"= errorguard.exe
"1334"= ers.exe
"1335"= ersvc.exe
"1336"= escan.exe
"1337"= esyndicateinst.exe
"1338"= evr8gkxb.exe
"1339"= exchng32.exe
"1340"= exclean.exe
"1341"= exdl.exe
"1342"= exec.exe
"1343"= exp.exe
"1344"= expl32.exe
"1345"= explore.exe
"1346"= explored.exe
"1347"= exploreff.exe
"1348"= explorer32.exe
"1349"= explorere.exe
"1350"= exul.exe
"1351"= ezinstall.exe
"1352"= ezpopstub.exe
"1353"= ezstub.exe
"1354"= ezstub22.exe
"1355"= ezulumain.exe
"1356"= f3403484.exe
"1357"= f4bbfeaed01
"1358"= farmmext.exe
"1359"= fash.exe
"1360"= fasterxp.exe
"1361"= fbi_facebook.exe
"1362"= fc.exe
"1363"= fixtitle.exe
"1364"= fjdbfvk.exe
"1365"= flashtalk-wise1000.exe
"1366"= fntldr.exe
"1367"= fontloader.exe
"1368"= fontview.exe
"1369"= formulario.exe
"1370"= fph.exe
"1371"= fqc.exe
"1372"= freexxx.exe
"1373"= frsk.exe
"1374"= fservice.exe
"1375"= fsg.exe
"1376"= fsg_4104.exe
"1377"= fsjyhc5r.exe
"1378"= fsw.exe
"1379"= fullgames.exe
"1380"= fuwxenc.exe
"1381"= fvprotect.exe
"1382"= g181511.a.stub.exe
"1383"= g4eyp3kf.exe
"1384"= gaedzsxe.exe
"1385"= gah95on6.exe
"1386"= gain_trickler_3102.exe
"1387"= gain_trickler_3202.exe
"1388"= my music.exe
"1389"= gateway.exe
"1390"= gator.exe
"1391"= gatorstubsetup.exe
"1392"= get.exe
"1393"= get_flash_update.exe
"1394"= getbuys.exe
"1395"= gfjgj.exe
"1396"= ghost.bat
"1397"= ginst_001_1234_4201.exe
"1398"= gld.exe
"1399"= glf2fglf2f.exe
"1400"= gm.exe
"1401"= gmt.exe
"1402"= gogoaddisplay.exe
"1403"= gogoaddressbar.exe
"1404"= gogofileshare.exe
"1405"= gogotoolbar.exe
"1406"= gogotools.exe
"1407"= gogotools0.exe
"1408"= gogotoolsinstaller.exe
"1409"= gsohy92a.exe
"1410"= gstartup.exe
"1411"= szace.exe
"1412"= guninstaller.exe
"1413"= h2g140n1.exe
"1414"= hacker.exe
"1415"= haiyang.exe
"1416"= hbinst.exe
"1417"= hbtv.exe
"1418"= heat.exe
"1419"= hellmsn.exe
"1420"= helpexp.exe
"1421"= hgfedcba.exe
"1422"= hgqhp.exe
"1423"= hhs32.pif
"1424"= hidden32.exe
"1425"= hidedown.exe
"1426"= hidr.exe
"1427"= hloader.exe
"1428"= hnm_svc.exe
"1429"= hookdump.exe
"1430"= host.exe
"1431"= hot.exe
"1432"= hot_tarts_mc.exe
"1433"= hprog.exe
"1434"= hro.exe
"1435"= htmdeng.exe
"1436"= hwclock.exe
"1437"= hxdef.exe
"1438"= hxdl.exe
"1439"= hxiul.exe
"1440"= i3k0hgad.exe
"1441"= ibm00001.exe
"1442"= icon.exe
"1443"= idemlog.exe
"1444"= idleui.exe
"1445"= iebtm.exe
"1446"= iedll.exe
"1447"= iedriver.exe
"1448"= iegator.exe
"1449"= iehost.exe
"1450"= iep.exe
"1451"= iesetup.exe
"1452"= iexpiore.exe
"1453"= iexplor32.exe
"1454"= iexplore32.exe
"1455"= iexplorer.exe
"1456"= igetnet_3845_3645.exe
"1457"= igps.exe
"1458"= igpsdon6.exe
"1459"= iinstall.exe
"1460"= im_2.exe
"1461"= imguninst.exe
"1462"= infoctl.exe
"1463"= infus.exe
"1464"= infwin.exe
"1465"= init32m.exe
"1466"= ink.exe
"1467"= inst.exe
"1468"= install1.exe
"1469"= installdatemanager.exe
"1470"= installer1.exe
"1471"= instant access.exe
"1472"= intdel.exe
"1473"= intel32.exe
"1474"= intell321.exe
"1475"= intenat.exe
"1476"= internet.exe
"1477"= internetfeatures.exe
"1478"= ipfw.exe
"1479"= ipu.exe
"1480"= ipwins.exe
"1481"= irasyncd.exe
"1482"= iroffer.exe
"1483"= isamini.exe
"1484"= isamntr.exe
"1485"= isamonitor.exe
"1486"= isass.exe
"1487"= ishost.exe
"1488"= isinstalldonecrazy.exe
"1489"= ismon.exe
"1490"= isnotify.exe
"1491"= ispsupport.exe
"1492"= issearch.exe
"1493"= istsvc.exe
"1494"= itbill.exe
"1495"= itphwd.exe
"1496"= iwatch.exe
"1497"= j4g8w5m8.exe
"1498"= j7k8ug16.exe
"1499"= j95i15ei.exe
"1500"= jabber.exe
"1501"= jammer2nd.exe
"1502"= jawa32.exe
"1503"= jdbgmrg.exe
"1504"= jif.exe
"1505"= jkill.exe
"1506"= jmnmxr.exe
"1507"= jnfdtdi.exe
"1508"= jq34042x.exe
"1509"= jre4i3q6.exe
"1510"= jushed32.exe
"1511"= jxcevib2.exe
"1512"= k4eboy6.exe
"1513"= kaboom.exe
"1514"= kahlisetup_demo.exe
"1515"= kane.exe
"1516"= kazza.exe
"1517"= kb021119.exe
"1518"= keenvalue.exe
"1519"= kernal32.exe
"1520"= kerne1412.exe
"1521"= kernel32.exe
"1522"= kernels32.exe
"1523"= kernels64.exe
"1524"= keu2zfke.exe
"1525"= keylogger plugin.exe
"1526"= keyword.exe
"1527"= kl.exe
"1528"= kmwoa.exe
"1529"= kmwol.exe
"1530"= kmwop.exe
"1531"= knuzql.exe
"1532"= krxz.exe
"1533"= l6y07fu5.exe
"1534"= lass.exe
"1535"= launchadware.exe
"1536"= layer.exe
"1537"= lcc.exe
"1538"= lex.exe
"1539"= lexplore.exe
"1540"= license_manager.exe
"1541"= bmonq.exe
"1542"= live.exe
"1543"= lmu.exe
"1544"= load.exe
"1545"= load32.exe
"1546"= loader(1).exe
"1547"= l26.exe
"1548"= loader[1].exe
"1549"= lockx.exe
"1550"= lodctr32.exe
"1551"= Duel_v2.exe
"1552"= logon.exe
"1553"= loud.exe
"1554"= lp.exe
"1555"= lsa.exe
"1556"= lsas.exe
"1557"= lsass32.exe
"1558"= lsassa.exe
"1559"= lssas.exe
"1560"= lsserv.exe
"1561"= ma.exe
"1562"= mahtfi.exe
"1563"= mapisvc32.exe
"1564"= mario.exe
"1565"= matcli.exe
"1566"= mcafee.update.exe.exe
"1567"= mcf.exe
"1568"= md.exe
"1569"= mdms.exe
"1570"= me.exe
"1571"= medgs1.exe
"1572"= mediaaccess.exe
"1573"= mediaaccessinstpack.exe
"1574"= mediaacck.exe
"1575"= mediagateway.exe
"1576"= mediaman.exe
"1577"= mediapass.exe
"1578"= mediapassk.exe
"1579"= members-area.exe
"1580"= memorymeter.exe
"1581"= menu.exe
"1582"= mfc71.exe
"1583"= mfin32.exe
"1584"= mfx8k065.exe
"1585"= microsystem.exe
"1586"= minibug.exe
"1587"= mirc32.exe
"1588"= mirindaa1i.exe
"1589"= mirror_plugin.exe
"1590"= mksc.exe
"1591"= mm.exe
"1592"= mm15201518.stub.exe
"1593"= mmbun.exe
"1594"= mmm.exe
"1595"= mmod.exe
"1596"= mmsg.exe
"1597"= mmups.exe
"1598"= mnss.exe
"1599"= mostat.exe
"1600"= mousedrv.exe
"1601"= mp3serch.exe
"1602"= mp7eq7hx.exe
"1603"= mrjj.exe
"1604"= mrtstub.exe
"1605"= msaa.exe
"1606"= msapp.exe
"1607"= msbb.exe
"1608"= msbb[1].exe
"1609"= msblast.exe
"1610"= msc32.exe
"1611"= mscache.exe
"1612"= msccn32.exe
"1613"= msckin.exe
"1614"= mscman.exe
"1615"= mscnsz.exe
"1616"= mscommand.exe
"1617"= msconfgh.exe
"1618"= msconfig32.exe
"1619"= mscornet.exe
"1620"= mscvb32.exe
"1621"= msdm.exe
"1622"= msexreg.exe
"1623"= msgdmf.exe
"1624"= msgfix.exe
"1625"= msgrsv32.exe
"1626"= msiexec16.exe
"1627"= msinfo.exe
"1628"= mslagent.exe
"1629"= mslaugh.exe
"1630"= msmc.exe
"1631"= msmgs.exe
"1632"= msmgt.exe
"1633"= msmm.exe
"1634"= msmsg.exe
"1635"= msnlive.exe
"1636"= msnst32.exe
"1637"= msole32.exe
"1638"= mspath.exe
"1639"= mspmspv.exe
"1640"= msrexe.exe
"1641"= mssearchnet.exe
"1642"= mssecure.exe
"1643"= msshed32.exe
"1644"= mssvc32.exe
"1645"= mssvr.exe
"1646"= mssys.exe
"1647"= mstasks.exe
"1648"= mstc.exe
"1649"= mstcs.exe
"1650"= msupdate.exe
"1651"= msvc32.exe
"1652"= msvcrl.exe
"1653"= msvgr.exe
"1654"= msvxd.exe
"1655"= msw.exe
"1656"= mswin32.exe
"1657"= mswinb32.exe
"1658"= msxct.exe
"1659"= mt.exe
"1660"= mtask.exe
"1661"= mtjuhp.exe
"1662"= mudsc.exe
"1663"= murphy.exe
"1664"= mwd.exe
"1665"= mwfirewall.exe
"1666"= mwsoemon.exe
"1667"= mwsvm.exe
"1668"= mypcsearch.exe
"1669"= mysearch2.0.exe
"1670"= mysetp.exe
"1671"= myurlff.exe
"1672"= myurlsagain.exe
"1673"= n.exe
"1674"= n1hvjmy9.exe
"1675"= n20050308.exe
"1676"= nail(1).exe
"1677"= nail.exe
"1678"= namedpipe.exe
"1679"= nav32sp.exe
"1680"= navapp.exe
"1681"= nbthlp.exe
"1682"= ncaselib.exe
"1683"= ndcx3xyq.exe
"1684"= netclient.exe
"1685"= netddeclnt.exe
"1686"= netinfo.exe
"1687"= netlib.exe
"1688"= netmail.exe
"1689"= netmeeting.exe
"1690"= netmon.exe
"1691"= netserver.exe
"1692"= netsurf.exe
"1693"= netsvc.exe
"1694"= network.exe
"1695"= newdevin.exe
"1696"= newdot.exe
"1697"= newpop447.exe
"1698"= nfomon.exe
"1699"= nl.exe
"1700"= nlnp49.exe
"1701"= nls.exe
"1702"= noat.exe
"1703"= nomoreporn.exe
"1704"= nopat.exe
"1705"= norton update.exe
"1706"= note.exe
"1707"= notesweb.exe
"1708"= npkcsvc.exe
"1709"= nrcs.exe
"1710"= nrpc.exe
"1711"= nscheck.exe
"1712"= nssys32.exe
"1713"= nstask32.exe
"1714"= nsupdate.exe
"1715"= nsvsvc.exe
"1716"= ntdetect.exe
"1717"= ntfs64.exe
"1718"= ntosa32.exe
"1719"= ntsys.exe
"1720"= nvctrl.exe
"1721"= nvsc32.exe
"1722"= o84u7fwq.exe
"1723"= obllak.exe
"1724"= ocxdll.exe
"1725"= odcfg.exe
"1726"= oeet.exe
"1727"= oeloader.exe
"1728"= offers.exe
"1729"= The sky.exe
"1730"= nt.com
"1731"= office.exe
"1732"= offun.exe
"1733"= okpelq4p.exe
"1734"= olehelp.exe
"1735"= optimize.exe
"1736"= optimize313.exe
"1737"= osalogbe.exe
"1738"= othb.exe
"1739"= p23oorr3.exe
"1740"= p2p networking.exe
"1741"= p2p networking2.exe
"1742"= p2p networking3.exe
"1743"= p2pnetworking.exe
"1744"= p2pnetworking3.exe
"1745"= pagerevisor.exe
"1746"= paytime.exe
"1747"= pbl8ey0e.exe
"1748"= pchealth.exe
"1749"= pcsvc.exe
"1750"= pec.exe
"1751"= pgmonitr.exe
"1752"= phantom.exe
"1753"= phqghum.exe
"1754"= phqghume.exe
"1755"= pi1_??.exe
"1756"= picsvr.exe
"1757"= pictureshare.exe
"1758"= recycle.exe
"1759"= picx.exe
"1760"= pisf.exe
"1761"= piuw.exe
"1762"= 1ogf.exe
"1763"= gwr0lyd.bat
"1764"= play[2].exe
"1765"= play[3].exe
"1766"= play[4].exe
"1767"= play_mp3(2).exe
"1768"= play_mp3.exe
"1769"= play_mp3[1].exe
"1770"= play_mp3[2].exe
"1771"= play_mp3[3].exe
"1772"= play_mp3[4].exe
"1773"= WantsU.exe
"1774"= My heart.exe
"1775"= A smile.exe
"1776"= Forever.exe
"1777"= My love.exe
"1778"= CritProc.exe
"1779"= play_mp3[5].exe
"1780"= play_mp3[6].exe
"1781"= play_mp3-3.exe
"1782"= plscd.exe
"1783"= plugin compressor.exe
"1784"= pmmnt.exe
"1785"= pmmon.exe
"1786"= pmr.exe
"1787"= pmsngr.exe
"1788"= pmsnrr.exe
"1789"= pmt.exe
"1790"= points manager.exe
"1791"= pokapoka
"1792"= pokapoka66.exe
"1793"= pokapoka67.exe
"1794"= pokapoka70.exe
"1795"= pokapoka72.exe
"1796"= pokapoka73.exe
"1797"= pokapoka76.exe
"1798"= pokapoka79.exe
"1799"= poker.exe
"1800"= popuper.exe
"1801"= powerreg
"1802"= powerreg scheduler.exe
"1803"= powerscan.exe
"1804"= precisiontime.exe
"1805"= precisiontimesetup.exe
"1806"= prevadcomm.exe
"1807"= prizesurfer.exe
"1808"= prmt.exe
"1809"= prositefinder.exe
"1810"= prositefinder1.exe
"1811"= prositefinderh.exe
"1812"= prot.exe
"1813"= protector.exe
"1814"= pruttct.exe
"1815"= ps_install-grokster.exe
"1816"= ps_uninstaller.exe
"1817"= ps1.exe
"1818"= pscanw.exe
"1819"= psof1.exe
"1820"= psoft1.exe
"1821"= My desire.exe
"1822"= My hope.exe
"1823"= My wish.exe
"1824"= psqeelsr.exe
"1825"= ptop.exe
"1826"= ptuninstaller.exe
"1827"= purityscan install.exe
"1828"= purityscan.exe
"1829"= purityscan2.exe
"1830"= purityscanuninstall.exe
"1831"= puszinyuszi.exe
"1832"= pvxusmtu.exe
"1833"= pyr0.exe
"1834"= q17i9a4j.exe
"1835"= q7moyha2.exe
"1836"= qerbi.exe
"1837"= qerbif.exe
"1838"= qhutst.exe
"1839"= qi8lu5s9.exe
"1840"= qoologic.exe
"1841"= qqpr8h33.exe
"1842"= randreco.exe
"1843"= ravmond.exe
"1844"= ray.exe
"1845"= rb32.exe
"1846"= rcsync.exe
"1847"= realtray.exe
"1848"= realupd32.exe
"1849"= register.exe
"1850"= registration.exe
"1851"= regloadr.exe
"1852"= regmaping.exe
"1853"= regperf.exe
"1854"= regscan.exe
"1855"= regsrv.exe
"1856"= regsvc32.exe
"1857"= regsync.exe
"1858"= relatedsetup.exe
"1859"= remote.exe
"1860"= removed.exe
"1861"= removedisplayutility.exe
"1862"= removejk.exe
"1863"= requester.11.exe
"1864"= resetservice.exe
"1865"= richup.exe
"1866"= rk.exe
"1867"= rlid.exe
"1868"= rlvknlg.exe
"1869"= rogue.exe
"1870"= rpcmon.exe
"1871"= rtf32.exe
"1872"= svchost000.exe
"1873"= run32dll.exe
"1874"= rundl32.exe
"1875"= rundll16.exe
"1876"= ruxdll32.exe
"1877"= rxtoolbar.exe
"1878"= s.exe
"1879"= s1p1y_bad.exe
"1880"= saap.exe
"1881"= sac.exe
"1882"= sacc.exe
"1883"= saccu.exe
"1884"= sachostb.exe
"1885"= sachostc.exe
"1886"= sachostm.exe
"1887"= sachostp.exe
"1888"= sachosts.exe
"1889"= sachostw.exe
"1890"= sachostx.exe
"1891"= safemode.exe
"1892"= sahagent.exe
"1893"= sahdownloader_.exe
"1894"= saie.exe
"1895"= sais.exe
"1896"= salm.delete.exe
"1897"= salm.exe
"1898"= salmbundle.exe
"1899"= sass.exe
"1900"= satmat.exe
"1901"= scam32.exe
"1902"= scanregistry.exe
"1903"= scardsvr32.exe
"1904"= scbar.exe
"1905"= scchost.exe
"1906"= schedulingagent
"1907"= schost.exe
"1908"= screensaver.v.2.1.exe
"1909"= scrigz.exe
"1910"= scrss.exe
"1911"= scrsvr.exe
"1912"= scrtkfg.exe
"1913"= scvhost.exe
"1914"= se.exe
"1915"= se2ppc4you.exe
"1916"= search.exe
"1917"= searchnavversion.exe
"1918"= searchnugget.exe
"1919"= searchupdate33.exe
"1920"= searchupgrader.exe
"1921"= sectoriate.exe
"1922"= secure.exe
"1923"= sed.exe
"1924"= sedk.exe
"1925"= seekmo.exe
"1926"= seeve.exe
"1927"= semanticinsight.exe
"1928"= sempalong.exe
"1929"= senslogn.exe
"1930"= sepinst.exe
"1931"= servce.exe
"1932"= servercon.exe
"1933"= servic.exe
"1934"= service5.exe
"1935"= services32.exe
"1936"= setup_jalapeno.exe
"1937"= setup32i.exe
"1938"= sf.exe
"1939"= sfc32.exe
"1940"= sfgdulkp.exe
"1941"= sfwqi.exe
"1942"= shell32.exe
"1943"= shell386.exe
"1944"= shine.exe
"1945"= shlhook.exe
"1946"= shmgrate.exe
"1947"= shnlog.exe
"1948"= shutdownutility.exe
"1949"= si.exe
"1950"= sideb.exe
"1951"= sidedb_install.exe
"1952"= sksockserver.exe
"1953"= skynetave.exe
"1954"= skype32.exe
"1955"= slmss.exe
"1956"= slserve.exe
"1957"= slserves.exe
"1958"= slsk.exe
"1959"= smmss.exe
"1960"= sms.exe
"1961"= smschk.exe
"1962"= smsonx32.exe
"1963"= smsss.exe
"1964"= smszac32.exe
"1965"= soap.exe
"1966"= Cn911.exe
"1967"= soproc.exe
"1968"= sp.exe
"1969"= sp2ctr.exe
"1970"= spoler.exe
"1971"= spollsv.exe
"1972"= spool.exe
"1973"= spooler.exe
"1974"= spools.exe
"1975"= spoolsrv.exe
"1976"= spoolsrv32.exe
"1977"= spoolsvc.exe
"1978"= sprite.exe
"1979"= spvspool.exe
"1980"= spyagent.exe
"1981"= spyagent4.exe
"1982"= spyaxe.exe
"1983"= spybuddy.exe
"1984"= spysheriff.exe
"1985"= spytrooper.exe
"1986"= spyware.exe
"1987"= sqlexp.exe
"1988"= sqlexp1.exe
"1989"= sqlrep.exe
"1990"= sqlscan.exe
"1991"= sqlserver.exe
"1992"= sr.exe
"1993"= srng.exe
"1994"= srv1.exe
"1995"= srv2.exe
"1996"= srv32.exe
"1997"= srv4.exe
"1998"= srvc32.exe
"1999"= sservice.exe
"2000"= ssgrate.exe
"2001"= ssk.exe
"2002"= ssk3_b5.exe
"2003"= ssk3_installerv5.exe
"2004"= sskb5.exe
"2005"= sskupdater.exe
"2006"= ssl.exe
"2007"= ssrms.exe
"2008"= ssyszu2r.exe
"2009"= Home Video.avi.exe
"2010"= stcloader.exe
"2011"= stealth.dcom.exe
"2012"= stealth.ddos.exe
"2013"= stealth.exe
"2014"= stealth.injector.exe
"2015"= stealth.stat.exe
"2016"= stealth.worm.exe
"2017"= stmtdlr.exe
"2018"= str.exe
"2019"= stubinstaller.exe
"2020"= stubinstaller4292.exe
"2021"= suchost.exe
"2022"= supportinstall.exe
"2023"= surfsidekick.exe
"2024"= susp.exe
"2025"= svaplayer.exe
"2026"= svc.exe
"2027"= svcdata.exe
"2028"= 2j.cmd
"2029"= svchoost.exe
"2030"= svchos1.exe
"2031"= svchosl.exe
"2032"= svchostl.exe
"2033"= svchosts.exe
"2034"= svchosts.exe
"2035"= system volume.exe
"2036"= svcinit.exe
"2037"= svcman.exe
"2038"= svcproc.exe
"2039"= svhost.exe
"2040"= svhosts.exe
"2041"= svohcst.exe
"2042"= svshost.exe
"2043"= svshots.exe
"2044"= svwhost.exe
"2045"= svzhost.exe
"2046"= swin32.exe
"2047"= switpa.exe
"2048"= swrt01.exe
"2049"= sychost.exe
"2050"= sync.exe
"2051"= synchost.exe
"2052"= sys.exe
"2053"= sysai.exe
"2054"= syscfg32.exe
"2055"= sysconf.exe
"2056"= sysfit.exe
"2057"= syshost.exe
"2058"= sysldr32.exe
"2059"= syslog.exe
"2060"= sysmonitor.exe
"2061"= syspol.exe
"2062"= syspools.exe
"2063"= sysreg.exe
"2064"= syss.exe
"2065"= syssfitb.exe
"2066"= systask32l.exe
"2067"= systb.exe
"2068"= system plugin.exe
"2069"= system16.exe
"2070"= system32.exe
"2071"= system32win.exe
"2072"= systemdll.exe
"2073"= systemtray.exe
"2074"= systemup.exe
"2075"= systime.exe
"2076"= systool.exe
"2077"= systra.exe
"2078"= systray32.exe
"2079"= systune.exe
"2080"= sysupd.exe
"2081"= sysupdate.exe
"2082"= sysvcs.exe
"2083"= syswin.exe
"2084"= sywsvcs.exe
"2085"= szchost.exe
"2086"= t8nascmw.exe
"2087"= ta.exe
"2088"= tapicfg.exe
"2089"= targetsaver.exe
"2090"= task.exe
"2091"= task32.exe
"2092"= taskbar.exe
"2093"= taskcntr.exe
"2094"= taskdrv32.exe
"2095"= tasker.exe
"2096"= taskg.exe
"2097"= taskgmr.exe
"2098"= taskmngr.exe
"2099"= taskmon.exe
"2100"= tbon.exe
"2101"= tbps.exe
"2102"= tcpservice2.exe
"2103"= teekids.exe
"2104"= temp.exe
"2105"= testing.exe
"2106"= tmp.exe
"2107"= tmp11e.exe
"2108"= tmp333.exe
"2109"= tool.exe
"2110"= tool3.exe
"2111"= trans.exe
"2112"= translator.exe
"2113"= trickler.exe
"2114"= ts.exe
"2115"= ts2.exe
"2116"= tsa.exe
"2117"= tsadbot.exe
"2118"= tsinstall_4_0_3_8_b17.exe
"2119"= tskdbg.exe
"2120"= tskmgr32.exe
"2121"= tsl2.exe
"2122"= tsm2.exe
"2123"= tsuninst.exe
"2124"= tsupdate_4_0_3_9_b2.exe
"2125"= tsysytd8.exe
"2126"= tt_reco.exe
"2127"= tv media display.exe
"2128"= tvm.exe
"2129"= tvm_b5.exe
"2130"= tvm_b5_bundle_17.exe
"2131"= tvmedia.exe
"2132"= tvmupdater.exe
"2133"= twain_16.exe
"2134"= twunk_64.exe
"2135"= u6c9mpll.exe
"2136"= uc.exe
"2137"= uc1362.exe
"2138"= ucsi.exe
"2139"= udcpas.exe
"2140"= udcsdr.exe
"2141"= uinfo?.exe
"2142"= uj4tgbhc.exe
"2143"= umqltg4cl_.exe
"2144"= umxfwhlp.exe
"2145"= unins001.exe
"2146"= uninsc.exe
"2147"= uninstdsk.exe
"2148"= unpacked-svc.exe
"2149"= unstall.exe
"2150"= uopcjly.exe
"2151"= updater.exe
"2152"= updatexp.exe
"2153"= updinst.exe
"2154"= updmgr.exe
"2155"= updtscheduler.exe
"2156"= upgrade1.exe
"2157"= upgrade3.exe
"2158"= usbn.exe
"2159"= userint32.exe
"2160"= usofrpyqzgrhcumw.exe
"2161"= uvu-channel.exe
"2162"= uwfx5.exe
"2163"= vabctqp.exe
"2164"= vb2.exe
"2165"= vbouncer.exe
"2166"= vbstub.exe
"2167"= vcclient.exe
"2168"= vcmpin.exe
"2169"= vco8n6ix.exe
"2170"= video.exe
"2171"= vidmon.exe
"2172"= vmlib.exe
"2173"= vmss.exe
"2174"= voclslqn.exe
"2175"= vsnpstd2.exe
"2176"= w.exe
"2177"= w11150.exe
"2178"= w181609.stub.exe
"2179"= w32_systm.exe
"2180"= w32backdoor-axc.trojan.exe
"2181"= w32backdoor-axg.trojan.exe
"2182"= w32backdoor-axh.trojan.exe
"2183"= w32backdoor-dvl.exe
"2184"= w32backdoor-egl.exe
"2185"= pnc.exe
"2186"= w32backdoor-egv.exe
"2187"= w32backdoor-hd.trojan.exe
"2188"= w32backdoor-jz.trojan.exe
"2189"= w32backdoor-nt.exe
"2190"= w32backdoor-ny.exe
"2191"= w32backdoor-yx.exe
"2192"= w32banito-k.trojan.exe
"2193"= w32banito-p.exe
"2194"= w32downloader-ggs.exe
"2195"= w32downloader-gns.exe
"2196"= w32downloader-gpq.exe
"2197"= w32haxdoor-ft.exe
"2198"= w32hupigon-ar.exe
"2199"= w32hupigon-cj.exe
"2200"= w32istbar-la.exe
"2201"= w32lecna-a.exe
"2202"= w32time.exe
"2203"= wareout.exe
"2204"= watch_free_porn.exe
"2205"= wauclt.exe
"2206"= wdfmrg.exe
"2207"= weatherstudio desktop.exe
"2208"= web.exe
"2209"= webbullion.exe
"2210"= webinstall.exe
"2211"= weblookup.exe
"2212"= webpmger.exe
"2213"= webrebates.exe
"2214"= wfdmgr.exe
"2215"= whagent.exe
"2216"= whg14100.exe
"2217"= whse.exe
"2218"= whsurvey.exe
"2219"= wid32.exe
"2220"= wimanager.exe
"2221"= win.com
"2222"= win.exe
"2223"= win24.exe
"2224"= win32.exe
"2225"= win32api.exe
"2226"= win32debug.exe
"2227"= win32us.exe
"2228"= winactive.exe
"2229"= winad.exe
"2230"= winadalt.exe
"2231"= winadctl.exe
"2232"= winadm.exe
"2233"= winadserv.exe
"2234"= winadslave.exe
"2235"= winadtools.exe
"2236"= winav.exe
"2237"= win-bugsfix.exe
"2238"= wincfg32.exe
"2239"= wincomm.exe
"2240"= wincomp.exe
"2241"= winctlad.exe
"2242"= winctladalt.exe
"2243"= winctrl?.exe
"2244"= wind2ll2.exe
"2245"= windbg32.exe
"2246"= winde.exe
"2247"= windefault.exe
"2248"= windio778.exe
"2249"= windir32.exe
"2250"= windirect.exe
"2251"= windows.exe
"2252"= windowsupdated32.exe
"2253"= winds.exe
"2254"= windspl.exe
"2255"= winex.exe
"2256"= winexec.exe
"2257"= winexec32.exe
"2258"= winfixer
"2259"= winform.exe
"2260"= winfrw.exe
"2261"= wingate.exe
"2262"= wingo.exe
"2263"= winhost.exe
"2264"= winhound.exe
"2265"= wininfo.exe
"2266"= wininit32.exe
"2267"= winldr.exe
"2268"= winldra.exe
"2269"= winlock.exe
"2270"= winlogin.exe
"2271"= winlogonn.exe
"2272"= winlogons.exe
"2273"= winmain.exe
"2274"= winmgm32.exe
"2275"= winnet.exe
"2276"= winnt.exe
"2277"= winoie789.exe
"2278"= winole.exe
"2279"= winotify.exe
"2280"= winpack.exe
"2281"= winproc32.exe
"2282"= winpsd.exe
"2283"= winpup32.exe
"2284"= winrarshell32.exe
"2285"= winratchet.exe
"2286"= winrecon.exe
"2287"= winresw.exe
"2288"= winrpc.exe
"2289"= winsched.exe
"2290"= winserv.exe
"2291"= winservices.exe
"2292"= winservn.exe
"2293"= winservs.exe
"2294"= winservsuit.exe
"2295"= winsetup.exe
"2296"= winsfc.exe
"2297"= winshost.exe
"2298"= winsocks.exe
"2299"= winspector.exe
"2300"= winsrv32.exe
"2301"= winssk32.exe
"2302"= winstall.exe
"2303"= winstart.exe
"2304"= winstart001.exe
"2305"= winstat.exe
"2306"= winstatkeep.exe
"2307"= winsupdater.exe
"2308"= winsvc.exe
"2309"= winsvc32.exe
"2310"= winsvr.exe
"2311"= winsys.exe
"2312"= winsys2.exe
"2313"= winsys32.exe
"2314"= wintask.exe
"2315"= wintaskad.exe
"2316"= wintbp.exe
"2317"= wintems.exe
"2318"= wintime.exe
"2319"= wintools.exe
"2320"= wintoolsa.exe
"2321"= wintrust32.exe
"2322"= wintsk32.exe
"2323"= wintsvtr.exe
"2324"= winupdate.exe
"2325"= winupdates.exe
"2326"= winupdt.exe
"2327"= winupdtl.exe
"2328"= winwan.exe
"2329"= winxp.exe
"2330"= 81859749.EXE
"2331"= winzip_tmp.exe
"2332"= wiseupdt.exe
"2333"= wkssvc.exe
"2334"= wkssvc32.exe
"2335"= wmon32.exe
"2336"= wo.exe
"2337"= word.exe
"2338"= wovax.exe
"2339"= wp.exe
"2340"= wpa.exe
"2341"= wpd.exe
"2342"= wrapperouter.exe
"2343"= wrgrci.exe
"2344"= wsebate2.exe
"2345"= wsup.exe
"2346"= wsupdate.exe
"2347"= wsxsvc.exe
"2348"= wsys.exe
"2349"= wtools.exe
"2350"= wtoolsa 1.0.8.11.exe
"2351"= wtoolsa.exe
"2352"= wtoolss.exe
"2353"= wtssvtr.exe
"2354"= wuactl2.exe
"2355"= wuamgrd.exe
"2356"= wuamkop.exe
"2357"= wuauclt2.exe
"2358"= wupdate.exe
"2359"= wupdated.exe
"2360"= wupdater.exe
"2361"= wupdates.exe
"2362"= wupdt.exe
"2363"= wups.exe
"2364"= x234cpiroff.exe
"2365"= xfullgames.exe
"2366"= xhrmy.exe
"2367"= xmailer.exe
"2368"= xpujbkz6.exe
"2369"= xtcfgloader.exe
"2370"= xtmbgajp.exe
"2371"= xupiterstartup.exe
"2372"= xupitertoolbarloader.exe
"2373"= xvid-1.0.3-beta3-setup.exe
"2374"= xwrm.exe
"2375"= xxx.exe
"2376"= xzciqim.exe
"2377"= xzz.exe
"2378"= y.exe
"2379"= y38p3fqy.exe
"2380"= yaemu.exe
"2381"= ystckao32.exe
"2382"= zango.exe
"2383"= zangohook.exe
"2384"= zangoinstaller.exe
"2385"= zangotb.exe
"2386"= zangotbinstaller.exe
"2387"= zangotbuninstaller.exe
"2388"= zanu.exe
"2389"= zanuhook.exe
"2390"= zb9uu7p0.exe
"2391"= zcbridge.exe
"2392"= zcz.exe
"2393"= zeta.exe
"2394"= zhopaizdupla.exe
"2395"= lvhf.cmd
"2396"= 2aaxaiy.exe
"2397"= 2.bat
"2398"= 1utbfd.bat
"2399"= 0bcobed.exe
"2400"= ib8979.exe
"2401"= j6445622.exe
"2402"= o4445627.exe
"2403"= 2u.com
"2404"= program files.exe
"2405"= winsmss.exe
"2406"= document.exe
"2407"= Gerger_files.exe
"2408"= drvspace.com
"2409"= EraleuH.exe
"2410"= PowerPoint temlates.exe
"2411"= Excel templates.exe
"2412"= My Media Files.exe
"2413"= MP3 Files.exe
"2414"= Admin Files.exe
"2415"= filesrv32.exe
"2416"= My Documents.exe
"2417"= Important Documents.exe
"2418"= Saved Documents.exe
"2419"= My Videos.exe
"2420"= System Volume Information.cmd
"2421"= System Volume Information.bat
"2422"= System Volume Information.com
"2423"= System Volume Information.exe
"2424"= ChiNiu.exe
"2425"= winomc.exe
"2426"= vang anh.exe
"2427"= autorun.inf.bat
"2428"= autorun.inf.com
"2429"= autorun.inf.cmd
"2430"= autorun.inf.exe
"2431"= autorun.ini.bat
"2432"= autorun.ini.com
"2433"= autorun.ini.cmd
"2434"= autorun.ini.exe
"2435"= desktop.ini.exe
"2436"= desktop.ini.bat
"2437"= desktop.ini.com
"2438"= desktop.ini.cmd
"2439"= ntos.exe
"2440"= fqmcnfl.exe
"2441"= jscuup.exe
"2442"= msbootlog.exe
"2443"= website.exe
"2444"= Mr.kokoro.exe
"2445"= MR.KOKORO website.exe
"2446"= jjxzwzjy090223.exe
"2447"= usbmon.exe
"2448"= kb2006a.exe
"2449"= GOBACK.EXE
"2450"= SSERVER.EXE
"2451"= GOST.EXE
"2452"= lap.exe
"2453"= 91255398.EXE
"2454"= newdev.exe
"2455"= my game.exe
"2456"= my games.exe
"2457"= xn9uu8.exe
"2458"= xdw.com
"2459"= xcisvxl.com
"2460"= x2csvg.exe
"2461"= w.exe
"2462"= w98.com
"2463"= w2.com
"2464"= ve.exe
"2465"= uxkl0apt.bat
"2466"= uvsqfgwd.cmd
"2467"= ur0.com
"2468"= upw.bat
"2469"= ujyew68.cmd
"2470"= u.com
"2471"= tx.bat
"2472"= sbju2.exe
"2473"= rveunh.com
"2474"= rcvk.exe
"2475"= qxty9be.cmd
"2476"= qphdin.com
"2477"= qoes.bat
"2478"= q0dhfjf.exe
"2479"= pook.com
"2480"= opgde.exe
"2481"= o8.bat
"2482"= o3n9k.com
"2483"= mk.com
"2484"= minm.cmd
"2485"= m0vnonh.bat
"2486"= luk1ylq.com
"2487"= ltdjr2ia.exe
"2488"= lhylec9x.cmd
"2489"= jodi2nb.com
"2490"= jm3cx96.bat
"2491"= jeorels.cmd
"2492"= je9.com
"2493"= j60osk9.cmd
"2494"= iq.bat
"2495"= i.com
"2496"= i6g6x.cmd
"2497"= hyetn1i.exe
"2498"= hl80c6b1.com
"2499"= gy.exe
"2500"= gi2ky.exe
"2501"= gfqgq.cmd
"2502"= gc6.cmd
"2503"= em8tqm.cmd
"2504"= ej.com
"2505"= dy9.cmd
"2506"= dbrxubcw.com
"2507"= cv22.cmd
"2508"= cqxj.exe
"2509"= bvc0gyp.bat
"2510"= bg3e9.bat
"2511"= bd3q0qix.exe
"2512"= a2h2.com
"2513"= a1agmur.cmd
"2514"= 210ebnkd.com
"2515"= 93to.bat
"2516"= 6tbvtj.cmd
"2517"= 2nw3rjta.cmd
"2518"= 2fiy.bat
"2519"= 82521011.EXE
"2520"= 43980195.EXE
"2521"= REGEDT.EXE
"2522"= Cfg.exe
"2523"= kbdsys.exe
"2524"= Read1st!.exe
"2525"= hlpsvc2.exe
"2526"= hlpsvc1.exe
"2527"= Classified.exe
"2528"= option.bat
"2529"= sysinf.bat
"2530"= pagefile.exe
"2531"= kavupda.exe
"2532"= HelpCat.exe
"2533"= ????8.exe
"2534"= SKServer.exe
"2535"= msddrv42.exe
"2536"= Romantic.exe
"2537"= WPV001253926400.EXE
"2538"= DPLTAINEXI-517.PMS.EXE
"2539"= 96971452.EXE
"2540"= sasnative32.exe
"2541"= clc32.exe
"2542"= m9ma.exe
"2543"= 6fnlpetp.exe
"2544"= xlk9.com
"2545"= ahnrpta.exe
"2546"= olhrwef.exe
"2547"= vamsoft.exe
"2548"= vsse33.exe
"2549"= wpv791239289922.exe
"2550"= wpv29125338862.exe
"2551"= wpv481254425989.exe
"2552"= wpv261254042811.exe
"2553"= ikowin32.exe
"2554"= lizkavd.exe
"2555"= restorer32_a.exe
"2556"= DPLTNOQDBS-327.PMS.EXE
"2557"= WINBQB0SCA.EXE
"2558"= WJQS.EXE
"2559"= SERES.EXE
"2560"= SVCST.EXE
"2561"= winzip.exe
"2562"= fun.xls.exe
"2563"= autorunme.exe
"2564"= MSwindows.exe
"2565"= player32.exe
"2566"= Home Video.exe
"2567"= EPL0RER.EXE
.

Edited by spencerp, 24 May 2012 - 02:04 PM.


#8 spencerp

spencerp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 24 May 2012 - 07:49 PM

Welp, thanks for all your help! I'll just move my "important" files to the other hard drive, and delete the hard drive volume that Windows 7 is on now... when booting up with the Windows 7 boot installation cd... and start all over again... It ain't like it's big deal anyway, I've only been fighting this crap for the past TWO F-ing weeks myself!! ... Thanks again everyone...Geesh, I even posted almost ALL the required logs in here myself without anyone telling me to do it to help save people the time... *eyeroll*

Edited by spencerp, 24 May 2012 - 07:52 PM.


#9 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 10,124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 AM

Posted 30 May 2012 - 08:10 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/454730 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#10 spencerp

spencerp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 30 May 2012 - 02:04 PM

Yes, I still need some help here. I've already formatted/deleted both hard drives at least 3 or 4 times now, did a clean install of Windows 7 at least 3 or 4 times... after deleting both hard drive volumes and formatting both hard drives... After the first time, the nasty trojans and viruses seemed to have regenerated and were back right away... So I had to delete the secondary hard drive volume, format it... once that was done... I moved my photos, videos, music to secondary hard drive again... Then deleted volume / formatted primary hard drive again whilst going through Windows 7 boot from installation cd > advanced options > delete/format drive for C:\ After windows 7 was installed again, I downloaded and installed Spyware Blaster and updated it. I installed the HOSTS file from that one site, to help prevent illegal activity, and etc. I also installed ZonedOut and installed the lists from ie-spyad_zo... But still manage to get all these cookies in my registry, and my computer is still slow as hell... :(. I also got blue screen of death randomly, after third fresh install of Windows 7... Gave BBCODE 7a... and something about bad boot sector in E:\ drive.. which would be my DVD burner drive.. So I uninstalled the driver for that, installed a brand new DVD/CD drive... I just got another blue screen of death running GMR after I uninstalled all my anti-virus programs... :( Here below are the logs...

###########################################################################################################################################################
BLUE SCREEN OF DEATH MESSAGE:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 1000008e
BCP1: C0000005
BCP2: 00000048
BCP3: 8D642A7C
BCP4: 00000000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\052912-14476-01.dmp
C:\Users\spencer\AppData\Local\Temp\WER-23852-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt


###########################################################################################################################################################
DDS LOG:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by spencer at 14:46:24 on 2012-05-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3317.2428 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3AEB22BF-4347-47AD-9057-D7040EA296F6} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\spencer\appdata\roaming\mozilla\firefox\profiles\qwiu6fm7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-5-28 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-28 257696]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-5-28 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-28 129976]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-5-28 1343400]
.
=============== Created Last 30 ================
.
2012-05-29 18:28:01 -------- d-----w- c:\programdata\GFI Software
2012-05-29 18:23:31 -------- d-----w- c:\program files\VS Revo Group
2012-05-29 07:50:28 14664 ----a-w- c:\windows\stinger.sys
2012-05-29 07:49:38 -------- d-----w- c:\program files\stinger
2012-05-29 06:59:40 -------- d-----w- c:\windows\pss
2012-05-29 06:31:44 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-29 06:05:45 -------- d-----w- C:\ie-spyad_zo
2012-05-29 05:50:16 115920 ----a-w- c:\windows\system32\MSINET.OCX
2012-05-29 05:50:15 -------- d-----w- c:\program files\EULAlyzer
2012-05-29 05:46:34 -------- d-----w- c:\program files\MRU-Blaster
2012-05-29 02:18:25 -------- d-----w- c:\windows\Panther
2012-05-29 00:45:14 -------- d-----w- c:\windows\system32\Wat
2012-05-29 00:27:18 -------- d-----w- c:\users\spencer\appdata\local\Google
2012-05-29 00:25:44 -------- d-----w- c:\programdata\AVAST Software
2012-05-29 00:25:44 -------- d-----w- c:\program files\AVAST Software
2012-05-29 00:07:39 -------- d-----w- c:\program files\Phyxion.net
2012-05-28 23:55:34 -------- d-----w- c:\users\spencer\appdata\roaming\Ad-Aware Antivirus
2012-05-28 23:44:34 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-05-28 23:44:24 -------- d-----w- c:\windows\PCHEALTH
2012-05-28 23:34:23 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-28 23:34:23 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-28 23:34:23 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-05-28 23:34:23 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-28 23:29:51 534528 ----a-w- c:\windows\system32\EncDec.dll
2012-05-28 23:29:50 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-28 23:29:27 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2012-05-28 23:28:04 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-28 23:28:04 123904 ----a-w- c:\windows\system32\poqexec.exe
2012-05-28 23:27:37 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-05-28 23:27:36 175616 ----a-w- c:\windows\system32\unrar.dll
2012-05-28 23:27:34 -------- d-----w- c:\program files\K-Lite Codec Pack
2012-05-28 23:27:33 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2012-05-28 23:21:26 -------- d-----w- c:\program files\Oracle
2012-05-28 23:21:10 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-28 23:21:10 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-28 23:15:16 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-28 23:15:16 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-28 23:08:30 -------- d-----w- c:\program files\VideoLAN
2012-05-28 23:05:58 -------- d-----w- c:\users\spencer\appdata\local\AOL
2012-05-28 23:04:32 -------- d-----w- c:\programdata\Viewpoint
2012-05-28 23:02:23 -------- d-sh--w- c:\windows\Installer
2012-05-28 23:02:23 -------- d-----w- c:\program files\common files\AOL
2012-05-28 22:54:25 -------- d-----w- c:\program files\Yahoo!
2012-05-28 22:51:22 -------- d-----w- c:\users\spencer\appdata\local\Mozilla
2012-05-28 22:42:59 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9227f785-3be7-48ef-927b-cc64938c026b}\mpengine.dll
2012-05-28 22:42:59 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-28 22:30:30 1002008 ----a-w- c:\windows\system32\igxpun.exe
2012-05-28 22:30:30 -------- d-----w- c:\windows\system32\x64
2012-05-28 22:29:58 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2012-05-28 22:29:58 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-05-28 22:29:58 -------- d-----w- c:\program files\SpywareBlaster
2012-05-28 22:27:20 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-05-28 22:27:20 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-28 22:27:20 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-28 22:27:19 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-05-28 22:27:19 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-05-28 22:27:19 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
==================== Find3M ====================
.
2012-03-31 04:39:37 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 02:36:11 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 10:23:11 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-17 07:27:18 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
============= FINISH: 14:47:09.18 ===============

###########################################################################################################################################################
ATTACH LOG:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/28/2012 6:26:01 PM
System Uptime: 5/29/2012 2:43:36 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0GM819
Processor: Intel® Core™2 Duo CPU E6550 @ 2.33GHz | CPU | 2333/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 443.877 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 153 GiB total, 74.943 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_29B4&SUBSYS_02111028&REV_02\3&172E68DD&0&18
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_29B4&SUBSYS_02111028&REV_02\3&172E68DD&0&18
Service:
.
Class GUID:
Description: PCI Serial Port
Device ID: PCI\VEN_8086&DEV_29B7&SUBSYS_02111028&REV_02\3&172E68DD&0&1B
Manufacturer:
Name: PCI Serial Port
PNP Device ID: PCI\VEN_8086&DEV_29B7&SUBSYS_02111028&REV_02\3&172E68DD&0&1B
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SBRE
Device ID: ROOT\LEGACY_SBRE\0000
Manufacturer:
Name: SBRE
PNP Device ID: ROOT\LEGACY_SBRE\0000
Service: SBRE
.
==== System Restore Points ===================
.
RP3: 5/28/2012 6:30:08 PM - Windows Update
RP4: 5/28/2012 7:12:20 PM - Windows Update
RP5: 5/28/2012 7:20:52 PM - Installed Java™ 7 Update 4
RP6: 5/28/2012 7:21:12 PM - Installed JavaFX 2.1.0
RP7: 5/28/2012 7:32:26 PM - Windows Update
RP8: 5/28/2012 8:25:37 PM - avast! Free Antivirus Setup
RP9: 5/28/2012 8:44:49 PM - Windows Update
RP10: 5/29/2012 1:15:15 AM - Installed Microsoft Fix it 50471
RP11: 5/29/2012 1:38:51 AM - Installed Microsoft Fix it 50475
RP12: 5/29/2012 2:56:32 AM - Installed Microsoft Fix it 50471
RP14: 5/29/2012 2:24:05 PM - Revo Uninstaller's restore point - SUPERAntiSpyware
RP16: 5/29/2012 2:25:07 PM - Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 1.61.0.1400
RP18: 5/29/2012 2:26:16 PM - Revo Uninstaller's restore point - Ad-Aware Antivirus
RP19: 5/29/2012 2:26:33 PM - Removed Ad-Aware Antivirus.
RP21: 5/29/2012 2:28:49 PM - Revo Uninstaller's restore point - Ad-Aware Browsing Protection
RP23: 5/29/2012 2:30:02 PM - Revo Uninstaller's restore point - CleanUp!
RP25: 5/29/2012 2:30:44 PM - Revo Uninstaller's restore point - ESET Online Scanner v3
RP27: 5/29/2012 2:31:36 PM - Revo Uninstaller's restore point - avast! Free Antivirus
RP28: 5/29/2012 2:32:11 PM - avast! Free Antivirus Setup
RP30: 5/29/2012 2:34:12 PM - Revo Uninstaller's restore point - Spybot - Search & Destroy
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Flash Player 11 ActiveX
AIM for Windows
Driver Sweeper version 3.2.0
EULAlyzer 2.2
Google Chrome
Google Update Helper
Intel® Graphics Media Accelerator Driver
Java Auto Updater
Java™ 7 Update 4
JavaFX 2.1.0
K-Lite Codec Pack 8.8.0 (Basic)
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 12.0.1 (x86 en-US)
MRU-Blaster v1.5 (Database 3.28.04)
Revo Uninstaller 1.94
SpywareBlaster 4.6
VLC media player 2.0.1
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
5/29/2012 2:47:14 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort2.
5/29/2012 2:43:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
5/29/2012 2:42:18 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147014847
5/28/2012 8:43:45 PM, Error: Service Control Manager [7023] -
5/28/2012 7:04:32 PM, Error: Service Control Manager [7030] - The Viewpoint Manager Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/28/2012 6:26:35 PM, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by 86413 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.24:123) is working properly.
.
==== End Of File ===========================

###########################################################################################################################################################

GMER LOG, Before uninstalling anti-virus software and getting blue screen of death message
:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-29 14:13:15
Windows 6.1.7601 Service Pack 1 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD5002ABYS-01B1B0 rev.02.03B02
Running: gmer.exe; Driver: C:\Users\spencer\AppData\Local\Temp\pwdirfog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x90027DF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x90C0BA5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x9002885E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9002D2E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9002D330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9002D422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9002D252]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x9002D374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9002D29A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x9002D3DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x90027E44]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x90C0BB34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x90027AD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x90027E90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9002AD1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x90028B02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9002D30E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x9002D352]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9002D446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9002D278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x9002D3AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9002D2C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x9002D400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x90C0BCA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x900289CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x90027EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x90027F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x90027B46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x90027CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x90027C92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x90027D5A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x90C0BD60]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x90027F74]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x90C0BBE0]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90C21D92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 828483C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82881D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82888D80 4 Bytes [F8, 7D, 02, 90] {CLC ; JGE 0x5; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82888DA8 4 Bytes [5A, BA, C0, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82888E08 4 Bytes [5E, 88, 02, 90] {POP ESI; MOV [EDX], AL; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82888E5C 8 Bytes [E4, D2, 02, 90, 30, D3, 02, ...] {IN AL, 0xd2; ADD DL, [EAX-0x6ffd2cd0]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82888E68 4 Bytes [22, D4, 02, 90]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82A15C64 5 Bytes JMP 90C1EC8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82A2E290 5 Bytes JMP 90C20764 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82A433D7 4 Bytes CALL 900291B5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82A5D1E0 4 Bytes CALL 900291CB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82AE711A 7 Bytes JMP 90C21D96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 B2847000 154 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 502B B284709B 135 Bytes [8B, FF, 55, 8B, EC, E8, 31, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 B2847123 629 Bytes [25, 84, B2, FE, 05, 34, 25, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 B2847399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F B28473FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE ...
? C:\Users\spencer\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
.text user32.dll!UnhookWindowsHookEx 75C8ADF9 5 Bytes [E9, 0A, 5C, 58, 8A] {JMP 0xffffffff8a585c0f}
.text user32.dll!UnhookWinEvent 75C8B750 5 Bytes [E9, A7, 4C, 58, 8A] {JMP 0xffffffff8a584cac}
.text user32.dll!SetWindowsHookExW 75C8E30C 5 Bytes [E9, F3, 24, 58, 8A] {JMP 0xffffffff8a5824f8}
.text user32.dll!SetWinEventHook 75C924DC 5 Bytes [E9, 17, DD, 57, 8A] {JMP 0xffffffff8a57dd1c}
.text user32.dll!SetWindowsHookExA 75CB6D0C 5 Bytes [E9, EF, 98, 55, 8A] {JMP 0xffffffff8a5598f4}
.text kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\sppsvc.exe[112] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000703FC
.text C:\Windows\system32\sppsvc.exe[112] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000701F8
.text C:\Windows\system32\sppsvc.exe[112] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Windows\system32\sppsvc.exe[112] USER32.dll!UnhookWindowsHookEx 75C8ADF9 5 Bytes JMP 000E0A08
.text C:\Windows\system32\sppsvc.exe[112] USER32.dll!UnhookWinEvent 75C8B750 5 Bytes JMP 000E03FC
.text C:\Windows\system32\sppsvc.exe[112] USER32.dll!SetWindowsHookExW 75C8E30C 5 Bytes JMP 000E0804
.text C:\Windows\system32\sppsvc.exe[112] USER32.dll!SetWinEventHook 75C924DC 5 Bytes JMP 000E01F8
.text C:\Windows\system32\sppsvc.exe[112] USER32.dll!SetWindowsHookExA 75CB6D0C 5 Bytes JMP 000E0600
.text C:\Windows\system32\csrss.exe[408] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[460] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[468] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[468] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[468] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[468] USER32.dll!UnhookWindowsHookEx 75C8ADF9 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[468] USER32.dll!UnhookWinEvent 75C8B750 5 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[468] USER32.dll!SetWindowsHookExW 75C8E30C 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[468] USER32.dll!SetWinEventHook 75C924DC 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[468] USER32.dll!SetWindowsHookExA 75CB6D0C 5 Bytes JMP 00050600
.text C:\Windows\system32\services.exe[532] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\services.exe[532] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\services.exe[532] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[548] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[548] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[548] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[548] USER32.dll!UnhookWindowsHookEx 75C8ADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\winlogon.exe[548] USER32.dll!UnhookWinEvent 75C8B750 5 Bytes JMP 001003FC
.text C:\Windows\system32\winlogon.exe[548] USER32.dll!SetWindowsHookExW 75C8E30C 5 Bytes JMP 00100804
.text C:\Windows\system32\winlogon.exe[548] USER32.dll!SetWinEventHook 75C924DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\winlogon.exe[548] USER32.dll!SetWindowsHookExA 75CB6D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\lsass.exe[576] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000B03FC
.text C:\Windows\system32\lsass.exe[576] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000B01F8
.text C:\Windows\system32\lsass.exe[576] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Windows\system32\lsass.exe[576] USER32.dll!UnhookWindowsHookEx 75C8ADF9 5 Bytes JMP 00060A08
.text C:\Windows\system32\lsass.exe[576] USER32.dll!UnhookWinEvent 75C8B750 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsass.exe[576] USER32.dll!SetWindowsHookExW 75C8E30C 5 Bytes JMP 00060804
.text C:\Windows\system32\lsass.exe[576] USER32.dll!SetWinEventHook 75C924DC 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsass.exe[576] USER32.dll!SetWindowsHookExA 75CB6D0C 5 Bytes JMP 00060600
.text C:\Windows\system32\lsm.exe[584] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsm.exe[584] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsm.exe[584] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[696] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[696] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[696] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[836] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[836] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[836] user32.dll!UnhookWindowsHookEx 75C8ADF9 5 Bytes JMP 001E0A08
.text C:\Windows\system32\svchost.exe[836] user32.dll!UnhookWinEvent 75C8B750 5 Bytes JMP 001E03FC
.text C:\Windows\system32\svchost.exe[836] user32.dll!SetWindowsHookExW 75C8E30C 5 Bytes JMP 001E0804
.text C:\Windows\system32\svchost.exe[836] user32.dll!SetWinEventHook 75C924DC 5 Bytes JMP 001E01F8
.text C:\Windows\system32\svchost.exe[836] user32.dll!SetWindowsHookExA 75CB6D0C 5 Bytes JMP 001E0600
.text C:\Windows\System32\svchost.exe[892] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[892] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[892] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[892] USER32.dll!UnhookWindowsHookEx 75C8ADF9 5 Bytes JMP 00330A08
.text C:\Windows\System32\svchost.exe[892] USER32.dll!UnhookWinEvent 75C8B750 5 Bytes JMP 003303FC
.text C:\Windows\System32\svchost.exe[892] USER32.dll!SetWindowsHookExW 75C8E30C 5 Bytes JMP 00330804
.text C:\Windows\System32\svchost.exe[892] USER32.dll!SetWinEventHook 75C924DC 5 Bytes JMP 003301F8
.text C:\Windows\System32\svchost.exe[892] USER32.dll!SetWindowsHookExA 75CB6D0C 5 Bytes JMP 00330600
.text C:\Windows\System32\svchost.exe[960] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000A03FC
.text C:\Windows\System32\svchost.exe[960] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000A01F8
.text C:\Windows\System32\svchost.exe[960] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[960] USER32.dll!UnhookWindowsHookEx 75C8ADF9 5 Bytes JMP 008C0A08
.text C:\Windows\System32\svchost.exe[960] USER32.dll!UnhookWinEvent 75C8B750 5 Bytes JMP 008C03FC
.text C:\Windows\System32\svchost.exe[960] USER32.dll!SetWindowsHookExW 75C8E30C 5 Bytes JMP 008C0804
.text C:\Windows\System32\svchost.exe[960] USER32.dll!SetWinEventHook 75C924DC 5 Bytes JMP 008C01F8
.text C:\Windows\System32\svchost.exe[960] USER32.dll!SetWindowsHookExA 75CB6D0C 5 Bytes JMP 008C0600
.text C:\Windows\system32\svchost.exe[988] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[988] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[988] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[988] USER32.dll!UnhookWindowsHookEx 75C8ADF9 5 Bytes JMP 009B0A08
.text C:\Windows\system32\svchost.exe[988] USER32.dll!UnhookWinEvent 75C8B750 5 Bytes JMP 009B03FC
.text C:\Windows\system32\svchost.exe[988] USER32.dll!SetWindowsHookExW 75C8E30C 5 Bytes JMP 009B0804
.text C:\Windows\system32\svchost.exe[988] USER32.dll!SetWinEventHook 75C924DC 5 Bytes JMP 009B01F8
.text C:\Windows\system32\svchost.exe[988] USER32.dll!SetWindowsHookExA 75CB6D0C 5 Bytes JMP 009B0600
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1016] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1016] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1016] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1016] USER32.dll!UnhookWindowsHookEx 75C8ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1016] USER32.dll!UnhookWinEvent 75C8B750 5 Bytes JMP 002003FC
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1016] USER32.dll!SetWindowsHookExW 75C8E30C 5 Bytes JMP 00200804
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1016] USER32.dll!SetWinEventHook 75C924DC 5 Bytes JMP 002001F8
.text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1016] USER32.dll!SetWindowsHookExA 75CB6D0C 5 Bytes JMP 00200600
.text C:\Windows\system32\svchost.exe[1148] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1148] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1148] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1148] USER32.dll!UnhookWindowsHookEx 75C8ADF9 5 Bytes JMP 004F0A08
.text C:\Windows\system32\svchost.exe[1148] USER32.dll!UnhookWinEvent 75C8B750 5 Bytes JMP 004F03FC
.text C:\Windows\system32\svchost.exe[1148] USER32.dll!SetWindowsHookExW 75C8E30C 5 Bytes JMP 004F0804
.text C:\Windows\system32\svchost.exe[1148] USER32.dll!SetWinEventHook 75C924DC 5 Bytes JMP 004F01F8
.text C:\Windows\system32\svchost.exe[1148] USER32.dll!SetWindowsHookExA 75CB6D0C 5 Bytes JMP 004F0600
.text C:\Windows\system32\svchost.exe[1228] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1228] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1228] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1304] kernel32.dll!SetUnhandledExceptionFilter 7559F4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1304] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1440] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\spoolsv.exe[1440] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\spoolsv.exe[1440] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1440] USER32.dll!UnhookWindowsHookEx 75C8ADF9 5 Bytes JMP 00140A08
.text C:\Windows\System32\spoolsv.exe[1440] USER32.dll!UnhookWinEvent 75C8B750 5 Bytes JMP 001403FC
.text C:\Windows\System32\spoolsv.exe[1440] USER32.dll!SetWindowsHookExW 75C8E30C 5 Bytes JMP 00140804
.text C:\Windows\System32\spoolsv.exe[1440] USER32.dll!SetWinEventHook 75C924DC 5 Bytes JMP 001401F8
.text C:\Windows\System32\spoolsv.exe[1440] USER32.dll!SetWindowsHookExA 75CB6D0C 5 Bytes JMP 00140600
.text C:\Windows\system32\svchost.exe[1476] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1476] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1476] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1476] USER32.dll!UnhookWindowsHookEx 75C8ADF9 5 Bytes JMP 00140A08
.text C:\Windows\system32\svchost.exe[1476] USER32.dll!UnhookWinEvent 75C8B750 5 Bytes JMP 001403FC
.text C:\Windows\system32\svchost.exe[1476] USER32.dll!SetWindowsHookExW 75C8E30C 5 Bytes JMP 00140804
.text C:\Windows\system32\svchost.exe[1476] USER32.dll!SetWinEventHook 75C924DC 5 Bytes JMP 001401F8
.text C:\Windows\system32\svchost.exe[1476] USER32.dll!SetWindowsHookExA 75CB6D0C 5 Bytes JMP 00140600
.text C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe[1548] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe[1548] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
.text C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe[1548] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe[1548] USER32.dll!UnhookWindowsHookEx 75C8ADF9 5 Bytes JMP 00240A08
.text C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe[1548] USER32.dll!UnhookWinEvent 75C8B750 5 Bytes JMP 002403FC
.text C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe[1548] USER32.dll!SetWindowsHookExW 75C8E30C 5 Bytes JMP 00240804
.text C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe[1548] USER32.dll!SetWinEventHook 75C924DC 5 Bytes JMP 002401F8
.text C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe[1548] USER32.dll!SetWindowsHookExA 75CB6D0C 5 Bytes JMP 00240600
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1560] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1560] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1560] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1560] USER32.dll!UnhookWindowsHookEx 75C8ADF9 5 Bytes JMP 000F0A08
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1560] USER32.dll!UnhookWinEvent 75C8B750 5 Bytes JMP 000F03FC
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1560] USER32.dll!SetWindowsHookExW 75C8E30C 5 Bytes JMP 000F0804
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1560] USER32.dll!SetWinEventHook 75C924DC 5 Bytes JMP 000F01F8
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1560] USER32.dll!SetWindowsHookExA 75CB6D0C 5 Bytes JMP 000F0600
.text C:\Windows\system32\taskhost.exe[1628] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskhost.exe[1628] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskhost.exe[1628] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[1628] USER32.dll!UnhookWindowsHookEx 75C8ADF9 5 Bytes JMP 000E0A08
.text C:\Windows\system32\taskhost.exe[1628] USER32.dll!UnhookWinEvent 75C8B750 5 Bytes JMP 000E03FC
.text C:\Windows\system32\taskhost.exe[1628] USER32.dll!SetWindowsHookExW 75C8E30C 5 Bytes JMP 000E0804
.text C:\Windows\system32\taskhost.exe[1628] USER32.dll!SetWinEventHook 75C924DC 5 Bytes JMP 000E01F8
.text C:\Windows\system32\taskhost.exe[1628] USER32.dll!SetWindowsHookExA 75CB6D0C 5 Bytes JMP 000E0600
.text C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe[1668] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe[1668] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
.text C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe[1668] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe[1668] USER32.dll!UnhookWindowsHookEx 75C8ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe[1668] USER32.dll!UnhookWinEvent 75C8B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe[1668] USER32.dll!SetWindowsHookExW 75C8E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe[1668] USER32.dll!SetWinEventHook 75C924DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe[1668] USER32.dll!SetWindowsHookExA 75CB6D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\Dwm.exe[1684] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\Dwm.exe[1684] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\Dwm.exe[1684] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1684] USER32.dll!UnhookWindowsHookEx 75C8ADF9 5 Bytes JMP 000F0A08
.text C:\Windows\system32\Dwm.exe[1684] USER32.dll!UnhookWinEvent 75C8B750 5 Bytes JMP 000F03FC
.text C:\Windows\system32\Dwm.exe[1684] USER32.dll!SetWindowsHookExW 75C8E30C 5 Bytes JMP 000F0804
.text C:\Windows\system32\Dwm.exe[1684] USER32.dll!SetWinEventHook 75C924DC 5 Bytes JMP 000F01F8
.text C:\Windows\system32\Dwm.exe[1684] USER32.dll!SetWindowsHookExA 75CB6D0C 5 Bytes JMP 000F0600
.text C:\Windows\Explorer.EXE[1904] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
.text C:\Windows\Explorer.EXE[1904] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
.text C:\Windows\Explorer.EXE[1904] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Windows\Explorer.EXE[1904] USER32.dll!UnhookWindowsHookEx 75C8ADF9 5 Bytes JMP 00110A08
.text C:\Windows\Explorer.EXE[1904] USER32.dll!UnhookWinEvent 75C8B750 5 Bytes JMP 001103FC
.text C:\Windows\Explorer.EXE[1904] USER32.dll!SetWindowsHookExW 75C8E30C 5 Bytes JMP 00110804
.text C:\Windows\Explorer.EXE[1904] USER32.dll!SetWinEventHook 75C924DC 5 Bytes JMP 001101F8
.text C:\Windows\Explorer.EXE[1904] USER32.dll!SetWindowsHookExA 75CB6D0C 5 Bytes JMP 00110600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1932] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1932] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1932] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1932] USER32.dll!UnhookWindowsHookEx 75C8ADF9 5 Bytes JMP 00AB0A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1932] USER32.dll!UnhookWinEvent 75C8B750 5 Bytes JMP 00AB03FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1932] USER32.dll!SetWindowsHookExW 75C8E30C 5 Bytes JMP 00AB0804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1932] USER32.dll!SetWinEventHook 75C924DC 5 Bytes JMP 00AB01F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1932] USER32.dll!SetWindowsHookExA 75CB6D0C 5 Bytes JMP 00AB0600
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2000] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2000] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 001601F8
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2000] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2000] USER32.dll!UnhookWindowsHookEx 75C8ADF9 5 Bytes JMP 002F0A08
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2000] USER32.dll!UnhookWinEvent 75C8B750 5 Bytes JMP 002F03FC
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2000] USER32.dll!SetWindowsHookExW 75C8E30C 5 Bytes JMP 002F0804
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2000] USER32.dll!SetWinEventHook 75C924DC 5 Bytes JMP 002F01F8
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2000] USER32.dll!SetWindowsHookExA 75CB6D0C 5 Bytes JMP 002F0600
.text C:\Windows\system32\svchost.exe[2524] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2524] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2524] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2524] USER32.dll!UnhookWindowsHookEx 75C8ADF9 5 Bytes JMP 00330A08
.text C:\Windows\system32\svchost.exe[2524] USER32.dll!UnhookWinEvent 75C8B750 5 Bytes JMP 003303FC
.text C:\Windows\system32\svchost.exe[2524] USER32.dll!SetWindowsHookExW 75C8E30C 5 Bytes JMP 00330804
.text C:\Windows\system32\svchost.exe[2524] USER32.dll!SetWinEventHook 75C924DC 5 Bytes JMP 003301F8
.text C:\Windows\system32\svchost.exe[2524] USER32.dll!SetWindowsHookExA 75CB6D0C 5 Bytes JMP 00330600
.text C:\Windows\system32\AUDIODG.EXE[2828] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Windows\System32\igfxtray.exe[2896] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 001603FC
.text C:\Windows\System32\igfxtray.exe[2896] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 001601F8
.text C:\Windows\System32\igfxtray.exe[2896] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Windows\System32\igfxtray.exe[2896] USER32.dll!UnhookWindowsHookEx 75C8ADF9 5 Bytes JMP 00190A08
.text C:\Windows\System32\igfxtray.exe[2896] USER32.dll!UnhookWinEvent 75C8B750 5 Bytes JMP 001903FC
.text C:\Windows\System32\igfxtray.exe[2896] USER32.dll!SetWindowsHookExW 75C8E30C 5 Bytes JMP 00190804
.text C:\Windows\System32\igfxtray.exe[2896] USER32.dll!SetWinEventHook 75C924DC 5 Bytes JMP 001901F8
.text C:\Windows\System32\igfxtray.exe[2896] USER32.dll!SetWindowsHookExA 75CB6D0C 5 Bytes JMP 00190600
.text C:\Windows\System32\hkcmd.exe[2904] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 001603FC
.text C:\Windows\System32\hkcmd.exe[2904] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 001601F8
.text C:\Windows\System32\hkcmd.exe[2904] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Windows\System32\hkcmd.exe[2904] USER32.dll!UnhookWindowsHookEx 75C8ADF9 5 Bytes JMP 00200A08
.text C:\Windows\System32\hkcmd.exe[2904] USER32.dll!UnhookWinEvent 75C8B750 5 Bytes JMP 002003FC
.text C:\Windows\System32\hkcmd.exe[2904] USER32.dll!SetWindowsHookExW 75C8E30C 5 Bytes JMP 00200804
.text C:\Windows\System32\hkcmd.exe[2904] USER32.dll!SetWinEventHook 75C924DC 5 Bytes JMP 002001F8
.text C:\Windows\System32\hkcmd.exe[2904] USER32.dll!SetWindowsHookExA 75CB6D0C 5 Bytes JMP 00200600
.text C:\Windows\System32\igfxpers.exe[2912] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 001603FC
.text C:\Windows\System32\igfxpers.exe[2912] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 001601F8
.text C:\Windows\System32\igfxpers.exe[2912] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Windows\System32\igfxpers.exe[2912] USER32.dll!UnhookWindowsHookEx 75C8ADF9 5 Bytes JMP 00200A08
.text C:\Windows\System32\igfxpers.exe[2912] USER32.dll!UnhookWinEvent 75C8B750 5 Bytes JMP 002003FC
.text C:\Windows\System32\igfxpers.exe[2912] USER32.dll!SetWindowsHookExW 75C8E30C 5 Bytes JMP 00200804
.text C:\Windows\System32\igfxpers.exe[2912] USER32.dll!SetWinEventHook 75C924DC 5 Bytes JMP 002001F8
.text C:\Windows\System32\igfxpers.exe[2912] USER32.dll!SetWindowsHookExA 75CB6D0C 5 Bytes JMP 00200600
.text C:\Windows\system32\igfxsrvc.exe[2944] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 001603FC
.text C:\Windows\system32\igfxsrvc.exe[2944] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 001601F8
.text C:\Windows\system32\igfxsrvc.exe[2944] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Windows\system32\igfxsrvc.exe[2944] USER32.dll!UnhookWindowsHookEx 75C8ADF9 5 Bytes JMP 001F0A08
.text C:\Windows\system32\igfxsrvc.exe[2944] USER32.dll!UnhookWinEvent 75C8B750 5 Bytes JMP 001F03FC
.text C:\Windows\system32\igfxsrvc.exe[2944] USER32.dll!SetWindowsHookExW 75C8E30C 5 Bytes JMP 001F0804
.text C:\Windows\system32\igfxsrvc.exe[2944] USER32.dll!SetWinEventHook 75C924DC 5 Bytes JMP 001F01F8
.text C:\Windows\system32\igfxsrvc.exe[2944] USER32.dll!SetWindowsHookExA 75CB6D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\SearchIndexer.exe[3072] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\SearchIndexer.exe[3072] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\SearchIndexer.exe[3072] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3072] USER32.dll!UnhookWindowsHookEx 75C8ADF9 5 Bytes JMP 00090A08
.text C:\Windows\system32\SearchIndexer.exe[3072] USER32.dll!UnhookWinEvent 75C8B750 5 Bytes JMP 000903FC
.text C:\Windows\system32\SearchIndexer.exe[3072] USER32.dll!SetWindowsHookExW 75C8E30C 5 Bytes JMP 00090804
.text C:\Windows\system32\SearchIndexer.exe[3072] USER32.dll!SetWinEventHook 75C924DC 5 Bytes JMP 000901F8
.text C:\Windows\system32\SearchIndexer.exe[3072] USER32.dll!SetWindowsHookExA 75CB6D0C 5 Bytes JMP 00090600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3100] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3100] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3100] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3100] USER32.dll!UnhookWindowsHookEx 75C8ADF9 5 Bytes JMP 00320A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3100] USER32.dll!UnhookWinEvent 75C8B750 5 Bytes JMP 003203FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3100] USER32.dll!SetWindowsHookExW 75C8E30C 5 Bytes JMP 00320804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3100] USER32.dll!SetWinEventHook 75C924DC 5 Bytes JMP 003201F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3100] USER32.dll!SetWindowsHookExA 75CB6D0C 5 Bytes JMP 00320600
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3108] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3108] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3108] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3108] USER32.dll!UnhookWindowsHookEx 75C8ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3108] USER32.dll!UnhookWinEvent 75C8B750 5 Bytes JMP 001003FC
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3108] USER32.dll!SetWindowsHookExW 75C8E30C 5 Bytes JMP 00100804
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3108] USER32.dll!SetWinEventHook 75C924DC 5 Bytes JMP 001001F8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3108] USER32.dll!SetWindowsHookExA 75CB6D0C 5 Bytes JMP 00100600
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3120] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3320] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3320] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3320] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3320] USER32.dll!UnhookWindowsHookEx 75C8ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3320] USER32.dll!UnhookWinEvent 75C8B750 5 Bytes JMP 001003FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3320] USER32.dll!SetWindowsHookExW 75C8E30C 5 Bytes JMP 00100804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3320] USER32.dll!SetWinEventHook 75C924DC 5 Bytes JMP 001001F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3320] USER32.dll!SetWindowsHookExA 75CB6D0C 5 Bytes JMP 00100600
.text C:\Windows\system32\svchost.exe[3372] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[3372] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[3372] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Users\spencer\Desktop\gmer.exe[3488] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 001603FC
.text C:\Users\spencer\Desktop\gmer.exe[3488] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 001601F8
.text C:\Users\spencer\Desktop\gmer.exe[3488] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Users\spencer\Desktop\gmer.exe[3488] USER32.dll!UnhookWindowsHookEx 75C8ADF9 5 Bytes JMP 00210A08
.text C:\Users\spencer\Desktop\gmer.exe[3488] USER32.dll!UnhookWinEvent 75C8B750 5 Bytes JMP 002103FC
.text C:\Users\spencer\Desktop\gmer.exe[3488] USER32.dll!SetWindowsHookExW 75C8E30C 5 Bytes JMP 00210804
.text C:\Users\spencer\Desktop\gmer.exe[3488] USER32.dll!SetWinEventHook 75C924DC 5 Bytes JMP 002101F8
.text C:\Users\spencer\Desktop\gmer.exe[3488] USER32.dll!SetWindowsHookExA 75CB6D0C 5 Bytes JMP 00210600
.text C:\Windows\System32\svchost.exe[3576] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[3576] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[3576] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3576] user32.dll!UnhookWindowsHookEx 75C8ADF9 5 Bytes JMP 001C0A08
.text C:\Windows\System32\svchost.exe[3576] user32.dll!UnhookWinEvent 75C8B750 5 Bytes JMP 001C03FC
.text C:\Windows\System32\svchost.exe[3576] user32.dll!SetWindowsHookExW 75C8E30C 5 Bytes JMP 001C0804
.text C:\Windows\System32\svchost.exe[3576] user32.dll!SetWinEventHook 75C924DC 5 Bytes JMP 001C01F8
.text C:\Windows\System32\svchost.exe[3576] user32.dll!SetWindowsHookExA 75CB6D0C 5 Bytes JMP 001C0600
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[3800] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000D03FC
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[3800] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 000D01F8
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[3800] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[3800] USER32.dll!UnhookWindowsHookEx 75C8ADF9 5 Bytes JMP 00170A08
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[3800] USER32.dll!UnhookWinEvent 75C8B750 5 Bytes JMP 001703FC
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[3800] USER32.dll!SetWindowsHookExW 75C8E30C 5 Bytes JMP 00170804
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[3800] USER32.dll!SetWinEventHook 75C924DC 5 Bytes JMP 001701F8
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[3800] USER32.dll!SetWindowsHookExA 75CB6D0C 5 Bytes JMP 00170600
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] ntdll.dll!LdrUnloadDll 76F9C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] ntdll.dll!LdrLoadDll 76FA223E 5 Bytes JMP 687AC930 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] kernel32.dll!MapViewOfFile 755993DB 5 Bytes JMP 689DE083 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] kernel32.dll!VirtualAlloc 7559C43A 5 Bytes JMP 689DE0AA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] kernel32.dll!GetBinaryTypeW + 70 755B69F4 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] USER32.dll!UnhookWindowsHookEx 75C8ADF9 5 Bytes JMP 00230A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] USER32.dll!UnhookWinEvent 75C8B750 5 Bytes JMP 002303FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] USER32.dll!SetWindowsHookExW 75C8E30C 5 Bytes JMP 00230804
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] USER32.dll!SetWinEventHook 75C924DC 5 Bytes JMP 002301F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] USER32.dll!SetWindowsHookExA 75CB6D0C 5 Bytes JMP 00230600
.text C:\Program Files\Mozilla Firefox\firefox.exe[3936] GDI32.dll!CreateDIBSection 753D8850 5 Bytes JMP 689DE00D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\RawIp SbFw.sys (GFI Firewall SDK TDI Firewall Driver/GFI Software)

---- Files - GMER 1.0.15 ----

File C:\avast! sandbox 0 bytes
File C:\avast! sandbox\S-1-5-21-1633101025-1195783859-2813656968-1001 0 bytes
File C:\avast! sandbox\S-1-5-21-1633101025-1195783859-2813656968-1001\r7 0 bytes
File C:\avast! sandbox\S-1-5-21-1633101025-1195783859-2813656968-1001\r7\dds.scr_{1fbd6f94-a9b6-11e1-8b0a-001e4fd81341} 0 bytes
File C:\avast! sandbox\snx_rhive 262144 bytes
File C:\avast! sandbox\snx_rhive.LOG1 9216 bytes
File C:\avast! sandbox\snx_rhive.LOG2 0 bytes
File C:\avast! sandbox\snx_rhive{1fbd6f96-a9b6-11e1-8b0a-001e4fd81341}.TM.blf 65536 bytes
File C:\avast! sandbox\snx_rhive{1fbd6f96-a9b6-11e1-8b0a-001e4fd81341}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\avast! sandbox\snx_rhive{1fbd6f96-a9b6-11e1-8b0a-001e4fd81341}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
File C:\avast! sandbox\snx_rhive{1fbd6f9c-a9b6-11e1-8b0a-001e4fd81341}.TM.blf 65536 bytes
File C:\avast! sandbox\snx_rhive{1fbd6f9c-a9b6-11e1-8b0a-001e4fd81341}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\avast! sandbox\snx_rhive{1fbd6f9c-a9b6-11e1-8b0a-001e4fd81341}.TMContainer00000000000000000002.regtrans-ms 524288 bytes

---- EOF - GMER 1.0.15 ----

#11 spencerp

spencerp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 30 May 2012 - 03:05 PM

Anyone? These are the cookies that keep coming back to my PC no matter what I do.. . :(

Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM

Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\100hot.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\101webstats.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\123count.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\123counts.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\247media.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\247realmedia.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\2o7.net
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\7adpower.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\7search.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\8ad.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\911promotion.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\acecounter.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\activemeter.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\ad-flow.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\ad-logics.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\adbrite.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\adbureau.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\adbutler.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\adbutler.de
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\adbutler.net
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\addynamix.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\adforce.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\adhostingsolutions.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\adinterax.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\adjuggler.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\adlegend.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\adminder.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\admodus.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\admonitor.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\admonitor.net
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\adorigin.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\adrevolver.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\ads.enliven.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\ads360.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\ads360.net
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\adserver.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\adservingcentral.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\adtech.de
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\adtrak.net
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\advertising.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\adviva.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\adviva.net
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\affiliatefuel.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\atdmt.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\aureate.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bankads.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bannerbank.net
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bfast.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bluestreak.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bpath.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bridgetrack.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\brilliantdigital.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\burstmedia.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\burstnet.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\centrport.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\centrport.net
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\cj.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\click2net.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\clickagents.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\clickfinders.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\comclick.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\cometcursor.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\cometcursor.net
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\cometcursors.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\cometcursors.net
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\commission-junction.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\commission-junction.net
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\commissionpartner.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\coremetrics.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\coremetrics.net
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\counted.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\cpxinteractive.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\dbbsrv.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\directnetadvertising.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\directnetadvertising.net
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\directtrack.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\doubleclick.co.uk
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\doubleclick.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\doubleclick.net
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\e-plus.cc
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\ebch.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\ebdv.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\ebdw.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\ebjp.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\ebkn.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\ebky.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\eblv.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\ebvr.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\ecwz.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\ecyb.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\eduy.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\eeev.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\engage.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\epilot.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\euniverseads.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\excite.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\ezhits4u.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\falkag.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\falkag.de
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\falkag.org
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastadvert.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.net
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\findwhat.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\flycast.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\flyswat.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\focalink.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\gator.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\gatoradvertisinginformationnetwork.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\hightrafficads.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\hitbox.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\hitboxcentral.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\hitslink.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\hotlog.ru
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\hotnaughtywives.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\hyperbanner.net
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\ibmx.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\icwb.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\icwo.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\icwp.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\iddh.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\idhh.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\ifiz.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\iguu.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\infinite-ads.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\internetfuel.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\link4ads.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\linkbuddies.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\linksynergy.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\lop.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\mainentrypoint.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\mainentrypoint.net
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\marketscore.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\marketscore.net
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\matchcraft.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\mediaplex.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\narrowcastmedia.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\offshoreclicks.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\opentracker.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\opentracker.net
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\overture.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\oxcash.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\partnercash.de
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\paycounter.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\paypopup.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\pointroll.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\popupsponsor.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\popuptraffic.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\porntrack.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\porntracker.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\preferences.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\pstats.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\qksrv.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\qksrv.net
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\questionmarket.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\radiate.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\realmedia.fr
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\realtracker.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\realtracker.net
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\res99.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\revenue.net
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\roispy.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\ru4.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\s005-01-4-11-234545-68181.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\samz.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\saoe.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\sbjr.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\sbnl.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\sbnt.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\sbvr.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\scbm.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\sckr.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\scrk.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\sdry.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\seld.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\servedfor.valuead.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\sex-in-www.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\sexlist.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\sextracker.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\sfux.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\sheat.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\sipo.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\smartadserver.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\smartclicks.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\smartclicks.net
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\smds.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\specificclick.net
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\specificpop.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\spermatrix.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\spylog.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\srib.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\srox.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\srsf.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\ssaw.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\ssby.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\surj.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\targetnet.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\targetnet.net
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\tbvg.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\tdak.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\tdko.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\tefs.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\tfil.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\thko.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\torc.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\track-star.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\tradedoubler.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\trafficmarketplace.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\trafficmp.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\trafficsupport.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\trafficvenue.net
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\trakkerd.net
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\tribalfusion.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\utopiad.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\valuead.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\valueclick.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\valueclick.ne.jp
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\valueclick.net
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\wbkb.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\webads.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\webtrendslive.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\wegcash.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\wegcash.net
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\wfix.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\wflu.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\x10.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\xxxcounter.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\xxxtoolbar.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\yieldmanager.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


Key Name:      	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\zedo.com
Class Name:    	<NO CLASS>
Last Write Time:   5/28/2012 - 6:31 PM
Value 0
  Name:        	<NO NAME>
  Type:        	REG_DWORD
  Data:        	0x5


#12 spencerp

spencerp
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:22 AM

Posted 30 May 2012 - 06:48 PM

I ran some tests and found that there are some bad sectors in hard drive... :( anyone know how to fix all this? i know i had some attitude before but it's really frustrating.. and then no one helps.. makes it worse.. :(

#13 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 10,124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 AM

Posted 04 June 2012 - 08:15 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users