Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect & other viruses


  • This topic is locked This topic is locked
29 replies to this topic

#1 Ryu747

Ryu747

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:08 PM

Posted 25 March 2012 - 06:03 PM

Hello everyone,

First, I would like to thank anyone reading this for taking to time to look at my problem. Also, this is my first time getting help from a forum so please let me know if you need any more info that I did not supply.

On a side note, I did follow the Preparation Guide, but had some issues with completing some of the tasks (I will explain later).

Now, onto my problems. A few nights ago a lightning storm caused my power to go out and come back on rapidly. I do not think this caused any problems with my hardware, but my virus issues started the day after the storm. My computer has blue screened 3 times since the storm (I never took the time to write down anything from the blue screen, but if it happens again I will) and I currently only know for a fact that I have a Google Redirect virus, but I believe I have more than that though. I had dealt with the Google Redirect virus a while back and managed to get rid of it, but it is back and different this time. The main reason I am getting help from a forum is because most of my programs literally won't open at all. About one third of my programs just won't open (in the task manager I can see the program start, but then it just disappears after a minute), the second third of my programs will say they have an error and will crash immediately, and the last third work fine. Please let me know if you need any more info from me about the problems. I will do my best to answer everything as thoroughly as possible.

Now back to my issues with the Preparation Guide. First, I don't know if something is effecting Windows Firewall because when I went to see if it is working it says "Update your Firewall settings," but when I click "Use recommended settings" I get an error saying "Windows Firewall can't change some of your settings. Error code 0x80070424." I use COMODO Antivirus, not sure if that is effecting the Firewall. Next, I was able to disable my CD emulation software like it asks, but the next task is to run DDS which ran fine, but did not give me any logs after completing. Finally, I am running Windows 7 Extreme Edition 64-bit so I do not have a GMER log as the Preparation Guide said not to run GMER on 64-bit Windows systems.

Therefore, I have no logs for anyone to read... what do I do now?


Thanks for your time.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:08 PM

Posted 26 March 2012 - 08:32 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



The next thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps


Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Ryu747

Ryu747
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:08 PM

Posted 26 March 2012 - 12:30 PM

Thank you for the quick reply!!

Alright. Both programs ran fine. Although, I don't recall ever having any FakeHDD viruses that hid all my files before so not sure if unhide.exe actually did anything, but I ran it like you asked.

Also, your instructions are conflicting as to the logs you want me to post so I will go on ahead and post both OTL.txt and Extras.txt.



/////////////
// OTL.txt //
/////////////

OTL logfile created on: 3/26/2012 12:11:12 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Ryu\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 59.14% Memory free
7.99 Gb Paging File | 5.97 Gb Available in Paging File | 74.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 396.13 Gb Free Space | 42.53% Space Free | Partition Type: NTFS

Computer Name: RYU-PC | User Name: Ryu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ryu\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Users\Ryu\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
PRC - C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Fraps\fraps.exe (Beepa P/L)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Users\Ryu\AppData\Local\Google\Chrome\Application\17.0.963.83\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Ryu\AppData\Local\Google\Chrome\Application\17.0.963.83\pdf.dll ()
MOD - C:\Users\Ryu\AppData\Local\Google\Chrome\Application\17.0.963.83\avutil-51.dll ()
MOD - C:\Users\Ryu\AppData\Local\Google\Chrome\Application\17.0.963.83\avformat-53.dll ()
MOD - C:\Users\Ryu\AppData\Local\Google\Chrome\Application\17.0.963.83\avcodec-53.dll ()
MOD - C:\Users\Ryu\AppData\Local\Google\Chrome\Application\17.0.963.83\gcswf32.dll ()
MOD - C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (Akamai) -- C:/Program Files (x86)/Common Files/Akamai/netsession_win_7de0ed9.dll ()
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Guard Agent) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (EaseUS Agent) -- C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (BrlAPI) -- C:\cygwin\bin\cygrunsrv.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1\WNt500x64\Sandra.sys File not found
DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (EUBKMON) -- C:\Windows\SysNative\drivers\EUBKMON.sys ()
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (AODDriver4.1) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (AODDriver4.01) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (EUFDDISK) -- C:\Windows\SysNative\drivers\EuFdDisk.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV:64bit: - (EUDSKACS) -- C:\Windows\SysNative\drivers\eudskacs.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV:64bit: - (EUBAKUP) -- C:\Windows\SysNative\drivers\eubakup.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (vmmouse) -- C:\Windows\SysNative\drivers\vmmouse.sys (VMware, Inc.)
DRV:64bit: - (vm3dmp) -- C:\Windows\SysNative\drivers\vm3dmp.sys (VMware, Inc.)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (iSSetup) -- C:\Windows\SysNative\drivers\iSSetup.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (O2MDRDR) -- C:\Windows\SysNative\drivers\o2mdx64.sys (O2Micro )
DRV:64bit: - (O2SDRDR) -- C:\Windows\SysNative\drivers\o2sdx64.sys (O2Micro)
DRV:64bit: - (nvamacpi) -- C:\Windows\SysNative\drivers\nvamacpi.sys (NVIDIA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rixdpcie) -- C:\Windows\SysNative\drivers\rixdpe64.sys (REDC)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC)
DRV:64bit: - (risdpcie) -- C:\Windows\SysNative\drivers\risdpe64.sys (REDC)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (ioatdma2) Intel® -- C:\Windows\SysNative\drivers\qd262x64.sys (Intel Corporation)
DRV:64bit: - (ioatdma1) -- C:\Windows\SysNative\drivers\qd162x64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (xfiltx64) -- C:\Windows\SysNative\drivers\xfiltx64.sys (VIA Technologies,Inc)
DRV:64bit: - (videX64) -- C:\Windows\SysNative\drivers\videX64.sys (VIA Technologies, Inc.)
DRV:64bit: - (MegaSR1) -- C:\Windows\SysNative\drivers\MegaSR1.sys (LSI Corporation, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (johci) -- C:\Windows\SysNative\drivers\johci.sys (JMicron )
DRV:64bit: - (viamrx64) -- C:\Windows\SysNative\drivers\viamrx64.sys (VIA Technologies inc,.ltd)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (ViPrtX64) -- C:\Windows\SysNative\drivers\ViPrtX64.sys (VIA Technologies, Inc.)
DRV:64bit: - (ViBusX64) -- C:\Windows\SysNative\drivers\ViBusX64.sys (VIA Technologies, Inc.)
DRV:64bit: - (ioatdma) Intel® -- C:\Windows\SysNative\drivers\qd260x64.sys (Intel Corporation)
DRV:64bit: - (Pnp680) -- C:\Windows\SysNative\drivers\PnP680.sys (Silicon Image, Inc)
DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\drivers\SiWinAcc.sys (Silicon Image, Inc)
DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\drivers\SiRemFil.sys (Silicon Image, Inc)
DRV:64bit: - (SI3132) -- C:\Windows\SysNative\drivers\SI3132.sys (Silicon Image, Inc)
DRV:64bit: - (Si3531) -- C:\Windows\SysNative\drivers\Si3531.sys (Silicon Image, Inc)
DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IAMTVE) Driver for Intel® -- C:\Windows\SysNative\drivers\IAMTVE.sys (Intel Corporation)
DRV:64bit: - (IAMTXPE) Driver for Intel® -- C:\Windows\SysNative\drivers\IAMTXPE.sys (Intel Corporation)
DRV:64bit: - (SI3114r) -- C:\Windows\SysNative\drivers\SI3114r.sys (Silicon Image, Inc)
DRV:64bit: - (SI3112r) -- C:\Windows\SysNative\drivers\SI3112r.sys (Silicon Image, Inc)
DRV:64bit: - (SISAGP) -- C:\Windows\SysNative\drivers\SISAGPX.SYS (Silicon Integrated Systems Corporation)
DRV:64bit: - (SI3114) -- C:\Windows\SysNative\drivers\SI3114.sys (Silicon Image, Inc.)
DRV:64bit: - (SI3124) -- C:\Windows\SysNative\drivers\SI3124.sys (Silicon Image, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (Si3124r5) -- C:\Windows\SysNative\drivers\Si3124r5.sys (Silicon Image, Inc)
DRV:64bit: - (hptmv) -- C:\Windows\SysNative\drivers\hptmv.sys (HighPoint Technologies, Inc.)
DRV:64bit: - (viaagp1) -- C:\Windows\SysNative\drivers\VIAAGP1.SYS (VIA Technologies, Inc.)
DRV - (NTIOLib_1_0_4) -- C:\Program Files (x86)\MSI\Live Update 4\LU4\NTIOLib_X64.sys (MSI)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (FLASHSYS) -- C:\Program Files (x86)\MSI\Live Update 4\LU4\Flashsys64.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 8A 28 CF 01 D5 96 33 46 87 48 FB 46 87 29 CD 2E [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 8A 28 CF 01 D5 96 33 46 87 48 FB 46 87 29 CD 2E [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 8A 28 CF 01 D5 96 33 46 87 48 FB 46 87 29 CD 2E [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 8A 28 CF 01 D5 96 33 46 87 48 FB 46 87 29 CD 2E [binary data]

IE - HKU\S-1-5-21-3289938013-2793733460-3881410025-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.win7extreme.project-os.org
IE - HKU\S-1-5-21-3289938013-2793733460-3881410025-1005\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 8A 28 CF 01 D5 96 33 46 87 48 FB 46 87 29 CD 2E [binary data]
IE - HKU\S-1-5-21-3289938013-2793733460-3881410025-1005\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3289938013-2793733460-3881410025-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3289938013-2793733460-3881410025-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-3289938013-2793733460-3881410025-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3289938013-2793733460-3881410025-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ryu\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ryu\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2012/03/21 11:45:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/02/25 16:55:26 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/12 16:42:04 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010/05/12 16:43:54 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010/05/12 16:42:52 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010/05/12 16:42:32 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2010/11/18 19:23:40 | 000,061,832 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
[2010/05/12 17:22:36 | 000,423,328 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2010/05/12 16:43:56 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ryu\AppData\Local\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ryu\AppData\Local\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ryu\AppData\Local\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ryu\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/09/12 17:25:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3289938013-2793733460-3881410025-1005\..\Toolbar\WebBrowser: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [Core Temp] C:\Program Files\Core Temp\Core Temp.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\.DEFAULT..\Run: [Update] C:\Users\Ryu\AppData\Roaming\Adobe\Adobe\zchvwceaw.dll (AGEIA Technologies, Inc.)
O4 - HKU\S-1-5-18..\Run: [Update] C:\Users\Ryu\AppData\Roaming\Adobe\Adobe\zchvwceaw.dll (AGEIA Technologies, Inc.)
O4 - HKU\S-1-5-21-3289938013-2793733460-3881410025-1005..\Run: [Akamai NetSession Interface] C:\Users\Ryu\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-3289938013-2793733460-3881410025-1005..\Run: [Messenger (Yahoo!)] File not found
O4 - HKU\S-1-5-21-3289938013-2793733460-3881410025-1005..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-3289938013-2793733460-3881410025-1005..\Run: [Update] C:\Users\Ryu\AppData\Roaming\Adobe\Adobe\zchvwceaw.dll (AGEIA Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3289938013-2793733460-3881410025-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3289938013-2793733460-3881410025-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-3289938013-2793733460-3881410025-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O8:64bit: - Extra context menu item: Download Using &BitSpirit - C:\Program Files (x86)\BitSpirit\bsurl.htm ()
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files (x86)\BitSpirit\bsurl.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - CC:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - CC:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{396A85EC-1B0B-4D6D-9786-E889A544E3D4}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93E993B7-B5E4-4EDE-9CFF-87A5A37D2C5A}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair64.dll (Stardock.net, Inc)
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/29 13:16:41 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2010/09/06 17:31:50 | 000,000,047 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (autocheck bootdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3289938013-2793733460-3881410025-1005\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/03/25 11:57:08 | 000,189,576 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\SysNative\drivers\EuFdDisk.sys
[2012/03/25 11:57:08 | 000,057,480 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\SysNative\drivers\eubakup.sys
[2012/03/25 11:57:08 | 000,019,592 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\SysNative\drivers\eudskacs.sys
[2012/03/25 11:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup 4.0
[2012/03/25 11:56:50 | 000,025,224 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\SysNative\fbnative.exe
[2012/03/25 11:56:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EaseUS
[2012/03/25 00:14:08 | 000,000,000 | ---D | C] -- C:\Users\Ryu\AppData\Local\Safe mirror
[2012/03/25 00:13:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cobian Backup 10
[2012/03/24 16:17:26 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/22 13:18:54 | 000,000,000 | ---D | C] -- C:\Users\Ryu\Documents\LOCO
[2012/03/22 12:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alaplaya
[2012/03/22 12:24:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alaplaya
[2012/03/22 11:31:50 | 000,000,000 | ---D | C] -- C:\Users\Ryu\AppData\Local\Akamai
[2012/03/22 11:30:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2012/03/21 19:30:11 | 000,000,000 | ---D | C] -- C:\Riot Games
[2012/03/21 19:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012/03/21 18:54:19 | 000,000,000 | ---D | C] -- C:\Users\Ryu\AppData\Local\PMB Files
[2012/03/21 18:54:12 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012/03/21 11:57:38 | 000,000,000 | ---D | C] -- C:\Users\Ryu\AppData\Local\COMODO
[2012/03/21 01:48:49 | 000,000,000 | ---D | C] -- C:\Users\Ryu\AppData\Local\Solid State Networks
[2012/03/20 11:36:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/03/20 11:31:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/03/20 11:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2012/03/20 11:31:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2012/03/20 11:31:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/03/20 11:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/03/12 19:34:40 | 000,000,000 | ---D | C] -- C:\Users\Ryu\Documents\Syndicate
[2012/03/11 20:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2012/03/11 18:08:40 | 000,000,000 | ---D | C] -- C:\Users\Ryu\Documents\Rockstar Games
[2012/03/11 17:34:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Rockstar Games
[2012/03/11 17:32:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2012/03/04 15:50:01 | 000,000,000 | ---D | C] -- C:\Users\Ryu\AppData\Local\Fallout3
[2012/03/04 09:23:36 | 000,000,000 | ---D | C] -- C:\Users\Ryu\AppData\Roaming\DarknessII
[2012/03/04 09:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
[2012/03/02 16:06:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Blacklight Retribution
[2012/03/01 23:53:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2012/02/28 13:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/26 12:16:16 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012/03/26 12:14:02 | 000,019,968 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/26 12:14:02 | 000,019,968 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/26 12:12:54 | 001,461,576 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/26 12:12:54 | 000,401,592 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/26 12:12:54 | 000,006,686 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/26 12:09:02 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/26 12:06:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/26 11:49:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3289938013-2793733460-3881410025-1005UA.job
[2012/03/26 11:36:02 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/25 20:49:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3289938013-2793733460-3881410025-1005Core.job
[2012/03/25 17:19:44 | 000,000,020 | ---- | M] () -- C:\Users\Ryu\defogger_reenable
[2012/03/25 16:53:00 | 000,004,096 | -HS- | M] () -- C:\{0B19A6AA-7EEA-4674-A117-4C3D0685ABC3}.CBM
[2012/03/25 12:00:48 | 000,477,696 | -HS- | M] () -- C:\EUMONBMP.SYS
[2012/03/25 11:57:05 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\EaseUS Todo Backup Free 4.0.lnk
[2012/03/24 03:24:49 | 469,334,214 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/22 12:28:43 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\LOCO.lnk
[2012/03/20 11:31:51 | 000,002,047 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
[2012/03/11 21:00:53 | 000,001,706 | ---- | M] () -- C:\Users\Ryu\Desktop\Syndicate.lnk
[2012/03/11 19:58:36 | 000,001,292 | ---- | M] () -- C:\Users\Ryu\Desktop\L.A. Noire.lnk
[2012/03/11 16:13:38 | 000,022,696 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2012/03/11 16:13:20 | 000,041,200 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
[2012/03/11 16:13:18 | 000,301,224 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2012/03/11 16:13:17 | 000,389,840 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2012/03/04 12:29:52 | 000,001,376 | ---- | M] () -- C:\Users\Ryu\Desktop\Darkness II.lnk
[2012/03/02 15:57:55 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/03/02 15:57:44 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/03/01 22:54:31 | 000,000,000 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\dplaysvr.lnk
[2012/02/28 13:50:54 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/02/28 13:50:42 | 000,669,184 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/25 17:19:44 | 000,000,020 | ---- | C] () -- C:\Users\Ryu\defogger_reenable
[2012/03/25 16:53:00 | 000,004,096 | -HS- | C] () -- C:\{0B19A6AA-7EEA-4674-A117-4C3D0685ABC3}.CBM
[2012/03/25 12:00:48 | 000,477,696 | -HS- | C] () -- C:\EUMONBMP.SYS
[2012/03/25 11:57:07 | 000,048,264 | ---- | C] () -- C:\Windows\SysNative\drivers\EUBKMON.sys
[2012/03/25 11:57:05 | 000,002,129 | ---- | C] () -- C:\Users\Public\Desktop\EaseUS Todo Backup Free 4.0.lnk
[2012/03/24 03:24:49 | 469,334,214 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/03/22 12:28:43 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\LOCO.lnk
[2012/03/20 11:31:51 | 000,002,047 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
[2012/03/11 21:00:53 | 000,001,706 | ---- | C] () -- C:\Users\Ryu\Desktop\Syndicate.lnk
[2012/03/11 19:58:36 | 000,001,292 | ---- | C] () -- C:\Users\Ryu\Desktop\L.A. Noire.lnk
[2012/03/04 12:29:52 | 000,001,376 | ---- | C] () -- C:\Users\Ryu\Desktop\Darkness II.lnk
[2012/03/02 15:57:41 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/03/01 22:54:45 | 000,000,000 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\dplaysvr.lnk
[2012/02/14 22:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012/02/14 21:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 21:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/02 13:28:50 | 000,000,372 | ---- | C] () -- C:\Users\Ryu\AppData\Local\tmp.ps
[2012/02/02 13:16:43 | 000,000,278 | ---- | C] () -- C:\Users\Ryu\AppData\Local\tmp.fx
[2012/01/31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/15 23:23:45 | 000,003,344 | ---- | C] () -- C:\Users\Ryu\AppData\Local\c5b9126a
[2012/01/15 23:23:45 | 000,003,342 | ---- | C] () -- C:\ProgramData\4cb6aab9
[2012/01/15 23:23:45 | 000,003,303 | ---- | C] () -- C:\Users\Ryu\AppData\Roaming\722b4a70
[2011/12/06 03:05:42 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/10/22 22:18:53 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/10/22 22:09:28 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011/10/18 11:41:49 | 000,000,091 | ---- | C] () -- C:\Users\Ryu\AppData\Local\fusioncache.dat
[2011/10/13 13:15:34 | 000,007,680 | ---- | C] () -- C:\Users\Ryu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/04/14 13:52:35 | 000,000,120 | ---- | C] () -- C:\Users\Ryu\AppData\Local\Pxode.dat
[2011/04/14 13:52:35 | 000,000,000 | ---- | C] () -- C:\Users\Ryu\AppData\Local\Bzesinufewo.bin
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/04/01 13:51:23 | 000,005,292 | -HS- | C] () -- C:\Users\Ryu\AppData\Local\s8ill4615guhv6nkf336uaa624c
[2011/04/01 13:51:23 | 000,005,292 | -HS- | C] () -- C:\ProgramData\s8ill4615guhv6nkf336uaa624c
[2010/12/04 23:45:42 | 000,007,598 | ---- | C] () -- C:\Users\Ryu\AppData\Local\Resmon.ResmonCfg
[2010/11/02 00:11:11 | 000,195,192 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/10/26 16:53:23 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/10/24 15:36:57 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/09/01 23:59:41 | 000,162,944 | ---- | C] () -- C:\Windows\Audio Converter Uninstaller.exe
[2010/09/01 16:25:06 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/08/29 02:48:38 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/08/29 02:48:32 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/08/29 02:48:31 | 002,444,656 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_apb.exe
[2010/08/29 01:22:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== Custom Scans ==========

< %TEMP%\smtmp\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:EA029835
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >



////////////////
// Extras.txt //
////////////////

OTL Extras logfile created on: 3/26/2012 12:11:12 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Ryu\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 59.14% Memory free
7.99 Gb Paging File | 5.97 Gb Available in Paging File | 74.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 396.13 Gb Free Space | 42.53% Space Free | Partition Type: NTFS

Computer Name: RYU-PC | User Name: Ryu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3289938013-2793733460-3881410025-1005\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\River Past\Audio Converter\AudioConverter.exe" = C:\Program Files\River Past\Audio Converter\AudioConverter.exe:*:Enabled:River Past Audio Converter -- (River Past Corporation)
"C:\Program Files\River Past\Audio Converter\AudioConverter.exe" = C:\Program Files\River Past\Audio Converter\AudioConverter.exe:*:Enabled:River Past Audio Converter -- (River Past Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.7
"{0C818871-6337-17AC-CA8C-A3942F15D92A}" = AMD Accelerated Video Transcoding
"{183C740A-0406-380F-A235-2EC2F8A28D13}" = Microsoft Windows SDK MSHelp (30514)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0908-000001000000}" = 7-Zip 9.08 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java™ 6 Update 21 (64-bit)
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{353D1262-B2D2-AD87-EB5E-6B1395AF9FAE}" = AMD Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{54FFD5AC-7350-52B9-FB8F-1A8A6CF1FB5B}" = AMD Media Foundation Decoders
"{551F4187-F029-4240-DEF9-836B5E43CB29}" = AMD Fuel
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5F92DAD2-FD95-DD12-50DF-A6F66C7E67C8}" = AMD Drag and Drop Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{64A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java™ SE Development Kit 6 Update 21 (64-bit)
"{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"{68570626-1BF6-310B-AF69-6CD686C04AEA}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
"{6C8D7973-31F9-32E1-A820-8DD857910323}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{84452C2C-BDCC-36F3-A189-CE15F02A47FB}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
"{84E30D73-E30F-3A02-BAA0-5353C04DD18A}" = Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{88387B3B-B110-392F-B919-1A15B48F21D4}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64
"{89026002-A893-42D9-9E20-6829B844735E}" = Application Verifier (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951E6223-AC28-345E-BCF4-B55C1267E321}" = Microsoft Windows SDK for Windows 7 Samples (30514)
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{A0B0F02C-410B-3DE3-9740-EC4C3D902532}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
"{A2C55034-8DAF-3755-BA85-CC321707FE99}" = Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{A9F1B5F6-0EE6-0409-BADD-F8BD360FACC3}" = Autodesk 3ds Max 2010 64-bit
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B9E591DD-DAAC-0409-B1B8-5667E359170B}" = Autodesk 3ds Max 2010 64-bit Components
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{D6DDB606-CD15-98C7-AA65-6B617EE8CDA5}" = ccc-utility64
"{D86B6C32-49BD-4A02-9C43-14E497018498}" = Windows 7 Manager
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{DE849015-10C0-4B37-A712-C8419834D42F}" = Diskeeper 2009 Pro Premier
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}" = Microsoft Device Emulator (64 bit) version 3.0 - ENU
"{F1C4B89A-8BF0-3D7C-8095-BAE412FBEA3F}" = Microsoft Windows SDK .NET Framework Tools (30514)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Audio Converter" = River Past Audio Converter
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010 64-bit" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010 64-bit
"CPU-Z" = CPU-Z
"Gpuz" = GPU-Z
"HDTune" = HDTune
"HWMonitor" = HWMonitor
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v3.0.0
"LockHunter_is1" = LockHunter version 1.0 beta 3, 64 bit edition
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"PC Wizard" = PC Wizard
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"UDK-0e38d02f-b85b-4a57-a9db-351eaa4412a0" = Dungeon Defense
"UDK-6d16ee5d-6b66-4f16-b2a7-b4781e48aa3b" = Unreal Development Kit: 2011-01
"UDK-dad62bbb-84f6-4b39-9758-4f95707acffb" = Unreal Development Kit: 2010-01
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{007BECB0-17DD-4230-9D2F-185287262B14}" = Microsoft XNA Game Studio 3.1 (Platformer)
"{030C0401-52A9-BE86-D8A7-52C0DA203275}" = CCC Help Swedish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0507A8FD-AA20-7691-C2AA-CDE6B5182675}" = Application Profiles
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DC16794-7E69-4534-82FA-9DD0500FF338}" = Microsoft XNA Game Studio 3.1 (Redists)
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{283153BB-CEE6-EE9C-81E8-4350D73354BA}" = CCC Help Turkish
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2B095022-00FF-45D5-8717-3A20DFCB8C6B}" = RIFT
"{2E402AA9-5C0E-45E7-8E70-C23FA0F265D5}" = Microsoft XNA Game Studio 3.1 (devenv)
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{370187B9-6964-38D0-851F-6C4898B0C2B1}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{39445575-7D3A-52AA-152B-7F9423D1AE69}" = CCC Help German
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{3C3FDF98-57CF-4FF4-9C95-167AE920ECCE}" = Dark GDK
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend Closed Beta
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3C9A3282-9DAE-F492-13F4-6D4D664AC15F}" = CCC Help Spanish
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{5236FA8C-4B70-E30E-93EF-F7D3A5E468C7}" = CCC Help Greek
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{578485F8-60F3-4C61-9183-0698E581B902}" = From Dust
"{586F0E27-0BC5-34DE-AA0B-96D14397910E}" = CCC Help Russian
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AF7EA0B-F009-CC00-E446-C2286AF80471}" = CCC Help Czech
"{5FC116F2-4508-A6FC-15FB-C64F05AB0F26}" = CCC Help Chinese Traditional
"{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{685ACA56-004C-4F80-2BC0-951BF278C03F}" = CCC Help Chinese Standard
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6BF04C63-EAC0-4F19-9E88-9A745493E7BF}" = IconPackager
"{6C90C4C4-559D-4FE8-A4BF-37550E74D1FC}" = Bloodline Champions
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6D1AFFC2-AC60-BC3B-2DC9-0D80A1E9CB16}" = CCC Help Thai
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{79CFDE3C-4602-85B2-ACF6-83D897B8B33A}" = CCC Help Korean
"{7E3D1F63-F805-42E1-8ADF-A3E9962C77AC}_is1" = MegaChinese_v2.0
"{7FD30AE7-281D-455F-AF9F-0C6C5E334EAD}" = Microsoft XNA Game Studio 3.1 Documentation
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8972B1C8-B899-0AA0-8596-BFC9AE3311F1}" = CCC Help Finnish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BABD70E-F698-48BC-89E9-7823E594FA71}" = Darkfall US
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F014E72-8456-431B-A985-EBBBFEAE85ED}" = Game Creators Dark GDK
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{915726DF-7891-444A-AA03-0DF1D64F561A}" = L.A. Noire
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92BE4E1B-AEFD-DA72-B805-948290A4BB13}" = CCC Help Hungarian
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9526B61A-1C35-96D1-531B-C8DB1D36C336}" = CCC Help Danish
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{95e9acd7-622b-48f6-9ef8-3fa6777df9ce}" = Nero 9 Trial
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Service Pack 1 Redistributable
"{9A295F81-04C8-FB18-2D1C-A33AA8A442CA}" = CCC Help French
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AF9BDE67-11A5-449A-B9F0-BE572A093DDB}" = Microsoft XNA Game Studio 3.1 (Shared Components)
"{B124E6D3-91B4-4E3C-AD03-BA959B223537}" = Citrix online plug-in (Web)
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C8C8EF-77E0-1C0D-1CFA-A39E2E898311}" = CCC Help Italian
"{B5AD9952-F716-9862-7ED7-734E0328CF7C}" = AMD VISION Engine Control Center
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{BED4CEEC-863F-4AB3-BA23-541764E2D2CE}" = Microsoft XNA Game Studio Platform Tools
"{C0E69600-E8D1-784D-829C-788D91D65051}" = CCC Help Polish
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C37B1C57-DD9B-D1E0-B933-8EA8D56E2222}" = CCC Help Norwegian
"{C53F001E-5912-4E76-AC49-9AC20B36B1A2}" = MSM2MSI_gstudio
"{CA3A3F20-566B-ABB1-A541-3D93C0D09EE5}" = CCC Help Japanese
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C4485B-16EB-31A8-C2DE-D778E8E4628B}" = Catalyst Control Center Localization All
"{D5395E5F-4D45-4665-8F00-234FA33678AF}" = SlimDX Redistributable (March 2009)
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DAF650C8-AFE5-3460-E1C4-B9716D2DA5D2}" = Catalyst Control Center InstallProxy
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DFB81F19-ED3A-4DA5-AFE4-1B999E2A8DC5}" = Microsoft XNA Game Studio 3.1 (XnaLiveProxy)
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0C6F271-FE15-B2D5-FF42-BCA40700DC51}" = CCC Help English
"{E1D0A4DC-97BD-CE37-3E89-87D3337E55CA}" = CCC Help Dutch
"{E1D78366-91DA-4AD0-B417-28155743CC22}" = Microsoft XNA Game Studio 3.1 (ARP entry)
"{E4197D6B-F046-33E7-ABDE-51FF373FDC76}" = Windows SDK IntellisenseNFX
"{E551D82D-4D56-4AF7-A2C9-8897D7A0CB00}" = Autodesk 3ds Max 2010 Tutorials Files
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6FA341F-8840-6B18-5BCE-C7CCEBDFE516}" = Catalyst Control Center Graphics Previews Common
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E8C3CF7A-9E8F-4C5D-8EC7-FF5A495E178C}" = VitalSource Bookshelf
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{ED15763E-A6ED-56D2-B0B5-C7D22D4CE248}" = CCC Help Portuguese
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0A4913F-46A5-48F2-BC73-EE41A6C81EB3}" = Microsoft DirectX SDK (August 2007)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Akamai" = Akamai NetSession Interface Service
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"AviSynth" = AviSynth 2.5
"BitSpirit_is1" = BitSpirit v3.6.0.550 Stable
"CCleaner" = CCleaner
"ClipX" = ClipX
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dear Esther_is1" = Dear Esther
"EaseUS Todo Backup Free 4.0_is1" = EaseUS Todo Backup Free 4.0
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Fallout New Vegas_is1" = Fallout New Vegas
"FMOD Programmers API Windows" = FMOD Programmers API Windows
"Fraps" = Fraps
"Game Maker 8.0" = Game Maker 8.0
"Gamestudio A8" = Gamestudio A8
"Hard Reset_is1" = Hard Reset
"IconPackager" = IconPackager
"InstallShield_{2B095022-00FF-45D5-8717-3A20DFCB8C6B}" = RIFT
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"JCreator LE_is1" = JCreator LE 5.00
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.5.0
"Liveupdate4_is1" = Liveupdate4
"LOCO" = LOCO EVOLUTION
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"MyScribe" = MyScribe
"New LEGO Digital Designer" = LEGO Digital Designer
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"Postal 2_is1" = Portal 2
"PunkBusterSvc" = PunkBuster Services
"Rockstar Games Social Club" = Rockstar Games Social Club
"Saints Row The Third_is1" = Saints Row The Third
"ST5UNST #1" = IITSort
"Steam App 102500" = Kingdoms of Amalur: Reckoning™
"Steam App 11910" = Lumines Demo
"Steam App 13210" = Unreal Tournament 3: Black Edition
"Steam App 20570" = Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
"Steam App 205790" = Dota 2 Test
"Steam App 31419" = Zombie Driver
"Steam App 35490" = The Ball Demo
"Steam App 39230" = Dungeon Siege III Demo
"Steam App 440" = Team Fortress 2
"Steam App 57210" = Puzzle Dimension Demo
"Steam App 6110" = Eets Demo
"Steam App 91900" = Post Apocalyptic Mayhem
"Syndicate_is1" = Syndicate
"The Darkness II_is1" = The Darkness II
"Trine 2_is1" = Trine 2
"UltraISO_is1" = UltraISO Premium V9.35
"UnityWebPlayer" = Unity Web Player (All users)
"Universal Extractor_is1" = Universal Extractor 1.6
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.1.11
"Warhammer Online - Wrath of Heroes" = Warhammer Online - Wrath of Heroes
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"XNA Game Studio 3.1" = Microsoft XNA Game Studio 3.1
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3289938013-2793733460-3881410025-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"JoinMe" = join.me
"Zentom System Guard" = Zentom System Guard

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/20/2012 3:42:31 PM | Computer Name = Ryu-PC | Source = Application Error | ID = 1000
Description = Faulting application name: League of Legends.exe, version: 1.0.0.136,
time stamp: 0x4f6794ba Faulting module name: zchvwceaw.dll, version: 2.5.0.6, time
stamp: 0x44bfe274 Exception code: 0xc0000005 Fault offset: 0x000010db Faulting process
id: 0xca8 Faulting application start time: 0x01cd06ceffa2fee9 Faulting application
path: C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.132\deploy\League
of Legends.exe Faulting module path: C:\Users\Ryu\AppData\Roaming\Adobe\Adobe\zchvwceaw.dll
Report
Id: d4646218-72c4-11e1-b08c-1c6f65217a4f

Error - 3/20/2012 3:42:42 PM | Computer Name = Ryu-PC | Source = Application Error | ID = 1000
Description = Faulting application name: java.exe, version: 6.0.170.4, time stamp:
0x4ad19f2f Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp:
0x4ce7ba58 Exception code: 0xc0000028 Fault offset: 0x00090821 Faulting process id:
0x1238 Faulting application start time: 0x01cd06d186f71bd2 Faulting application path:
C:\Program Files (x86)\Java\jre6\bin\java.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: db77db8e-72c4-11e1-b08c-1c6f65217a4f

Error - 3/20/2012 3:43:10 PM | Computer Name = Ryu-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LoLLauncher.exe, version: 0.0.0.0, time
stamp: 0x4e67a432 Faulting module name: zchvwceaw.dll, version: 2.5.0.6, time stamp:
0x44bfe274 Exception code: 0xc0000005 Fault offset: 0x00001094 Faulting process id:
0x1954 Faulting application start time: 0x01cd06d1a7e17e74 Faulting application path:
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.54\deploy\LoLLauncher.exe
Faulting
module path: C:\Users\Ryu\AppData\Roaming\Adobe\Adobe\zchvwceaw.dll Report Id: ec2a3dd4-72c4-11e1-b08c-1c6f65217a4f

Error - 3/20/2012 3:43:18 PM | Computer Name = Ryu-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LoLLauncher.exe, version: 0.0.0.0, time
stamp: 0x4e67a432 Faulting module name: zchvwceaw.dll, version: 2.5.0.6, time stamp:
0x44bfe274 Exception code: 0xc0000005 Fault offset: 0x00001094 Faulting process id:
0x1854 Faulting application start time: 0x01cd06d1b1be829d Faulting application path:
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.54\deploy\LoLLauncher.exe
Faulting
module path: C:\Users\Ryu\AppData\Roaming\Adobe\Adobe\zchvwceaw.dll Report Id: f067a949-72c4-11e1-b08c-1c6f65217a4f

Error - 3/20/2012 3:43:41 PM | Computer Name = Ryu-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LoLLauncher.exe, version: 0.0.0.0, time
stamp: 0x4e67a432 Faulting module name: zchvwceaw.dll, version: 2.5.0.6, time stamp:
0x44bfe274 Exception code: 0xc0000005 Fault offset: 0x00001094 Faulting process id:
0x18c8 Faulting application start time: 0x01cd06d1c05f71c0 Faulting application path:
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.54\deploy\LoLLauncher.exe
Faulting
module path: C:\Users\Ryu\AppData\Roaming\Adobe\Adobe\zchvwceaw.dll Report Id: fe8a8cf3-72c4-11e1-b08c-1c6f65217a4f

Error - 3/20/2012 3:43:48 PM | Computer Name = Ryu-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LoLLauncher.exe, version: 0.0.0.0, time
stamp: 0x4e67a432 Faulting module name: zchvwceaw.dll, version: 2.5.0.6, time stamp:
0x44bfe274 Exception code: 0xc0000005 Fault offset: 0x00001094 Faulting process id:
0x121c Faulting application start time: 0x01cd06d1c41841f4 Faulting application path:
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.54\deploy\LoLLauncher.exe
Faulting
module path: C:\Users\Ryu\AppData\Roaming\Adobe\Adobe\zchvwceaw.dll Report Id: 024558fe-72c5-11e1-b08c-1c6f65217a4f

Error - 3/20/2012 3:44:15 PM | Computer Name = Ryu-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LoLLauncher.exe, version: 0.0.0.0, time
stamp: 0x4e67a432 Faulting module name: zchvwceaw.dll, version: 2.5.0.6, time stamp:
0x44bfe274 Exception code: 0xc0000005 Fault offset: 0x00001094 Faulting process id:
0x1a2c Faulting application start time: 0x01cd06d1d48f962d Faulting application path:
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.54\deploy\LoLLauncher.exe
Faulting
module path: C:\Users\Ryu\AppData\Roaming\Adobe\Adobe\zchvwceaw.dll Report Id: 12a63eb3-72c5-11e1-b08c-1c6f65217a4f

Error - 3/20/2012 3:44:47 PM | Computer Name = Ryu-PC | Source = Wininit | ID = 1015
Description = A critical system process, C:\Windows\system32\lsass.exe, failed with
status code 1. The machine must now be restarted.

Error - 3/20/2012 3:46:53 PM | Computer Name = Ryu-PC | Source = MSSQL$SQLEXPRESS | ID = 8313
Description = Error in mapping SQL Server performance object/counter indexes to
object/counter names. SQL Server performance counters are disabled.

Error - 3/20/2012 3:46:53 PM | Computer Name = Ryu-PC | Source = MSSQL$SQLEXPRESS | ID = 3409
Description = Performance counter shared memory setup failed with error -1. Reinstall
sqlctr.ini for this instance, and ensure that the instance login account has correct
registry permissions.

[ Cobian Backup Boletus VSC Service Events ]
Error - 3/25/2012 9:35:56 AM | Computer Name = Ryu-PC | Source = Cobian Backup Boletus VSC Service | ID = 0
Description = Deletion of snapshot failed: The requested object does not exist.

[ System Events ]
Error - 3/25/2012 6:23:18 PM | Computer Name = Ryu-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 3/25/2012 6:23:34 PM | Computer Name = Ryu-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
johci

Error - 3/25/2012 6:23:40 PM | Computer Name = Ryu-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.

Error - 3/26/2012 1:06:27 PM | Computer Name = Ryu-PC | Source = Service Control Manager | ID = 7000
Description = The AODDriver4.1 service failed to start due to the following error:
%%2

Error - 3/26/2012 1:06:30 PM | Computer Name = Ryu-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 3/26/2012 1:06:30 PM | Computer Name = Ryu-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 3/26/2012 1:06:32 PM | Computer Name = Ryu-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 3/26/2012 1:06:32 PM | Computer Name = Ryu-PC | Source = Service Control Manager | ID = 7003
Description = The Internet Connection Sharing (ICS) service depends the following
service: BFE. This service might not be installed.

Error - 3/26/2012 1:06:41 PM | Computer Name = Ryu-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
johci

Error - 3/26/2012 1:09:05 PM | Computer Name = Ryu-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.


< End of report >

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:08 PM

Posted 26 March 2012 - 12:35 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Ryu747

Ryu747
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:08 PM

Posted 26 March 2012 - 12:38 PM

I forgot to mention this in my original post, but another problem I've been having is that the Flash plugin for my internet browsers crashes quite often. Anytime I try to play a video or do something that requires Flash it will crash almost immediately. I originally thought it was an update for Firefox that caused this problem, but I am using Chrome now and still have the same problem.

Sorry for not mentioning this in my first post.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:08 PM

Posted 26 March 2012 - 12:47 PM

OK go ahead and run combofix and we will fix the flash problem soon


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Ryu747

Ryu747
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:08 PM

Posted 26 March 2012 - 01:32 PM

All my programs are running again! Thank you so much. Even Flash isn't crashing anymore.

I did have a slight problem with ComboFix though. When I started it, it detected AVG antivirus was active. I deleted AVG and replaced it with COMODO (which I had disabled) about a month ago. I couldn't find a way to stop ComboFix from running, but it didn't seem to have any errors.


Here is the log:


ComboFix 12-03-26.02 - Ryu 03/26/2012 12:47:22.2.4 - x64
Microsoft Windows 7 Extreme Edition R1 - x64 6.1.7601.1.1252.1.1033.18.4094.2072 [GMT -5:00]
Running from: c:\users\Ryu\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Microsoft\corecon\1.0\1033\NonSDKAddonLangVer.dll
c:\programdata\Microsoft\corecon\1.0\1033\SDKAddonLangVer.dll
c:\programdata\Microsoft\corecon\1.0\addons\NonSDKAddonVer.dll
c:\programdata\Microsoft\corecon\1.0\addons\SDKAddonVer.dll
c:\programdata\Microsoft\corecon\1.0\SDKFilesVer.dll
c:\users\Ryu\AppData\Roaming\Adobe\Adobe\zchvwceaw.dll
c:\users\Ryu\AppData\Roaming\Adobe\plugs
c:\users\Ryu\AppData\Roaming\Adobe\shed
c:\users\Ryu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zentom System Guard
c:\windows\assembly\tmp\U
c:\windows\security\Database\tmp.edb
c:\windows\svchost.exe
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
.
.
((((((((((((((((((((((((( Files Created from 2012-02-26 to 2012-03-26 )))))))))))))))))))))))))))))))
.
.
2012-03-26 17:55 . 2012-03-26 17:55 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-03-26 17:55 . 2012-03-26 17:55 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-26 17:55 . 2012-03-26 17:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-25 17:00 . 2012-03-25 17:00 477696 --sha-w- C:\EUMONBMP.SYS
2012-03-25 16:57 . 2011-12-23 04:09 189576 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2012-03-25 16:57 . 2011-12-23 04:09 19592 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2012-03-25 16:57 . 2011-12-23 04:09 57480 ----a-w- c:\windows\system32\drivers\eubakup.sys
2012-03-25 16:57 . 2012-02-08 20:48 48264 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2012-03-25 16:56 . 2011-12-23 04:09 25224 ----a-w- c:\windows\system32\fbnative.exe
2012-03-25 16:56 . 2012-03-25 16:56 -------- d-----w- c:\program files (x86)\EaseUS
2012-03-25 05:14 . 2012-03-25 05:14 -------- d-----w- c:\users\Ryu\AppData\Local\Safe mirror
2012-03-25 05:13 . 2012-03-25 16:53 -------- d-----w- c:\program files (x86)\Cobian Backup 10
2012-03-24 21:17 . 2012-03-24 21:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-22 17:24 . 2012-03-22 17:24 -------- d-----w- c:\program files (x86)\Alaplaya
2012-03-22 16:31 . 2012-03-22 16:32 -------- d-----w- c:\users\Ryu\AppData\Local\Akamai
2012-03-22 16:30 . 2012-03-26 17:59 -------- d-----w- c:\program files (x86)\Common Files\Akamai
2012-03-22 00:30 . 2012-03-22 00:30 -------- d-----w- C:\Riot Games
2012-03-21 23:54 . 2012-03-24 22:03 -------- d-----w- c:\users\Ryu\AppData\Local\PMB Files
2012-03-21 23:54 . 2012-03-24 22:03 -------- d-----w- c:\programdata\PMB Files
2012-03-21 16:57 . 2012-03-21 16:57 -------- d-----w- c:\users\Ryu\AppData\Local\COMODO
2012-03-21 06:48 . 2012-03-21 06:48 -------- d-----w- c:\users\Ryu\AppData\Local\Solid State Networks
2012-03-20 16:36 . 2012-03-20 16:36 -------- d-----w- c:\programdata\ATI
2012-03-20 16:31 . 2012-03-20 16:31 -------- d-----w- c:\program files (x86)\AMD AVT
2012-03-20 16:31 . 2012-03-20 16:31 -------- d-----w- c:\program files\AMD
2012-03-20 16:31 . 2012-03-20 16:31 -------- d-----w- c:\program files (x86)\AMD
2012-03-20 16:31 . 2012-03-20 16:31 -------- d-----w- c:\program files (x86)\AMD APP
2012-03-11 22:34 . 2012-03-11 22:34 -------- d-----w- c:\programdata\Rockstar Games
2012-03-11 22:32 . 2012-03-11 22:32 -------- d-----w- c:\program files (x86)\Rockstar Games
2012-03-04 20:50 . 2012-03-04 20:50 -------- d-----w- c:\users\Ryu\AppData\Local\Fallout3
2012-03-04 14:23 . 2012-03-04 17:29 -------- d-----w- c:\users\Ryu\AppData\Roaming\DarknessII
2012-03-02 21:06 . 2012-03-02 21:06 -------- d-----w- c:\program files (x86)\Blacklight Retribution
2012-03-02 20:57 . 2011-12-19 20:16 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-03-02 20:51 . 2011-03-30 16:40 517976 ----a-w- c:\program files (x86)\Mozilla Firefox\BLR Installerv2\DXSETUP.exe
2012-03-02 20:51 . 2011-03-30 16:40 95576 ----a-w- c:\program files (x86)\Mozilla Firefox\BLR Installerv2\DSETUP.dll
2012-03-02 20:51 . 2011-03-30 16:40 1566040 ----a-w- c:\program files (x86)\Mozilla Firefox\BLR Installerv2\dsetup32.dll
2012-03-02 20:51 . 2011-08-24 23:00 100271992 ----a-w- c:\program files (x86)\Mozilla Firefox\BLR Installerv2\directx_Jun2010_redist.exe
2012-03-02 20:51 . 2012-02-23 04:12 8525240 ----a-w- c:\program files (x86)\Mozilla Firefox\BLR Installerv2\Blacklight Retribution.exe
2012-03-02 20:51 . 2011-12-19 20:16 3130440 ----a-w- c:\program files (x86)\Mozilla Firefox\BLR Installerv2\pbsvc_blr.exe
2012-03-02 20:51 . 2011-09-21 20:42 4216840 ----a-w- c:\program files (x86)\Mozilla Firefox\BLR Installerv2\vcredist_x86.exe
2012-03-02 20:51 . 2011-09-21 20:30 34013024 ----a-w- c:\program files (x86)\Mozilla Firefox\BLR Installerv2\PhysX_9.10.0513_SystemSoftware.exe
2012-03-02 20:49 . 2012-02-28 04:03 587200 ----a-w- c:\program files (x86)\Mozilla Firefox\BLR Installerv2\ISSetup.dll
2012-03-02 20:49 . 2012-02-28 04:03 812480 ----a-w- c:\program files (x86)\Mozilla Firefox\BLR Installerv2\setup.exe
2012-03-02 20:49 . 2011-12-19 20:16 3130440 ----a-w- c:\program files (x86)\Mozilla Firefox\BLR Installerv2\ISSetupPrerequisites\{3692B86B-1654-4B5F-9C0C-9C7DCAEB9BDA}\pbsvc_blr.exe
2012-03-02 20:49 . 2011-09-21 20:42 4216840 ----a-w- c:\program files (x86)\Mozilla Firefox\BLR Installerv2\ISSetupPrerequisites\{0BE9572E-8558-404f-B0A5-8C347D145655}\vcredist_x86.exe
2012-03-02 20:49 . 2011-09-21 20:30 34013024 ----a-w- c:\program files (x86)\Mozilla Firefox\BLR Installerv2\ISSetupPrerequisites\{CB6A4BC3-82DC-4A0A-9B61-9B33A587BF54}\PhysX_9.10.0513_SystemSoftware.exe
2012-03-02 20:49 . 2011-03-30 16:40 517976 ----a-w- c:\program files (x86)\Mozilla Firefox\BLR Installerv2\ISSetupPrerequisites\{0242DF66-141E-4ED9-A914-B646CE628817}\DXSETUP.exe
2012-03-02 20:49 . 2011-03-30 16:40 95576 ----a-w- c:\program files (x86)\Mozilla Firefox\BLR Installerv2\ISSetupPrerequisites\{0242DF66-141E-4ED9-A914-B646CE628817}\DSETUP.dll
2012-03-02 20:49 . 2011-03-30 16:40 1566040 ----a-w- c:\program files (x86)\Mozilla Firefox\BLR Installerv2\ISSetupPrerequisites\{0242DF66-141E-4ED9-A914-B646CE628817}\dsetup32.dll
2012-03-02 04:53 . 2012-03-02 04:53 -------- d-----w- c:\program files (x86)\Real
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-11 21:13 . 2011-12-20 00:59 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13 . 2011-12-20 00:59 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13 . 2011-12-20 00:59 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13 . 2011-12-20 00:58 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 21:13 . 2011-12-20 00:58 301224 ----a-w- c:\windows\SysWow64\guard32.dll
2012-03-11 21:13 . 2011-12-20 00:58 389840 ----a-w- c:\windows\system32\guard64.dll
2012-03-02 20:57 . 2010-08-29 07:48 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-02 20:57 . 2010-08-29 07:48 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-02-28 18:50 . 2010-08-29 07:48 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-02-28 18:50 . 2010-09-01 21:25 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- c:\windows\system32\atio6axx.dll
2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-02-15 03:18 . 2011-01-26 23:00 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-02-15 03:17 . 2011-01-26 22:59 957952 ----a-w- c:\windows\system32\aticfx64.dll
2012-02-15 03:13 . 2011-12-06 03:12 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-02-15 03:07 . 2011-04-20 06:59 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-02-15 03:05 . 2012-02-15 03:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-02-15 03:05 . 2012-02-15 03:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-02-15 03:05 . 2012-02-15 03:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-02-15 03:05 . 2012-02-15 03:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-02-15 03:05 . 2012-02-15 03:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll
2012-02-15 03:04 . 2012-02-15 03:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-02-15 03:03 . 2012-02-15 03:03 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-15 03:03 . 2012-02-15 03:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-02-15 02:52 . 2011-01-26 22:40 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-02-15 02:40 . 2011-12-06 02:39 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-02-15 02:34 . 2011-12-06 02:33 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll
2012-02-15 02:29 . 2011-12-06 02:28 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-02-15 02:25 . 2011-12-06 02:24 7551488 ----a-w- c:\windows\system32\atiumd64.dll
2012-02-15 02:16 . 2011-04-20 06:27 58880 ----a-w- c:\windows\system32\coinst.dll
2012-02-15 02:14 . 2011-12-06 02:13 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12 . 2011-01-26 22:12 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-02-15 02:12 . 2011-04-20 06:21 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-02-15 02:12 . 2011-01-26 22:12 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-02-15 02:12 . 2011-01-26 22:12 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-01-31 11:02 . 2012-01-31 11:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-31 11:00 . 2012-01-31 11:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-01-29 03:16 . 2011-10-03 19:55 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-01-29 03:16 . 2011-10-03 19:55 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-01-29 03:04 . 2012-01-29 03:04 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-07 20:00 . 2012-01-07 20:00 5424 ----a-w- C:\STF4A98.tmp
2011-12-30 19:58 . 2011-10-22 18:14 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-30 18:37 . 2011-12-30 18:09 111960 ----a-w- c:\windows\dxsdkuninst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-01-21 213816]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
2012-02-13 21:44 69760 ----a-w- c:\program files (x86)\AMD\SteadyVideo\SteadyVideo.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 04:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Ryu\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]
"EaseUs Watch"="c:\program files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-12-23 70792]
"EaseUs Tray"="c:\program files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" [2012-03-15 744584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
dplaysvr.lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck bootdelete
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
.
R0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [x]
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-19 136176]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe [2008-03-18 68096]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FLASHSYS;FLASHSYS;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [2008-02-15 15192]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-08-29 1030600]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-19 136176]
R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
R3 hptmv;hptmv;c:\windows\system32\DRIVERS\hptmv.sys [x]
R3 IAMTVE;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTVE.sys [x]
R3 IAMTXPE;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTXPE.sys [x]
R3 ioatdma;Intel® QuickData Technology device;c:\windows\System32\Drivers\qd260x64.sys [x]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys [x]
R3 ioatdma2;Intel® QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys [x]
R3 iSSetup;iSSetup;c:\windows\system32\DRIVERS\iSSetup.sys [x]
R3 MegaSR1;MegaSR1;c:\windows\system32\DRIVERS\MegaSR1.sys [x]
R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 4\LU4\NTIOLib_X64.sys [2010-10-22 14136]
R3 nvamacpi;nvamacpi;c:\windows\system32\DRIVERS\NVAMACPI.sys [x]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [x]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [x]
R3 Pnp680;Pnp680;c:\windows\system32\DRIVERS\pnp680.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 SI3112r;SI3112r;c:\windows\system32\DRIVERS\SI3112r.sys [x]
R3 SI3114;SI3114;c:\windows\system32\DRIVERS\SI3114.sys [x]
R3 SI3124;SI3124;c:\windows\system32\DRIVERS\SI3124.sys [x]
R3 Si3124r5;Si3124r5;c:\windows\system32\DRIVERS\Si3124r5.sys [x]
R3 Si3531;Si3531;c:\windows\system32\DRIVERS\Si3531.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 viamrx64;viamrx64;c:\windows\system32\DRIVERS\viamrx64.sys [x]
R3 ViBusX64;ViBusX64;c:\windows\system32\DRIVERS\ViBusX64.sys [x]
R3 videX64;videX64;c:\windows\system32\DRIVERS\videX64.sys [x]
R3 ViPrtX64;ViPrtX64;c:\windows\system32\DRIVERS\ViPrtX64.sys [x]
R3 vm3dmp;vm3dmp;c:\windows\system32\DRIVERS\vm3dmp.sys [x]
R3 vmmouse;VMware Pointing Device;c:\windows\system32\DRIVERS\vmmouse.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [x]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [x]
S0 xfiltx64;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfiltx64.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [x]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-15 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]
S2 EaseUS Agent;EaseUS Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2011-12-23 61064]
S2 Guard Agent;Guard Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-12-23 23176]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-02-21 8704]
S3 ALSysIO;ALSysIO;c:\users\Ryu\AppData\Local\Temp\ALSysIO64.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALSYSIO
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-19 22:48]
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-19 22:48]
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3289938013-2793733460-3881410025-1005Core.job
- c:\users\Ryu\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-01 17:23]
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3289938013-2793733460-3881410025-1005UA.job
- c:\users\Ryu\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-01 17:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
2012-02-13 21:44 81024 ----a-w- c:\program files\AMD\SteadyVideo\SteadyVideo.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Core Temp"="c:\program files\Core Temp\Core Temp.exe" [2010-07-02 530448]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uStart Page = www.win7extreme.project-os.org
uInternet Settings,ProxyOverride = *.local;<local>
IE: Download Using &BitSpirit - c:\program files (x86)\BitSpirit\bsurl.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\program files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\program files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Messenger (Yahoo!) - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKU-Default-Run-Update - c:\users\Ryu\AppData\Roaming\Adobe\Adobe\zchvwceaw.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SunJavaUpdateSched - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
AddRemove-JoinMe - c:\users\Ryu\AppData\Local\join.me\join.me.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
c:\fraps\fraps.exe
.
**************************************************************************
.
Completion time: 2012-03-26 13:21:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-26 18:21
ComboFix2.txt 2011-09-12 22:27
.
Pre-Run: 424,248,410,112 bytes free
Post-Run: 405,709,185,024 bytes free
.
- - End Of File - - 2FE1971A5DDF9AE69498C45D71937B11

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:08 PM

Posted 26 March 2012 - 02:50 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Ryu747

Ryu747
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:08 PM

Posted 27 March 2012 - 01:34 AM

Sorry for the late reply. I was leaving for work when I got the next instructions.

Both scans ran fine. TDSSKiller didn't find anything, but I would like to mention that I ran the same program before just a day or two before finding this website. It found 1 infection file and 1 suspicious file. Could that effect anything? And would you like that log report as well?


Here is the TDSS log for the scan you asked me to do:

00:15:16.0087 5316 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
00:15:16.0693 5316 ============================================================
00:15:16.0693 5316 Current date / time: 2012/03/27 00:15:16.0693
00:15:16.0693 5316 SystemInfo:
00:15:16.0693 5316
00:15:16.0693 5316 OS Version: 6.1.7601 ServicePack: 1.0
00:15:16.0693 5316 Product type: Workstation
00:15:16.0693 5316 ComputerName: RYU-PC
00:15:16.0693 5316 UserName: Ryu
00:15:16.0693 5316 Windows directory: C:\Windows
00:15:16.0693 5316 System windows directory: C:\Windows
00:15:16.0693 5316 Running under WOW64
00:15:16.0693 5316 Processor architecture: Intel x64
00:15:16.0693 5316 Number of processors: 4
00:15:16.0693 5316 Page size: 0x1000
00:15:16.0693 5316 Boot type: Normal boot
00:15:16.0693 5316 ============================================================
00:15:17.0578 5316 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
00:15:17.0581 5316 \Device\Harddisk0\DR0:
00:15:17.0581 5316 MBR used
00:15:17.0581 5316 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:15:17.0581 5316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
00:15:17.0608 5316 Initialize success
00:15:17.0608 5316 ============================================================
00:15:19.0975 1948 ============================================================
00:15:19.0975 1948 Scan started
00:15:19.0975 1948 Mode: Manual;
00:15:19.0975 1948 ============================================================
00:15:20.0491 1948 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:15:20.0494 1948 1394ohci - ok
00:15:20.0558 1948 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:15:20.0561 1948 ACPI - ok
00:15:20.0613 1948 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:15:20.0615 1948 AcpiPmi - ok
00:15:20.0676 1948 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
00:15:20.0696 1948 adp94xx - ok
00:15:20.0852 1948 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
00:15:20.0870 1948 adpahci - ok
00:15:20.0951 1948 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
00:15:20.0954 1948 adpu320 - ok
00:15:21.0023 1948 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:15:21.0025 1948 AeLookupSvc - ok
00:15:21.0157 1948 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
00:15:21.0167 1948 AFD - ok
00:15:21.0244 1948 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:15:21.0245 1948 agp440 - ok
00:15:21.0435 1948 Akamai (31bd294dc6ddbc0f16356d958d0743a4) C:/Program Files (x86)/Common Files/Akamai/netsession_win_7de0ed9.dll
00:15:21.0568 1948 Akamai - ok
00:15:21.0649 1948 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:15:21.0650 1948 ALG - ok
00:15:21.0695 1948 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:15:21.0696 1948 aliide - ok
00:15:21.0731 1948 ALSysIO - ok
00:15:21.0776 1948 AMD External Events Utility (962227630779043b5c1d4cd157abb912) C:\Windows\system32\atiesrxx.exe
00:15:21.0779 1948 AMD External Events Utility - ok
00:15:21.0827 1948 AMD FUEL Service - ok
00:15:21.0843 1948 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:15:21.0844 1948 amdide - ok
00:15:21.0905 1948 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
00:15:21.0907 1948 amdiox64 - ok
00:15:22.0053 1948 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
00:15:22.0055 1948 AmdK8 - ok
00:15:22.0234 1948 amdkmdag (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys
00:15:22.0332 1948 amdkmdag - ok
00:15:22.0532 1948 amdkmdap (2d9005ea0bfd25c740e53c8dd3c069e0) C:\Windows\system32\DRIVERS\atikmpag.sys
00:15:22.0537 1948 amdkmdap - ok
00:15:22.0575 1948 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:15:22.0591 1948 AmdPPM - ok
00:15:22.0646 1948 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:15:22.0647 1948 amdsata - ok
00:15:22.0731 1948 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
00:15:22.0734 1948 amdsbs - ok
00:15:22.0768 1948 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:15:22.0769 1948 amdxata - ok
00:15:22.0791 1948 AmUStor (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS
00:15:22.0792 1948 AmUStor - ok
00:15:22.0886 1948 AODDriver4.01 (0e2ba6dc63e9cf3bf275856735a3e3be) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
00:15:22.0888 1948 AODDriver4.01 - ok
00:15:22.0942 1948 AODDriver4.1 (0e2ba6dc63e9cf3bf275856735a3e3be) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
00:15:22.0942 1948 AODDriver4.1 - ok
00:15:22.0982 1948 aoz2462q - ok
00:15:23.0124 1948 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:15:23.0142 1948 AppID - ok
00:15:23.0200 1948 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:15:23.0201 1948 AppIDSvc - ok
00:15:23.0236 1948 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
00:15:23.0237 1948 Appinfo - ok
00:15:23.0247 1948 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
00:15:23.0257 1948 AppMgmt - ok
00:15:23.0332 1948 arbf3wr7 - ok
00:15:23.0495 1948 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
00:15:23.0512 1948 arc - ok
00:15:23.0590 1948 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
00:15:23.0592 1948 arcsas - ok
00:15:23.0703 1948 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:15:23.0704 1948 aspnet_state - ok
00:15:23.0801 1948 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:15:23.0802 1948 AsyncMac - ok
00:15:23.0859 1948 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:15:23.0859 1948 atapi - ok
00:15:23.0953 1948 AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) C:\Windows\system32\drivers\AtihdW76.sys
00:15:23.0954 1948 AtiHDAudioService - ok
00:15:24.0005 1948 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
00:15:24.0007 1948 AtiHdmiService - ok
00:15:24.0078 1948 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
00:15:24.0082 1948 atksgt - ok
00:15:24.0255 1948 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:15:24.0296 1948 AudioEndpointBuilder - ok
00:15:24.0304 1948 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:15:24.0307 1948 AudioSrv - ok
00:15:24.0422 1948 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
00:15:24.0425 1948 AxInstSV - ok
00:15:24.0524 1948 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
00:15:24.0528 1948 b06bdrv - ok
00:15:24.0544 1948 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:15:24.0547 1948 b57nd60a - ok
00:15:24.0598 1948 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:15:24.0600 1948 BDESVC - ok
00:15:24.0609 1948 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:15:24.0609 1948 Beep - ok
00:15:24.0673 1948 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
00:15:24.0680 1948 BFE - ok
00:15:24.0788 1948 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
00:15:24.0833 1948 BITS - ok
00:15:24.0890 1948 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:15:24.0893 1948 blbdrive - ok
00:15:24.0974 1948 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
00:15:24.0976 1948 Bonjour Service - ok
00:15:25.0093 1948 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:15:25.0096 1948 bowser - ok
00:15:25.0180 1948 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
00:15:25.0181 1948 BrFiltLo - ok
00:15:25.0262 1948 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
00:15:25.0274 1948 BrFiltUp - ok
00:15:25.0324 1948 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
00:15:25.0326 1948 BridgeMP - ok
00:15:25.0550 1948 BrlAPI (a61d617f37456d9d32f98bf70eb5d414) C:\cygwin\bin\cygrunsrv.exe
00:15:25.0628 1948 BrlAPI - ok
00:15:25.0782 1948 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
00:15:25.0801 1948 Browser - ok
00:15:25.0882 1948 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:15:25.0885 1948 Brserid - ok
00:15:25.0904 1948 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:15:25.0907 1948 BrSerWdm - ok
00:15:25.0928 1948 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:15:25.0929 1948 BrUsbMdm - ok
00:15:25.0939 1948 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:15:25.0939 1948 BrUsbSer - ok
00:15:25.0952 1948 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
00:15:25.0953 1948 BTHMODEM - ok
00:15:25.0974 1948 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:15:25.0975 1948 bthserv - ok
00:15:26.0001 1948 catchme - ok
00:15:26.0205 1948 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:15:26.0211 1948 cdfs - ok
00:15:26.0324 1948 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
00:15:26.0327 1948 cdrom - ok
00:15:26.0360 1948 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:15:26.0362 1948 CertPropSvc - ok
00:15:26.0381 1948 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
00:15:26.0382 1948 circlass - ok
00:15:26.0414 1948 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:15:26.0414 1948 CLFS - ok
00:15:26.0505 1948 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:15:26.0508 1948 clr_optimization_v2.0.50727_32 - ok
00:15:26.0565 1948 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:15:26.0569 1948 clr_optimization_v2.0.50727_64 - ok
00:15:26.0731 1948 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:15:26.0734 1948 clr_optimization_v4.0.30319_32 - ok
00:15:26.0809 1948 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:15:26.0811 1948 clr_optimization_v4.0.30319_64 - ok
00:15:26.0949 1948 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
00:15:26.0951 1948 CmBatt - ok
00:15:27.0108 1948 cmdAgent (cee48ccc4d561ddb19c72f9fb55d28d5) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
00:15:27.0119 1948 cmdAgent - ok
00:15:27.0280 1948 cmderd (7eac5e62f0b93262984d450e0d497b61) C:\Windows\system32\DRIVERS\cmderd.sys
00:15:27.0281 1948 cmderd - ok
00:15:27.0366 1948 cmdGuard (0599d5a458d4e0e37ab84e9d1c5c73e5) C:\Windows\system32\DRIVERS\cmdguard.sys
00:15:27.0373 1948 cmdGuard - ok
00:15:27.0413 1948 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:15:27.0418 1948 cmdide - ok
00:15:27.0639 1948 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
00:15:27.0643 1948 CNG - ok
00:15:27.0670 1948 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
00:15:27.0689 1948 Compbatt - ok
00:15:27.0779 1948 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
00:15:27.0781 1948 CompositeBus - ok
00:15:27.0787 1948 COMSysApp - ok
00:15:27.0843 1948 cpuz132 - ok
00:15:27.0878 1948 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
00:15:27.0879 1948 crcdisk - ok
00:15:28.0021 1948 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
00:15:28.0024 1948 CryptSvc - ok
00:15:28.0095 1948 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
00:15:28.0100 1948 CSC - ok
00:15:28.0140 1948 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
00:15:28.0147 1948 CscService - ok
00:15:28.0222 1948 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:15:28.0228 1948 DcomLaunch - ok
00:15:28.0249 1948 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:15:28.0253 1948 defragsvc - ok
00:15:28.0302 1948 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:15:28.0304 1948 DfsC - ok
00:15:28.0326 1948 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
00:15:28.0330 1948 Dhcp - ok
00:15:28.0386 1948 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:15:28.0388 1948 discache - ok
00:15:28.0420 1948 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:15:28.0421 1948 Disk - ok
00:15:28.0534 1948 Diskeeper (9135f3538c2004e1edeb90fa2dce8455) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
00:15:28.0544 1948 Diskeeper - ok
00:15:28.0721 1948 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
00:15:28.0725 1948 Dnscache - ok
00:15:28.0790 1948 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
00:15:28.0794 1948 dot3svc - ok
00:15:28.0837 1948 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
00:15:28.0839 1948 DPS - ok
00:15:28.0938 1948 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:15:28.0952 1948 drmkaud - ok
00:15:29.0006 1948 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
00:15:29.0009 1948 dtsoftbus01 - ok
00:15:29.0065 1948 dump_wmimmc - ok
00:15:29.0163 1948 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:15:29.0171 1948 DXGKrnl - ok
00:15:29.0344 1948 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
00:15:29.0347 1948 E1G60 - ok
00:15:29.0401 1948 EagleX64 - ok
00:15:29.0426 1948 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:15:29.0428 1948 EapHost - ok
00:15:29.0516 1948 EaseUS Agent (64585b1d85ff7566b99ced303a02f357) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
00:15:29.0567 1948 EaseUS Agent - ok
00:15:29.0800 1948 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
00:15:29.0828 1948 ebdrv - ok
00:15:29.0884 1948 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
00:15:29.0886 1948 EFS - ok
00:15:29.0962 1948 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
00:15:29.0970 1948 ehRecvr - ok
00:15:30.0034 1948 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:15:30.0036 1948 ehSched - ok
00:15:30.0137 1948 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
00:15:30.0143 1948 elxstor - ok
00:15:30.0181 1948 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:15:30.0182 1948 ErrDev - ok
00:15:30.0316 1948 EUBAKUP (bf217be3db6907579c13438c6efe002d) C:\Windows\system32\drivers\eubakup.sys
00:15:30.0317 1948 EUBAKUP - ok
00:15:30.0338 1948 EUBKMON (aa3e11a1979dd533ca3763b142efe152) C:\Windows\system32\drivers\EUBKMON.sys
00:15:30.0339 1948 EUBKMON - ok
00:15:30.0355 1948 EUDSKACS (d17446353e4fee5b7d710610e8b18ac4) C:\Windows\system32\drivers\eudskacs.sys
00:15:30.0356 1948 EUDSKACS - ok
00:15:30.0374 1948 EUFDDISK (8ad925da2e4bcd1a6e657a7248ccded2) C:\Windows\system32\drivers\EuFdDisk.sys
00:15:30.0376 1948 EUFDDISK - ok
00:15:30.0413 1948 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:15:30.0417 1948 EventSystem - ok
00:15:30.0464 1948 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:15:30.0475 1948 exfat - ok
00:15:30.0552 1948 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:15:30.0555 1948 fastfat - ok
00:15:30.0596 1948 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
00:15:30.0614 1948 Fax - ok
00:15:30.0674 1948 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:15:30.0679 1948 fdc - ok
00:15:30.0866 1948 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:15:30.0867 1948 fdPHost - ok
00:15:30.0893 1948 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:15:30.0898 1948 FDResPub - ok
00:15:30.0946 1948 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:15:30.0949 1948 FileInfo - ok
00:15:30.0978 1948 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:15:30.0981 1948 Filetrace - ok
00:15:31.0143 1948 FLASHSYS (5b314cc7640d091de8f3bc822490da28) C:\Program Files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys
00:15:31.0160 1948 FLASHSYS - ok
00:15:31.0274 1948 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
00:15:31.0282 1948 FLEXnet Licensing Service - ok
00:15:31.0437 1948 FLEXnet Licensing Service 64 (259dc094e2d3f08654c8fb73d8ecc0f5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
00:15:31.0447 1948 FLEXnet Licensing Service 64 - ok
00:15:31.0566 1948 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:15:31.0582 1948 flpydisk - ok
00:15:31.0629 1948 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:15:31.0645 1948 FltMgr - ok
00:15:31.0724 1948 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
00:15:31.0734 1948 FontCache - ok
00:15:31.0858 1948 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:15:31.0916 1948 FontCache3.0.0.0 - ok
00:15:32.0020 1948 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:15:32.0036 1948 FsDepends - ok
00:15:32.0078 1948 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
00:15:32.0079 1948 Fs_Rec - ok
00:15:32.0129 1948 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:15:32.0135 1948 fvevol - ok
00:15:32.0276 1948 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
00:15:32.0278 1948 gagp30kx - ok
00:15:32.0434 1948 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
00:15:32.0441 1948 gpsvc - ok
00:15:32.0594 1948 Guard Agent (a6a4223573cfcf87843cfcb3a9c237c7) C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
00:15:32.0654 1948 Guard Agent - ok
00:15:32.0731 1948 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:15:32.0732 1948 gupdate - ok
00:15:32.0787 1948 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:15:32.0788 1948 gupdatem - ok
00:15:32.0914 1948 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:15:32.0929 1948 hcw85cir - ok
00:15:33.0009 1948 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:15:33.0049 1948 HdAudAddService - ok
00:15:33.0149 1948 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:15:33.0152 1948 HDAudBus - ok
00:15:33.0240 1948 HECIx64 (3ce9668e4ad154424b39efac30c49deb) C:\Windows\system32\DRIVERS\HECIx64.sys
00:15:33.0241 1948 HECIx64 - ok
00:15:33.0273 1948 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
00:15:33.0275 1948 HidBatt - ok
00:15:33.0310 1948 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
00:15:33.0312 1948 HidBth - ok
00:15:33.0327 1948 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
00:15:33.0329 1948 HidIr - ok
00:15:33.0356 1948 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
00:15:33.0358 1948 hidserv - ok
00:15:33.0368 1948 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
00:15:33.0369 1948 HidUsb - ok
00:15:33.0431 1948 HiPatchService (d61f8e72032bdc43157f2b8aea32b529) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
00:15:33.0476 1948 HiPatchService - ok
00:15:33.0512 1948 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
00:15:33.0514 1948 hkmsvc - ok
00:15:33.0598 1948 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
00:15:33.0612 1948 HomeGroupListener - ok
00:15:33.0651 1948 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
00:15:33.0654 1948 HomeGroupProvider - ok
00:15:33.0694 1948 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:15:33.0696 1948 HpSAMD - ok
00:15:33.0718 1948 hptmv (93850720522b3015ce0ab56c78c2b219) C:\Windows\system32\DRIVERS\hptmv.sys
00:15:33.0743 1948 hptmv - ok
00:15:33.0789 1948 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:15:33.0796 1948 HTTP - ok
00:15:33.0818 1948 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:15:33.0819 1948 hwpolicy - ok
00:15:33.0989 1948 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
00:15:33.0995 1948 i8042prt - ok
00:15:34.0042 1948 IAMTVE (87a72502c8ac5e89b5a46ff6e874f5c5) C:\Windows\system32\DRIVERS\IAMTVE.sys
00:15:34.0043 1948 IAMTVE - ok
00:15:34.0063 1948 IAMTXPE (5516f8e518a2f6a8755498f3e73957cf) C:\Windows\system32\DRIVERS\IAMTXPE.sys
00:15:34.0064 1948 IAMTXPE - ok
00:15:34.0082 1948 iaStor (1adaa4f16073fd0c7270f451fd024e97) C:\Windows\system32\DRIVERS\iaStor.sys
00:15:34.0087 1948 iaStor - ok
00:15:34.0137 1948 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:15:34.0141 1948 iaStorV - ok
00:15:34.0209 1948 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
00:15:34.0304 1948 IDriverT - ok
00:15:34.0583 1948 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:15:34.0591 1948 idsvc - ok
00:15:34.0777 1948 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
00:15:34.0780 1948 iirsp - ok
00:15:34.0851 1948 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
00:15:34.0859 1948 IKEEXT - ok
00:15:35.0069 1948 IntcAzAudAddService (150ac23f21dbdbf8488408ba944b0d65) C:\Windows\system32\drivers\RTKVHD64.sys
00:15:35.0133 1948 IntcAzAudAddService - ok
00:15:35.0270 1948 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:15:35.0271 1948 intelide - ok
00:15:35.0328 1948 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
00:15:35.0331 1948 intelppm - ok
00:15:35.0393 1948 ioatdma (3db35c88389e3a21adeb4a6cfc4075f9) C:\Windows\System32\Drivers\qd260x64.sys
00:15:35.0394 1948 ioatdma - ok
00:15:35.0411 1948 ioatdma1 (127f0a7586acec7b83131bff2b4394c1) C:\Windows\System32\Drivers\qd162x64.sys
00:15:35.0412 1948 ioatdma1 - ok
00:15:35.0432 1948 ioatdma2 (70cc19b5c076f8497cab4a77d6500e8a) C:\Windows\System32\Drivers\qd262x64.sys
00:15:35.0448 1948 ioatdma2 - ok
00:15:35.0485 1948 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:15:35.0487 1948 IPBusEnum - ok
00:15:35.0559 1948 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:15:35.0562 1948 IpFilterDriver - ok
00:15:35.0630 1948 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
00:15:35.0636 1948 iphlpsvc - ok
00:15:35.0700 1948 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:15:35.0703 1948 IPMIDRV - ok
00:15:35.0742 1948 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:15:35.0742 1948 IPNAT - ok
00:15:35.0782 1948 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:15:35.0783 1948 IRENUM - ok
00:15:35.0884 1948 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:15:35.0898 1948 isapnp - ok
00:15:35.0951 1948 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:15:35.0971 1948 iScsiPrt - ok
00:15:36.0041 1948 iSSetup (072cd31673f08dbf2992cccc5e78cd66) C:\Windows\system32\DRIVERS\iSSetup.sys
00:15:36.0043 1948 iSSetup - ok
00:15:36.0050 1948 iteraid (149965167ed18c14f6e080a781684e13) C:\Windows\system32\DRIVERS\iteraid.sys
00:15:36.0051 1948 iteraid - ok
00:15:36.0065 1948 johci (148a8e14340e640aca1d316133960d64) C:\Windows\system32\DRIVERS\johci.sys
00:15:36.0066 1948 johci - ok
00:15:36.0109 1948 JRAID (6ebe4832b1a7c063fdf87035afc1e3dc) C:\Windows\system32\DRIVERS\jraid.sys
00:15:36.0111 1948 JRAID - ok
00:15:36.0211 1948 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
00:15:36.0226 1948 kbdclass - ok
00:15:36.0263 1948 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
00:15:36.0264 1948 kbdhid - ok
00:15:36.0294 1948 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
00:15:36.0295 1948 KeyIso - ok
00:15:36.0330 1948 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
00:15:36.0333 1948 KSecDD - ok
00:15:36.0372 1948 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
00:15:36.0374 1948 KSecPkg - ok
00:15:36.0395 1948 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:15:36.0396 1948 ksthunk - ok
00:15:36.0510 1948 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:15:36.0515 1948 KtmRm - ok
00:15:36.0582 1948 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
00:15:36.0586 1948 LanmanServer - ok
00:15:36.0641 1948 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
00:15:36.0644 1948 LanmanWorkstation - ok
00:15:36.0800 1948 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
00:15:36.0804 1948 lirsgt - ok
00:15:36.0856 1948 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:15:36.0857 1948 lltdio - ok
00:15:36.0962 1948 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:15:36.0967 1948 lltdsvc - ok
00:15:37.0012 1948 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:15:37.0013 1948 lmhosts - ok
00:15:37.0040 1948 LSI_FC (d7b77b486804af25838aa51734f65e2c) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:15:37.0042 1948 LSI_FC - ok
00:15:37.0063 1948 LSI_SAS (7e87030a627fc09f1ae54a491ad58c39) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:15:37.0065 1948 LSI_SAS - ok
00:15:37.0124 1948 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
00:15:37.0131 1948 LSI_SAS2 - ok
00:15:37.0266 1948 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
00:15:37.0268 1948 LSI_SCSI - ok
00:15:37.0306 1948 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:15:37.0309 1948 luafv - ok
00:15:37.0346 1948 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
00:15:37.0352 1948 Mcx2Svc - ok
00:15:37.0390 1948 megasas (e2e92687f505bf15d07b4315866b4a44) C:\Windows\system32\DRIVERS\megasas.sys
00:15:37.0391 1948 megasas - ok
00:15:37.0486 1948 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
00:15:37.0491 1948 MegaSR - ok
00:15:37.0527 1948 MegaSR1 (6d884467fdd4ea15040ca0d5d34c067c) C:\Windows\system32\DRIVERS\MegaSR1.sys
00:15:37.0532 1948 MegaSR1 - ok
00:15:37.0619 1948 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
00:15:37.0700 1948 Microsoft Office Groove Audit Service - ok
00:15:37.0793 1948 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:15:37.0795 1948 MMCSS - ok
00:15:37.0845 1948 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:15:37.0845 1948 Modem - ok
00:15:37.0882 1948 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:15:37.0883 1948 monitor - ok
00:15:37.0925 1948 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:15:37.0927 1948 mouclass - ok
00:15:37.0960 1948 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:15:37.0977 1948 mouhid - ok
00:15:38.0007 1948 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:15:38.0008 1948 mountmgr - ok
00:15:38.0160 1948 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:15:38.0162 1948 mpio - ok
00:15:38.0212 1948 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:15:38.0213 1948 mpsdrv - ok
00:15:38.0260 1948 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
00:15:38.0269 1948 MpsSvc - ok
00:15:38.0310 1948 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:15:38.0312 1948 MRxDAV - ok
00:15:38.0348 1948 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:15:38.0350 1948 mrxsmb - ok
00:15:38.0505 1948 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:15:38.0509 1948 mrxsmb10 - ok
00:15:38.0566 1948 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:15:38.0593 1948 mrxsmb20 - ok
00:15:38.0660 1948 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:15:38.0663 1948 msahci - ok
00:15:38.0729 1948 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:15:38.0732 1948 msdsm - ok
00:15:38.0781 1948 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:15:38.0784 1948 MSDTC - ok
00:15:38.0944 1948 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:15:38.0945 1948 Msfs - ok
00:15:38.0992 1948 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:15:38.0994 1948 mshidkmdf - ok
00:15:39.0087 1948 MSICDSetup - ok
00:15:39.0122 1948 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:15:39.0124 1948 msisadrv - ok
00:15:39.0214 1948 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:15:39.0217 1948 MSiSCSI - ok
00:15:39.0223 1948 msiserver - ok
00:15:39.0286 1948 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:15:39.0287 1948 MSKSSRV - ok
00:15:39.0339 1948 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:15:39.0340 1948 MSPCLOCK - ok
00:15:39.0386 1948 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:15:39.0387 1948 MSPQM - ok
00:15:39.0499 1948 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:15:39.0504 1948 MsRPC - ok
00:15:39.0602 1948 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
00:15:39.0603 1948 mssmbios - ok
00:15:39.0738 1948 MSSQL$SQLEXPRESS - ok
00:15:39.0839 1948 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
00:15:39.0895 1948 MSSQLServerADHelper - ok
00:15:40.0043 1948 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:15:40.0045 1948 MSTEE - ok
00:15:40.0386 1948 msvsmon90 (0f4dd44765a7d23e0cd9965ee900558f) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
00:15:40.0458 1948 msvsmon90 - ok
00:15:40.0633 1948 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
00:15:40.0647 1948 MTConfig - ok
00:15:40.0750 1948 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
00:15:40.0752 1948 MTsensor - ok
00:15:40.0777 1948 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:15:40.0780 1948 Mup - ok
00:15:40.0818 1948 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
00:15:40.0823 1948 napagent - ok
00:15:40.0904 1948 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:15:40.0909 1948 NativeWifiP - ok
00:15:41.0133 1948 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:15:41.0155 1948 NDIS - ok
00:15:41.0239 1948 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:15:41.0254 1948 NdisCap - ok
00:15:41.0388 1948 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:15:41.0389 1948 NdisTapi - ok
00:15:41.0522 1948 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:15:41.0543 1948 Ndisuio - ok
00:15:41.0594 1948 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:15:41.0597 1948 NdisWan - ok
00:15:41.0657 1948 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:15:41.0661 1948 NDProxy - ok
00:15:41.0709 1948 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:15:41.0710 1948 NetBIOS - ok
00:15:41.0759 1948 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:15:41.0773 1948 NetBT - ok
00:15:41.0802 1948 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
00:15:41.0803 1948 Netlogon - ok
00:15:41.0835 1948 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:15:41.0839 1948 Netman - ok
00:15:41.0985 1948 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:15:41.0988 1948 NetMsmqActivator - ok
00:15:41.0992 1948 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:15:41.0993 1948 NetPipeActivator - ok
00:15:42.0034 1948 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:15:42.0034 1948 netprofm - ok
00:15:42.0087 1948 netr28ux (883269c1ca478658f1334f3c39b0c7ac) C:\Windows\system32\DRIVERS\netr28ux.sys
00:15:42.0106 1948 netr28ux - ok
00:15:42.0243 1948 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:15:42.0244 1948 NetTcpActivator - ok
00:15:42.0261 1948 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:15:42.0262 1948 NetTcpPortSharing - ok
00:15:42.0435 1948 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
00:15:42.0437 1948 nfrd960 - ok
00:15:42.0505 1948 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
00:15:42.0510 1948 NlaSvc - ok
00:15:42.0560 1948 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:15:42.0562 1948 Npfs - ok
00:15:42.0622 1948 npggsvc - ok
00:15:42.0631 1948 NPPTNT2 - ok
00:15:42.0679 1948 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:15:42.0681 1948 nsi - ok
00:15:42.0741 1948 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:15:42.0743 1948 nsiproxy - ok
00:15:43.0040 1948 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:15:43.0067 1948 Ntfs - ok
00:15:43.0174 1948 NTIOLib_1_0_4 (1b32c54b95121ab1683c7b83b2db4b96) C:\Program Files (x86)\MSI\Live Update 4\LU4\NTIOLib_X64.sys
00:15:43.0175 1948 NTIOLib_1_0_4 - ok
00:15:43.0263 1948 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:15:43.0264 1948 Null - ok
00:15:43.0353 1948 nusb3hub (a7127e86f9ffe2a53e271b56b2c4cedf) C:\Windows\system32\DRIVERS\nusb3hub.sys
00:15:43.0357 1948 nusb3hub - ok
00:15:43.0385 1948 nusb3xhc (49bbec6f48d5f9284b03abf3a959b19b) C:\Windows\system32\DRIVERS\nusb3xhc.sys
00:15:43.0387 1948 nusb3xhc - ok
00:15:43.0449 1948 nvamacpi (7fd5c060cb907489a5702f628226f54a) C:\Windows\system32\DRIVERS\NVAMACPI.sys
00:15:43.0454 1948 nvamacpi - ok
00:15:43.0521 1948 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:15:43.0544 1948 nvraid - ok
00:15:43.0632 1948 nvrd64 (694f5e9d9d624d47f432f5b2e66a0528) C:\Windows\system32\DRIVERS\nvrd64.sys
00:15:43.0634 1948 nvrd64 - ok
00:15:43.0642 1948 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
00:15:43.0643 1948 nvsmu - ok
00:15:43.0783 1948 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:15:43.0785 1948 nvstor - ok
00:15:43.0831 1948 nvstor64 (05de5dc43afe6cab78f9c7ca044cbcbe) C:\Windows\system32\DRIVERS\nvstor64.sys
00:15:43.0834 1948 nvstor64 - ok
00:15:43.0867 1948 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:15:43.0869 1948 nv_agp - ok
00:15:43.0889 1948 O2MDRDR (a22332e058215eb4835ea3ae6d14bdc3) C:\Windows\system32\DRIVERS\o2mdx64.sys
00:15:43.0892 1948 O2MDRDR - ok
00:15:43.0959 1948 O2SDRDR (df014c48015b637790be3eddd1384728) C:\Windows\system32\DRIVERS\o2sdx64.sys
00:15:43.0960 1948 O2SDRDR - ok
00:15:44.0144 1948 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:15:44.0248 1948 odserv - ok
00:15:44.0418 1948 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:15:44.0421 1948 ohci1394 - ok
00:15:44.0539 1948 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:15:44.0544 1948 ose - ok
00:15:44.0630 1948 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:15:44.0634 1948 p2pimsvc - ok
00:15:44.0652 1948 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:15:44.0657 1948 p2psvc - ok
00:15:44.0680 1948 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
00:15:44.0682 1948 Parport - ok
00:15:44.0753 1948 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
00:15:44.0756 1948 partmgr - ok
00:15:44.0782 1948 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:15:44.0785 1948 PcaSvc - ok
00:15:44.0819 1948 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:15:44.0822 1948 pci - ok
00:15:44.0900 1948 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:15:44.0902 1948 pciide - ok
00:15:45.0075 1948 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
00:15:45.0096 1948 pcmcia - ok
00:15:45.0177 1948 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:15:45.0177 1948 pcw - ok
00:15:45.0210 1948 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:15:45.0240 1948 PEAUTH - ok
00:15:45.0287 1948 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
00:15:45.0299 1948 PeerDistSvc - ok
00:15:45.0349 1948 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:15:45.0405 1948 PerfHost - ok
00:15:45.0623 1948 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
00:15:45.0654 1948 pla - ok
00:15:45.0808 1948 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
00:15:45.0814 1948 PlugPlay - ok
00:15:45.0821 1948 PnkBstrA - ok
00:15:45.0845 1948 PnkBstrB - ok
00:15:45.0869 1948 Pnp680 (608a144310828c21ddf745124b10f833) C:\Windows\system32\DRIVERS\pnp680.sys
00:15:45.0870 1948 Pnp680 - ok
00:15:45.0888 1948 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:15:45.0890 1948 PNRPAutoReg - ok
00:15:45.0905 1948 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:15:45.0907 1948 PNRPsvc - ok
00:15:45.0970 1948 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
00:15:45.0976 1948 PolicyAgent - ok
00:15:46.0051 1948 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:15:46.0054 1948 Power - ok
00:15:46.0107 1948 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:15:46.0109 1948 PptpMiniport - ok
00:15:46.0150 1948 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
00:15:46.0151 1948 Processor - ok
00:15:46.0167 1948 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
00:15:46.0170 1948 ProfSvc - ok
00:15:46.0202 1948 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
00:15:46.0203 1948 ProtectedStorage - ok
00:15:46.0280 1948 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:15:46.0282 1948 Psched - ok
00:15:46.0532 1948 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
00:15:46.0546 1948 ql2300 - ok
00:15:46.0637 1948 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
00:15:46.0640 1948 ql40xx - ok
00:15:46.0746 1948 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:15:46.0751 1948 QWAVE - ok
00:15:46.0789 1948 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:15:46.0790 1948 QWAVEdrv - ok
00:15:46.0806 1948 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:15:46.0807 1948 RasAcd - ok
00:15:46.0837 1948 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:15:46.0839 1948 RasAgileVpn - ok
00:15:46.0857 1948 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:15:46.0859 1948 RasAuto - ok
00:15:46.0893 1948 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:15:46.0894 1948 Rasl2tp - ok
00:15:46.0932 1948 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
00:15:46.0936 1948 RasMan - ok
00:15:46.0995 1948 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:15:47.0000 1948 RasPppoe - ok
00:15:47.0070 1948 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:15:47.0072 1948 RasSstp - ok
00:15:47.0101 1948 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:15:47.0118 1948 rdbss - ok
00:15:47.0153 1948 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:15:47.0154 1948 rdpbus - ok
00:15:47.0162 1948 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:15:47.0163 1948 RDPCDD - ok
00:15:47.0192 1948 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
00:15:47.0194 1948 RDPDR - ok
00:15:47.0257 1948 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:15:47.0257 1948 RDPENCDD - ok
00:15:47.0322 1948 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:15:47.0324 1948 RDPREFMP - ok
00:15:47.0483 1948 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
00:15:47.0485 1948 RdpVideoMiniport - ok
00:15:47.0534 1948 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
00:15:47.0537 1948 RDPWD - ok
00:15:47.0560 1948 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:15:47.0563 1948 rdyboost - ok
00:15:47.0592 1948 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:15:47.0594 1948 RemoteAccess - ok
00:15:47.0664 1948 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:15:47.0681 1948 RemoteRegistry - ok
00:15:47.0730 1948 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
00:15:47.0731 1948 rimmptsk - ok
00:15:47.0768 1948 rimspci (e20b1907fc72a3664ece21e3c20fc63d) C:\Windows\system32\DRIVERS\rimspe64.sys
00:15:47.0769 1948 rimspci - ok
00:15:47.0782 1948 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
00:15:47.0800 1948 rimsptsk - ok
00:15:47.0830 1948 risdpcie (a6da2b0c8f5bb3f9f5423cff8d6a02d9) C:\Windows\system32\DRIVERS\risdpe64.sys
00:15:47.0832 1948 risdpcie - ok
00:15:47.0850 1948 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
00:15:47.0851 1948 rismxdp - ok
00:15:47.0871 1948 rixdpcie (6a1cd4674505e6791390a1ab71da1fbe) C:\Windows\system32\DRIVERS\rixdpe64.sys
00:15:47.0872 1948 rixdpcie - ok
00:15:47.0889 1948 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:15:47.0891 1948 RpcEptMapper - ok
00:15:47.0973 1948 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:15:47.0974 1948 RpcLocator - ok
00:15:48.0056 1948 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
00:15:48.0059 1948 RpcSs - ok
00:15:48.0112 1948 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:15:48.0115 1948 rspndr - ok
00:15:48.0182 1948 RSUSBSTOR (483df0b58ca532e5240e59dc41f30aa2) C:\Windows\System32\Drivers\RtsUStor.sys
00:15:48.0184 1948 RSUSBSTOR - ok
00:15:48.0274 1948 RTL8167 (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys
00:15:48.0280 1948 RTL8167 - ok
00:15:48.0314 1948 RTSTOR (af4df7eebbd9093721daef27cc8c1cbc) C:\Windows\system32\drivers\RTSTOR64.SYS
00:15:48.0324 1948 RTSTOR - ok
00:15:48.0361 1948 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
00:15:48.0362 1948 s3cap - ok
00:15:48.0452 1948 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
00:15:48.0453 1948 SamSs - ok
00:15:48.0534 1948 SANDRA - ok
00:15:48.0611 1948 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:15:48.0628 1948 sbp2port - ok
00:15:48.0698 1948 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:15:48.0701 1948 SCardSvr - ok
00:15:48.0727 1948 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:15:48.0728 1948 scfilter - ok
00:15:48.0802 1948 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
00:15:48.0813 1948 Schedule - ok
00:15:48.0869 1948 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:15:48.0869 1948 SCPolicySvc - ok
00:15:48.0928 1948 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
00:15:48.0948 1948 SDRSVC - ok
00:15:49.0002 1948 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:15:49.0004 1948 secdrv - ok
00:15:49.0022 1948 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
00:15:49.0024 1948 seclogon - ok
00:15:49.0050 1948 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
00:15:49.0053 1948 SENS - ok
00:15:49.0083 1948 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:15:49.0085 1948 SensrSvc - ok
00:15:49.0093 1948 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:15:49.0095 1948 Serenum - ok
00:15:49.0109 1948 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:15:49.0110 1948 Serial - ok
00:15:49.0168 1948 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
00:15:49.0183 1948 sermouse - ok
00:15:49.0284 1948 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
00:15:49.0301 1948 SessionEnv - ok
00:15:49.0396 1948 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:15:49.0397 1948 sffdisk - ok
00:15:49.0450 1948 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:15:49.0451 1948 sffp_mmc - ok
00:15:49.0681 1948 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:15:49.0682 1948 sffp_sd - ok
00:15:49.0735 1948 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
00:15:49.0736 1948 sfloppy - ok
00:15:49.0769 1948 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
00:15:49.0773 1948 SharedAccess - ok
00:15:49.0906 1948 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
00:15:49.0912 1948 ShellHWDetection - ok
00:15:49.0969 1948 SI3112r (e2512862265d97db53df788bfa9053a0) C:\Windows\system32\DRIVERS\SI3112r.sys
00:15:49.0971 1948 SI3112r - ok
00:15:50.0004 1948 SI3114 (ca263222eb177e2e48b86d5eaa3ff75a) C:\Windows\system32\DRIVERS\SI3114.sys
00:15:50.0005 1948 SI3114 - ok
00:15:50.0069 1948 SI3114r (4891290048ec8f693fc6df66b9cbddde) C:\Windows\system32\DRIVERS\SI3114R.sys
00:15:50.0071 1948 SI3114r - ok
00:15:50.0106 1948 SI3124 (7fd4f1bb790d21eaeb2101c97178a501) C:\Windows\system32\DRIVERS\SI3124.sys
00:15:50.0108 1948 SI3124 - ok
00:15:50.0120 1948 Si3124r5 (993e75b5952a642d8407ed252efd8d82) C:\Windows\system32\DRIVERS\Si3124r5.sys
00:15:50.0124 1948 Si3124r5 - ok
00:15:50.0133 1948 SI3132 (0f498dee92fd73dd999bae4d506367f5) C:\Windows\system32\DRIVERS\SI3132.sys
00:15:50.0135 1948 SI3132 - ok
00:15:50.0153 1948 Si3531 (904828d8fb78c353f8ef4e74c75e4534) C:\Windows\system32\DRIVERS\Si3531.sys
00:15:50.0157 1948 Si3531 - ok
00:15:50.0304 1948 SiFilter (127ce10e01f53f2edaca7fe42e5631ea) C:\Windows\system32\DRIVERS\SiWinAcc.sys
00:15:50.0306 1948 SiFilter - ok
00:15:50.0357 1948 SiRemFil (b742c37002b8ebef6e230df9b4b28546) C:\Windows\system32\DRIVERS\SiRemFil.sys
00:15:50.0359 1948 SiRemFil - ok
00:15:50.0376 1948 SISAGP (dcd65268f0a44e2062ed3fc86c39ca7e) C:\Windows\system32\DRIVERS\SISAGPX.sys
00:15:50.0376 1948 SISAGP - ok
00:15:50.0386 1948 SiSRaid2 (c18b076615486eeeebc14aa1bd2162f8) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:15:50.0386 1948 SiSRaid2 - ok
00:15:50.0411 1948 SiSRaid4 (a836528fa53422956c0dcedb8f58b9ee) C:\Windows\system32\DRIVERS\sisraid4.sys
00:15:50.0431 1948 SiSRaid4 - ok
00:15:50.0507 1948 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:15:50.0509 1948 Smb - ok
00:15:50.0643 1948 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:15:50.0645 1948 SNMPTRAP - ok
00:15:50.0705 1948 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:15:50.0707 1948 spldr - ok
00:15:50.0786 1948 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
00:15:50.0793 1948 Spooler - ok
00:15:51.0083 1948 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
00:15:51.0115 1948 sppsvc - ok
00:15:51.0327 1948 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:15:51.0330 1948 sppuinotify - ok
00:15:51.0393 1948 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
00:15:51.0403 1948 sptd - ok
00:15:51.0635 1948 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
00:15:51.0711 1948 SQLBrowser - ok
00:15:51.0794 1948 SQLWriter (3c432a96363097870995e2a3c8b66abd) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
00:15:51.0796 1948 SQLWriter - ok
00:15:51.0956 1948 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:15:51.0962 1948 srv - ok
00:15:51.0995 1948 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:15:51.0999 1948 srv2 - ok
00:15:52.0013 1948 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:15:52.0015 1948 srvnet - ok
00:15:52.0044 1948 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:15:52.0048 1948 SSDPSRV - ok
00:15:52.0124 1948 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:15:52.0127 1948 SstpSvc - ok
00:15:52.0182 1948 StarOpen - ok
00:15:52.0219 1948 Steam Client Service - ok
00:15:52.0293 1948 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
00:15:52.0295 1948 stexstor - ok
00:15:52.0363 1948 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
00:15:52.0370 1948 stisvc - ok
00:15:52.0402 1948 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
00:15:52.0404 1948 storflt - ok
00:15:52.0471 1948 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
00:15:52.0482 1948 storvsc - ok
00:15:52.0563 1948 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
00:15:52.0565 1948 swenum - ok
00:15:52.0608 1948 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:15:52.0614 1948 swprv - ok
00:15:52.0658 1948 Synth3dVsc - ok
00:15:52.0837 1948 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
00:15:52.0853 1948 SysMain - ok
00:15:52.0982 1948 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
00:15:52.0986 1948 TabletInputService - ok
00:15:53.0036 1948 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
00:15:53.0041 1948 TapiSrv - ok
00:15:53.0072 1948 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:15:53.0073 1948 TBS - ok
00:15:53.0250 1948 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
00:15:53.0285 1948 Tcpip - ok
00:15:53.0356 1948 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
00:15:53.0364 1948 TCPIP6 - ok
00:15:53.0441 1948 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:15:53.0471 1948 tcpipreg - ok
00:15:53.0511 1948 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:15:53.0511 1948 TDPIPE - ok
00:15:53.0558 1948 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
00:15:53.0559 1948 TDTCP - ok
00:15:53.0602 1948 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:15:53.0605 1948 tdx - ok
00:15:53.0650 1948 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
00:15:53.0651 1948 TermDD - ok
00:15:53.0707 1948 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
00:15:53.0736 1948 TermService - ok
00:15:53.0777 1948 Themes (ee88ab0f3d7558087c31d24cfcc71e44) C:\Windows\system32\themeservice.dll
00:15:53.0779 1948 Themes - ok
00:15:53.0801 1948 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:15:53.0802 1948 THREADORDER - ok
00:15:53.0816 1948 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:15:53.0819 1948 TrkWks - ok
00:15:53.0877 1948 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
00:15:53.0879 1948 TrustedInstaller - ok
00:15:53.0970 1948 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:15:53.0971 1948 tssecsrv - ok
00:15:54.0087 1948 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:15:54.0111 1948 TsUsbFlt - ok
00:15:54.0151 1948 tsusbhub - ok
00:15:54.0192 1948 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:15:54.0194 1948 tunnel - ok
00:15:54.0240 1948 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
00:15:54.0243 1948 uagp35 - ok
00:15:54.0327 1948 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:15:54.0331 1948 udfs - ok
00:15:54.0498 1948 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:15:54.0501 1948 UI0Detect - ok
00:15:54.0610 1948 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:15:54.0625 1948 uliagpkx - ok
00:15:54.0710 1948 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
00:15:54.0712 1948 umbus - ok
00:15:54.0759 1948 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
00:15:54.0760 1948 UmPass - ok
00:15:54.0832 1948 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
00:15:54.0836 1948 UmRdpService - ok
00:15:54.0854 1948 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:15:54.0858 1948 upnphost - ok
00:15:54.0928 1948 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:15:54.0948 1948 usbccgp - ok
00:15:55.0048 1948 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:15:55.0051 1948 usbcir - ok
00:15:55.0082 1948 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
00:15:55.0083 1948 usbehci - ok
00:15:55.0109 1948 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:15:55.0113 1948 usbhub - ok
00:15:55.0125 1948 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
00:15:55.0126 1948 usbohci - ok
00:15:55.0149 1948 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
00:15:55.0151 1948 usbprint - ok
00:15:55.0229 1948 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:15:55.0244 1948 USBSTOR - ok
00:15:55.0323 1948 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
00:15:55.0324 1948 usbuhci - ok
00:15:55.0347 1948 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:15:55.0350 1948 UxSms - ok
00:15:55.0386 1948 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
00:15:55.0387 1948 VaultSvc - ok
00:15:55.0422 1948 VBoxNetAdp (48b196c4f368d0c1aec103ed6425d959) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
00:15:55.0424 1948 VBoxNetAdp - ok
00:15:55.0432 1948 VBoxNetFlt - ok
00:15:55.0461 1948 VBoxUSB (21ae7d5965f2dcabb4bb2b6c97774d11) C:\Windows\system32\Drivers\VBoxUSB.sys
00:15:55.0483 1948 VBoxUSB - ok
00:15:55.0563 1948 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:15:55.0565 1948 vdrvroot - ok
00:15:55.0664 1948 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
00:15:55.0670 1948 vds - ok
00:15:55.0713 1948 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:15:55.0714 1948 vga - ok
00:15:55.0735 1948 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:15:55.0736 1948 VgaSave - ok
00:15:55.0744 1948 VGPU - ok
00:15:55.0784 1948 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:15:55.0789 1948 vhdmp - ok
00:15:55.0859 1948 viaagp1 (8b1ea4185548812d8a4bbb7bf54bf2d5) C:\Windows\system32\DRIVERS\viaagp1.sys
00:15:55.0861 1948 viaagp1 - ok
00:15:55.0949 1948 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:15:55.0951 1948 viaide - ok
00:15:55.0999 1948 viamrx64 (d0f2587aca932d5c1bc0f949cb76ebb1) C:\Windows\system32\DRIVERS\viamrx64.sys
00:15:56.0002 1948 viamrx64 - ok
00:15:56.0024 1948 ViBusX64 (fbaef6f9da7eec642be397bdac37f265) C:\Windows\system32\DRIVERS\ViBusX64.sys
00:15:56.0025 1948 ViBusX64 - ok
00:15:56.0042 1948 videX64 (5c0ae0fc169a23b0c98ee023c09d30a5) C:\Windows\system32\DRIVERS\videX64.sys
00:15:56.0043 1948 videX64 - ok
00:15:56.0142 1948 ViPrtX64 (9bc4396aad0f426662db535889d073a1) C:\Windows\system32\DRIVERS\ViPrtX64.sys
00:15:56.0144 1948 ViPrtX64 - ok
00:15:56.0216 1948 vm3dmp (8d960f38c444d21e49497c8471e3ed80) C:\Windows\system32\DRIVERS\vm3dmp.sys
00:15:56.0218 1948 vm3dmp - ok
00:15:56.0240 1948 VMAUDIO - ok
00:15:56.0308 1948 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
00:15:56.0327 1948 vmbus - ok
00:15:56.0413 1948 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
00:15:56.0415 1948 VMBusHID - ok
00:15:56.0578 1948 vmmouse (181c7ced01ff74cbe3590b033a60d02c) C:\Windows\system32\DRIVERS\vmmouse.sys
00:15:56.0580 1948 vmmouse - ok
00:15:56.0625 1948 VMnetAdapter - ok
00:15:56.0662 1948 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:15:56.0676 1948 volmgr - ok
00:15:56.0794 1948 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:15:56.0835 1948 volmgrx - ok
00:15:56.0886 1948 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:15:56.0889 1948 volsnap - ok
00:15:56.0917 1948 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
00:15:56.0937 1948 vpcbus - ok
00:15:57.0025 1948 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
00:15:57.0026 1948 vpcnfltr - ok
00:15:57.0098 1948 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
00:15:57.0100 1948 vpcusb - ok
00:15:57.0138 1948 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
00:15:57.0142 1948 vpcvmm - ok
00:15:57.0175 1948 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
00:15:57.0177 1948 vsmraid - ok
00:15:57.0218 1948 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
00:15:57.0232 1948 VSS - ok
00:15:57.0271 1948 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:15:57.0272 1948 vwifibus - ok
00:15:57.0313 1948 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:15:57.0315 1948 vwififlt - ok
00:15:57.0339 1948 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:15:57.0344 1948 W32Time - ok
00:15:57.0377 1948 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
00:15:57.0379 1948 WacomPen - ok
00:15:57.0416 1948 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:15:57.0418 1948 WANARP - ok
00:15:57.0424 1948 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:15:57.0424 1948 Wanarpv6 - ok
00:15:57.0462 1948 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
00:15:57.0473 1948 WatAdminSvc - ok
00:15:57.0535 1948 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
00:15:57.0549 1948 wbengine - ok
00:15:57.0583 1948 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:15:57.0586 1948 WbioSrvc - ok
00:15:57.0625 1948 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
00:15:57.0630 1948 wcncsvc - ok
00:15:57.0764 1948 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:15:57.0784 1948 WcsPlugInService - ok
00:15:57.0845 1948 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
00:15:57.0846 1948 Wd - ok
00:15:57.0895 1948 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
00:15:57.0897 1948 WDC_SAM - ok
00:15:57.0992 1948 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:15:58.0013 1948 Wdf01000 - ok
00:15:58.0095 1948 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:15:58.0098 1948 WdiServiceHost - ok
00:15:58.0103 1948 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:15:58.0105 1948 WdiSystemHost - ok
00:15:58.0174 1948 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
00:15:58.0193 1948 WebClient - ok
00:15:58.0240 1948 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:15:58.0244 1948 Wecsvc - ok
00:15:58.0256 1948 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:15:58.0259 1948 wercplsupport - ok
00:15:58.0274 1948 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:15:58.0276 1948 WerSvc - ok
00:15:58.0422 1948 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:15:58.0423 1948 WfpLwf - ok
00:15:58.0498 1948 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:15:58.0504 1948 WIMMount - ok
00:15:58.0562 1948 WinDefend - ok
00:15:58.0576 1948 WinHttpAutoProxySvc - ok
00:15:58.0655 1948 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:15:58.0658 1948 Winmgmt - ok
00:15:58.0720 1948 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
00:15:58.0751 1948 WinRM - ok
00:15:58.0926 1948 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
00:15:58.0943 1948 WinUsb - ok
00:15:58.0999 1948 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:15:59.0008 1948 Wlansvc - ok
00:15:59.0208 1948 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:15:59.0235 1948 wlidsvc - ok
00:15:59.0385 1948 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:15:59.0404 1948 WmiAcpi - ok
00:15:59.0538 1948 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:15:59.0546 1948 wmiApSrv - ok
00:15:59.0606 1948 WMPNetworkSvc - ok
00:15:59.0663 1948 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:15:59.0666 1948 WPCSvc - ok
00:15:59.0699 1948 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
00:15:59.0702 1948 WPDBusEnum - ok
00:15:59.0728 1948 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:15:59.0729 1948 ws2ifsl - ok
00:15:59.0756 1948 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
00:15:59.0759 1948 wscsvc - ok
00:15:59.0801 1948 WSearch - ok
00:15:59.0989 1948 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
00:16:00.0020 1948 wuauserv - ok
00:16:00.0196 1948 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:16:00.0201 1948 WudfPf - ok
00:16:00.0229 1948 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:16:00.0233 1948 WUDFRd - ok
00:16:00.0276 1948 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
00:16:00.0279 1948 wudfsvc - ok
00:16:00.0307 1948 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:16:00.0313 1948 WwanSvc - ok
00:16:00.0357 1948 xfiltx64 (5c2213ee5c1fad7636ff5def24cf21dc) C:\Windows\system32\DRIVERS\xfiltx64.sys
00:16:00.0358 1948 xfiltx64 - ok
00:16:00.0553 1948 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
00:16:00.0557 1948 YahooAUService - ok
00:16:00.0588 1948 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:16:00.0645 1948 \Device\Harddisk0\DR0 - ok
00:16:00.0666 1948 Boot (0x1200) (2d31f35d00f35db728a705eb241b1061) \Device\Harddisk0\DR0\Partition0
00:16:00.0670 1948 \Device\Harddisk0\DR0\Partition0 - ok
00:16:00.0684 1948 Boot (0x1200) (7989838a1abeb83d282cc89b0a16b776) \Device\Harddisk0\DR0\Partition1
00:16:00.0688 1948 \Device\Harddisk0\DR0\Partition1 - ok
00:16:00.0688 1948 ============================================================
00:16:00.0688 1948 Scan finished
00:16:00.0688 1948 ============================================================
00:16:00.0696 2572 Detected object count: 0
00:16:00.0696 2572 Actual detected object count: 0



Here is the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-27 00:19:00
-----------------------------
00:19:00.484 OS Version: Windows x64 6.1.7601 Service Pack 1
00:19:00.484 Number of processors: 4 586 0x403
00:19:00.485 ComputerName: RYU-PC UserName: Ryu
00:19:02.844 Initialize success
00:19:53.830 AVAST engine defs: 12032602
00:20:03.958 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:20:03.959 Disk 0 Vendor: Hitachi_HDS721010CLA332 JP4OA3EA Size: 953869MB BusType: 3
00:20:03.977 Disk 0 MBR read successfully
00:20:03.978 Disk 0 MBR scan
00:20:03.981 Disk 0 Windows 7 default MBR code
00:20:04.014 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
00:20:04.038 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
00:20:04.136 Disk 0 scanning C:\Windows\system32\drivers
00:20:24.605 Service scanning
00:20:34.703 Service MSICDSetup D:\CDriver64.sys **LOCKED** 21
00:20:47.591 Modules scanning
00:20:47.595 Disk 0 trace - called modules:
00:20:47.626 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
00:20:47.630 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a61060]
00:20:47.633 3 CLASSPNP.SYS[fffff880010d743f] -> nt!IofCallDriver -> [0xfffffa8004816520]
00:20:47.636 5 ACPI.sys[fffff88000ed67a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003b1b060]
00:20:50.023 AVAST engine scan C:\Windows
00:20:54.338 AVAST engine scan C:\Windows\system32
00:26:26.395 AVAST engine scan C:\Windows\system32\drivers
00:26:44.727 AVAST engine scan C:\Users\Ryu
00:50:50.477 AVAST engine scan C:\ProgramData
00:53:10.702 Scan finished successfully
01:27:58.078 Disk 0 MBR has been saved successfully to "C:\Users\Ryu\Desktop\MBR.dat"
01:27:58.081 The log file has been saved successfully to "C:\Users\Ryu\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:08 PM

Posted 27 March 2012 - 07:50 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\program files (x86)\Ask.com

SecCenter::
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Ryu747

Ryu747
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:08 PM

Posted 27 March 2012 - 11:38 AM

My computer has been doing great. The first ComboFix run seemed to have fixed most, if not all, of my problems.

No problems running ComboFix using the script.


Here's the log:

ComboFix 12-03-26.02 - Ryu 03/27/2012 11:18:23.3.4 - x64
Microsoft Windows 7 Extreme Edition R1 - x64 6.1.7601.1.1252.1.1033.18.4094.1990 [GMT -5:00]
Running from: c:\users\Ryu\Desktop\ComboFix.exe
Command switches used :: c:\users\Ryu\Desktop\CFScript.txt
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\fv_97e8.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-27 to 2012-03-27 )))))))))))))))))))))))))))))))
.
.
2012-03-27 16:26 . 2012-03-27 16:26 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-03-27 16:26 . 2012-03-27 16:26 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-27 16:26 . 2012-03-27 16:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-25 17:00 . 2012-03-25 17:00 477696 --sha-w- C:\EUMONBMP.SYS
2012-03-25 16:57 . 2011-12-23 04:09 189576 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2012-03-25 16:57 . 2011-12-23 04:09 19592 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2012-03-25 16:57 . 2011-12-23 04:09 57480 ----a-w- c:\windows\system32\drivers\eubakup.sys
2012-03-25 16:57 . 2012-02-08 20:48 48264 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2012-03-25 16:56 . 2011-12-23 04:09 25224 ----a-w- c:\windows\system32\fbnative.exe
2012-03-25 16:56 . 2012-03-25 16:56 -------- d-----w- c:\program files (x86)\EaseUS
2012-03-25 05:14 . 2012-03-25 05:14 -------- d-----w- c:\users\Ryu\AppData\Local\Safe mirror
2012-03-25 05:13 . 2012-03-25 16:53 -------- d-----w- c:\program files (x86)\Cobian Backup 10
2012-03-24 21:17 . 2012-03-24 21:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-22 17:24 . 2012-03-22 17:24 -------- d-----w- c:\program files (x86)\Alaplaya
2012-03-22 16:31 . 2012-03-22 16:32 -------- d-----w- c:\users\Ryu\AppData\Local\Akamai
2012-03-22 16:30 . 2012-03-27 16:16 -------- d-----w- c:\program files (x86)\Common Files\Akamai
2012-03-22 00:30 . 2012-03-22 00:30 -------- d-----w- C:\Riot Games
2012-03-21 23:54 . 2012-03-26 19:55 -------- d-----w- c:\users\Ryu\AppData\Local\PMB Files
2012-03-21 23:54 . 2012-03-26 19:55 -------- d-----w- c:\programdata\PMB Files
2012-03-21 16:57 . 2012-03-21 16:57 -------- d-----w- c:\users\Ryu\AppData\Local\COMODO
2012-03-21 06:48 . 2012-03-21 06:48 -------- d-----w- c:\users\Ryu\AppData\Local\Solid State Networks
2012-03-20 16:36 . 2012-03-20 16:36 -------- d-----w- c:\programdata\ATI
2012-03-20 16:31 . 2012-03-20 16:31 -------- d-----w- c:\program files (x86)\AMD AVT
2012-03-20 16:31 . 2012-03-20 16:31 -------- d-----w- c:\program files\AMD
2012-03-20 16:31 . 2012-03-20 16:31 -------- d-----w- c:\program files (x86)\AMD
2012-03-20 16:31 . 2012-03-20 16:31 -------- d-----w- c:\program files (x86)\AMD APP
2012-03-11 22:34 . 2012-03-11 22:34 -------- d-----w- c:\programdata\Rockstar Games
2012-03-11 22:32 . 2012-03-11 22:32 -------- d-----w- c:\program files (x86)\Rockstar Games
2012-03-04 20:50 . 2012-03-04 20:50 -------- d-----w- c:\users\Ryu\AppData\Local\Fallout3
2012-03-04 14:23 . 2012-03-04 17:29 -------- d-----w- c:\users\Ryu\AppData\Roaming\DarknessII
2012-03-02 21:06 . 2012-03-02 21:06 -------- d-----w- c:\program files (x86)\Blacklight Retribution
2012-03-02 20:57 . 2011-12-19 20:16 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-03-02 20:51 . 2011-03-30 16:40 517976 ----a-w- c:\program files (x86)\Mozilla Firefox\BLR Installerv2\DXSETUP.exe
2012-03-02 20:51 . 2011-03-30 16:40 95576 ----a-w- c:\program files (x86)\Mozilla Firefox\BLR Installerv2\DSETUP.dll
2012-03-02 20:51 . 2011-03-30 16:40 1566040 ----a-w- c:\program files (x86)\Mozilla Firefox\BLR Installerv2\dsetup32.dll
2012-03-02 20:51 . 2011-08-24 23:00 100271992 ----a-w- c:\program files (x86)\Mozilla Firefox\BLR Installerv2\directx_Jun2010_redist.exe
2012-03-02 20:51 . 2012-02-23 04:12 8525240 ----a-w- c:\program files (x86)\Mozilla Firefox\BLR Installerv2\Blacklight Retribution.exe
2012-03-02 20:51 . 2011-12-19 20:16 3130440 ----a-w- c:\program files (x86)\Mozilla Firefox\BLR Installerv2\pbsvc_blr.exe
2012-03-02 20:51 . 2011-09-21 20:42 4216840 ----a-w- c:\program files (x86)\Mozilla Firefox\BLR Installerv2\vcredist_x86.exe
2012-03-02 20:51 . 2011-09-21 20:30 34013024 ----a-w- c:\program files (x86)\Mozilla Firefox\BLR Installerv2\PhysX_9.10.0513_SystemSoftware.exe
2012-03-02 20:49 . 2012-02-28 04:03 587200 ----a-w- c:\program files (x86)\Mozilla Firefox\BLR Installerv2\ISSetup.dll
2012-03-02 20:49 . 2012-02-28 04:03 812480 ----a-w- c:\program files (x86)\Mozilla Firefox\BLR Installerv2\setup.exe
2012-03-02 20:49 . 2011-12-19 20:16 3130440 ----a-w- c:\program files (x86)\Mozilla Firefox\BLR Installerv2\ISSetupPrerequisites\{3692B86B-1654-4B5F-9C0C-9C7DCAEB9BDA}\pbsvc_blr.exe
2012-03-02 20:49 . 2011-09-21 20:42 4216840 ----a-w- c:\program files (x86)\Mozilla Firefox\BLR Installerv2\ISSetupPrerequisites\{0BE9572E-8558-404f-B0A5-8C347D145655}\vcredist_x86.exe
2012-03-02 20:49 . 2011-09-21 20:30 34013024 ----a-w- c:\program files (x86)\Mozilla Firefox\BLR Installerv2\ISSetupPrerequisites\{CB6A4BC3-82DC-4A0A-9B61-9B33A587BF54}\PhysX_9.10.0513_SystemSoftware.exe
2012-03-02 20:49 . 2011-03-30 16:40 517976 ----a-w- c:\program files (x86)\Mozilla Firefox\BLR Installerv2\ISSetupPrerequisites\{0242DF66-141E-4ED9-A914-B646CE628817}\DXSETUP.exe
2012-03-02 20:49 . 2011-03-30 16:40 95576 ----a-w- c:\program files (x86)\Mozilla Firefox\BLR Installerv2\ISSetupPrerequisites\{0242DF66-141E-4ED9-A914-B646CE628817}\DSETUP.dll
2012-03-02 20:49 . 2011-03-30 16:40 1566040 ----a-w- c:\program files (x86)\Mozilla Firefox\BLR Installerv2\ISSetupPrerequisites\{0242DF66-141E-4ED9-A914-B646CE628817}\dsetup32.dll
2012-03-02 04:53 . 2012-03-02 04:53 -------- d-----w- c:\program files (x86)\Real
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-11 21:13 . 2011-12-20 00:59 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13 . 2011-12-20 00:59 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13 . 2011-12-20 00:59 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13 . 2011-12-20 00:58 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 21:13 . 2011-12-20 00:58 301224 ----a-w- c:\windows\SysWow64\guard32.dll
2012-03-11 21:13 . 2011-12-20 00:58 389840 ----a-w- c:\windows\system32\guard64.dll
2012-03-02 20:57 . 2010-08-29 07:48 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-02 20:57 . 2010-08-29 07:48 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-02-28 18:50 . 2010-08-29 07:48 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-02-28 18:50 . 2010-09-01 21:25 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-02-15 03:48 . 2012-02-15 03:48 10856960 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:21 . 2012-02-15 03:21 25839104 ----a-w- c:\windows\system32\atio6axx.dll
2012-02-15 03:18 . 2012-02-15 03:18 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-02-15 03:18 . 2011-01-26 23:00 791040 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-02-15 03:17 . 2011-01-26 22:59 957952 ----a-w- c:\windows\system32\aticfx64.dll
2012-02-15 03:13 . 2011-12-06 03:12 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13 . 2012-02-15 03:13 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-02-15 03:13 . 2012-02-15 03:13 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-02-15 03:11 . 2012-02-15 03:11 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-02-15 03:10 . 2012-02-15 03:10 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-02-15 03:10 . 2012-02-15 03:10 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-02-15 03:10 . 2012-02-15 03:10 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-02-15 03:07 . 2011-04-20 06:59 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-02-15 03:05 . 2012-02-15 03:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-02-15 03:05 . 2012-02-15 03:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-02-15 03:05 . 2012-02-15 03:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-02-15 03:05 . 2012-02-15 03:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-02-15 03:05 . 2012-02-15 03:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll
2012-02-15 03:04 . 2012-02-15 03:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-02-15 03:03 . 2012-02-15 03:03 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-15 03:03 . 2012-02-15 03:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-02-15 02:58 . 2012-02-15 02:58 19392000 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-02-15 02:52 . 2011-01-26 22:40 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-02-15 02:41 . 2012-02-15 02:41 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-02-15 02:40 . 2012-02-15 02:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-02-15 02:40 . 2011-12-06 02:39 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-02-15 02:34 . 2012-02-15 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-02-15 02:34 . 2012-02-15 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-02-15 02:34 . 2012-02-15 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-02-15 02:34 . 2012-02-15 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-02-15 02:34 . 2011-12-06 02:33 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-02-15 02:34 . 2012-02-15 02:34 13859840 ----a-w- c:\windows\system32\aticaldd64.dll
2012-02-15 02:29 . 2011-12-06 02:28 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-02-15 02:29 . 2012-02-15 02:29 11561984 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-02-15 02:25 . 2011-12-06 02:24 7551488 ----a-w- c:\windows\system32\atiumd64.dll
2012-02-15 02:16 . 2011-04-20 06:27 58880 ----a-w- c:\windows\system32\coinst.dll
2012-02-15 02:14 . 2011-12-06 02:13 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-02-15 02:13 . 2012-02-15 02:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-02-15 02:13 . 2012-02-15 02:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-02-15 02:13 . 2012-02-15 02:13 327680 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12 . 2011-01-26 22:12 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-02-15 02:12 . 2011-04-20 06:21 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-02-15 02:12 . 2011-01-26 22:12 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-02-15 02:12 . 2011-01-26 22:12 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-02-15 02:11 . 2012-02-15 02:11 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-02-15 02:11 . 2012-02-15 02:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-02-15 02:11 . 2012-02-15 02:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-01-31 11:02 . 2012-01-31 11:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-31 11:00 . 2012-01-31 11:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-01-29 03:16 . 2011-10-03 19:55 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-01-29 03:16 . 2011-10-03 19:55 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-01-29 03:04 . 2012-01-29 03:04 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-07 20:00 . 2012-01-07 20:00 5424 ----a-w- C:\STF4A98.tmp
2011-12-30 19:58 . 2011-10-22 18:14 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-30 18:37 . 2011-12-30 18:09 111960 ----a-w- c:\windows\dxsdkuninst.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-26_18.17.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-30 06:36 . 2012-03-26 18:18 47678 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-26 18:18 58832 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-29 06:21 . 2012-03-26 18:18 17888 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3289938013-2793733460-3881410025-1005_UserData.bin
+ 2009-11-29 18:18 . 2012-03-27 16:28 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-29 18:18 . 2012-03-26 18:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-29 18:18 . 2012-03-27 16:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-29 18:18 . 2012-03-26 18:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-26 17:56 . 2012-03-26 17:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-27 16:28 . 2012-03-27 16:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-26 17:56 . 2012-03-26 17:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-27 16:28 . 2012-03-27 16:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-09-05 20:27 . 2012-03-26 17:57 262144 c:\windows\Temp\Cookies\index.dat
+ 2011-09-05 20:27 . 2012-03-27 16:28 262144 c:\windows\Temp\Cookies\index.dat
+ 2011-09-05 20:27 . 2012-03-27 16:28 3883008 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-05 20:27 . 2012-03-26 17:57 3883008 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-05 20:27 . 2012-03-27 16:28 1097728 c:\windows\Temp\History\History.IE5\index.dat
- 2011-09-05 20:27 . 2012-03-26 17:57 1097728 c:\windows\Temp\History\History.IE5\index.dat
- 2012-01-16 20:06 . 2012-03-26 17:36 1474832 c:\windows\system32\drivers\sfi.dat
+ 2012-01-16 20:06 . 2012-03-27 16:06 1474832 c:\windows\system32\drivers\sfi.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-01-21 213816]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
2012-02-13 21:44 69760 ----a-w- c:\program files (x86)\AMD\SteadyVideo\SteadyVideo.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Ryu\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]
"EaseUs Watch"="c:\program files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-12-23 70792]
"EaseUs Tray"="c:\program files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" [2012-03-15 744584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
dplaysvr.lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck bootdelete
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
.
R0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [x]
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-19 136176]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe [2008-03-18 68096]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FLASHSYS;FLASHSYS;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [2008-02-15 15192]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-08-29 1030600]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-19 136176]
R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
R3 hptmv;hptmv;c:\windows\system32\DRIVERS\hptmv.sys [x]
R3 IAMTVE;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTVE.sys [x]
R3 IAMTXPE;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTXPE.sys [x]
R3 ioatdma;Intel® QuickData Technology device;c:\windows\System32\Drivers\qd260x64.sys [x]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys [x]
R3 ioatdma2;Intel® QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys [x]
R3 iSSetup;iSSetup;c:\windows\system32\DRIVERS\iSSetup.sys [x]
R3 MegaSR1;MegaSR1;c:\windows\system32\DRIVERS\MegaSR1.sys [x]
R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 4\LU4\NTIOLib_X64.sys [2010-10-22 14136]
R3 nvamacpi;nvamacpi;c:\windows\system32\DRIVERS\NVAMACPI.sys [x]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [x]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [x]
R3 Pnp680;Pnp680;c:\windows\system32\DRIVERS\pnp680.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 SI3112r;SI3112r;c:\windows\system32\DRIVERS\SI3112r.sys [x]
R3 SI3114;SI3114;c:\windows\system32\DRIVERS\SI3114.sys [x]
R3 SI3124;SI3124;c:\windows\system32\DRIVERS\SI3124.sys [x]
R3 Si3124r5;Si3124r5;c:\windows\system32\DRIVERS\Si3124r5.sys [x]
R3 Si3531;Si3531;c:\windows\system32\DRIVERS\Si3531.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 viamrx64;viamrx64;c:\windows\system32\DRIVERS\viamrx64.sys [x]
R3 ViBusX64;ViBusX64;c:\windows\system32\DRIVERS\ViBusX64.sys [x]
R3 videX64;videX64;c:\windows\system32\DRIVERS\videX64.sys [x]
R3 ViPrtX64;ViPrtX64;c:\windows\system32\DRIVERS\ViPrtX64.sys [x]
R3 vm3dmp;vm3dmp;c:\windows\system32\DRIVERS\vm3dmp.sys [x]
R3 vmmouse;VMware Pointing Device;c:\windows\system32\DRIVERS\vmmouse.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [x]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [x]
S0 xfiltx64;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfiltx64.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [x]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-15 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]
S2 EaseUS Agent;EaseUS Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2011-12-23 61064]
S2 Guard Agent;Guard Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-12-23 23176]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-02-21 8704]
S3 ALSysIO;ALSysIO;c:\users\Ryu\AppData\Local\Temp\ALSysIO64.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-19 22:48]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-19 22:48]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3289938013-2793733460-3881410025-1005Core.job
- c:\users\Ryu\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-01 17:23]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3289938013-2793733460-3881410025-1005UA.job
- c:\users\Ryu\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-01 17:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
2012-02-13 21:44 81024 ----a-w- c:\program files\AMD\SteadyVideo\SteadyVideo.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Core Temp"="c:\program files\Core Temp\Core Temp.exe" [2010-07-02 530448]
"SunJavaUpdateSched"="" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uStart Page = www.win7extreme.project-os.org
uInternet Settings,ProxyOverride = *.local;<local>
IE: Download Using &BitSpirit - c:\program files (x86)\BitSpirit\bsurl.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\program files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\program files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\fraps\fraps.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-03-27 11:33:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-27 16:33
ComboFix2.txt 2012-03-26 18:21
ComboFix3.txt 2011-09-12 22:27
.
Pre-Run: 425,272,397,824 bytes free
Post-Run: 425,309,548,544 bytes free
.
- - End Of File - - 47A8BD24F3C158AE6F16D7DD5374D277

#12 Ryu747

Ryu747
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:08 PM

Posted 27 March 2012 - 12:06 PM

Hello Gringo,

I have been surfing the web for a little while now and it seems the Google Redirect virus is still present. I was searching around on Google and was redirected to Happili which is what was happening before I found this forum. It seems to be happening much less often (1 out of 10 links or so instead of 1 out of 2 like before) though.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:08 PM

Posted 27 March 2012 - 04:38 PM

In which browsers is this happing to


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Ryu747

Ryu747
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:08 PM

Posted 27 March 2012 - 04:47 PM

I currently only use Google Chrome. It was happening in Mozilla Firefox as well, but I deleted Firefox a couple days ago.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:08 PM

Posted 27 March 2012 - 04:55 PM

Hello

Uninstall Chrome and reinstall it - if asked about user data delete that also


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users