Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engine Redirecting... Mevio?


  • This topic is locked This topic is locked
28 replies to this topic

#1 HamMach1

HamMach1

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 03 April 2012 - 03:08 AM

DDS log:


DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30
Run by Remmichmm at 1:45:55 on 2012-04-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3882.2135 [GMT -6:00]
.
AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\windows\system32\conhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\windows\system32\hkcmd.exe
C:\windows\system32\igfxtray.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\windows\system32\igfxpers.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Users\Remmichmm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Remmichmm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Remmichmm\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\ping.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\ping.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\ping.exe
C:\windows\system32\conhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2
uDefault_Page_URL = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: W2PBrowser Class: {aa609d72-8482-4076-8991-8cdae5b93bcb} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
uRun: [Google Update] "C:\Users\Remmichmm\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [fvieo] rundll32.exe "C:\Users\REMMIC~1\AppData\Local\Temp\fvieo.dll",MatrixRotationZ
uRun: [wmerap] rundll32.exe "C:\Users\REMMIC~1\AppData\Local\Temp\wmerap.dll",D3D9ResourceGetMappedArray
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\REMMIC~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\windows\Installer\{340BE65B-7621-4B0B-B0F9-DBCCD8D70887}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 74.50.130.108 74.50.130.109
TCP: Interfaces\{0091895D-E03F-4A9F-942B-774B46DA73BB} : DhcpNameServer = 64.130.80.1 216.167.144.1
TCP: Interfaces\{0091895D-E03F-4A9F-942B-774B46DA73BB}\1626679653 : DhcpNameServer = 208.180.83.133 208.180.42.68
TCP: Interfaces\{0091895D-E03F-4A9F-942B-774B46DA73BB}\2456C6B696E6E233534354 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{0091895D-E03F-4A9F-942B-774B46DA73BB}\742716D416E69637D27657563747 : DhcpNameServer = 208.180.83.133 208.180.42.68
TCP: Interfaces\{3654C178-D351-4AC3-80CA-03B6DFDF56B3} : DhcpNameServer = 74.50.130.108 74.50.130.109
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: W2PBrowser Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO-X64: W2PBrowser Browser Helper - No File
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
AppInit_DLLs-X64: C:\windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Remmichmm\AppData\Roaming\Mozilla\Firefox\Profiles\lvmqldb8.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - component: C:\Users\Remmichmm\AppData\Roaming\Mozilla\Firefox\Profiles\lvmqldb8.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Remmichmm\AppData\Roaming\Mozilla\Firefox\Profiles\lvmqldb8.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Remmichmm\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc - BRI/1
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\windows\system32\DRIVERS\nvpciflt.sys --> C:\windows\system32\DRIVERS\nvpciflt.sys [?]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\windows\system32\Drivers\SABI.sys --> C:\windows\system32\Drivers\SABI.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-1-30 203096]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-8-31 408576]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-1-29 652360]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-12-2 2009704]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 tmevtmgr;tmevtmgr;C:\windows\system32\DRIVERS\tmevtmgr.sys --> C:\windows\system32\DRIVERS\tmevtmgr.sys [?]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\system32\DRIVERS\TurboB.sys --> C:\windows\system32\DRIVERS\TurboB.sys [?]
R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-2 2320920]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-8-31 911872]
R3 bpenum;bpenum;C:\windows\system32\DRIVERS\bpenum.sys --> C:\windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\windows\system32\DRIVERS\bpmp.sys --> C:\windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;bpusb;C:\windows\system32\Drivers\bpusb.sys --> C:\windows\system32\Drivers\bpusb.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 pneteth;PdaNet Broadband;C:\windows\system32\DRIVERS\pneteth.sys --> C:\windows\system32\DRIVERS\pneteth.sys [?]
R3 SCTDriverV1011;SCTDriverV1011;C:\windows\system32\drivers\SCTDriverV1011.sys --> C:\windows\system32\drivers\SCTDriverV1011.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 253600]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
S3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\windows\system32\DRIVERS\lvrs64.sys --> C:\windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:\windows\system32\DRIVERS\lvuvc64.sys --> C:\windows\system32\DRIVERS\lvuvc64.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-18 340240]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 pnetmdm;PdaNet Modem;C:\windows\system32\DRIVERS\pnetmdm64.sys --> C:\windows\system32\DRIVERS\pnetmdm64.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-02 08:05:00 116016 ----a-w- C:\windows\System32\drivers\52329418.sys
2012-04-02 08:04:59 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-01 05:24:06 -------- d-----w- C:\Users\Remmichmm\AppData\Local\{E95BE7CB-7BBA-11E1-826D-B8AC6F996F26}
2012-03-31 07:02:48 -------- d-----w- C:\Users\Remmichmm\AppData\Roaming\SUPERAntiSpyware.com
2012-03-31 07:02:16 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-03-31 07:02:16 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-03-30 08:25:56 8738464 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-30 08:13:30 418464 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-03-30 08:12:23 0 --sha-w- C:\windows\System32\dds_trash_log.cmd
2012-03-30 08:11:16 -------- d-----we C:\windows\system64
2012-03-18 09:26:33 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 09:26:33 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-15 09:03:53 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-03-15 09:03:51 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 09:03:51 3913584 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-03-14 17:36:12 3145728 ----a-w- C:\windows\System32\win32k.sys
2012-03-14 17:36:11 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-03-14 17:36:11 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-03-14 11:03:03 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-03-14 11:03:03 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-03-14 11:03:03 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-03-14 11:03:03 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-03-14 11:03:02 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-03-14 11:03:02 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-03-14 11:03:02 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-03-13 03:55:09 -------- d-----w- C:\Users\Remmichmm\AppData\Local\{72DB1699-2815-43A7-A758-454B11176A89}
2012-03-11 19:28:16 -------- d-----w- C:\Users\Remmichmm\AppData\Local\Windows Live
2012-03-11 19:27:56 -------- d-----w- C:\Users\Remmichmm\AppData\Local\{2D3079E6-42D8-4F84-A820-445250158E2B}
2012-03-11 19:27:55 -------- d-----w- C:\Users\Remmichmm\AppData\Local\{2E3907F0-A7F1-458C-A3C1-D278799120CD}
.
==================== Find3M ====================
.
2012-03-30 08:26:05 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-07 21:16:38 525544 ----a-w- C:\windows\System32\deployJava1.dll
2012-01-18 13:23:12 38958 ----a-w- C:\windows\System32\Repository.reg
2012-01-04 10:44:20 509952 ----a-w- C:\windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll
.
============= FINISH: 1:47:22.03 ===============








Also, I had an issue with the gmer. It wouldn't let me check the boxes such as system, section, etc... here is a picture:

Posted Image

I am still running a scan with only services, registry, and files selected if that is still useful I will post it.

Attached Files


Edited by Noviciate, 03 April 2012 - 02:43 PM.
Removed "quote" tags.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:45 PM

Posted 03 April 2012 - 02:47 PM

Good evening. :)

Please do not use tags when posting logs as it doesn't make the information any more readable.

When you ran TDSSKiller it should have created a log located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt. - would you post the contents in your next reply.

So long, and thanks for all the fish.

 

 


#3 HamMach1

HamMach1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 03 April 2012 - 09:18 PM

01:54:57.0251 8160 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
01:54:57.0696 8160 ============================================================
01:54:57.0696 8160 Current date / time: 2012/04/02 01:54:57.0696
01:54:57.0696 8160 SystemInfo:
01:54:57.0696 8160
01:54:57.0696 8160 OS Version: 6.1.7601 ServicePack: 1.0
01:54:57.0696 8160 Product type: Workstation
01:54:57.0697 8160 ComputerName: REMMICHMM-PC
01:54:57.0697 8160 UserName: Remmichmm
01:54:57.0697 8160 Windows directory: C:\windows
01:54:57.0697 8160 System windows directory: C:\windows
01:54:57.0697 8160 Running under WOW64
01:54:57.0697 8160 Processor architecture: Intel x64
01:54:57.0697 8160 Number of processors: 4
01:54:57.0697 8160 Page size: 0x1000
01:54:57.0697 8160 Boot type: Normal boot
01:54:57.0697 8160 ============================================================
01:54:58.0243 8160 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:54:58.0260 8160 \Device\Harddisk0\DR0:
01:54:58.0261 8160 MBR used
01:54:58.0261 8160 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
01:54:58.0261 8160 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D000000
01:54:58.0278 8160 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D033000, BlocksNum 0x2B4C9000
01:54:58.0428 8160 Initialize success
01:54:58.0428 8160 ============================================================
01:55:14.0269 7032 ============================================================
01:55:14.0270 7032 Scan started
01:55:14.0270 7032 Mode: Manual;
01:55:14.0270 7032 ============================================================
01:55:14.0576 7032 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
01:55:14.0577 7032 !SASCORE - ok
01:55:14.0702 7032 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
01:55:14.0705 7032 1394ohci - ok
01:55:14.0778 7032 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
01:55:14.0781 7032 ACPI - ok
01:55:14.0818 7032 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
01:55:14.0819 7032 AcpiPmi - ok
01:55:14.0921 7032 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:55:14.0924 7032 AdobeFlashPlayerUpdateSvc - ok
01:55:14.0991 7032 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
01:55:14.0996 7032 adp94xx - ok
01:55:15.0038 7032 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
01:55:15.0041 7032 adpahci - ok
01:55:15.0089 7032 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
01:55:15.0091 7032 adpu320 - ok
01:55:15.0152 7032 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
01:55:15.0153 7032 AeLookupSvc - ok
01:55:15.0216 7032 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
01:55:15.0222 7032 AFD - ok
01:55:15.0291 7032 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
01:55:15.0292 7032 agp440 - ok
01:55:15.0327 7032 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
01:55:15.0329 7032 ALG - ok
01:55:15.0423 7032 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
01:55:15.0424 7032 aliide - ok
01:55:15.0448 7032 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
01:55:15.0449 7032 amdide - ok
01:55:15.0493 7032 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
01:55:15.0494 7032 AmdK8 - ok
01:55:15.0512 7032 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
01:55:15.0514 7032 AmdPPM - ok
01:55:15.0556 7032 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
01:55:15.0558 7032 amdsata - ok
01:55:15.0581 7032 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
01:55:15.0583 7032 amdsbs - ok
01:55:15.0617 7032 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
01:55:15.0618 7032 amdxata - ok
01:55:15.0719 7032 Amsp (2b85a4692d090a242777ce3ec571ff3a) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
01:55:15.0721 7032 Amsp - ok
01:55:15.0790 7032 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
01:55:15.0791 7032 AppID - ok
01:55:15.0846 7032 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
01:55:15.0847 7032 AppIDSvc - ok
01:55:15.0875 7032 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
01:55:15.0876 7032 Appinfo - ok
01:55:15.0997 7032 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:55:15.0998 7032 Apple Mobile Device - ok
01:55:16.0093 7032 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
01:55:16.0095 7032 arc - ok
01:55:16.0113 7032 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
01:55:16.0115 7032 arcsas - ok
01:55:16.0144 7032 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
01:55:16.0145 7032 AsyncMac - ok
01:55:16.0178 7032 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
01:55:16.0179 7032 atapi - ok
01:55:16.0231 7032 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
01:55:16.0237 7032 AudioEndpointBuilder - ok
01:55:16.0252 7032 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
01:55:16.0259 7032 AudioSrv - ok
01:55:16.0307 7032 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
01:55:16.0309 7032 AxInstSV - ok
01:55:16.0403 7032 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
01:55:16.0408 7032 b06bdrv - ok
01:55:16.0453 7032 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
01:55:16.0456 7032 b57nd60a - ok
01:55:16.0662 7032 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
01:55:16.0664 7032 BBSvc - ok
01:55:16.0785 7032 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
01:55:16.0788 7032 BBUpdate - ok
01:55:16.0910 7032 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
01:55:16.0911 7032 BDESVC - ok
01:55:16.0963 7032 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
01:55:16.0964 7032 Beep - ok
01:55:17.0063 7032 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
01:55:17.0074 7032 BITS - ok
01:55:17.0117 7032 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
01:55:17.0118 7032 blbdrive - ok
01:55:17.0230 7032 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
01:55:17.0234 7032 Bonjour Service - ok
01:55:17.0281 7032 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
01:55:17.0283 7032 bowser - ok
01:55:17.0310 7032 bpenum (f46dd257fad7d2d097ef32e72220a06c) C:\windows\system32\DRIVERS\bpenum.sys
01:55:17.0311 7032 bpenum - ok
01:55:17.0345 7032 bpmp (e82060aed0f28ed8909f2b07fa276185) C:\windows\system32\DRIVERS\bpmp.sys
01:55:17.0347 7032 bpmp - ok
01:55:17.0374 7032 bpusb (fc6313a5a45c1ae53d0491f0057d5a4d) C:\windows\system32\Drivers\bpusb.sys
01:55:17.0376 7032 bpusb - ok
01:55:17.0434 7032 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
01:55:17.0435 7032 BrFiltLo - ok
01:55:17.0457 7032 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
01:55:17.0458 7032 BrFiltUp - ok
01:55:17.0509 7032 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
01:55:17.0511 7032 Browser - ok
01:55:17.0557 7032 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
01:55:17.0560 7032 Brserid - ok
01:55:17.0586 7032 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
01:55:17.0587 7032 BrSerWdm - ok
01:55:17.0613 7032 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
01:55:17.0614 7032 BrUsbMdm - ok
01:55:17.0639 7032 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
01:55:17.0639 7032 BrUsbSer - ok
01:55:17.0693 7032 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
01:55:17.0695 7032 BTHMODEM - ok
01:55:17.0752 7032 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
01:55:17.0753 7032 bthserv - ok
01:55:17.0806 7032 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
01:55:17.0807 7032 cdfs - ok
01:55:17.0856 7032 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
01:55:17.0858 7032 cdrom - ok
01:55:17.0909 7032 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
01:55:17.0910 7032 CertPropSvc - ok
01:55:17.0968 7032 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
01:55:17.0969 7032 circlass - ok
01:55:17.0999 7032 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
01:55:18.0002 7032 CLFS - ok
01:55:18.0112 7032 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:55:18.0114 7032 clr_optimization_v2.0.50727_32 - ok
01:55:18.0164 7032 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:55:18.0166 7032 clr_optimization_v2.0.50727_64 - ok
01:55:18.0235 7032 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:55:18.0237 7032 clr_optimization_v4.0.30319_32 - ok
01:55:18.0267 7032 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:55:18.0269 7032 clr_optimization_v4.0.30319_64 - ok
01:55:18.0355 7032 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
01:55:18.0356 7032 CmBatt - ok
01:55:18.0384 7032 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
01:55:18.0385 7032 cmdide - ok
01:55:18.0423 7032 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
01:55:18.0428 7032 CNG - ok
01:55:18.0469 7032 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
01:55:18.0470 7032 Compbatt - ok
01:55:18.0512 7032 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
01:55:18.0513 7032 CompositeBus - ok
01:55:18.0535 7032 COMSysApp - ok
01:55:18.0573 7032 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
01:55:18.0573 7032 crcdisk - ok
01:55:18.0643 7032 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
01:55:18.0645 7032 CryptSvc - ok
01:55:18.0736 7032 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
01:55:18.0745 7032 cvhsvc - ok
01:55:18.0843 7032 dc3d (1ca90212a99db6975c344826d11055c9) C:\windows\system32\DRIVERS\dc3d.sys
01:55:18.0844 7032 dc3d - ok
01:55:18.0922 7032 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
01:55:18.0929 7032 DcomLaunch - ok
01:55:18.0973 7032 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
01:55:18.0977 7032 defragsvc - ok
01:55:19.0032 7032 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
01:55:19.0033 7032 DfsC - ok
01:55:19.0119 7032 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
01:55:19.0123 7032 Dhcp - ok
01:55:19.0155 7032 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
01:55:19.0156 7032 discache - ok
01:55:19.0194 7032 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
01:55:19.0195 7032 Disk - ok
01:55:19.0305 7032 DMAgent (c4aebbeb530706b45b7916161a1f525d) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
01:55:19.0309 7032 DMAgent - ok
01:55:19.0444 7032 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
01:55:19.0446 7032 Dnscache - ok
01:55:19.0484 7032 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
01:55:19.0487 7032 dot3svc - ok
01:55:19.0534 7032 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
01:55:19.0537 7032 DPS - ok
01:55:19.0598 7032 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
01:55:19.0598 7032 drmkaud - ok
01:55:19.0657 7032 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
01:55:19.0667 7032 DXGKrnl - ok
01:55:19.0712 7032 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
01:55:19.0714 7032 EapHost - ok
01:55:19.0848 7032 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
01:55:19.0878 7032 ebdrv - ok
01:55:19.0982 7032 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
01:55:19.0983 7032 EFS - ok
01:55:20.0044 7032 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
01:55:20.0051 7032 ehRecvr - ok
01:55:20.0097 7032 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
01:55:20.0099 7032 ehSched - ok
01:55:20.0187 7032 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
01:55:20.0192 7032 elxstor - ok
01:55:20.0230 7032 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
01:55:20.0231 7032 ErrDev - ok
01:55:20.0277 7032 ETD (ace57d5012b00971cce04c61cfeefae6) C:\windows\system32\DRIVERS\ETD.sys
01:55:20.0278 7032 ETD - ok
01:55:20.0360 7032 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
01:55:20.0366 7032 EventSystem - ok
01:55:20.0509 7032 EvtEng (bdf87981c5fea94fd259f110fb8b1a72) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
01:55:20.0522 7032 EvtEng - ok
01:55:20.0631 7032 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
01:55:20.0633 7032 exfat - ok
01:55:20.0656 7032 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
01:55:20.0659 7032 fastfat - ok
01:55:20.0735 7032 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
01:55:20.0743 7032 Fax - ok
01:55:20.0777 7032 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
01:55:20.0778 7032 fdc - ok
01:55:20.0839 7032 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
01:55:20.0840 7032 fdPHost - ok
01:55:20.0863 7032 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
01:55:20.0864 7032 FDResPub - ok
01:55:20.0882 7032 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
01:55:20.0883 7032 FileInfo - ok
01:55:20.0910 7032 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
01:55:20.0911 7032 Filetrace - ok
01:55:20.0933 7032 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
01:55:20.0934 7032 flpydisk - ok
01:55:20.0984 7032 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
01:55:20.0987 7032 FltMgr - ok
01:55:21.0041 7032 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
01:55:21.0053 7032 FontCache - ok
01:55:21.0152 7032 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:55:21.0153 7032 FontCache3.0.0.0 - ok
01:55:21.0214 7032 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
01:55:21.0215 7032 FsDepends - ok
01:55:21.0234 7032 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
01:55:21.0235 7032 Fs_Rec - ok
01:55:21.0298 7032 FTDIBUS (fa169871d8fadcc6539c4e8726610286) C:\windows\system32\drivers\ftdibus.sys
01:55:21.0300 7032 FTDIBUS - ok
01:55:21.0325 7032 FTSER2K (24237091348d1efb5635a1cf9649e311) C:\windows\system32\drivers\ftser2k.sys
01:55:21.0326 7032 FTSER2K - ok
01:55:21.0370 7032 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
01:55:21.0372 7032 fvevol - ok
01:55:21.0422 7032 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
01:55:21.0423 7032 gagp30kx - ok
01:55:21.0456 7032 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
01:55:21.0456 7032 GEARAspiWDM - ok
01:55:21.0512 7032 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
01:55:21.0523 7032 gpsvc - ok
01:55:21.0595 7032 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
01:55:21.0596 7032 hcw85cir - ok
01:55:21.0743 7032 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
01:55:21.0746 7032 HdAudAddService - ok
01:55:21.0800 7032 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
01:55:21.0802 7032 HDAudBus - ok
01:55:21.0926 7032 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
01:55:21.0927 7032 HECIx64 - ok
01:55:21.0961 7032 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
01:55:21.0962 7032 HidBatt - ok
01:55:22.0004 7032 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
01:55:22.0008 7032 HidBth - ok
01:55:22.0041 7032 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
01:55:22.0042 7032 HidIr - ok
01:55:22.0074 7032 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
01:55:22.0076 7032 hidserv - ok
01:55:22.0136 7032 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
01:55:22.0137 7032 HidUsb - ok
01:55:22.0176 7032 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
01:55:22.0179 7032 hkmsvc - ok
01:55:22.0264 7032 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
01:55:22.0268 7032 HomeGroupListener - ok
01:55:22.0308 7032 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
01:55:22.0311 7032 HomeGroupProvider - ok
01:55:22.0407 7032 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
01:55:22.0409 7032 HpSAMD - ok
01:55:22.0490 7032 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
01:55:22.0498 7032 HTTP - ok
01:55:22.0536 7032 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
01:55:22.0537 7032 hwpolicy - ok
01:55:22.0618 7032 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
01:55:22.0620 7032 i8042prt - ok
01:55:22.0672 7032 iaStor (a5f72bb0d024e7e463344105be613ae4) C:\windows\system32\DRIVERS\iaStor.sys
01:55:22.0677 7032 iaStor - ok
01:55:22.0705 7032 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
01:55:22.0709 7032 iaStorV - ok
01:55:22.0837 7032 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
01:55:22.0838 7032 IDriverT - ok
01:55:22.0965 7032 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:55:22.0974 7032 idsvc - ok
01:55:23.0247 7032 igfx (677aa5991026a65ada128c4b59cf2bad) C:\windows\system32\DRIVERS\igdkmd64.sys
01:55:23.0346 7032 igfx - ok
01:55:23.0491 7032 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
01:55:23.0492 7032 iirsp - ok
01:55:23.0574 7032 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
01:55:23.0584 7032 IKEEXT - ok
01:55:23.0712 7032 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
01:55:23.0714 7032 Impcd - ok
01:55:23.0809 7032 IntcAzAudAddService (bbda43f02a2c642a2df191fa8c0b0052) C:\windows\system32\drivers\RTKVHD64.sys
01:55:23.0835 7032 IntcAzAudAddService - ok
01:55:23.0951 7032 IntcDAud (c6c1f19205da83c801be7c25f4e2ee07) C:\windows\system32\DRIVERS\IntcDAud.sys
01:55:23.0955 7032 IntcDAud - ok
01:55:23.0985 7032 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
01:55:23.0986 7032 intelide - ok
01:55:24.0067 7032 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
01:55:24.0068 7032 intelppm - ok
01:55:24.0089 7032 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
01:55:24.0092 7032 IPBusEnum - ok
01:55:24.0123 7032 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
01:55:24.0124 7032 IpFilterDriver - ok
01:55:24.0147 7032 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
01:55:24.0148 7032 IPMIDRV - ok
01:55:24.0201 7032 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
01:55:24.0203 7032 IPNAT - ok
01:55:24.0274 7032 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
01:55:24.0283 7032 iPod Service - ok
01:55:24.0421 7032 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
01:55:24.0422 7032 IRENUM - ok
01:55:24.0459 7032 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
01:55:24.0460 7032 isapnp - ok
01:55:24.0502 7032 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
01:55:24.0505 7032 iScsiPrt - ok
01:55:24.0554 7032 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
01:55:24.0555 7032 kbdclass - ok
01:55:24.0590 7032 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
01:55:24.0591 7032 kbdhid - ok
01:55:24.0618 7032 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
01:55:24.0620 7032 KeyIso - ok
01:55:24.0645 7032 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
01:55:24.0647 7032 KSecDD - ok
01:55:24.0664 7032 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
01:55:24.0666 7032 KSecPkg - ok
01:55:24.0695 7032 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
01:55:24.0696 7032 ksthunk - ok
01:55:24.0739 7032 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
01:55:24.0745 7032 KtmRm - ok
01:55:24.0809 7032 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
01:55:24.0813 7032 LanmanServer - ok
01:55:24.0838 7032 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
01:55:24.0841 7032 LanmanWorkstation - ok
01:55:24.0906 7032 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
01:55:24.0907 7032 lltdio - ok
01:55:24.0952 7032 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
01:55:24.0957 7032 lltdsvc - ok
01:55:24.0979 7032 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
01:55:24.0980 7032 lmhosts - ok
01:55:25.0127 7032 LMS (85c7497997ba8b7c1728b12199616747) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
01:55:25.0129 7032 LMS - ok
01:55:25.0198 7032 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
01:55:25.0199 7032 LSI_FC - ok
01:55:25.0237 7032 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
01:55:25.0238 7032 LSI_SAS - ok
01:55:25.0276 7032 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
01:55:25.0277 7032 LSI_SAS2 - ok
01:55:25.0299 7032 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
01:55:25.0301 7032 LSI_SCSI - ok
01:55:25.0346 7032 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
01:55:25.0350 7032 luafv - ok
01:55:25.0404 7032 LVRS64 (0c85b2b6fb74b36a251792d45e0ef860) C:\windows\system32\DRIVERS\lvrs64.sys
01:55:25.0407 7032 LVRS64 - ok
01:55:25.0597 7032 LVUVC64 (ff3a488924b0032b1a9ca6948c1fa9e8) C:\windows\system32\DRIVERS\lvuvc64.sys
01:55:25.0647 7032 LVUVC64 - ok
01:55:25.0765 7032 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
01:55:25.0766 7032 MBAMProtector - ok
01:55:25.0820 7032 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
01:55:25.0827 7032 MBAMService - ok
01:55:25.0877 7032 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
01:55:25.0880 7032 Mcx2Svc - ok
01:55:25.0967 7032 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
01:55:25.0968 7032 megasas - ok
01:55:25.0992 7032 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
01:55:25.0995 7032 MegaSR - ok
01:55:26.0043 7032 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
01:55:26.0045 7032 MMCSS - ok
01:55:26.0064 7032 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
01:55:26.0065 7032 Modem - ok
01:55:26.0116 7032 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
01:55:26.0117 7032 monitor - ok
01:55:26.0194 7032 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
01:55:26.0195 7032 mouclass - ok
01:55:26.0230 7032 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
01:55:26.0231 7032 mouhid - ok
01:55:26.0264 7032 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
01:55:26.0266 7032 mountmgr - ok
01:55:26.0321 7032 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
01:55:26.0323 7032 mpio - ok
01:55:26.0343 7032 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
01:55:26.0345 7032 mpsdrv - ok
01:55:26.0384 7032 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
01:55:26.0386 7032 MRxDAV - ok
01:55:26.0453 7032 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
01:55:26.0455 7032 mrxsmb - ok
01:55:26.0480 7032 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
01:55:26.0483 7032 mrxsmb10 - ok
01:55:26.0507 7032 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
01:55:26.0509 7032 mrxsmb20 - ok
01:55:26.0540 7032 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
01:55:26.0541 7032 msahci - ok
01:55:26.0592 7032 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
01:55:26.0594 7032 msdsm - ok
01:55:26.0633 7032 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
01:55:26.0636 7032 MSDTC - ok
01:55:26.0726 7032 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
01:55:26.0727 7032 Msfs - ok
01:55:26.0752 7032 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
01:55:26.0753 7032 mshidkmdf - ok
01:55:26.0773 7032 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
01:55:26.0774 7032 msisadrv - ok
01:55:26.0854 7032 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
01:55:26.0856 7032 MSiSCSI - ok
01:55:26.0868 7032 msiserver - ok
01:55:26.0901 7032 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
01:55:26.0902 7032 MSKSSRV - ok
01:55:26.0972 7032 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
01:55:26.0973 7032 MSPCLOCK - ok
01:55:26.0996 7032 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
01:55:26.0997 7032 MSPQM - ok
01:55:27.0039 7032 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
01:55:27.0043 7032 MsRPC - ok
01:55:27.0077 7032 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
01:55:27.0078 7032 mssmbios - ok
01:55:27.0103 7032 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
01:55:27.0103 7032 MSTEE - ok
01:55:27.0121 7032 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
01:55:27.0122 7032 MTConfig - ok
01:55:27.0148 7032 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
01:55:27.0149 7032 Mup - ok
01:55:27.0254 7032 MyWiFiDHCPDNS (59aa4cff0c9eda2252bbf5b6c7c5aa21) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
01:55:27.0258 7032 MyWiFiDHCPDNS - ok
01:55:27.0306 7032 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
01:55:27.0312 7032 napagent - ok
01:55:27.0377 7032 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
01:55:27.0381 7032 NativeWifiP - ok
01:55:27.0468 7032 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
01:55:27.0478 7032 NDIS - ok
01:55:27.0517 7032 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
01:55:27.0518 7032 NdisCap - ok
01:55:27.0591 7032 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
01:55:27.0592 7032 NdisTapi - ok
01:55:27.0630 7032 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
01:55:27.0632 7032 Ndisuio - ok
01:55:27.0693 7032 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
01:55:27.0695 7032 NdisWan - ok
01:55:27.0732 7032 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
01:55:27.0733 7032 NDProxy - ok
01:55:27.0765 7032 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
01:55:27.0766 7032 NetBIOS - ok
01:55:27.0802 7032 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
01:55:27.0805 7032 NetBT - ok
01:55:27.0835 7032 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
01:55:27.0836 7032 Netlogon - ok
01:55:27.0880 7032 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
01:55:27.0885 7032 Netman - ok
01:55:27.0939 7032 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
01:55:27.0945 7032 netprofm - ok
01:55:28.0058 7032 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:55:28.0059 7032 NetTcpPortSharing - ok
01:55:28.0268 7032 NETwNs64 (9aa75919d0a5f33bea0df7b9db09b755) C:\windows\system32\DRIVERS\NETwNs64.sys
01:55:28.0345 7032 NETwNs64 - ok
01:55:28.0447 7032 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
01:55:28.0448 7032 nfrd960 - ok
01:55:28.0513 7032 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
01:55:28.0517 7032 NlaSvc - ok
01:55:28.0621 7032 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
01:55:28.0648 7032 NOBU - ok
01:55:28.0732 7032 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
01:55:28.0733 7032 Npfs - ok
01:55:28.0752 7032 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
01:55:28.0754 7032 nsi - ok
01:55:28.0772 7032 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
01:55:28.0773 7032 nsiproxy - ok
01:55:28.0832 7032 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
01:55:28.0848 7032 Ntfs - ok
01:55:28.0883 7032 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
01:55:28.0883 7032 Null - ok
01:55:29.0177 7032 nvlddmkm (fbe6ac1c3591cb67543fad15abd26bcb) C:\windows\system32\DRIVERS\nvlddmkm.sys
01:55:29.0300 7032 nvlddmkm - ok
01:55:29.0417 7032 nvpciflt (680c5baf7d0190b1485068fc4ba75f1c) C:\windows\system32\DRIVERS\nvpciflt.sys
01:55:29.0418 7032 nvpciflt - ok
01:55:29.0453 7032 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
01:55:29.0455 7032 nvraid - ok
01:55:29.0482 7032 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
01:55:29.0484 7032 nvstor - ok
01:55:29.0556 7032 nvsvc (147b0d17255fd796f990cc6f745605c5) C:\windows\system32\nvvsvc.exe
01:55:29.0568 7032 nvsvc - ok
01:55:29.0696 7032 nvUpdatusService (812bf9531c827e1d8029843cddb2b5d6) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
01:55:29.0716 7032 nvUpdatusService - ok
01:55:29.0825 7032 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
01:55:29.0827 7032 nv_agp - ok
01:55:29.0860 7032 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
01:55:29.0861 7032 ohci1394 - ok
01:55:29.0947 7032 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:55:29.0949 7032 ose - ok
01:55:30.0083 7032 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:55:30.0134 7032 osppsvc - ok
01:55:30.0252 7032 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
01:55:30.0256 7032 p2pimsvc - ok
01:55:30.0286 7032 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
01:55:30.0291 7032 p2psvc - ok
01:55:30.0364 7032 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
01:55:30.0366 7032 Parport - ok
01:55:30.0394 7032 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
01:55:30.0395 7032 partmgr - ok
01:55:30.0421 7032 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
01:55:30.0425 7032 PcaSvc - ok
01:55:30.0453 7032 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
01:55:30.0455 7032 pci - ok
01:55:30.0484 7032 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
01:55:30.0485 7032 pciide - ok
01:55:30.0509 7032 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
01:55:30.0512 7032 pcmcia - ok
01:55:30.0536 7032 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
01:55:30.0538 7032 pcw - ok
01:55:30.0602 7032 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
01:55:30.0609 7032 PEAUTH - ok
01:55:30.0674 7032 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
01:55:30.0676 7032 PerfHost - ok
01:55:30.0773 7032 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
01:55:30.0788 7032 pla - ok
01:55:30.0832 7032 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
01:55:30.0837 7032 PlugPlay - ok
01:55:30.0896 7032 pneteth (8ac5649c9070674d4607301c180ab10b) C:\windows\system32\DRIVERS\pneteth.sys
01:55:30.0897 7032 pneteth - ok
01:55:30.0972 7032 pnetmdm (06841f5cd8410b6bdc0b5a631b8f8787) C:\windows\system32\DRIVERS\pnetmdm64.sys
01:55:30.0973 7032 pnetmdm - ok
01:55:31.0007 7032 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
01:55:31.0009 7032 PNRPAutoReg - ok
01:55:31.0039 7032 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
01:55:31.0044 7032 PNRPsvc - ok
01:55:31.0098 7032 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
01:55:31.0104 7032 PolicyAgent - ok
01:55:31.0144 7032 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
01:55:31.0147 7032 Power - ok
01:55:31.0244 7032 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
01:55:31.0245 7032 PptpMiniport - ok
01:55:31.0276 7032 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
01:55:31.0278 7032 Processor - ok
01:55:31.0312 7032 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
01:55:31.0316 7032 ProfSvc - ok
01:55:31.0362 7032 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
01:55:31.0364 7032 ProtectedStorage - ok
01:55:31.0412 7032 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
01:55:31.0414 7032 Psched - ok
01:55:31.0467 7032 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
01:55:31.0481 7032 ql2300 - ok
01:55:31.0530 7032 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
01:55:31.0534 7032 ql40xx - ok
01:55:31.0575 7032 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
01:55:31.0579 7032 QWAVE - ok
01:55:31.0619 7032 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
01:55:31.0620 7032 QWAVEdrv - ok
01:55:31.0633 7032 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
01:55:31.0634 7032 RasAcd - ok
01:55:31.0708 7032 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
01:55:31.0709 7032 RasAgileVpn - ok
01:55:31.0738 7032 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
01:55:31.0741 7032 RasAuto - ok
01:55:31.0783 7032 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
01:55:31.0785 7032 Rasl2tp - ok
01:55:31.0864 7032 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
01:55:31.0869 7032 RasMan - ok
01:55:31.0926 7032 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
01:55:31.0928 7032 RasPppoe - ok
01:55:31.0972 7032 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
01:55:31.0973 7032 RasSstp - ok
01:55:32.0014 7032 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
01:55:32.0018 7032 rdbss - ok
01:55:32.0045 7032 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
01:55:32.0046 7032 rdpbus - ok
01:55:32.0074 7032 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
01:55:32.0074 7032 RDPCDD - ok
01:55:32.0109 7032 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
01:55:32.0109 7032 RDPENCDD - ok
01:55:32.0144 7032 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
01:55:32.0145 7032 RDPREFMP - ok
01:55:32.0171 7032 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
01:55:32.0173 7032 RDPWD - ok
01:55:32.0219 7032 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
01:55:32.0221 7032 rdyboost - ok
01:55:32.0353 7032 RegSrvc (2528d733da7f5ac8d3d32c74ee4cff16) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
01:55:32.0361 7032 RegSrvc - ok
01:55:32.0480 7032 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
01:55:32.0483 7032 RemoteAccess - ok
01:55:32.0513 7032 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
01:55:32.0516 7032 RemoteRegistry - ok
01:55:32.0601 7032 RichVideo (7ccaebcab6fc1ed0206c07e083e79207) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
01:55:32.0603 7032 RichVideo - ok
01:55:32.0673 7032 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\windows\system32\Drivers\RootMdm.sys
01:55:32.0674 7032 ROOTMODEM - ok
01:55:32.0701 7032 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
01:55:32.0703 7032 RpcEptMapper - ok
01:55:32.0744 7032 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
01:55:32.0745 7032 RpcLocator - ok
01:55:32.0776 7032 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
01:55:32.0783 7032 RpcSs - ok
01:55:32.0822 7032 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
01:55:32.0823 7032 rspndr - ok
01:55:32.0845 7032 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\windows\system32\DRIVERS\Rt64win7.sys
01:55:32.0848 7032 RTL8167 - ok
01:55:32.0919 7032 rtport (4ca0dba9e224473d664c25e411f5a3bd) C:\windows\SysWOW64\drivers\rtport.sys
01:55:32.0919 7032 rtport - ok
01:55:32.0952 7032 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\windows\system32\Drivers\SABI.sys
01:55:32.0953 7032 SABI - ok
01:55:32.0981 7032 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
01:55:32.0983 7032 SamSs - ok
01:55:33.0051 7032 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
01:55:33.0052 7032 SASDIFSV - ok
01:55:33.0102 7032 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
01:55:33.0103 7032 SASKUTIL - ok
01:55:33.0138 7032 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
01:55:33.0140 7032 sbp2port - ok
01:55:33.0171 7032 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
01:55:33.0174 7032 SCardSvr - ok
01:55:33.0201 7032 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
01:55:33.0202 7032 scfilter - ok
01:55:33.0247 7032 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
01:55:33.0259 7032 Schedule - ok
01:55:33.0294 7032 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
01:55:33.0295 7032 SCPolicySvc - ok
01:55:33.0392 7032 SCTDriverV1011 (932a176e4a8b9e94cd8633dc4926cb06) C:\windows\system32\drivers\SCTDriverV1011.sys
01:55:33.0395 7032 SCTDriverV1011 - ok
01:55:33.0431 7032 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
01:55:33.0435 7032 SDRSVC - ok
01:55:33.0547 7032 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
01:55:33.0548 7032 secdrv - ok
01:55:33.0595 7032 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
01:55:33.0597 7032 seclogon - ok
01:55:33.0703 7032 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
01:55:33.0705 7032 SENS - ok
01:55:33.0726 7032 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
01:55:33.0728 7032 SensrSvc - ok
01:55:33.0840 7032 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
01:55:33.0841 7032 Serenum - ok
01:55:33.0885 7032 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
01:55:33.0887 7032 Serial - ok
01:55:33.0929 7032 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
01:55:33.0930 7032 sermouse - ok
01:55:34.0000 7032 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
01:55:34.0003 7032 SessionEnv - ok
01:55:34.0064 7032 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
01:55:34.0064 7032 sffdisk - ok
01:55:34.0093 7032 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
01:55:34.0094 7032 sffp_mmc - ok
01:55:34.0122 7032 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
01:55:34.0123 7032 sffp_sd - ok
01:55:34.0165 7032 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
01:55:34.0166 7032 sfloppy - ok
01:55:34.0247 7032 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
01:55:34.0255 7032 Sftfs - ok
01:55:34.0322 7032 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
01:55:34.0327 7032 sftlist - ok
01:55:34.0361 7032 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
01:55:34.0365 7032 Sftplay - ok
01:55:34.0386 7032 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
01:55:34.0387 7032 Sftredir - ok
01:55:34.0409 7032 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
01:55:34.0410 7032 Sftvol - ok
01:55:34.0468 7032 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
01:55:34.0470 7032 sftvsa - ok
01:55:34.0517 7032 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
01:55:34.0521 7032 SharedAccess - ok
01:55:34.0570 7032 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
01:55:34.0575 7032 ShellHWDetection - ok
01:55:34.0660 7032 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
01:55:34.0661 7032 SiSRaid2 - ok
01:55:34.0700 7032 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
01:55:34.0701 7032 SiSRaid4 - ok
01:55:34.0799 7032 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
01:55:34.0801 7032 SkypeUpdate - ok
01:55:34.0837 7032 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
01:55:34.0838 7032 Smb - ok
01:55:34.0919 7032 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
01:55:34.0922 7032 SNMPTRAP - ok
01:55:34.0965 7032 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
01:55:34.0966 7032 spldr - ok
01:55:35.0032 7032 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
01:55:35.0039 7032 Spooler - ok
01:55:35.0133 7032 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
01:55:35.0168 7032 sppsvc - ok
01:55:35.0280 7032 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
01:55:35.0283 7032 sppuinotify - ok
01:55:35.0338 7032 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
01:55:35.0343 7032 srv - ok
01:55:35.0367 7032 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
01:55:35.0372 7032 srv2 - ok
01:55:35.0391 7032 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
01:55:35.0393 7032 srvnet - ok
01:55:35.0434 7032 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
01:55:35.0437 7032 SSDPSRV - ok
01:55:35.0462 7032 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
01:55:35.0465 7032 SstpSvc - ok
01:55:35.0492 7032 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
01:55:35.0492 7032 stexstor - ok
01:55:35.0549 7032 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
01:55:35.0557 7032 stisvc - ok
01:55:35.0627 7032 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
01:55:35.0628 7032 swenum - ok
01:55:35.0665 7032 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
01:55:35.0671 7032 swprv - ok
01:55:35.0814 7032 SynTP (c4ce3ce7e1858b25adb16938258cd1c9) C:\windows\system32\DRIVERS\SynTP.sys
01:55:35.0818 7032 SynTP - ok
01:55:35.0882 7032 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
01:55:35.0900 7032 SysMain - ok
01:55:35.0996 7032 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
01:55:35.0999 7032 TabletInputService - ok
01:55:36.0036 7032 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
01:55:36.0041 7032 TapiSrv - ok
01:55:36.0074 7032 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
01:55:36.0077 7032 TBS - ok
01:55:36.0163 7032 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
01:55:36.0182 7032 Tcpip - ok
01:55:36.0341 7032 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
01:55:36.0359 7032 TCPIP6 - ok
01:55:36.0432 7032 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
01:55:36.0433 7032 tcpipreg - ok
01:55:36.0494 7032 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
01:55:36.0495 7032 TDPIPE - ok
01:55:36.0532 7032 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
01:55:36.0534 7032 TDTCP - ok
01:55:36.0569 7032 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
01:55:36.0571 7032 tdx - ok
01:55:36.0633 7032 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
01:55:36.0635 7032 TermDD - ok
01:55:36.0697 7032 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
01:55:36.0706 7032 TermService - ok
01:55:36.0733 7032 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
01:55:36.0737 7032 Themes - ok
01:55:36.0781 7032 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
01:55:36.0783 7032 THREADORDER - ok
01:55:36.0817 7032 tlntsvr (5f22132c9153639762708909f156b33d) C:\windows\system32\ARCSOFTVIRTUALCAPTURE.dll
01:55:36.0817 7032 tlntsvr ( Backdoor.Multi.ZAccess.gen ) - infected
01:55:36.0817 7032 tlntsvr - detected Backdoor.Multi.ZAccess.gen (0)
01:55:36.0914 7032 tmactmon (c08008f29117bac9ce14dcac24d83071) C:\windows\system32\DRIVERS\tmactmon.sys
01:55:36.0915 7032 tmactmon - ok
01:55:36.0960 7032 tmcomm (acaa22bf6af50000ad0694dfe96bad88) C:\windows\system32\DRIVERS\tmcomm.sys
01:55:36.0962 7032 tmcomm - ok
01:55:36.0993 7032 tmevtmgr (ab53ac18f62b116b16a3c4a2af5d68e4) C:\windows\system32\DRIVERS\tmevtmgr.sys
01:55:36.0994 7032 tmevtmgr - ok
01:55:37.0027 7032 tmtdi (e1b7c525e5022a6bca62bd480ed9bb5b) C:\windows\system32\DRIVERS\tmtdi.sys
01:55:37.0028 7032 tmtdi - ok
01:55:37.0063 7032 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
01:55:37.0066 7032 TrkWks - ok
01:55:37.0094 7032 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
01:55:37.0096 7032 TrustedInstaller - ok
01:55:37.0124 7032 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
01:55:37.0125 7032 tssecsrv - ok
01:55:37.0152 7032 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
01:55:37.0153 7032 TsUsbFlt - ok
01:55:37.0235 7032 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
01:55:37.0237 7032 tunnel - ok
01:55:37.0290 7032 TurboB (b355581a9da34c92e2dbafa410d2f829) C:\windows\system32\DRIVERS\TurboB.sys
01:55:37.0291 7032 TurboB - ok
01:55:37.0389 7032 TurboBoost (6564e84b1522c12ea1c3a181ed03276f) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
01:55:37.0391 7032 TurboBoost - ok
01:55:37.0424 7032 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
01:55:37.0425 7032 uagp35 - ok
01:55:37.0467 7032 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
01:55:37.0471 7032 udfs - ok
01:55:37.0526 7032 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
01:55:37.0528 7032 UI0Detect - ok
01:55:37.0582 7032 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
01:55:37.0583 7032 uliagpkx - ok
01:55:37.0669 7032 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
01:55:37.0671 7032 umbus - ok
01:55:37.0721 7032 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
01:55:37.0722 7032 UmPass - ok
01:55:37.0851 7032 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
01:55:37.0856 7032 UMVPFSrv - ok
01:55:38.0024 7032 UNS (4735b3050c0d6f9dc571451298c54fa0) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
01:55:38.0046 7032 UNS - ok
01:55:38.0126 7032 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
01:55:38.0132 7032 upnphost - ok
01:55:38.0186 7032 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
01:55:38.0187 7032 USBAAPL64 - ok
01:55:38.0222 7032 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys
01:55:38.0224 7032 usbaudio - ok
01:55:38.0294 7032 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
01:55:38.0296 7032 usbccgp - ok
01:55:38.0340 7032 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
01:55:38.0342 7032 usbcir - ok
01:55:38.0370 7032 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
01:55:38.0372 7032 usbehci - ok
01:55:38.0436 7032 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
01:55:38.0440 7032 usbhub - ok
01:55:38.0472 7032 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
01:55:38.0473 7032 usbohci - ok
01:55:38.0523 7032 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
01:55:38.0524 7032 usbprint - ok
01:55:38.0584 7032 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
01:55:38.0585 7032 usbscan - ok
01:55:38.0633 7032 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
01:55:38.0634 7032 USBSTOR - ok
01:55:38.0671 7032 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
01:55:38.0672 7032 usbuhci - ok
01:55:38.0740 7032 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
01:55:38.0743 7032 usbvideo - ok
01:55:38.0782 7032 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
01:55:38.0785 7032 UxSms - ok
01:55:38.0850 7032 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
01:55:38.0852 7032 VaultSvc - ok
01:55:38.0883 7032 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
01:55:38.0884 7032 vdrvroot - ok
01:55:38.0927 7032 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
01:55:38.0934 7032 vds - ok
01:55:38.0984 7032 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
01:55:38.0985 7032 vga - ok
01:55:39.0010 7032 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
01:55:39.0011 7032 VgaSave - ok
01:55:39.0039 7032 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
01:55:39.0042 7032 vhdmp - ok
01:55:39.0096 7032 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
01:55:39.0097 7032 viaide - ok
01:55:39.0120 7032 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
01:55:39.0122 7032 volmgr - ok
01:55:39.0161 7032 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
01:55:39.0165 7032 volmgrx - ok
01:55:39.0199 7032 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
01:55:39.0202 7032 volsnap - ok
01:55:39.0253 7032 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
01:55:39.0255 7032 vsmraid - ok
01:55:39.0322 7032 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
01:55:39.0338 7032 VSS - ok
01:55:39.0419 7032 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
01:55:39.0420 7032 vwifibus - ok
01:55:39.0445 7032 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
01:55:39.0446 7032 vwififlt - ok
01:55:39.0488 7032 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
01:55:39.0488 7032 vwifimp - ok
01:55:39.0546 7032 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
01:55:39.0553 7032 W32Time - ok
01:55:39.0582 7032 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
01:55:39.0583 7032 WacomPen - ok
01:55:39.0634 7032 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
01:55:39.0636 7032 WANARP - ok
01:55:39.0658 7032 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
01:55:39.0660 7032 Wanarpv6 - ok
01:55:39.0742 7032 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
01:55:39.0754 7032 WatAdminSvc - ok
01:55:39.0865 7032 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
01:55:39.0882 7032 wbengine - ok
01:55:39.0994 7032 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
01:55:40.0000 7032 WbioSrvc - ok
01:55:40.0066 7032 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
01:55:40.0072 7032 wcncsvc - ok
01:55:40.0094 7032 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
01:55:40.0099 7032 WcsPlugInService - ok
01:55:40.0152 7032 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
01:55:40.0153 7032 Wd - ok
01:55:40.0221 7032 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
01:55:40.0227 7032 Wdf01000 - ok
01:55:40.0259 7032 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
01:55:40.0262 7032 WdiServiceHost - ok
01:55:40.0268 7032 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
01:55:40.0271 7032 WdiSystemHost - ok
01:55:40.0310 7032 wdkmd (d655b1a102e352d7801e7c8b36317a6d) C:\windows\system32\DRIVERS\WDKMD.sys
01:55:40.0311 7032 wdkmd - ok
01:55:40.0357 7032 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
01:55:40.0361 7032 WebClient - ok
01:55:40.0391 7032 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
01:55:40.0396 7032 Wecsvc - ok
01:55:40.0436 7032 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
01:55:40.0439 7032 wercplsupport - ok
01:55:40.0476 7032 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
01:55:40.0479 7032 WerSvc - ok
01:55:40.0564 7032 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
01:55:40.0565 7032 WfpLwf - ok
01:55:40.0692 7032 WiMAXAppSrv (f3c522691316a24328a7b58b0a86028d) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
01:55:40.0701 7032 WiMAXAppSrv - ok
01:55:40.0790 7032 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
01:55:40.0791 7032 WIMMount - ok
01:55:40.0799 7032 WinHttpAutoProxySvc - ok
01:55:40.0878 7032 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
01:55:40.0881 7032 Winmgmt - ok
01:55:40.0997 7032 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
01:55:41.0017 7032 WinRM - ok
01:55:41.0145 7032 WinUSB (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUSB.sys
01:55:41.0146 7032 WinUSB - ok
01:55:41.0239 7032 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
01:55:41.0249 7032 Wlansvc - ok
01:55:41.0351 7032 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
01:55:41.0352 7032 wlcrasvc - ok
01:55:41.0441 7032 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:55:41.0462 7032 wlidsvc - ok
01:55:41.0594 7032 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
01:55:41.0595 7032 WmiAcpi - ok
01:55:41.0673 7032 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
01:55:41.0675 7032 wmiApSrv - ok
01:55:41.0770 7032 WMPNetworkSvc - ok
01:55:41.0828 7032 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
01:55:41.0830 7032 WPCSvc - ok
01:55:41.0892 7032 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
01:55:41.0896 7032 WPDBusEnum - ok
01:55:41.0989 7032 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
01:55:41.0990 7032 ws2ifsl - ok
01:55:42.0006 7032 WSearch - ok
01:55:42.0100 7032 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
01:55:42.0124 7032 wuauserv - ok
01:55:42.0233 7032 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
01:55:42.0235 7032 WudfPf - ok
01:55:42.0261 7032 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
01:55:42.0263 7032 WUDFRd - ok
01:55:42.0287 7032 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
01:55:42.0291 7032 wudfsvc - ok
01:55:42.0333 7032 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
01:55:42.0337 7032 WwanSvc - ok
01:55:42.0380 7032 yukonw7 (918cfcdbb6c297c53788b926954da907) C:\windows\system32\DRIVERS\yk62x64.sys
01:55:42.0384 7032 yukonw7 - ok
01:55:42.0415 7032 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
01:55:42.0695 7032 \Device\Harddisk0\DR0 - ok
01:55:42.0699 7032 Boot (0x1200) (77df1b7412a283ee5ab6fdf109b3fc56) \Device\Harddisk0\DR0\Partition0
01:55:42.0701 7032 \Device\Harddisk0\DR0\Partition0 - ok
01:55:42.0718 7032 Boot (0x1200) (dd5b128e70af0baa16671e5c4a9f0cde) \Device\Harddisk0\DR0\Partition1
01:55:42.0720 7032 \Device\Harddisk0\DR0\Partition1 - ok
01:55:42.0739 7032 Boot (0x1200) (c771894b4769580b0c98552f718ce2e0) \Device\Harddisk0\DR0\Partition2
01:55:42.0740 7032 \Device\Harddisk0\DR0\Partition2 - ok
01:55:42.0741 7032 ============================================================
01:55:42.0741 7032 Scan finished
01:55:42.0741 7032 ============================================================
01:55:42.0760 7644 Detected object count: 1
01:55:42.0760 7644 Actual detected object count: 1
02:05:00.0025 7644 C:\windows\system32\ARCSOFTVIRTUALCAPTURE.dll - copied to quarantine
02:05:00.0043 7644 HKLM\SYSTEM\ControlSet001\services\tlntsvr - will be deleted on reboot
02:05:00.0083 7644 HKLM\SYSTEM\ControlSet002\services\tlntsvr - will be deleted on reboot
02:05:00.0311 7644 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\svchost:netsvcs - cured
02:05:00.0367 7644 C:\windows\system32\ARCSOFTVIRTUALCAPTURE.dll - will be deleted on reboot
02:05:00.0367 7644 tlntsvr ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
02:05:11.0639 6916 Deinitialize success

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:45 PM

Posted 04 April 2012 - 02:00 PM

Good evening. :)

Is the redirect still occurring?

So long, and thanks for all the fish.

 

 


#5 HamMach1

HamMach1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 04 April 2012 - 08:29 PM

Yes...

It's weird. It seems like the first link that comes up in Google works but the rest below it do not.

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:45 PM

Posted 06 April 2012 - 03:26 PM

Good evening. :)

Pay a visit to the ESET Online Scanner.

  • Click the ESET Online Scanner button and a new window will open - you may need to maximise it.
  • Click the Run ESET Online Scanner button in the new window.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:

    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

Will you also throw in a fresh DDS log and let me know how the PC is behaving.

So long, and thanks for all the fish.

 

 


#7 HamMach1

HamMach1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 07 April 2012 - 04:04 AM

It found all kinds of stuff

C:\Users\Remmichmm\AppData\Local\Temp\fvieo.dll Win32/Medfos.A trojan
C:\Users\Remmichmm\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\263411c0-421c9f06 a variant of Java/Exploit.CVE-2012-0507.F trojan
C:\Users\Remmichmm\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\144d702c-2fa6225a a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\Remmichmm\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\3642c2f7-4da1618c a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Users\Remmichmm\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\20badbc6-727cf4ab Java/Exploit.Agent.NAP trojan
C:\Windows\assembly\temp\U\80000032.@ a variant of Win32/Sirefef.EU trojan
C:\Windows\system64\consrv.dll Win64/Sirefef.G trojan
Operating memory multiple threats

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:45 PM

Posted 07 April 2012 - 01:41 PM

Good evening. :)

Take a trip to this webpage for download links and instructions for running Combofix by sUBs: http://www.bleepingcomputer.com/combofix/how-to-use-combofix *

  • When prompted to save Combofix, change the filename BEFORE saving it - any name will do, as long as it has .exe at the end.
  • Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start.
  • When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste
  • Let me know how the PC is behaving.
* There are two points to note from the instructions page:

1) The Recovery Console.

It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.
CF will complete some, but not all, of it's removal tasks without the installation of the Console, so you are free to choose whether you want to complete this step, but it is in your interests to do so.

2) Disabling your Anti-Virus.

CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for!

So long, and thanks for all the fish.

 

 


#9 HamMach1

HamMach1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 07 April 2012 - 04:12 PM

Here's the log:

ComboFix 12-04-07.03 - Remmichmm 04/07/2012 14:03:36.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3882.2454 [GMT -6:00]
Running from: c:\users\Remmichmm\Desktop\SuperFIX.exe
AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\REMMIC~1\AppData\Local\Temp\fvieo.dll
c:\users\REMMIC~1\AppData\Local\Temp\wmerap.dll
c:\users\Remmichmm\AppData\Local\Temp\fvieo.dll
c:\users\Remmichmm\AppData\Local\Temp\wmerap.dll
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2012-03-07 to 2012-04-07 )))))))))))))))))))))))))))))))
.
.
2012-04-07 20:12 . 2012-04-07 20:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-07 20:12 . 2012-04-07 20:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-07 06:53 . 2012-04-07 06:53 -------- d-----w- c:\program files (x86)\ESET
2012-04-02 08:04 . 2012-04-02 08:04 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-01 05:24 . 2012-04-01 05:24 -------- d-----w- c:\users\Remmichmm\AppData\Local\{E95BE7CB-7BBA-11E1-826D-B8AC6F996F26}
2012-03-31 07:02 . 2012-03-31 07:02 -------- d-----w- c:\users\Remmichmm\AppData\Roaming\SUPERAntiSpyware.com
2012-03-31 07:02 . 2012-03-31 07:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-31 07:02 . 2012-03-31 07:02 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-30 08:25 . 2012-03-30 08:25 8738464 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-30 08:13 . 2012-03-30 08:26 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-30 08:12 . 2012-04-07 20:24 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-18 09:26 . 2012-03-18 09:26 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 09:26 . 2012-03-18 09:26 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-15 09:03 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 09:03 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 09:03 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 17:36 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 17:36 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 17:36 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 11:03 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 11:03 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 11:03 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 11:03 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 11:03 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 11:03 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 11:03 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-11 19:28 . 2012-03-13 03:54 -------- d-----w- c:\users\Remmichmm\AppData\Local\Windows Live
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-30 08:26 . 2011-11-29 21:01 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-07 21:16 . 2012-02-07 21:16 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-18 13:44 . 2012-01-18 13:44 540960 ----a-w- c:\windows\SysWow64\LVUI2RC.dll
2012-01-18 13:44 . 2012-01-18 13:44 545056 ----a-w- c:\windows\SysWow64\LVUI2.dll
2012-01-18 13:44 . 2012-01-18 13:44 561440 ----a-w- c:\windows\system32\LVUIRC64.dll
2012-01-18 13:44 . 2012-01-18 13:44 4865568 ----a-w- c:\windows\system32\drivers\lvuvc64.sys
2012-01-18 13:44 . 2012-01-18 13:44 769312 ----a-w- c:\windows\system32\LVUI64.dll
2012-01-18 13:44 . 2012-01-18 13:44 351136 ----a-w- c:\windows\system32\drivers\lvrs64.sys
2012-01-18 13:44 . 2012-01-18 13:44 307488 ----a-w- c:\windows\SysWow64\lvcodec2.dll
2012-01-18 13:44 . 2012-01-18 13:44 263456 ----a-w- c:\windows\system32\lvco13311044.dll
2012-01-18 13:44 . 2012-01-18 13:44 176416 ----a-w- c:\windows\system32\lvcod64.dll
2012-01-18 13:44 . 2012-01-18 13:44 336408 ----a-w- c:\windows\SysWow64\DevManagerCore.dll
2012-01-18 13:44 . 2012-01-18 13:44 336408 ----a-w- c:\windows\system32\DevManagerCore.dll
2012-01-18 13:44 . 2012-01-18 13:44 10920984 ----a-w- c:\windows\SysWow64\LogiDPP.dll
2012-01-18 13:44 . 2012-01-18 13:44 10920984 ----a-w- c:\windows\system32\LogiDPP.dll
2012-01-18 13:44 . 2012-01-18 13:44 104472 ----a-w- c:\windows\SysWow64\LogiDPPApp.exe
2012-01-18 13:44 . 2012-01-18 13:44 104472 ----a-w- c:\windows\system32\LogiDPPApp.exe
2012-01-18 13:23 . 2012-01-18 13:23 38958 ----a-w- c:\windows\system32\Repository.reg
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 17:28 1307928 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 18:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 18:51 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{eec0f710-38b5-4aba-99bf-ec87564a4e13}"= "c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" [2012-02-10 1307928]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{eec0f710-38b5-4aba-99bf-ec87564a4e13}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-03-22 74752]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-06-13 273544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Remmichmm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2011-8-25 480880]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SRS Premium Sound.lnk - c:\windows\Installer\{340BE65B-7621-4B0B-B0F9-DBCCD8D70887}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-12-2 156952]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 253600]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-10-19 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-09-01 408576]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-01-17 2009704]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-02-03 2320920]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-09-01 911872]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [x]
S3 SCTDriverV1011;SCTDriverV1011;c:\windows\system32\drivers\SCTDriverV1011.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 08:26]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2067896838-3830993589-4124492298-1002Core.job
- c:\users\Remmichmm\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-19 23:26]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2067896838-3830993589-4124492298-1002UA.job
- c:\users\Remmichmm\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-19 23:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-08-11 11369576]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-03-19 191784]
"combofix"="c:\superfix\CF4589.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
navex15
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: {{328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\Samsung AnyWeb Print\W2PBrowser.dll
LSP: mswsock.dll
TCP: DhcpNameServer = 74.50.130.108 74.50.130.109
FF - ProfilePath - c:\users\Remmichmm\AppData\Roaming\Mozilla\Firefox\Profiles\lvmqldb8.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: general.useragent.extra.brc - BRI/1
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-68310332.sys
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\program files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
c:\program files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
.
**************************************************************************
.
Completion time: 2012-04-07 14:31:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-07 20:31
.
Pre-Run: 163,610,267,648 bytes free
Post-Run: 163,851,673,600 bytes free
.
- - End Of File - - 120B0199B7463775335BB8D932D5C42A





After it restarted, I couldn't open anything because it said it was illegal operation because it was selected for deletion or something. So I restarted and Windows wouldn't open so it repaired itself and now I am back and so is the redirect. Is this some gnarly virus that is going around? I have never had a problem like this in my many years of using computers and destroying viruses

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:45 PM

Posted 08 April 2012 - 03:51 PM

Good evening. :)

Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

So long, and thanks for all the fish.

 

 


#11 HamMach1

HamMach1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 08 April 2012 - 06:12 PM

OTL logfile created on: 4/8/2012 5:04:25 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Remmichmm\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.79 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 63.13% Memory free
7.58 Gb Paging File | 5.51 Gb Available in Paging File | 72.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.00 Gb Total Space | 151.81 Gb Free Space | 65.44% Space Free | Partition Type: NTFS
Drive D: | 346.39 Gb Total Space | 315.78 Gb Free Space | 91.16% Space Free | Partition Type: NTFS
Drive E: | 4.26 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REMMICHMM-PC | User Name: Remmichmm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/08 17:00:18 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Remmichmm\Desktop\OTL.scr
PRC - [2012/03/18 03:26:33 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/17 11:29:52 | 000,480,880 | ---- | M] () -- C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
PRC - [2011/06/12 22:09:05 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/03/22 12:38:10 | 001,596,032 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winamp.exe
PRC - [2011/03/22 12:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011/02/14 07:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
PRC - [2011/01/17 09:36:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/10/27 22:21:54 | 001,155,072 | ---- | M] (Last.fm) -- C:\Program Files (x86)\Last.fm\LastFM.exe
PRC - [2010/08/26 19:52:12 | 002,782,064 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
PRC - [2010/08/11 01:34:40 | 004,384,560 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2010/08/09 03:22:24 | 000,862,064 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/07/30 02:20:18 | 001,752,680 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/02/10 08:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2010/02/03 16:19:52 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/02/03 16:19:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/13 19:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2009/06/03 05:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 08:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/30 02:26:05 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
MOD - [2012/03/18 03:26:33 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/17 11:29:52 | 000,480,880 | ---- | M] () -- C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
MOD - [2011/04/05 19:03:16 | 000,623,616 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\jnetlib.w5s
MOD - [2011/04/05 19:03:16 | 000,240,640 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_pmp.dll
MOD - [2011/04/05 19:03:16 | 000,237,056 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\aacPlusDecoder.w5s
MOD - [2011/04/05 19:03:16 | 000,174,080 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\auth.w5s
MOD - [2011/04/05 19:03:16 | 000,171,008 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_ipod.dll
MOD - [2011/04/05 19:03:16 | 000,154,624 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\jpeg.w5s
MOD - [2011/04/05 19:03:16 | 000,118,272 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_p4s.dll
MOD - [2011/04/05 19:03:16 | 000,113,152 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_wifi.dll
MOD - [2011/04/05 19:03:16 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\png.w5s
MOD - [2011/04/05 19:03:16 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\xml.w5s
MOD - [2011/04/05 19:03:16 | 000,084,480 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\playlist.w5s
MOD - [2011/04/05 19:03:16 | 000,083,968 | ---- | M] () -- C:\Program Files (x86)\Winamp\tataki.dll
MOD - [2011/04/05 19:03:16 | 000,083,456 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_plg.dll
MOD - [2011/04/05 19:03:16 | 000,082,944 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_playlists.dll
MOD - [2011/04/05 19:03:16 | 000,060,928 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_android.dll
MOD - [2011/04/05 19:03:16 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_usb.dll
MOD - [2011/04/05 19:03:16 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\out_ds.dll
MOD - [2011/04/05 19:03:16 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\Winamp\zlib.dll
MOD - [2011/04/05 19:03:16 | 000,044,544 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\devices.w5s
MOD - [2011/04/05 19:03:16 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\timer.w5s
MOD - [2011/04/05 19:03:16 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_rg.dll
MOD - [2011/04/05 19:03:16 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_transcode.dll
MOD - [2011/04/05 19:03:16 | 000,023,040 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\albumart.w5s
MOD - [2011/04/05 19:03:16 | 000,022,528 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\out_disk.dll
MOD - [2011/04/05 19:03:16 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\tagz.w5s
MOD - [2011/04/05 19:03:16 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_njb.dll
MOD - [2011/04/05 19:03:16 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\gif.w5s
MOD - [2011/04/05 19:03:16 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\bmp.w5s
MOD - [2011/04/05 19:03:16 | 000,018,432 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\out_wave.dll
MOD - [2011/04/05 19:03:16 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\dlmgr.w5s
MOD - [2011/04/05 19:03:16 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\gracenote.w5s
MOD - [2011/04/05 19:03:16 | 000,014,336 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\filereader.w5s
MOD - [2011/04/05 19:03:16 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\primo.w5s
MOD - [2011/04/05 19:03:15 | 000,293,888 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_local.dll
MOD - [2011/04/05 19:03:15 | 000,200,704 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_disc.dll
MOD - [2011/04/05 19:03:15 | 000,126,464 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_online.dll
MOD - [2011/04/05 19:03:15 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_impex.dll
MOD - [2011/04/05 19:03:15 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_history.dll
MOD - [2011/04/05 19:03:14 | 000,313,344 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_wm.dll
MOD - [2011/04/05 19:03:14 | 000,288,768 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_mp3.dll
MOD - [2011/04/05 19:03:14 | 000,252,416 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_vorbis.dll
MOD - [2011/04/05 19:03:14 | 000,250,368 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_devices.dll
MOD - [2011/04/05 19:03:14 | 000,165,376 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_mod.dll
MOD - [2011/04/05 19:03:14 | 000,074,752 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_nsv.dll
MOD - [2011/04/05 19:03:14 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_mp4.dll
MOD - [2011/04/05 19:03:14 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_mkv.dll
MOD - [2011/04/05 19:03:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_autotag.dll
MOD - [2011/04/05 19:03:14 | 000,027,648 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_bookmarks.dll
MOD - [2011/04/05 19:03:14 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_swf.dll
MOD - [2011/04/05 19:03:14 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_wave.dll
MOD - [2011/04/05 19:03:13 | 001,737,728 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_ff.dll
MOD - [2011/04/05 19:03:13 | 000,340,992 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
MOD - [2011/04/05 19:03:13 | 000,312,832 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_ml.dll
MOD - [2011/04/05 19:03:13 | 000,183,808 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_jumpex.dll
MOD - [2011/04/05 19:03:13 | 000,109,568 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_midi.dll
MOD - [2011/04/05 19:03:13 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_cdda.dll
MOD - [2011/04/05 19:03:13 | 000,072,192 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_dshow.dll
MOD - [2011/04/05 19:03:13 | 000,068,608 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_avi.dll
MOD - [2011/04/05 19:03:13 | 000,060,928 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_flac.dll
MOD - [2011/04/05 19:03:13 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_orgler.dll
MOD - [2011/04/05 19:03:13 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_flv.dll
MOD - [2011/04/05 19:03:13 | 000,027,648 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_hotkeys.dll
MOD - [2011/04/05 19:03:13 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_tray.dll
MOD - [2011/04/05 19:03:13 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_linein.dll
MOD - [2011/04/05 19:03:12 | 000,410,624 | ---- | M] () -- C:\Program Files (x86)\Winamp\nsutil.dll
MOD - [2011/04/05 19:03:12 | 000,253,440 | ---- | M] () -- C:\Program Files (x86)\Winamp\libsndfile.dll
MOD - [2011/04/05 19:03:12 | 000,079,360 | ---- | M] () -- C:\Program Files (x86)\Winamp\nde.dll
MOD - [2011/02/14 07:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
MOD - [2010/11/20 06:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 06:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010/10/27 22:23:04 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_rtaudioplayback.dll
MOD - [2010/10/27 22:22:52 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Last.fm\ext_messengernotify.dll
MOD - [2010/10/27 22:22:42 | 000,058,880 | ---- | M] () -- C:\Program Files (x86)\Last.fm\ext_skypenotify.dll
MOD - [2010/10/27 22:22:08 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_madtranscode.dll
MOD - [2010/10/27 22:22:00 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_httpinput.dll
MOD - [2010/10/27 22:19:28 | 000,372,736 | ---- | M] () -- C:\Program Files (x86)\Last.fm\LastFmFingerprint1.dll
MOD - [2010/10/27 22:19:06 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Last.fm\breakpad.dll
MOD - [2010/10/27 22:18:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Last.fm\Moose1.dll
MOD - [2010/10/27 22:18:34 | 000,540,672 | ---- | M] () -- C:\Program Files (x86)\Last.fm\LastFmTools1.dll
MOD - [2010/10/27 22:13:52 | 001,382,507 | ---- | M] () -- C:\Program Files (x86)\Last.fm\libfftw3f-3.dll
MOD - [2010/10/27 22:13:52 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\Last.fm\zlibwapi.dll
MOD - [2010/05/07 08:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2009/06/03 05:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 05:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2008/04/16 18:42:30 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtNetwork4.dll
MOD - [2008/04/16 18:42:16 | 000,524,288 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtSql4.dll
MOD - [2008/04/16 18:42:02 | 006,701,056 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtGui4.dll
MOD - [2008/04/16 18:36:38 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtXml4.dll
MOD - [2008/04/16 18:36:34 | 001,654,784 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtCore4.dll
MOD - [2008/04/02 15:26:50 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qmng4.dll
MOD - [2008/04/02 15:26:34 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qgif4.dll
MOD - [2008/04/02 15:26:28 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qjpeg4.dll
MOD - [2006/08/11 21:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2011/08/11 17:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/10/18 23:51:44 | 001,430,288 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV:64bit: - [2010/10/18 23:31:40 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/10/18 23:29:38 | 000,838,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV:64bit: - [2010/09/22 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/31 21:00:06 | 000,911,872 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2010/08/31 20:54:22 | 000,408,576 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2010/04/16 16:07:42 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel®
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:39:46 | 000,006,656 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\SysNative\HSX_DP.dll -- (navex15)
SRV - [2012/03/30 02:26:05 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/01/17 09:36:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/06/01 00:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/03 16:19:52 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/02/03 16:19:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/01/18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech HD Pro Webcam C910(UVC)
DRV:64bit: - [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/25 21:09:20 | 000,390,704 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/28 19:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/07/22 10:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/19 11:35:00 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
DRV:64bit: - [2011/07/12 15:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/18 14:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011/03/18 14:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/17 09:36:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/09 17:46:34 | 000,261,712 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SCTDriverV1011.sys -- (SCTDriverV1011)
DRV:64bit: - [2010/10/17 11:21:32 | 008,153,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010/10/05 15:11:16 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/08/30 19:13:02 | 000,118,664 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/08/30 08:45:48 | 000,394,016 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010/08/30 06:17:36 | 000,289,280 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/08/25 14:36:02 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/05/16 02:28:36 | 000,175,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp) Intel® Centrino®
DRV:64bit: - [2010/05/16 02:28:28 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2010/05/16 02:28:26 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2010/04/27 01:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/16 16:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/02/26 18:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/07 19:57:18 | 000,066,576 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2010/02/07 19:57:14 | 000,056,336 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2010/02/07 19:57:10 | 000,135,696 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2009/11/23 04:42:52 | 000,100,368 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2009/09/17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 14:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 00:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/03/07 13:13:20 | 000,017,920 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pnetmdm64.sys -- (pnetmdm)
DRV - [2011/01/08 07:27:18 | 000,015,144 | ---- | M] (Windows ® 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/?shva=1#inbox"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Remmichmm\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Remmichmm\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/07 17:05:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/18 03:26:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/07 21:17:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{E95BE7CB-7BBA-11E1-826D-B8AC6F996F26}: C:\Users\Remmichmm\AppData\Local\{E95BE7CB-7BBA-11E1-826D-B8AC6F996F26}\ [2012/03/31 23:24:06 | 000,000,000 | ---D | M]

[2011/01/29 13:12:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Remmichmm\AppData\Roaming\Mozilla\Extensions
[2011/06/12 22:03:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Remmichmm\AppData\Roaming\Mozilla\Firefox\Profiles\lvmqldb8.default\extensions
[2012/02/09 01:36:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/31 23:24:06 | 000,000,000 | ---D | M] (Translate This!) -- C:\USERS\REMMICHMM\APPDATA\LOCAL\{E95BE7CB-7BBA-11E1-826D-B8AC6F996F26}
[2012/03/18 03:26:33 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/22 12:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/10/30 02:15:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/10 14:54:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Remmichmm\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Remmichmm\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Remmichmm\AppData\Local\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Remmichmm\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Remmichmm\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Remmichmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_1\

Hosts file not found
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (W2PBrowser Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [fvieo] C:\Users\Remmichmm\AppData\Local\Temp\fvieo.dll (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [wmerap] C:\Users\Remmichmm\AppData\Local\Temp\wmerap.dll (Voyetra Turtle Beach, Inc.)
O4 - Startup: C:\Users\Remmichmm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.50.130.108 74.50.130.109
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0091895D-E03F-4A9F-942B-774B46DA73BB}: DhcpNameServer = 64.130.80.1 216.167.144.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3654C178-D351-4AC3-80CA-03B6DFDF56B3}: DhcpNameServer = 74.50.130.108 74.50.130.109
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{81858c78-57bf-11e1-a8c3-e811320f58be}\Shell - "" = AutoRun
O33 - MountPoints2\{81858c78-57bf-11e1-a8c3-e811320f58be}\Shell\AutoRun\command - "" = H:\TL-Bootstrap.exe
O33 - MountPoints2\{c262b38e-2dbb-11e1-b0d6-e811320f58be}\Shell - "" = AutoRun
O33 - MountPoints2\{c262b38e-2dbb-11e1-b0d6-e811320f58be}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/08 16:59:35 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Remmichmm\Desktop\OTL.scr
[2012/04/07 15:06:44 | 000,000,000 | ---D | C] -- C:\windows\system64
[2012/04/07 14:31:33 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/04/07 14:00:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/04/07 14:00:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/04/07 14:00:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/04/07 14:00:43 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/04/07 14:00:42 | 000,000,000 | --SD | C] -- C:\SuperFIX
[2012/04/07 14:00:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/07 13:57:02 | 004,452,637 | R--- | C] (Swearware) -- C:\Users\Remmichmm\Desktop\SuperFIX.exe
[2012/04/07 00:53:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/04/03 01:55:18 | 000,000,000 | ---D | C] -- C:\Users\Remmichmm\Desktop\gmer
[2012/04/03 01:45:43 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Remmichmm\Desktop\dds.scr
[2012/04/02 02:04:59 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/02 01:51:51 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Remmichmm\Desktop\TDSSKiller.exe
[2012/04/01 01:27:53 | 000,000,000 | ---D | C] -- C:\Users\Remmichmm\Desktop\topic448200_files
[2012/03/31 23:24:06 | 000,000,000 | ---D | C] -- C:\Users\Remmichmm\AppData\Local\{E95BE7CB-7BBA-11E1-826D-B8AC6F996F26}
[2012/03/31 01:02:48 | 000,000,000 | ---D | C] -- C:\Users\Remmichmm\AppData\Roaming\SUPERAntiSpyware.com
[2012/03/31 01:02:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/03/31 01:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/03/31 01:02:16 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/12 21:55:09 | 000,000,000 | ---D | C] -- C:\Users\Remmichmm\AppData\Local\{72DB1699-2815-43A7-A758-454B11176A89}
[2012/03/11 15:33:43 | 000,742,264 | ---- | C] (BitTorrent, Inc.) -- C:\Users\Remmichmm\Desktop\uTorrent.exe
[2012/03/11 13:28:16 | 000,000,000 | ---D | C] -- C:\Users\Remmichmm\AppData\Local\Windows Live
[2012/03/11 13:27:56 | 000,000,000 | ---D | C] -- C:\Users\Remmichmm\AppData\Local\{2D3079E6-42D8-4F84-A820-445250158E2B}
[2012/03/11 13:27:55 | 000,000,000 | ---D | C] -- C:\Users\Remmichmm\AppData\Local\{2E3907F0-A7F1-458C-A3C1-D278799120CD}

========== Files - Modified Within 30 Days ==========

[2012/04/08 17:00:18 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Remmichmm\Desktop\OTL.scr
[2012/04/08 16:36:42 | 000,273,259 | ---- | M] () -- C:\Users\Remmichmm\IMAG0210.jpg
[2012/04/08 16:36:42 | 000,228,635 | ---- | M] () -- C:\Users\Remmichmm\IMAG0208.jpg
[2012/04/08 16:25:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/04/08 16:14:00 | 000,000,924 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2067896838-3830993589-4124492298-1002UA.job
[2012/04/08 12:33:53 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/04/08 04:14:01 | 000,000,872 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2067896838-3830993589-4124492298-1002Core.job
[2012/04/07 15:14:54 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/07 15:14:54 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/07 15:11:26 | 000,759,254 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/04/07 15:11:26 | 000,648,310 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/04/07 15:11:26 | 000,114,656 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/04/07 15:07:49 | 000,000,000 | -HS- | M] () -- C:\windows\SysNative\dds_trash_log.cmd
[2012/04/07 15:06:37 | 4070,748,160 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/07 13:57:02 | 004,452,637 | R--- | M] (Swearware) -- C:\Users\Remmichmm\Desktop\SuperFIX.exe
[2012/04/07 02:07:40 | 010,101,198 | ---- | M] () -- C:\Users\Remmichmm\Desktop\001_Fun._ft._Janelle_Monae_-_We_Are_Young.mp3
[2012/04/07 00:46:26 | 000,002,425 | ---- | M] () -- C:\Users\Remmichmm\Desktop\Google Chrome.lnk
[2012/04/03 02:14:32 | 000,109,839 | ---- | M] () -- C:\Users\Remmichmm\Desktop\LOOOOOL3.jpg
[2012/04/03 02:13:37 | 000,024,647 | ---- | M] () -- C:\Users\Remmichmm\Desktop\mother of god.jpg
[2012/04/03 02:12:53 | 000,060,576 | ---- | M] () -- C:\Users\Remmichmm\Desktop\LOOOL2.jpg
[2012/04/03 02:11:05 | 000,066,828 | ---- | M] () -- C:\Users\Remmichmm\Desktop\LOOOOL.jpg
[2012/04/03 02:01:13 | 000,002,741 | ---- | M] () -- C:\Users\Remmichmm\Desktop\Attach.rar
[2012/04/03 02:00:08 | 000,055,696 | ---- | M] () -- C:\Users\Remmichmm\Desktop\Log issue.jpg
[2012/04/03 01:45:45 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Remmichmm\Desktop\dds.scr
[2012/04/03 01:45:13 | 000,000,000 | ---- | M] () -- C:\Users\Remmichmm\defogger_reenable
[2012/04/03 01:44:27 | 000,050,477 | ---- | M] () -- C:\Users\Remmichmm\Desktop\Defogger.exe
[2012/04/01 15:21:57 | 000,980,480 | ---- | M] () -- C:\Users\Remmichmm\Desktop\MicrosoftFixit50267.msi
[2012/04/01 01:27:54 | 000,114,138 | ---- | M] () -- C:\Users\Remmichmm\Desktop\topic448200.html
[2012/03/31 22:58:48 | 000,396,041 | ---- | M] () -- C:\Users\Remmichmm\Desktop\MiniToolBox.exe
[2012/03/31 01:59:03 | 000,133,681 | ---- | M] () -- C:\Users\Remmichmm\Desktop\IMAG0137.jpg
[2012/03/31 01:02:20 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/30 21:56:26 | 000,090,404 | ---- | M] () -- C:\Users\Remmichmm\Desktop\546482_410447125635841_100000116712476_1760313_922723784_n.jpg
[2012/03/26 13:41:12 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Remmichmm\Desktop\TDSSKiller.exe
[2012/03/15 03:22:14 | 000,276,096 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/03/12 11:33:28 | 000,071,171 | ---- | M] () -- C:\Users\Remmichmm\Desktop\Nurse.Aide.Renewal3.7.2012.pdf
[2012/03/11 15:35:15 | 000,000,971 | ---- | M] () -- C:\Users\Remmichmm\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/03/11 15:33:45 | 000,742,264 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Remmichmm\Desktop\uTorrent.exe

========== Files Created - No Company Name ==========

[2012/04/08 16:37:25 | 000,273,259 | ---- | C] () -- C:\Users\Remmichmm\IMAG0210.jpg
[2012/04/08 16:37:25 | 000,228,635 | ---- | C] () -- C:\Users\Remmichmm\IMAG0208.jpg
[2012/04/07 14:00:53 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/04/07 14:00:53 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/04/07 14:00:53 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/04/07 14:00:53 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/04/07 14:00:53 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/04/07 02:05:10 | 010,101,198 | ---- | C] () -- C:\Users\Remmichmm\Desktop\001_Fun._ft._Janelle_Monae_-_We_Are_Young.mp3
[2012/04/03 02:14:32 | 000,109,839 | ---- | C] () -- C:\Users\Remmichmm\Desktop\LOOOOOL3.jpg
[2012/04/03 02:13:37 | 000,024,647 | ---- | C] () -- C:\Users\Remmichmm\Desktop\mother of god.jpg
[2012/04/03 02:12:52 | 000,060,576 | ---- | C] () -- C:\Users\Remmichmm\Desktop\LOOOL2.jpg
[2012/04/03 02:11:05 | 000,066,828 | ---- | C] () -- C:\Users\Remmichmm\Desktop\LOOOOL.jpg
[2012/04/03 02:01:13 | 000,002,741 | ---- | C] () -- C:\Users\Remmichmm\Desktop\Attach.rar
[2012/04/03 02:00:08 | 000,055,696 | ---- | C] () -- C:\Users\Remmichmm\Desktop\Log issue.jpg
[2012/04/03 01:45:13 | 000,000,000 | ---- | C] () -- C:\Users\Remmichmm\defogger_reenable
[2012/04/03 01:44:27 | 000,050,477 | ---- | C] () -- C:\Users\Remmichmm\Desktop\Defogger.exe
[2012/04/01 15:21:54 | 000,980,480 | ---- | C] () -- C:\Users\Remmichmm\Desktop\MicrosoftFixit50267.msi
[2012/04/01 01:27:53 | 000,114,138 | ---- | C] () -- C:\Users\Remmichmm\Desktop\topic448200.html
[2012/03/31 22:58:34 | 000,396,041 | ---- | C] () -- C:\Users\Remmichmm\Desktop\MiniToolBox.exe
[2012/03/31 01:57:59 | 000,133,681 | ---- | C] () -- C:\Users\Remmichmm\Desktop\IMAG0137.jpg
[2012/03/31 01:02:20 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/30 21:56:33 | 000,090,404 | ---- | C] () -- C:\Users\Remmichmm\Desktop\546482_410447125635841_100000116712476_1760313_922723784_n.jpg
[2012/03/30 02:13:31 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/03/30 02:12:23 | 000,000,000 | -HS- | C] () -- C:\windows\SysNative\dds_trash_log.cmd
[2012/03/19 16:16:25 | 004,710,030 | ---- | C] () -- C:\Users\Remmichmm\Desktop\eDSCF3366.jpg
[2012/03/19 16:15:28 | 004,295,775 | ---- | C] () -- C:\Users\Remmichmm\Desktop\eDSCF3343.jpg
[2012/03/19 16:13:55 | 004,826,422 | ---- | C] () -- C:\Users\Remmichmm\Desktop\eDSCF3149.jpg
[2012/03/12 11:33:21 | 000,071,171 | ---- | C] () -- C:\Users\Remmichmm\Desktop\Nurse.Aide.Renewal3.7.2012.pdf
[2012/03/11 15:35:15 | 000,000,971 | ---- | C] () -- C:\Users\Remmichmm\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/02/14 14:49:20 | 000,000,084 | ---- | C] () -- C:\windows\LiveLoad.INI
[2012/01/18 07:44:00 | 010,920,984 | ---- | C] () -- C:\windows\SysWow64\LogiDPP.dll
[2012/01/18 07:44:00 | 000,336,408 | ---- | C] () -- C:\windows\SysWow64\DevManagerCore.dll
[2012/01/18 07:44:00 | 000,104,472 | ---- | C] () -- C:\windows\SysWow64\LogiDPPApp.exe
[2011/08/07 17:04:31 | 000,000,006 | ---- | C] () -- C:\windows\SysWow64\PCTiming.dat
[2011/04/09 16:55:28 | 000,179,261 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat
[2011/02/16 17:28:00 | 000,775,950 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/01/30 23:53:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/03 12:51:17 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2010/12/03 12:51:17 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/12/03 12:51:17 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2010/12/03 12:51:16 | 000,104,796 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/12/03 12:51:14 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/12/02 20:32:58 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2010/12/02 19:33:19 | 000,003,154 | ---- | C] () -- C:\windows\HotFixList.ini

========== LOP Check ==========

[2011/02/11 19:23:59 | 000,000,000 | ---D | M] -- C:\Users\Remmichmm\AppData\Roaming\acccore
[2012/02/14 14:38:15 | 000,000,000 | ---D | M] -- C:\Users\Remmichmm\AppData\Roaming\SCT
[2012/04/04 15:34:56 | 000,000,000 | ---D | M] -- C:\Users\Remmichmm\AppData\Roaming\SoftGrid Client
[2011/10/26 11:44:20 | 000,000,000 | ---D | M] -- C:\Users\Remmichmm\AppData\Roaming\Synaptics
[2011/10/25 00:22:40 | 000,000,000 | ---D | M] -- C:\Users\Remmichmm\AppData\Roaming\SystemRequirementsLab
[2011/02/16 17:28:49 | 000,000,000 | ---D | M] -- C:\Users\Remmichmm\AppData\Roaming\TP
[2012/03/12 02:40:08 | 000,000,000 | ---D | M] -- C:\Users\Remmichmm\AppData\Roaming\uTorrent
[2011/06/12 21:46:26 | 000,000,000 | ---D | M] -- C:\Users\Remmichmm\AppData\Roaming\WeatherBug
[2009/07/13 23:08:49 | 000,017,146 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 4/8/2012 5:04:25 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Remmichmm\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.79 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 63.13% Memory free
7.58 Gb Paging File | 5.51 Gb Available in Paging File | 72.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.00 Gb Total Space | 151.81 Gb Free Space | 65.44% Space Free | Partition Type: NTFS
Drive D: | 346.39 Gb Total Space | 315.78 Gb Free Space | 91.16% Space Free | Partition Type: NTFS
Drive E: | 4.26 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REMMICHMM-PC | User Name: Remmichmm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java™ 6 Update 30 (64-bit)
"{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{340BE65B-7621-4B0B-B0F9-DBCCD8D70887}" = SRS Premium Sound Control Panel
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor
"{4268BF51-DFDF-4178-8B8D-5D5752FCAA58}" = HP Deskjet 1050 J410 series Basic Device Software
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{4C9845D5-9FAD-4C52-B389-CAEF0F216215}" = Windows Live Remote Client Resources
"{4F26C164-9373-4974-8F43-E0F2176AF937}" = Intel WiMAX Tutorial
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources
"{6548B189-BEA4-4041-80E0-AEB60548E046}" = Intel® PROSet/Wireless WiMAX Software
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{811D5159-D798-491F-B9C6-9BDBF6B02D06}" = Windows Live Remote Service Resources
"{8210330D-4DDA-4356-9941-3B19F8E8A15C}" = SCTDriversV1011x64
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.72
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.72
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{D75AEB5B-FA18-4BD4-9EED-54CA46DB5AE8}" = Intel® PROSet/Wireless WiFi Software
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Elantech" = ETDWare PS/2-X64 8.0.7.1_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PC Optimizer Pro" = PC Optimizer Pro
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02C0A02E-AB30-446C-B4C3-A03310D95F53}" = Windows Live UX Platform Language Pack
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{03BB06DB-15FE-47F0-B872-E6477933C986}" = Windows Live UX Platform Language Pack
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{066219C8-4BE6-46D7-9E01-60FCFA6B32DC}" = Messenger Companion
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
"{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지
"{082E37F5-3924-4168-A69A-1B6B1FEA587C}" = Messenger Companion
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0A455897-C606-4958-AD34-6DF0430D184B}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE5C4DB-8EA2-483D-BD71-D7EB09040CDE}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{13FAE3E3-283E-4BF4-8FE5-17D256EDDD77}" = Windows Live UX Platform Language Pack
"{142D8CA7-2C6F-45A7-83E3-099AAFD99133}" = Samsung Update Plus
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{16234BFD-3EC3-4B76-9347-C825D78A78FC}" = LiveLoad Ford
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1C71DC57-1388-4C1C-AB2F-2B9C0EF83409}" = Windows Live UX Platform Language Pack
"{1CFBB921-4E8F-47C1-81A0-1CB94454199E}" = Windows Live UX Platform Language Pack
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E87F5D4-3502-4F8E-86A5-61DE5AAD1060}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{205C0E30-B2D7-40FF-B2B0-25B2A222E4BF}" = LiveLink
"{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger
"{23181592-0ECD-4A16-81C6-F0424D2DCABF}" = Windows Live UX Platform Language Pack
"{240DB1E2-EDFC-4489-9B00-286A61137EE8}" = Windows Live UX Platform Language Pack
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26513CE5-7A51-478D-93BD-AC1D38103463}" = Windows Live Messenger
"{269FAF4C-8237-49A4-8440-6560FF15B4B0}" = Windows Live UX Platform Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 30
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2719ED2A-F6F5-4CA4-B248-A48FFE75DB84}" = Windows Live UX Platform Language Pack
"{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“
"{2798CE54-AD9D-4704-B940-6C451973CBA4}" = Windows Live UX Platform Language Pack
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{318DBE01-1E6B-4243-84B0-210391FE789A}" = Samsung AnyWeb Print
"{32C01DD0-3260-4D2B-BDB2-36CEC3E5B27A}" = Windows Live UX Platform Language Pack
"{331ECF61-69AF-4F57-AC35-AFED610231C3}" = MultimediaPOP
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34AB675C-1965-44B5-B5A7-B02EE6196AD3}" = Windows Live Messenger
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{34F98478-05CB-4A3A-B6F4-DA529ED8FA57}" = Intel® Wireless Display
"{3705D53F-BB01-4BEE-8585-289E71CAC4B4}" = Компаньон Messenger
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{3889988F-762B-4B85-AB17-71C9CC3AE445}" = Messenger Companion
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}" = Complemento Messenger
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{3FD1CB9F-807F-451B-926C-9D19C84CFC61}" = Messenger Suradnik
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{463F67F4-58D0-4C0D-BBC9-D0CC4E56D1B8}" = Windows Live UX Platform Language Pack
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
"{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{539A0CEA-17E4-4FE4-A5E8-EC5D40610A79}" = „Windows Live Messenger“
"{543E6ACA-51B7-4283-82F2-57C0582A53C5}" = Windows Live UX Platform Language Pack
"{56D42B00-572C-4AE9-BCFB-CD45A3B5D0E1}" = Messenger Assistent
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
"{5CADEAC5-0A9C-4680-B850-6A9085ADD23B}" = Windows Live UX Platform Language Pack
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B0A2ECE-E4C6-4BA3-AE9D-8B827F03B992}" = Windows Live UX Platform Language Pack
"{6B318C80-7BE4-4D79-9F53-4290958EA984}" = Windows Live UX Platform Language Pack
"{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6C016AC4-0282-4C82-B12F-3D5910DA7319}" = Samsung AnyWeb Print
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D2F0A26-ECEA-49CE-833C-9A6125F3D5E8}" = Doplnok programu Messenger
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources
"{6DD3B54B-F0D0-4A69-8344-F52033225A02}" = Messenger Companion
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73D6C3C0-B209-4572-B2D2-ABFF0A30970D}" = Easy Network Manager
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{76046298-768C-492C-8C93-2983C9E3719E}" = Windows Live UX Platform Language Pack
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
"{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
"{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Start
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{781E0319-15CD-4A4C-A47E-D9FFF697E7A1}" = Messenger Companion
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E274911-32ED-4489-9B04-4EF100D0E4D3}" = „Messenger“ pagalbinė priemonė
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F061FA8-5A87-4758-876B-17EE28B358D0}" = Messenger 浏览器插件
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{829CDAAD-5AF1-482F-978B-591C16A34ACC}" = Windows Live Messenger
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{847C879C-1467-4924-A491-1302B4C58F70}" = Messenger Companion
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{902585EB-8FA3-43A5-AD1C-5C9821A77114}" = Messenger Pratilac
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96403552-88D1-429F-9C92-388B814B885E}" = Messenger Companion
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB067785-9646-456B-91C3-E71228132A4C}" = Messenger 사이트 공유
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB5977C5-11AE-4003-BA7D-261C48F2BC35}" = מסייע Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B44F3823-52DD-45CA-A916-8B320778715D}" = Messenger Companion
"{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources
"{B4FF212F-F56E-463D-95DC-449DA1480E27}" = Windows Live UX Platform Language Pack
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
"{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BBC019AB-8349-42A2-AF5A-A8B759722E2F}" = Windows Live UX Platform Language Pack
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BD8DA595-F501-4ABE-85A0-5C23E82472A0}" = Pomocnik Messenger
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C011E1C5-86F7-4EEB-B7E6-0C367CED97B2}" = Windows Live UX Platform Language Pack
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija
"{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker
"{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack
"{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4F81B27-4054-4AD6-A588-265508BAA17C}" = Messenger Companion
"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
"{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D58E381C-DE02-46A9-B9D1-A2CB807D2676}" = Messenger Companion
"{D657CCB5-9F2F-4D3C-B93D-F77EBEF79B66}" = Messenger-kumppani
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D8DAB025-C2CE-4821-8117-494E95ADA031}" = Windows Live UX Platform Language Pack
"{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9618EB0-D09E-496B-A425-689271F5571B}" = Windows Live UX Platform Language Pack
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA257ECF-5F72-4461-B890-959394DCD087}" = BatteryLifeExtender
"{EA76E65F-6679-495A-A8A6-42AD6602ED4C}" = EasyFileShare
"{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED86C4AB-D1E5-42CF-BFA3-56BAAE617D4E}" = Windows Live UX Platform Language Pack
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F14F9EE9-9B68-42B4-90F7-0924F7619281}" = Spremljevalec Messenger
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F3ECEB0A-82A0-4DB9-BB44-393A66BA0871}" = Messenger kísérő
"{F4EE283A-4851-43D4-887C-1932D55DE740}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEA0181F-3758-46DA-B7EC-F3CDFA7E0CE7}" = Помощник на Messenger
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFF8D436-0A41-4BB0-8E9B-6256B07AF66B}" = Windows Live UX Platform Language Pack
"Adobe AIR" = Adobe AIR
"AIM_7" = AIM 7
"conduitEngine" = Conduit Engine
"ESET Online Scanner" = ESET Online Scanner v3
"HP Photo Creations" = HP Photo Creations
"HTC_WModemDriver" = WModem Driver Installer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"NVIDIA.Updatus" = NVIDIA Updatus
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PdaNet_is1" = PdaNet for Android 3.02
"RealPlayer 12.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"VLC media player" = VLC media player 1.1.7
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/8/2012 11:16:31 PM | Computer Name = Remmichmm-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/8/2012 11:16:31 PM | Computer Name = Remmichmm-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8050

Error - 3/8/2012 11:16:31 PM | Computer Name = Remmichmm-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8050

Error - 3/8/2012 11:16:32 PM | Computer Name = Remmichmm-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/8/2012 11:16:32 PM | Computer Name = Remmichmm-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9048

Error - 3/8/2012 11:16:32 PM | Computer Name = Remmichmm-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9048

Error - 3/9/2012 3:31:40 AM | Computer Name = Remmichmm-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 3/9/2012 5:59:56 AM | Computer Name = Remmichmm-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 3/9/2012 10:30:15 AM | Computer Name = Remmichmm-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/9/2012 10:30:15 AM | Computer Name = Remmichmm-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1014

[ Media Center Events ]
Error - 8/27/2011 1:35:40 AM | Computer Name = Remmichmm-PC | Source = MCUpdate | ID = 0
Description = 11:35:39 PM - Error connecting to the internet. 11:35:39 PM - Unable
to contact server..

Error - 8/27/2011 2:36:19 PM | Computer Name = Remmichmm-PC | Source = MCUpdate | ID = 0
Description = 12:36:19 PM - Error connecting to the internet. 12:36:19 PM - Unable
to contact server..

Error - 8/27/2011 2:39:45 PM | Computer Name = Remmichmm-PC | Source = MCUpdate | ID = 0
Description = 12:39:44 PM - Error connecting to the internet. 12:39:44 PM - Unable
to contact server..

Error - 8/27/2011 7:59:50 PM | Computer Name = Remmichmm-PC | Source = MCUpdate | ID = 0
Description = 5:59:50 PM - Failed to retrieve Directory (Error: The operation has
timed out)

Error - 8/27/2011 8:01:40 PM | Computer Name = Remmichmm-PC | Source = MCUpdate | ID = 0
Description = 6:01:39 PM - Error connecting to the internet. 6:01:39 PM - Unable
to contact server..

Error - 8/28/2011 2:35:20 PM | Computer Name = Remmichmm-PC | Source = MCUpdate | ID = 0
Description = 12:35:20 PM - Error connecting to the internet. 12:35:20 PM - Unable
to contact server..

Error - 8/28/2011 2:35:26 PM | Computer Name = Remmichmm-PC | Source = MCUpdate | ID = 0
Description = 12:35:25 PM - Error connecting to the internet. 12:35:25 PM - Unable
to contact server..

Error - 8/30/2011 6:20:39 PM | Computer Name = Remmichmm-PC | Source = MCUpdate | ID = 0
Description = 4:20:39 PM - Error connecting to the internet. 4:20:39 PM - Unable
to contact server..

Error - 8/30/2011 6:24:07 PM | Computer Name = Remmichmm-PC | Source = MCUpdate | ID = 0
Description = 4:24:04 PM - Error connecting to the internet. 4:24:04 PM - Unable
to contact server..

Error - 9/7/2011 6:06:38 PM | Computer Name = Remmichmm-PC | Source = MCUpdate | ID = 0
Description = 4:06:33 PM - Failed to retrieve Directory (Error: The operation has
timed out)

[ System Events ]
Error - 2/24/2012 5:35:35 AM | Computer Name = Remmichmm-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR10.

Error - 2/24/2012 5:35:36 AM | Computer Name = Remmichmm-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR10.

Error - 2/24/2012 5:35:37 AM | Computer Name = Remmichmm-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR10.

Error - 2/24/2012 5:35:37 AM | Computer Name = Remmichmm-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR10.

Error - 3/1/2012 11:35:06 PM | Computer Name = Remmichmm-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 3/6/2012 2:38:59 PM | Computer Name = Remmichmm-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 3/6/2012 2:58:58 PM | Computer Name = Remmichmm-PC | Source = bowser | ID = 8003
Description =

Error - 3/6/2012 3:14:53 PM | Computer Name = Remmichmm-PC | Source = bowser | ID = 8003
Description =

Error - 3/6/2012 3:49:37 PM | Computer Name = Remmichmm-PC | Source = bowser | ID = 8003
Description =

Error - 3/6/2012 4:57:24 PM | Computer Name = Remmichmm-PC | Source = bowser | ID = 8003
Description =


< End of report >

#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:45 PM

Posted 09 April 2012 - 02:39 PM

Good evening. :)

Do you have a flashdrive of about 128 Mb that you can wipe clean for a little tool that may help with your problem?

So long, and thanks for all the fish.

 

 


#13 HamMach1

HamMach1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 09 April 2012 - 02:42 PM

I should be able to find one laying around somewhere!

#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:45 PM

Posted 09 April 2012 - 04:46 PM

Grand.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

So long, and thanks for all the fish.

 

 


#15 HamMach1

HamMach1
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 12 April 2012 - 03:52 AM

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 12-04-2012 02:33:06
Running from I:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11369576 2010-08-10] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2581384 2010-08-30] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [191784 2010-03-19] (Trend Micro Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2818856 2011-08-25] (Synaptics Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2011-01-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-03-22] (Nullsoft, Inc.)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [273544 2011-06-12] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-08] (Apple Inc.)
HKLM-x32\...\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [460872 2012-01-13] (Malwarebytes Corporation)
HKU\Remmichmm\...\Run: [Google Update] "C:\Users\Remmichmm\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-19] (Google Inc.)
HKU\Remmichmm\...\Run: [fvieo] rundll32.exe "C:\Users\REMMIC~1\AppData\Local\Temp\fvieo.dll",MatrixRotationZ [113664 2012-03-31] (Sun Microsystems, Inc.)
HKU\Remmichmm\...\Run: [wmerap] rundll32.exe "C:\Users\REMMIC~1\AppData\Local\Temp\wmerap.dll",D3D9ResourceGetMappedArray [229888 2012-03-31] (Voyetra Turtle Beach, Inc.)
HKU\Remmichmm\...\Policies\system: [disableregistrytools] 0
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\windows\system32\nvinitx.dll
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
3 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253600 2012-03-30] (Adobe Systems Incorporated)
2 BBSvc; C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [193816 2012-02-10] (Microsoft Corporation.)
3 BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [240408 2012-02-10] (Microsoft Corporation.)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 DMAgent; "C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe" [408576 2010-08-31] (Red Bend Ltd.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [652360 2012-01-13] (Malwarebytes Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-10-18] ()
2 navex15; C:\Windows\System32\HSX_DP.dll [6656 2009-07-13] (Oak Technology Inc.)
2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-05-31] (Symantec Corporation)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-07] ()
2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [158856 2012-02-15] (Skype Technologies)
2 UMVPFSrv; C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2010-02-03] (Intel Corporation)
2 WiMAXAppSrv; "C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe" [911872 2010-08-31] (Intel® Corporation)
2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=nb [x]

========================== Drivers (Whitelisted) =============

3 bpenum; C:\Windows\System32\Drivers\bpenum.sys [71168 2010-05-16] (Intel Corporation)
3 bpmp; C:\Windows\System32\Drivers\bpmp.sys [175104 2010-05-16] (Intel Corporation)
3 bpusb; C:\Windows\System32\Drivers\bpusb.sys [81920 2010-05-16] (Intel Corporation)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 FTDIBUS; C:\Windows\System32\Drivers\FTDIBUS.sys [74376 2011-03-18] (FTDI Ltd.)
3 FTSER2K; C:\Windows\System32\Drivers\FTSER2K.sys [85384 2011-03-18] (FTDI Ltd.)
3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
3 NETwNs64; C:\Windows\System32\Drivers\NETwNs64.sys [8153088 2010-10-17] (Intel Corporation)
3 pneteth; C:\Windows\System32\Drivers\pneteth.sys [15360 2011-07-19] (June Fabrics Technology Inc.)
3 rtport; C:\Windows\SysWow64\Drivers\rtport.sys [15144 2011-01-08] (Windows ® 2003 DDK 3790 provider)
1 SABI; C:\Windows\System32\Drivers\SABI.sys [13824 2009-05-27] (SAMSUNG ELECTRONICS)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SCTDriverV1011; C:\Windows\System32\Drivers\SCTDriverV1011.sys [261712 2010-11-09] (Jungo)
2 tmactmon; C:\Windows\System32\Drivers\tmactmon.sys [66576 2010-02-07] (Trend Micro Inc.)
2 tmcomm; C:\Windows\System32\Drivers\tmcomm.sys [135696 2010-02-07] (Trend Micro Inc.)
2 tmevtmgr; C:\Windows\System32\Drivers\tmevtmgr.sys [56336 2010-02-07] (Trend Micro Inc.)
1 tmtdi; C:\Windows\System32\Drivers\tmtdi.sys [100368 2009-11-23] (Trend Micro Inc.)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13832 2010-04-16] ()
3 wdkmd; C:\Windows\System32\Drivers\wdkmd.sys [42392 2010-10-05] (Intel Corporation)

========================== NetSvcs (Whitelisted) ===========
NETSVC: navex15

============ One Month Created Files and Folders ==============

2012-04-12 02:32 - 2012-04-12 02:33 - 0000000 ____D C:\FRST
2012-04-12 00:13 - 2012-04-12 00:14 - 169865383 ____A C:\Users\Remmichmm\Desktop\Kelsey's Files.rar
2012-04-12 00:11 - 2012-04-12 00:12 - 0000000 ____D C:\Users\Remmichmm\Desktop\virus protection (1)
2012-04-08 14:37 - 2012-04-08 14:36 - 0273259 ____N C:\Users\Remmichmm\IMAG0210.jpg
2012-04-08 14:37 - 2012-04-08 14:36 - 0228635 ____N C:\Users\Remmichmm\IMAG0208.jpg
2012-04-07 13:06 - 2012-04-07 13:06 - 0000000 ____D C:\Windows\system64
2012-04-07 12:31 - 2012-04-07 12:31 - 0022134 ____A C:\ComboFix.txt
2012-04-07 12:13 - 2012-04-07 12:13 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-04-07 12:13 - 2012-04-07 12:13 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-04-07 12:13 - 2012-04-07 12:13 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-04-07 12:13 - 2012-04-07 12:13 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-04-07 12:13 - 2012-04-07 12:13 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-04-07 12:13 - 2012-04-07 12:13 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-04-07 12:13 - 2012-04-07 12:13 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-04-07 12:13 - 2012-04-07 12:13 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-04-07 12:13 - 2012-04-07 12:13 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-04-07 12:13 - 2012-04-07 12:13 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-04-07 12:00 - 2012-04-07 15:05 - 0000000 ___SD C:\SuperFIX
2012-04-07 12:00 - 2012-04-07 15:05 - 0000000 ____D C:\Windows\ERDNT
2012-04-07 12:00 - 2012-04-07 12:31 - 0000000 ____D C:\Qoobox
2012-04-07 12:00 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-04-07 12:00 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-04-07 12:00 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-04-07 12:00 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-04-07 12:00 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-04-07 12:00 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-04-07 12:00 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-04-07 12:00 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-04-07 00:05 - 2012-04-07 00:07 - 10101198 ____A C:\Users\Remmichmm\Desktop\001_Fun._ft._Janelle_Monae_-_We_Are_Young.mp3
2012-04-06 22:53 - 2012-04-06 22:53 - 0000000 ____D C:\Program Files (x86)\ESET
2012-04-03 00:14 - 2012-04-03 00:14 - 0109839 ____A C:\Users\Remmichmm\Desktop\LOOOOOL3.jpg
2012-04-03 00:13 - 2012-04-03 00:13 - 0024647 ____A C:\Users\Remmichmm\Desktop\mother of god.jpg
2012-04-03 00:12 - 2012-04-03 00:12 - 0060576 ____A C:\Users\Remmichmm\Desktop\LOOOL2.jpg
2012-04-03 00:11 - 2012-04-03 00:11 - 0066828 ____A C:\Users\Remmichmm\Desktop\LOOOOL.jpg
2012-04-02 23:45 - 2012-04-02 23:45 - 0000000 ____A C:\Users\Remmichmm\defogger_reenable
2012-04-02 00:04 - 2012-04-02 00:04 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-01 23:54 - 2012-04-02 00:05 - 0133840 ____A C:\TDSSKiller.2.7.23.0_02.04.2012_01.54.57_log.txt
2012-04-01 23:54 - 2012-04-01 23:54 - 0015422 ____A C:\TDSSKiller.2.7.23.0_02.04.2012_01.54.43_log.txt
2012-04-01 23:52 - 2012-04-01 23:54 - 0133072 ____A C:\TDSSKiller.2.7.23.0_02.04.2012_01.52.07_log.txt
2012-03-31 21:24 - 2012-03-31 21:24 - 0000000 ____D C:\Users\Remmichmm\AppData\Local\{E95BE7CB-7BBA-11E1-826D-B8AC6F996F26}
2012-03-30 23:57 - 2012-03-30 23:59 - 0133681 ____A C:\Users\Remmichmm\Desktop\IMAG0137.jpg
2012-03-30 23:02 - 2012-03-30 23:02 - 0001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-03-30 23:02 - 2012-03-30 23:02 - 0000000 ____D C:\Users\Remmichmm\AppData\Roaming\SUPERAntiSpyware.com
2012-03-30 23:02 - 2012-03-30 23:02 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-03-30 23:02 - 2012-03-30 23:02 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-03-30 23:02 - 2012-03-30 23:02 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-03-30 19:56 - 2012-03-30 19:56 - 0090404 ____A C:\Users\Remmichmm\Desktop\546482_410447125635841_100000116712476_1760313_922723784_n.jpg
2012-03-30 00:25 - 2012-03-30 00:25 - 8738464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-03-30 00:13 - 2012-04-12 00:08 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-03-30 00:13 - 2012-03-30 00:26 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-03-30 00:12 - 2012-04-12 00:21 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-03-27 23:03 - 2012-03-27 23:04 - 0220636 ____A C:\Users\Remmichmm\Downloads\notes_-_topic_8.pdf
2012-03-27 22:50 - 2012-03-27 22:50 - 0043008 ____A C:\Users\Remmichmm\Downloads\AcidsBasesHW.doc
2012-03-27 22:35 - 2012-03-27 22:35 - 0069291 ____A C:\Users\Remmichmm\Downloads\Acids, Bases, K, Molarity Homework.pdf
2012-03-21 12:23 - 2012-03-21 12:23 - 0049664 ____A C:\Users\Remmichmm\Downloads\Percent Composition and Molecular Formula Worksheet.doc
2012-03-21 10:28 - 2012-03-21 10:28 - 0833024 ____A C:\Users\Remmichmm\Downloads\Ch02_Testbank.doc
2012-03-21 09:46 - 2012-03-21 09:46 - 0027648 ____A C:\Users\Remmichmm\Downloads\empirical formula directions (1).doc
2012-03-21 09:43 - 2012-03-21 09:43 - 0027648 ____A C:\Users\Remmichmm\Downloads\empirical formula directions.doc
2012-03-21 09:27 - 2012-03-21 09:27 - 0027136 ____A C:\Users\Remmichmm\Downloads\Worksheet-EmpiricalFormulas ANSWERS.doc
2012-03-21 09:27 - 2012-03-21 09:27 - 0021179 ____A C:\Users\Remmichmm\Downloads\chemistry_2202_-_midterm_review.docx
2012-03-21 09:26 - 2012-03-21 09:26 - 0011993 ____A C:\Users\Remmichmm\Downloads\Empirical_Formula_Worksheet.docx
2012-03-19 14:16 - 2012-02-02 09:49 - 4710030 ____A C:\Users\Remmichmm\Desktop\eDSCF3366.jpg
2012-03-19 14:15 - 2012-02-02 09:34 - 4295775 ____A C:\Users\Remmichmm\Desktop\eDSCF3343.jpg
2012-03-19 14:13 - 2012-02-02 09:12 - 4826422 ____A C:\Users\Remmichmm\Desktop\eDSCF3149.jpg
2012-03-17 10:30 - 2012-03-17 10:30 - 0524800 ____A C:\Users\Remmichmm\Downloads\1_Processing_PreInfo.doc
2012-03-17 10:30 - 2012-03-17 10:30 - 0039230 ____A C:\Users\Remmichmm\Downloads\1a_I9_Documents.pdf
2012-03-15 22:35 - 2012-03-15 22:35 - 0024064 ____A C:\Users\Remmichmm\Downloads\Application Form.doc
2012-03-15 01:03 - 2011-11-19 07:20 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-15 01:03 - 2011-11-19 06:50 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-15 01:03 - 2011-11-19 06:50 - 3913584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-14 09:36 - 2012-02-09 22:36 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-14 09:36 - 2012-02-09 21:38 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-14 09:36 - 2012-02-02 20:34 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-14 03:03 - 2012-02-16 22:38 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-14 03:03 - 2012-02-16 21:34 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-03-14 03:03 - 2012-02-16 20:58 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-14 03:03 - 2012-02-16 20:57 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-14 03:03 - 2012-01-24 22:38 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-14 03:03 - 2012-01-24 22:38 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-14 03:03 - 2012-01-24 22:33 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

============ 3 Months Modified Files and Folders =============

2012-04-12 02:33 - 2012-04-12 02:32 - 0000000 ____D C:\FRST
2012-04-12 00:30 - 2010-12-03 10:07 - 4070748160 __ASH C:\hiberfil.sys
2012-04-12 00:30 - 2010-12-02 17:18 - 0000050 ____A C:\Windows\System32\SupplicantTest.log
2012-04-12 00:30 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-12 00:30 - 2009-07-13 20:51 - 0076711 ____A C:\Windows\setupact.log
2012-04-12 00:30 - 2009-07-13 20:45 - 0014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-12 00:30 - 2009-07-13 20:45 - 0014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-12 00:21 - 2012-03-30 00:12 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-12 00:17 - 2010-12-02 17:16 - 2080928 ____A C:\Windows\WindowsUpdate.log
2012-04-12 00:14 - 2012-04-12 00:13 - 169865383 ____A C:\Users\Remmichmm\Desktop\Kelsey's Files.rar
2012-04-12 00:14 - 2011-06-19 15:26 - 0000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2067896838-3830993589-4124492298-1002UA.job
2012-04-12 00:14 - 2009-07-13 21:13 - 0759254 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-12 00:12 - 2012-04-12 00:11 - 0000000 ____D C:\Users\Remmichmm\Desktop\virus protection (1)
2012-04-12 00:12 - 2012-02-09 09:55 - 0000000 ____D C:\Users\Remmichmm\Desktop\Kelsey's Files
2012-04-12 00:08 - 2012-03-30 00:13 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-11 23:57 - 2011-02-16 15:28 - 0000000 ____D C:\Users\Remmichmm\AppData\Roaming\SoftGrid Client
2012-04-11 18:17 - 2011-06-19 15:26 - 0002425 ____A C:\Users\Remmichmm\Desktop\Google Chrome.lnk
2012-04-11 02:25 - 2011-06-19 15:26 - 0000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2067896838-3830993589-4124492298-1002Core.job
2012-04-08 14:37 - 2011-01-29 09:13 - 0000000 ____D C:\users\Remmichmm
2012-04-08 14:36 - 2012-04-08 14:37 - 0273259 ____N C:\Users\Remmichmm\IMAG0210.jpg
2012-04-08 14:36 - 2012-04-08 14:37 - 0228635 ____N C:\Users\Remmichmm\IMAG0208.jpg
2012-04-07 15:05 - 2012-04-07 12:00 - 0000000 ___SD C:\SuperFIX
2012-04-07 15:05 - 2012-04-07 12:00 - 0000000 ____D C:\Windows\ERDNT
2012-04-07 15:05 - 2011-01-29 11:11 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-07 15:05 - 2010-12-03 10:59 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-04-07 15:05 - 2010-12-02 17:34 - 0000000 ____D C:\Users\All Users\WinClon
2012-04-07 15:05 - 2010-12-02 17:34 - 0000000 ____D C:\ProgramData\WinClon
2012-04-07 15:05 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-04-07 15:05 - 2009-07-13 19:18 - 0000000 __SHD C:\$Recycle.Bin
2012-04-07 15:04 - 2011-06-12 20:08 - 0000000 ____D C:\Users\All Users\Real
2012-04-07 15:04 - 2011-06-12 20:08 - 0000000 ____D C:\ProgramData\Real
2012-04-07 15:04 - 2010-12-02 17:11 - 0000000 ____D C:\Intel
2012-04-07 13:09 - 2010-12-02 17:14 - 0000000 ____D C:\users\UpdatusUser
2012-04-07 13:06 - 2012-04-07 13:06 - 0000000 ____D C:\Windows\system64
2012-04-07 13:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-07 12:31 - 2012-04-07 12:31 - 0022134 ____A C:\ComboFix.txt
2012-04-07 12:31 - 2012-04-07 12:00 - 0000000 ____D C:\Qoobox
2012-04-07 12:21 - 2009-07-13 18:34 - 20185088 ____A C:\Windows\System32\config\SYSTEM.bak
2012-04-07 12:15 - 2009-07-13 18:34 - 64225280 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-04-07 12:13 - 2012-04-07 12:13 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-04-07 12:13 - 2012-04-07 12:13 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-04-07 12:13 - 2012-04-07 12:13 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-04-07 12:13 - 2012-04-07 12:13 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-04-07 12:13 - 2012-04-07 12:13 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-04-07 12:13 - 2012-04-07 12:13 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-04-07 12:13 - 2012-04-07 12:13 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-04-07 12:13 - 2012-04-07 12:13 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-04-07 12:13 - 2012-04-07 12:13 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-04-07 12:13 - 2012-04-07 12:13 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-04-07 12:13 - 2009-07-13 18:34 - 1310720 ____A C:\Windows\System32\config\DEFAULT.bak
2012-04-07 12:13 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-04-07 01:03 - 2011-11-13 01:39 - 0000000 ____D C:\Users\Remmichmm\AppData\Local\Last.fm
2012-04-07 00:07 - 2012-04-07 00:05 - 10101198 ____A C:\Users\Remmichmm\Desktop\001_Fun._ft._Janelle_Monae_-_We_Are_Young.mp3
2012-04-06 22:53 - 2012-04-06 22:53 - 0000000 ____D C:\Program Files (x86)\ESET
2012-04-04 17:24 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SAM.bak
2012-04-03 00:14 - 2012-04-03 00:14 - 0109839 ____A C:\Users\Remmichmm\Desktop\LOOOOOL3.jpg
2012-04-03 00:13 - 2012-04-03 00:13 - 0024647 ____A C:\Users\Remmichmm\Desktop\mother of god.jpg
2012-04-03 00:12 - 2012-04-03 00:12 - 0060576 ____A C:\Users\Remmichmm\Desktop\LOOOL2.jpg
2012-04-03 00:11 - 2012-04-03 00:11 - 0066828 ____A C:\Users\Remmichmm\Desktop\LOOOOL.jpg
2012-04-02 23:45 - 2012-04-02 23:45 - 0000000 ____A C:\Users\Remmichmm\defogger_reenable
2012-04-02 00:05 - 2012-04-01 23:54 - 0133840 ____A C:\TDSSKiller.2.7.23.0_02.04.2012_01.54.57_log.txt
2012-04-02 00:04 - 2012-04-02 00:04 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-01 23:54 - 2012-04-01 23:54 - 0015422 ____A C:\TDSSKiller.2.7.23.0_02.04.2012_01.54.43_log.txt
2012-04-01 23:54 - 2012-04-01 23:52 - 0133072 ____A C:\TDSSKiller.2.7.23.0_02.04.2012_01.52.07_log.txt
2012-03-31 21:24 - 2012-03-31 21:24 - 0000000 ____D C:\Users\Remmichmm\AppData\Local\{E95BE7CB-7BBA-11E1-826D-B8AC6F996F26}
2012-03-30 23:59 - 2012-03-30 23:57 - 0133681 ____A C:\Users\Remmichmm\Desktop\IMAG0137.jpg
2012-03-30 23:02 - 2012-03-30 23:02 - 0001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-03-30 23:02 - 2012-03-30 23:02 - 0000000 ____D C:\Users\Remmichmm\AppData\Roaming\SUPERAntiSpyware.com
2012-03-30 23:02 - 2012-03-30 23:02 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-03-30 23:02 - 2012-03-30 23:02 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-03-30 23:02 - 2012-03-30 23:02 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-03-30 19:56 - 2012-03-30 19:56 - 0090404 ____A C:\Users\Remmichmm\Desktop\546482_410447125635841_100000116712476_1760313_922723784_n.jpg
2012-03-30 00:26 - 2012-03-30 00:13 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-03-30 00:26 - 2011-11-29 13:01 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-03-30 00:25 - 2012-03-30 00:25 - 8738464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-03-30 00:20 - 2011-01-29 12:46 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-27 23:04 - 2012-03-27 23:03 - 0220636 ____A C:\Users\Remmichmm\Downloads\notes_-_topic_8.pdf
2012-03-27 22:50 - 2012-03-27 22:50 - 0043008 ____A C:\Users\Remmichmm\Downloads\AcidsBasesHW.doc
2012-03-27 22:35 - 2012-03-27 22:35 - 0069291 ____A C:\Users\Remmichmm\Downloads\Acids, Bases, K, Molarity Homework.pdf
2012-03-21 12:23 - 2012-03-21 12:23 - 0049664 ____A C:\Users\Remmichmm\Downloads\Percent Composition and Molecular Formula Worksheet.doc
2012-03-21 10:28 - 2012-03-21 10:28 - 0833024 ____A C:\Users\Remmichmm\Downloads\Ch02_Testbank.doc
2012-03-21 09:46 - 2012-03-21 09:46 - 0027648 ____A C:\Users\Remmichmm\Downloads\empirical formula directions (1).doc
2012-03-21 09:43 - 2012-03-21 09:43 - 0027648 ____A C:\Users\Remmichmm\Downloads\empirical formula directions.doc
2012-03-21 09:27 - 2012-03-21 09:27 - 0027136 ____A C:\Users\Remmichmm\Downloads\Worksheet-EmpiricalFormulas ANSWERS.doc
2012-03-21 09:27 - 2012-03-21 09:27 - 0021179 ____A C:\Users\Remmichmm\Downloads\chemistry_2202_-_midterm_review.docx
2012-03-21 09:26 - 2012-03-21 09:26 - 0011993 ____A C:\Users\Remmichmm\Downloads\Empirical_Formula_Worksheet.docx
2012-03-17 10:30 - 2012-03-17 10:30 - 0524800 ____A C:\Users\Remmichmm\Downloads\1_Processing_PreInfo.doc
2012-03-17 10:30 - 2012-03-17 10:30 - 0039230 ____A C:\Users\Remmichmm\Downloads\1a_I9_Documents.pdf
2012-03-15 22:35 - 2012-03-15 22:35 - 0024064 ____A C:\Users\Remmichmm\Downloads\Application Form.doc
2012-03-15 12:45 - 2012-02-16 20:57 - 0000000 ____D C:\Users\Remmichmm\Desktop\Kelsey's Pictures
2012-03-15 01:22 - 2009-07-13 20:45 - 0276096 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-15 01:21 - 2011-02-15 15:23 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-03-15 01:19 - 2011-01-30 21:50 - 0000000 ____D C:\Users\Remmichmm\AppData\Roaming\Skype
2012-03-15 01:01 - 2011-01-30 22:04 - 56297240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-12 19:55 - 2012-03-12 19:55 - 0000000 ____D C:\Users\Remmichmm\AppData\Local\{72DB1699-2815-43A7-A758-454B11176A89}
2012-03-12 19:54 - 2012-03-11 11:28 - 0000000 ____D C:\Users\Remmichmm\AppData\Local\Windows Live
2012-03-12 00:40 - 2011-02-15 15:23 - 0000000 ____D C:\Users\Remmichmm\AppData\Roaming\uTorrent
2012-03-11 13:33 - 2012-03-11 13:33 - 0742264 ____A (BitTorrent, Inc.) C:\Users\Remmichmm\Desktop\uTorrent.exe
2012-03-11 11:28 - 2012-03-11 11:27 - 0000000 ____D C:\Users\Remmichmm\AppData\Local\{2E3907F0-A7F1-458C-A3C1-D278799120CD}
2012-03-11 11:27 - 2012-03-11 11:27 - 0000000 ____D C:\Users\Remmichmm\AppData\Local\{2D3079E6-42D8-4F84-A820-445250158E2B}
2012-03-04 15:09 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-03-01 20:37 - 2012-03-01 20:36 - 3323152 ____A C:\Users\Remmichmm\Downloads\DSC00723.JPG
2012-02-26 16:31 - 2012-02-26 16:31 - 0010575 ____A C:\Users\Remmichmm\Downloads\ProQuestExport.pdf
2012-02-25 01:50 - 2012-02-25 01:50 - 0000000 ____D C:\Program Files\HTC
2012-02-25 01:50 - 2010-12-02 17:16 - 0036606 ____A C:\Windows\DPINST.LOG
2012-02-25 01:49 - 2012-02-25 01:49 - 0000000 ____D C:\Program Files (x86)\HTC
2012-02-25 01:49 - 2010-12-02 17:12 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-02-24 01:38 - 2012-02-24 01:38 - 0000112 ____A C:\Users\Remmichmm\webct_upload_applet.properties
2012-02-23 10:39 - 2011-01-30 21:59 - 0000000 ____D C:\Users\Remmichmm\Documents\Youcam
2012-02-23 10:11 - 2010-12-02 17:33 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-02-23 10:11 - 2010-12-02 17:33 - 0000000 ____D C:\Users\All Users\Skype
2012-02-23 10:11 - 2010-12-02 17:33 - 0000000 ____D C:\ProgramData\Skype
2012-02-23 10:08 - 2011-01-30 21:53 - 0000000 ____D C:\Users\Remmichmm\AppData\Roaming\skypePM
2012-02-23 09:53 - 2012-02-23 09:53 - 0008360 ____A C:\Windows\System32\lvcoinst.log
2012-02-23 09:53 - 2012-02-23 09:53 - 0000000 ____D C:\Program Files\Common Files\logishrd
2012-02-22 02:29 - 2012-02-22 02:29 - 0147725 ____A C:\Users\Remmichmm\Documents\TaxReturn11.pdf
2012-02-16 22:38 - 2012-03-14 03:03 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-14 03:03 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-14 03:03 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-14 03:03 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-15 10:21 - 2011-01-29 09:18 - 0000174 ___SH C:\Users\Remmichmm\Start Menu\Programs\Startup\desktop.ini
2012-02-15 10:21 - 2011-01-29 09:18 - 0000174 ___SH C:\Users\Remmichmm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-15 02:26 - 2010-12-02 18:20 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-15 02:04 - 2011-02-16 15:28 - 0775950 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-02-15 02:04 - 2011-02-16 15:27 - 0000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-02-14 12:49 - 2012-02-14 12:49 - 0000084 ____A C:\Windows\LiveLoad.INI
2012-02-14 12:46 - 2011-08-07 15:04 - 0000006 ____A C:\Windows\SysWOW64\PCTiming.dat
2012-02-14 12:45 - 2012-02-14 12:40 - 0000000 ____D C:\Users\Remmichmm\Documents\SCT Tuner
2012-02-14 12:44 - 2011-08-07 14:57 - 0000000 ____D C:\Program Files (x86)\SCT
2012-02-14 12:43 - 2011-08-07 14:56 - 0000000 ____D C:\Users\Remmichmm\AppData\Local\Downloaded Installations
2012-02-14 12:41 - 2012-02-14 12:36 - 55325752 ____A (SCT Performance LLC) C:\Users\Remmichmm\Downloads\LiveLink.exe
2012-02-14 12:38 - 2012-02-14 12:38 - 0000000 ____D C:\Users\Remmichmm\AppData\Roaming\SCT
2012-02-14 12:37 - 2012-02-14 12:37 - 1342074 ____A (SCT) C:\Users\Remmichmm\Downloads\liveupdate220.exe
2012-02-14 12:37 - 2012-02-14 12:36 - 0446224 ____A (Microsoft Corporation) C:\Users\Remmichmm\Downloads\XCal2_Drivers.exe
2012-02-12 21:25 - 2012-02-12 21:25 - 0200384 ____A C:\Users\Remmichmm\Downloads\Sample Lab Report-1.pdf
2012-02-12 13:48 - 2012-02-12 13:48 - 0119861 ____A C:\Users\Remmichmm\Downloads\pdf (1).pdf
2012-02-12 13:41 - 2012-02-12 13:40 - 0669749 ____A C:\Users\Remmichmm\Downloads\pdf.pdf
2012-02-09 22:36 - 2012-03-14 09:36 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-14 09:36 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-08 12:49 - 2012-02-08 12:49 - 0000322 ____A C:\Users\Remmichmm\Downloads\The_technology_of_making_cheese_from_cam.ris
2012-02-07 14:45 - 2012-02-07 14:45 - 0004129 ____A C:\Windows\SysWOW64\jupdate-1.6.0_30-b12.log
2012-02-07 14:45 - 2011-07-07 19:16 - 0000000 ____D C:\Program Files (x86)\Java
2012-02-07 14:44 - 2012-02-07 14:44 - 0909600 ____A (Sun Microsystems, Inc.) C:\Users\Remmichmm\Downloads\chromeinstall.exe
2012-02-07 13:16 - 2012-02-07 13:16 - 0525544 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-02-07 13:16 - 2012-02-07 13:16 - 0190752 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-02-07 13:16 - 2012-02-07 13:16 - 0172320 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-02-07 13:16 - 2012-02-07 13:16 - 0172320 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-02-07 13:16 - 2012-02-07 13:16 - 0000000 ____D C:\Program Files\Java
2012-02-02 20:34 - 2012-03-14 09:36 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-02 11:24 - 2012-02-02 11:24 - 0000000 ____D C:\Users\Remmichmm\Downloads\volbeat_a_warriors_call_2009
2012-02-02 09:49 - 2012-03-19 14:16 - 4710030 ____A C:\Users\Remmichmm\Desktop\eDSCF3366.jpg
2012-02-02 09:34 - 2012-03-19 14:15 - 4295775 ____A C:\Users\Remmichmm\Desktop\eDSCF3343.jpg
2012-02-02 09:12 - 2012-03-19 14:13 - 4826422 ____A C:\Users\Remmichmm\Desktop\eDSCF3149.jpg
2012-01-24 22:38 - 2012-03-14 03:03 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 22:38 - 2012-03-14 03:03 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 22:33 - 2012-03-14 03:03 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-20 12:49 - 2012-01-20 12:49 - 0394061 ____A C:\Users\Remmichmm\Downloads\fileDownLoad.pdf
2012-01-20 00:18 - 2012-01-20 00:18 - 0000000 ___HD C:\Users\All Users\CanonBJ
2012-01-20 00:18 - 2012-01-20 00:18 - 0000000 ___HD C:\ProgramData\CanonBJ
2012-01-18 12:21 - 2012-01-18 12:21 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01009.Wdf
2012-01-18 05:44 - 2012-01-18 05:44 - 4865568 ____A (Logitech Inc.) C:\Windows\System32\Drivers\lvuvc64.sys
2012-01-18 05:44 - 2012-01-18 05:44 - 10920984 ____A C:\Windows\SysWOW64\LogiDPP.dll
2012-01-18 05:44 - 2012-01-18 05:44 - 10920984 ____A C:\Windows\System32\LogiDPP.dll
2012-01-18 05:44 - 2012-01-18 05:44 - 0769312 ____A (Logitech Inc.) C:\Windows\System32\LVUI64.dll
2012-01-18 05:44 - 2012-01-18 05:44 - 0561440 ____A (Logitech Inc.) C:\Windows\System32\LVUIRC64.dll
2012-01-18 05:44 - 2012-01-18 05:44 - 0545056 ____A (Logitech Inc.) C:\Windows\SysWOW64\LVUI2.dll
2012-01-18 05:44 - 2012-01-18 05:44 - 0540960 ____A (Logitech Inc.) C:\Windows\SysWOW64\LVUI2RC.dll
2012-01-18 05:44 - 2012-01-18 05:44 - 0351136 ____A (Logitech Inc.) C:\Windows\System32\Drivers\lvrs64.sys
2012-01-18 05:44 - 2012-01-18 05:44 - 0336408 ____A C:\Windows\SysWOW64\DevManagerCore.dll
2012-01-18 05:44 - 2012-01-18 05:44 - 0336408 ____A C:\Windows\System32\DevManagerCore.dll
2012-01-18 05:44 - 2012-01-18 05:44 - 0307488 ____A (Logitech Inc.) C:\Windows\SysWOW64\lvcodec2.dll
2012-01-18 05:44 - 2012-01-18 05:44 - 0263456 ____A (Logitech Inc.) C:\Windows\System32\lvco13311044.dll
2012-01-18 05:44 - 2012-01-18 05:44 - 0176416 ____A (Logitech Inc.) C:\Windows\System32\lvcod64.dll
2012-01-18 05:44 - 2012-01-18 05:44 - 0104472 ____A C:\Windows\SysWOW64\LogiDPPApp.exe
2012-01-18 05:44 - 2012-01-18 05:44 - 0104472 ____A C:\Windows\System32\LogiDPPApp.exe
2012-01-18 05:23 - 2012-01-18 05:23 - 0266828 ____A C:\Windows\System32\Drivers\LVAFT.cfg
2012-01-18 05:23 - 2012-01-18 05:23 - 0038958 ____A C:\Windows\System32\Repository.reg
2012-01-18 05:22 - 2012-01-18 05:22 - 0028418 ____A C:\Windows\System32\lvcoin64.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 3882.17 MB
Available physical RAM: 3267.97 MB
Total Pagefile: 3880.32 MB
Available Pagefile: 3251.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:232 GB) (Free:151.28 GB) NTFS
2 Drive d: () (Fixed) (Total:346.39 GB) (Free:315.78 GB) NTFS
3 Drive f: (SAMSUNG_REC) (Fixed) (Total:17.68 GB) (Free:0.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: (Kelsey & Matt We) (CDROM) (Total:4.26 GB) (Free:0 GB) CDFS
6 Drive i: (TravelDrive) (Removable) (Total:0.94 GB) (Free:0.42 GB) FAT
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 1024 KB
Disk 1 Online 958 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 232 GB 101 MB
Partition 0 Extended 346 GB 232 GB
Partition 4 Logical 346 GB 232 GB
Partition 3 Recovery 17 GB 578 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y SYSTEM NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 232 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D NTFS Partition 346 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 F SAMSUNG_REC NTFS Partition 17 GB Healthy Hidden

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 958 MB 4096 B

======================================================================================================

Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I TravelDrive FAT Removable 958 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-29 23:01

======================= End Of Log ==========================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users