Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirection software


  • This topic is locked This topic is locked
34 replies to this topic

#1 leoliger

leoliger

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:41 AM

Posted 09 April 2012 - 02:48 PM

I have been trying to get rid of a virus that has hindered my browsing experience, however as I have started searching and learning about 'happili virus' it seems to more difficult to remove. I have not used HiJackThis software or any other software like it, so I would need a step by step instructions about these information programs as well as the removal process. I have a Windows 7 64bit Home Premium edition. The virus, so far, has redirected me in Firefox, but I am not to sure about IE as I rarely use the browser.

EDIT: I tried to download the DDS scanning tool, but the site nor any other site will allow me to download it.

Edited by leoliger, 09 April 2012 - 10:49 PM.


BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:41 AM

Posted 09 April 2012 - 10:32 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:
    %systemroot%\*. /rp /s
    netsvcs
  • Click the Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and paste them into your next post.
Posted Image Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it
  • You will be asked if you want to use Avast! Free anti virus for scanning - select No
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Please include the following in your next post:
  • OTL.txt and Extras.txt logs
  • aswMBR log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 leoliger

leoliger
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:41 AM

Posted 10 April 2012 - 12:01 AM

Here are the scan results as well as the .txt files from those scans just in case.

EDIT: I have just found another instance called 'infoMash' which is another pesky malware/spyware redirection virus. Can this be removed?


OTL logfile created on: 4/9/2012 11:43:49 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\rolando\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.19 Gb Available Physical Memory | 64.97% Memory free
15.98 Gb Paging File | 12.38 Gb Available in Paging File | 77.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 88.13 Gb Free Space | 19.54% Space Free | Partition Type: NTFS

Computer Name: ARTEMIS | User Name: rolando | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/04/09 23:43:11 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\rolando\Desktop\OTL.exe
PRC - [2012/03/25 23:28:40 | 000,049,340 | ---- | M] (The Pidgin developer community) -- C:\Program Files (x86)\Pidgin\pidgin.exe
PRC - [2012/03/16 17:01:46 | 000,758,784 | ---- | M] (CX Inc.) -- C:\Users\rolando\AppData\Local\CX\CX.exe
PRC - [2012/02/24 16:47:42 | 001,234,944 | ---- | M] (SRWare) -- C:\Program Files (x86)\SRWare Iron\iron.exe
PRC - [2012/02/15 10:23:55 | 003,025,112 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2012/02/11 00:46:54 | 010,530,816 | ---- | M] (NTeWORKS) -- C:\Program Files (x86)\PicPick\picpick.exe
PRC - [2012/02/03 02:55:28 | 000,296,232 | ---- | M] (Anvisoft) -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
PRC - [2012/02/03 02:55:26 | 000,715,048 | ---- | M] (Anvisoft) -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
PRC - [2012/02/02 18:34:46 | 000,219,952 | ---- | M] () -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/20 14:32:00 | 000,634,880 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011/12/01 08:46:47 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/10/31 19:20:52 | 000,052,224 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2011/09/15 13:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011/05/11 12:08:26 | 000,107,856 | ---- | M] () -- C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe
PRC - [2011/05/10 13:37:32 | 000,010,920 | ---- | M] (Absolute Software) -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
PRC - [2011/05/10 13:37:30 | 000,085,672 | ---- | M] (Absolute Software) -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
PRC - [2011/02/15 11:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) -- C:\Prey\platform\windows\cronsvc.exe
PRC - [2011/01/13 13:53:38 | 000,321,464 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
PRC - [2011/01/13 13:42:12 | 003,667,264 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\AlienRespawn\Toaster.exe
PRC - [2011/01/13 13:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
PRC - [2011/01/13 13:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\AlienRespawn\SftService.exe
PRC - [2010/11/24 15:33:26 | 000,921,600 | ---- | M] () -- C:\ProgramData\TVersity\Media Server\MediaServer.exe
PRC - [2010/06/17 15:55:10 | 000,398,848 | ---- | M] () -- C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe
PRC - [2010/05/21 14:34:38 | 000,013,624 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
PRC - [2010/05/21 14:33:48 | 000,063,304 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
PRC - [2010/05/12 18:04:48 | 000,599,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/05/12 18:03:22 | 000,300,472 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2010/04/04 13:44:10 | 000,095,560 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
PRC - [2010/04/04 13:44:08 | 001,992,008 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
PRC - [2010/04/04 13:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) -- C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
PRC - [2010/03/17 18:39:36 | 000,090,112 | ---- | M] (Microsoft) -- C:\Program Files (x86)\OSD\OSD_Main.exe
PRC - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/02/22 08:48:42 | 000,379,664 | ---- | M] (Hewlett-Packard ) -- C:\ProgramData\HP Mouse Suite Config\hpwmsd.exe
PRC - [2010/02/22 08:48:42 | 000,372,496 | ---- | M] (Hewlett-Packard ) -- C:\ProgramData\HP Mouse Suite Config\hpwjd.exe
PRC - [2010/01/04 14:10:00 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\OSD\OSD_Service.exe
PRC - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Users\rolando\Local Settings\Apps\F.lux\flux.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/25 23:28:42 | 000,036,068 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll
MOD - [2012/03/25 23:28:42 | 000,030,333 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll
MOD - [2012/03/25 23:28:42 | 000,023,455 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\winprefs.dll
MOD - [2012/03/25 23:28:42 | 000,022,901 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll
MOD - [2012/03/25 23:28:40 | 000,338,072 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libjabber.dll
MOD - [2012/03/25 23:28:40 | 000,302,791 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmsn.dll
MOD - [2012/03/25 23:28:40 | 000,256,529 | ---- | M] () -- C:\Program Files (x86)\Pidgin\liboscar.dll
MOD - [2012/03/25 23:28:40 | 000,194,434 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libymsg.dll
MOD - [2012/03/25 23:28:40 | 000,184,224 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libgg.dll
MOD - [2012/03/25 23:28:40 | 000,149,384 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsilc.dll
MOD - [2012/03/25 23:28:40 | 000,121,476 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmxit.dll
MOD - [2012/03/25 23:28:40 | 000,096,443 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsametime.dll
MOD - [2012/03/25 23:28:40 | 000,092,138 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libnovell.dll
MOD - [2012/03/25 23:28:40 | 000,088,548 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll
MOD - [2012/03/25 23:28:40 | 000,079,922 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libirc.dll
MOD - [2012/03/25 23:28:40 | 000,073,584 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll
MOD - [2012/03/25 23:28:40 | 000,063,229 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\spellchk.dll
MOD - [2012/03/25 23:28:40 | 000,045,348 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsimple.dll
MOD - [2012/03/25 23:28:40 | 000,039,509 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\log_reader.dll
MOD - [2012/03/25 23:28:40 | 000,024,487 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\themeedit.dll
MOD - [2012/03/25 23:28:40 | 000,024,106 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ticker.dll
MOD - [2012/03/25 23:28:40 | 000,023,390 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll
MOD - [2012/03/25 23:28:40 | 000,022,335 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\notify.dll
MOD - [2012/03/25 23:28:40 | 000,019,854 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll
MOD - [2012/03/25 23:28:40 | 000,019,058 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\convcolors.dll
MOD - [2012/03/25 23:28:40 | 000,018,502 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll
MOD - [2012/03/25 23:28:40 | 000,017,951 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll
MOD - [2012/03/25 23:28:40 | 000,017,519 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll
MOD - [2012/03/25 23:28:40 | 000,014,951 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll
MOD - [2012/03/25 23:28:40 | 000,014,905 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\markerline.dll
MOD - [2012/03/25 23:28:40 | 000,014,619 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll
MOD - [2012/03/25 23:28:40 | 000,013,589 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\timestamp.dll
MOD - [2012/03/25 23:28:40 | 000,013,528 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\history.dll
MOD - [2012/03/25 23:28:40 | 000,012,665 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\idle.dll
MOD - [2012/03/25 23:28:40 | 000,012,177 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\joinpart.dll
MOD - [2012/03/25 23:28:40 | 000,011,669 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll
MOD - [2012/03/25 23:28:40 | 000,011,163 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libicq.dll
MOD - [2012/03/25 23:28:40 | 000,010,860 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\extplacement.dll
MOD - [2012/03/25 23:28:40 | 000,010,624 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\statenotify.dll
MOD - [2012/03/25 23:28:40 | 000,010,232 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libaim.dll
MOD - [2012/03/25 23:28:40 | 000,010,203 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll
MOD - [2012/03/25 23:28:40 | 000,010,075 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\relnot.dll
MOD - [2012/03/25 23:28:40 | 000,010,026 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\psychic.dll
MOD - [2012/03/25 23:28:40 | 000,009,126 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\newline.dll
MOD - [2012/03/25 23:28:40 | 000,008,793 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll
MOD - [2012/03/25 23:28:40 | 000,007,899 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\buddynote.dll
MOD - [2012/03/25 23:28:40 | 000,007,511 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\iconaway.dll
MOD - [2012/03/25 23:28:40 | 000,007,162 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ssl.dll
MOD - [2012/03/25 23:28:36 | 000,582,656 | ---- | M] () -- C:\Program Files (x86)\Pidgin\exchndl.dll
MOD - [2012/03/25 23:28:36 | 000,475,580 | ---- | M] () -- C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll
MOD - [2012/03/25 23:26:20 | 000,417,501 | ---- | M] () -- C:\Program Files (x86)\Pidgin\sqlite3.dll
MOD - [2012/03/25 23:26:16 | 002,719,062 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll
MOD - [2012/03/25 23:26:16 | 001,206,642 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libsilcclient-1-1-2.dll
MOD - [2012/03/25 23:26:14 | 000,173,805 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll
MOD - [2012/03/25 23:26:04 | 001,213,633 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libxml2-2.dll
MOD - [2012/03/16 17:01:44 | 001,061,888 | ---- | M] () -- C:\Users\rolando\AppData\Local\CX\_ssl.pyd
MOD - [2012/03/16 17:01:44 | 000,723,456 | ---- | M] () -- C:\Users\rolando\AppData\Local\CX\unicodedata.pyd
MOD - [2012/03/16 17:01:44 | 000,718,848 | ---- | M] () -- C:\Users\rolando\AppData\Local\CX\_hashlib.pyd
MOD - [2012/03/16 17:01:44 | 000,444,416 | ---- | M] () -- C:\Users\rolando\AppData\Local\CX\sqlite3.dll
MOD - [2012/03/16 17:01:44 | 000,086,016 | ---- | M] () -- C:\Users\rolando\AppData\Local\CX\_ctypes.pyd
MOD - [2012/03/16 17:01:44 | 000,066,560 | ---- | M] () -- C:\Users\rolando\AppData\Local\CX\bz2.pyd
MOD - [2012/03/16 17:01:44 | 000,047,616 | ---- | M] () -- C:\Users\rolando\AppData\Local\CX\_socket.pyd
MOD - [2012/03/16 17:01:44 | 000,046,080 | ---- | M] () -- C:\Users\rolando\AppData\Local\CX\_sqlite3.pyd
MOD - [2012/03/16 17:01:44 | 000,027,136 | ---- | M] () -- C:\Users\rolando\AppData\Local\CX\_multiprocessing.pyd
MOD - [2012/03/16 17:01:40 | 000,066,560 | ---- | M] () -- C:\Users\rolando\AppData\Local\CX\Python.dll
MOD - [2012/02/28 17:10:57 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ae31d46211440b11a9e66c3ba1a4e7ff\System.Xaml.ni.dll
MOD - [2012/02/28 16:56:50 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
MOD - [2012/02/28 16:55:47 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
MOD - [2012/02/28 16:55:36 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
MOD - [2012/02/28 16:54:20 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll
MOD - [2012/02/28 16:54:13 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a595aa31f93ed043fd02ec9d8ff40b32\System.Web.Services.ni.dll
MOD - [2012/02/28 16:54:10 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll
MOD - [2012/02/28 16:53:59 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/28 16:53:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/28 16:53:56 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5be773440afa1e1f565f9021d8fd9730\IAStorUtil.ni.dll
MOD - [2012/02/28 16:53:54 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/28 16:53:48 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/28 16:53:41 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll
MOD - [2012/02/28 16:53:34 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/28 16:53:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/28 16:53:27 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/02/28 16:53:18 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2012/02/28 12:41:59 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e48a8a41e50ee180c6ca9c50e4575f42\PresentationFramework.ni.dll
MOD - [2012/02/28 12:41:35 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9dee5fd0cf53fc233a7fc20edf8e66ed\PresentationCore.ni.dll
MOD - [2012/02/28 12:41:30 | 013,138,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7390d789557549200e474b9bbeca3d1a\System.Windows.Forms.ni.dll
MOD - [2012/02/28 12:41:19 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll
MOD - [2012/02/28 12:41:17 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef8c44c3c8766f219f576faab54c8dc7\WindowsBase.ni.dll
MOD - [2012/02/28 12:41:13 | 001,653,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\aa90407cafb9b4a0dc5e3fdff170fee9\System.Drawing.ni.dll
MOD - [2012/02/28 12:41:13 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8b8a5c194aacfb2102d4e26b75a84e03\PresentationFramework.Aero.ni.dll
MOD - [2012/02/28 12:38:43 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bab886a18699bab842769c5ce486c332\System.Configuration.ni.dll
MOD - [2012/02/28 12:38:26 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll
MOD - [2012/02/28 12:38:16 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll
MOD - [2012/02/09 22:59:22 | 001,094,158 | ---- | M] () -- C:\Program Files (x86)\SRWare Iron\avcodec-53.dll
MOD - [2012/02/09 22:59:22 | 000,184,846 | ---- | M] () -- C:\Program Files (x86)\SRWare Iron\avformat-53.dll
MOD - [2012/02/09 22:59:22 | 000,117,262 | ---- | M] () -- C:\Program Files (x86)\SRWare Iron\avutil-51.dll
MOD - [2012/02/02 18:34:46 | 000,219,952 | ---- | M] () -- C:\Program Files (x86)\uTorrent\uTorrent.exe
MOD - [2012/01/31 21:15:02 | 000,547,112 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\sqlite3.dll
MOD - [2011/12/20 14:32:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2011/12/20 14:32:00 | 000,634,880 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011/12/20 14:32:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2011/12/20 14:32:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011/12/20 14:32:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011/12/20 14:32:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011/12/20 14:32:00 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011/12/20 14:32:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2011/12/20 14:32:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2011/08/25 18:20:01 | 000,090,496 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll
MOD - [2011/08/25 18:20:00 | 000,904,525 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll
MOD - [2011/08/25 18:20:00 | 000,482,872 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libgio-2.0-0.dll
MOD - [2011/08/25 18:20:00 | 000,279,059 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll
MOD - [2011/08/25 18:20:00 | 000,219,305 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll
MOD - [2011/08/25 18:20:00 | 000,143,096 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll
MOD - [2011/08/25 18:20:00 | 000,095,189 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libpangocairo-1.0-0.dll
MOD - [2011/08/25 18:20:00 | 000,055,808 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll
MOD - [2011/08/25 18:19:59 | 000,535,264 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/03/14 02:16:30 | 004,790,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXModelResources\1.0.92.0__bebb3c8816410241\AlienwareAlienFXModelResources.dll
MOD - [2011/03/14 02:16:30 | 000,443,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXTools\1.0.92.0__bebb3c8816410241\AlienwareAlienFXTools.dll
MOD - [2011/03/14 02:16:30 | 000,075,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.92.0__bebb3c8816410241\AlienLabsTools.dll
MOD - [2011/03/14 02:16:30 | 000,027,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LightFX\1.0.92.0__bebb3c8816410241\LightFX.dll
MOD - [2011/03/14 02:16:30 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication\1.0.92.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.dll
MOD - [2011/03/14 02:16:30 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication.Core\1.0.92.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.Core.dll
MOD - [2011/03/14 02:16:29 | 000,037,712 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.92.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll
MOD - [2011/03/14 02:16:29 | 000,037,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x511\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x511.dll
MOD - [2011/03/14 02:16:29 | 000,036,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x514\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x514.dll
MOD - [2011/03/14 02:16:29 | 000,036,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x512\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x512.dll
MOD - [2011/03/14 02:16:29 | 000,028,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x516\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x516.dll
MOD - [2011/03/14 02:16:29 | 000,027,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x515\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x515.dll
MOD - [2011/03/14 02:16:29 | 000,025,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.DeviceDiscovery\1.0.92.0__bebb3c8816410241\AlienFX.DeviceDiscovery.dll
MOD - [2011/03/14 02:16:29 | 000,024,904 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.XPS\1.0.92.0__bebb3c8816410241\AlienFX.Communication.XPS.dll
MOD - [2011/03/14 02:16:29 | 000,019,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x513\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x513.dll
MOD - [2011/03/14 02:16:29 | 000,017,224 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.Core\1.0.92.0__bebb3c8816410241\AlienFX.Communication.Core.dll
MOD - [2011/03/14 02:16:29 | 000,011,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication\1.0.92.0__bebb3c8816410241\AlienFX.Communication.dll
MOD - [2011/01/13 13:42:02 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\SftBRCCPiped.dll
MOD - [2011/01/13 13:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
MOD - [2011/01/13 13:37:50 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\zlib1.dll
MOD - [2011/01/13 13:37:26 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\STRegistry.dll
MOD - [2011/01/13 13:37:24 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\STPE.dll
MOD - [2011/01/13 13:37:20 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\STNLS.dll
MOD - [2011/01/13 13:37:18 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\STLog.dll
MOD - [2011/01/13 13:37:14 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\STFiles.dll
MOD - [2011/01/13 13:37:04 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\STBRCCServCLR.dll
MOD - [2011/01/13 13:36:50 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\AlienRespawn\libxml2.dll
MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/04/04 13:45:06 | 000,089,416 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll
MOD - [2010/04/04 13:44:12 | 000,059,208 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
MOD - [2010/04/04 13:42:44 | 000,247,624 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll
MOD - [2009/09/07 23:38:00 | 000,278,906 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libjson-glib-1.0.dll
MOD - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Users\rolando\Local Settings\Apps\F.lux\flux.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/10 03:49:18 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/05/21 10:39:22 | 000,014,648 | ---- | M] (Alienware) [Auto | Stopped] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2010/04/04 13:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe -- (FAService)
SRV:64bit: - [2009/12/16 08:16:30 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/09/15 14:49:02 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/08/17 21:09:52 | 000,868,128 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/02 13:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe -- (AESTFilters)
SRV - [2012/03/21 08:29:35 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/02/15 10:23:55 | 003,025,112 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012/02/03 02:55:28 | 000,296,232 | ---- | M] (Anvisoft) [Auto | Running] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe -- (asdsrv)
SRV - [2012/02/02 09:18:54 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/01 08:46:47 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/10/31 19:20:52 | 000,052,224 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2011/09/15 13:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/05/11 12:08:34 | 000,120,144 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe -- (CLEARWIRERcAppSvc)
SRV - [2011/05/11 12:08:26 | 000,124,240 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe -- (CACLEARWIRE)
SRV - [2011/05/11 12:08:26 | 000,107,856 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe -- (SMSI Device Launch Service)
SRV - [2011/05/10 13:37:32 | 000,010,920 | ---- | M] (Absolute Software) [Auto | Running] -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe -- (AbsoluteNotifier)
SRV - [2011/03/16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/15 11:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) [Auto | Running] -- C:\Prey\platform\windows\cronsvc.exe -- (CronService)
SRV - [2011/01/13 13:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\AlienRespawn\SftService.exe -- (SftService)
SRV - [2010/11/25 05:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 05:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/11/24 15:33:26 | 000,921,600 | ---- | M] () [Auto | Running] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/11/08 12:04:20 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/06/25 12:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/06/17 15:55:10 | 000,398,848 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe -- (clearwireDeviceDiagnosticsService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/01/04 14:10:00 | 000,016,384 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OSD\OSD_Service.exe -- (HappyOSD)
SRV - [2009/09/15 14:49:02 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\STacSV64.exe -- (STacSV)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/02 13:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe -- (AESTFilters)
SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/03 14:19:10 | 000,147,248 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/02 09:18:54 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/01/09 03:26:30 | 000,024,360 | ---- | M] (Anvisoft) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\avhips.sys -- (avhips)
DRV:64bit: - [2012/01/09 03:26:30 | 000,020,264 | ---- | M] (Anvisoft) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avfsmn.sys -- (avfsmn)
DRV:64bit: - [2011/12/14 19:46:42 | 000,222,904 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/04/05 09:55:48 | 000,389,408 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drxvi314_64.sys -- (bcm)
DRV:64bit: - [2011/04/05 09:55:46 | 000,067,360 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BcmBusCtr_64.sys -- (bcmbusctr)
DRV:64bit: - [2011/03/22 07:27:46 | 000,028,264 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ITECIRfilter.sys -- (ITECIRfilter)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 18:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/06 22:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010/09/17 15:40:06 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/09/17 15:39:58 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2010/09/10 17:22:16 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/08/10 04:21:12 | 007,456,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/08/10 03:13:56 | 000,268,800 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/08/05 07:55:24 | 000,043,032 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\PCTINDIS5X64.sys -- (PCTINDIS5X64)
DRV:64bit: - [2010/07/14 14:47:42 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/07/13 09:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/06/25 12:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/05/26 10:39:08 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\1CB5.tmp -- (MEMSWEEP2)
DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/04/01 06:29:16 | 000,319,536 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/04 16:20:26 | 000,015,360 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HP8207_8307.sys -- (HP8207_8307)
DRV:64bit: - [2009/12/16 08:16:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/12/16 08:16:14 | 003,053,560 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/12/09 20:37:56 | 000,294,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel®
DRV:64bit: - [2009/12/02 02:45:32 | 000,025,136 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009/11/02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/10/13 00:22:02 | 000,178,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iSSetup.sys -- (iSSetup)
DRV:64bit: - [2009/09/15 14:49:02 | 000,499,712 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/08/21 03:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/13 14:53:46 | 000,042,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2) Intel®
DRV:64bit: - [2009/07/13 14:53:42 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1)
DRV:64bit: - [2009/07/13 14:42:44 | 000,046,792 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ioatdma.sys -- (ioatdma) Intel®
DRV:64bit: - [2009/06/30 23:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/06/30 23:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/06/30 23:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/10 15:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/07 02:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/10/03 15:39:00 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/09/24 21:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2008/03/03 18:19:04 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/07/27 19:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/04/11 09:30:04 | 000,043,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTVE.sys -- (IAMTVE) Driver for Intel®
DRV:64bit: - [2007/04/11 09:29:58 | 000,051,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTXPE.sys -- (IAMTXPE) Driver for Intel®
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/11/02 19:18:15 | 000,063,880 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
DRV - [2011/05/19 13:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2010/09/17 15:40:06 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/07/26 04:30:36 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\OSD\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.alienware.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{7E9F92CA-C4B7-4ACE-BBF9-9BA018BA5A3C}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "http://www.google.com/search"
FF - prefs.js..browser.search.useDBForOrder: true


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\Firefox [2011/08/27 07:09:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/08/27 23:56:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/17 17:41:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/21 13:45:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/12/23 00:44:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files (x86)\AVG\AVG2012\Thunderbird\
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{367C710F-7D9E-11E1-826D-B8AC6F996F26}: C:\Users\rolando\AppData\Local\{367C710F-7D9E-11E1-826D-B8AC6F996F26}\ [2012/04/03 10:03:51 | 000,000,000 | ---D | M]

[2011/04/12 21:01:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rolando\AppData\Roaming\mozilla\Extensions
[2011/04/12 21:01:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rolando\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/04/04 09:43:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rolando\AppData\Roaming\mozilla\Firefox\Profiles\uj62h6yn.default\extensions
[2012/04/04 09:43:46 | 000,000,000 | ---D | M] (Liquid Words) -- C:\Users\rolando\AppData\Roaming\mozilla\Firefox\Profiles\uj62h6yn.default\extensions\{9A752782-D706-479b-98F8-3F66BF921692}
[2012/03/30 10:11:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\rolando\AppData\Roaming\mozilla\Firefox\Profiles\uj62h6yn.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/03/15 13:05:23 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\rolando\AppData\Roaming\mozilla\Firefox\Profiles\uj62h6yn.default\extensions\firefox@ghostery.com
[2011/12/31 17:09:06 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\rolando\AppData\Roaming\mozilla\Firefox\Profiles\uj62h6yn.default\extensions\foxmarks@kei.com
[2012/02/28 11:26:53 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\rolando\AppData\Roaming\mozilla\Firefox\Profiles\uj62h6yn.default\extensions\https-everywhere@eff.org
[2012/03/17 07:55:33 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\rolando\AppData\Roaming\mozilla\Firefox\Profiles\uj62h6yn.default\extensions\keyscrambler@qfx.software.corporation
[2011/05/01 08:53:32 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\rolando\AppData\Roaming\mozilla\Firefox\Profiles\uj62h6yn.default\extensions\LogMeInClient@logmein.com
[2011/05/21 22:19:38 | 000,001,700 | ---- | M] () -- C:\Users\rolando\AppData\Roaming\Mozilla\Firefox\Profiles\uj62h6yn.default\searchplugins\anidb.xml
[2011/07/17 22:25:41 | 000,000,802 | ---- | M] () -- C:\Users\rolando\AppData\Roaming\Mozilla\Firefox\Profiles\uj62h6yn.default\searchplugins\btjunkie.xml
[2011/12/31 20:18:44 | 000,002,380 | ---- | M] () -- C:\Users\rolando\AppData\Roaming\Mozilla\Firefox\Profiles\uj62h6yn.default\searchplugins\deviantart.xml
[2011/05/11 23:26:36 | 000,002,884 | ---- | M] () -- C:\Users\rolando\AppData\Roaming\Mozilla\Firefox\Profiles\uj62h6yn.default\searchplugins\hyperwords.xml
[2011/07/09 22:37:30 | 000,012,703 | ---- | M] () -- C:\Users\rolando\AppData\Roaming\Mozilla\Firefox\Profiles\uj62h6yn.default\searchplugins\imdb.xml
[2012/04/05 16:00:51 | 000,004,873 | ---- | M] () -- C:\Users\rolando\AppData\Roaming\Mozilla\Firefox\Profiles\uj62h6yn.default\searchplugins\isohunt--bt-search.xml
[2012/04/05 16:00:50 | 000,002,523 | ---- | M] () -- C:\Users\rolando\AppData\Roaming\Mozilla\Firefox\Profiles\uj62h6yn.default\searchplugins\kickasstorrents.xml
[2012/04/04 09:44:19 | 000,002,888 | ---- | M] () -- C:\Users\rolando\AppData\Roaming\Mozilla\Firefox\Profiles\uj62h6yn.default\searchplugins\liquid-words.xml
[2011/04/17 13:16:01 | 000,004,140 | ---- | M] () -- C:\Users\rolando\AppData\Roaming\Mozilla\Firefox\Profiles\uj62h6yn.default\searchplugins\youtube.xml
[2012/03/02 21:30:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/09/09 08:23:44 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de
[2012/04/03 10:03:51 | 000,000,000 | ---D | M] (Translate This!) -- C:\USERS\ROLANDO\APPDATA\LOCAL\{367C710F-7D9E-11E1-826D-B8AC6F996F26}
() (No name found) -- C:\USERS\ROLANDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UJ62H6YN.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\ROLANDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UJ62H6YN.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ROLANDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UJ62H6YN.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\USERS\ROLANDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UJ62H6YN.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\ROLANDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UJ62H6YN.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\USERS\ROLANDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UJ62H6YN.DEFAULT\EXTENSIONS\BROWSERPROTECT@BROWSERPROTECT.COM.XPI
() (No name found) -- C:\USERS\ROLANDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UJ62H6YN.DEFAULT\EXTENSIONS\FASTERFOX_LITE@BIGREDBRENT.XPI
() (No name found) -- C:\USERS\ROLANDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UJ62H6YN.DEFAULT\EXTENSIONS\SERVICE@TOUCHPDF.COM.XPI
() (No name found) -- C:\USERS\ROLANDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UJ62H6YN.DEFAULT\EXTENSIONS\SPAM@TRASHMAIL.NET.XPI
[2012/03/17 17:41:40 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/05/12 17:42:04 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010/05/12 17:43:54 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010/05/12 17:42:52 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010/05/12 17:42:32 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2010/05/12 18:22:36 | 000,423,328 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2010/05/12 17:43:56 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012/02/04 10:12:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/04 10:12:01 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Ghostery Add-On) - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll ()
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll (Sensible Vision )
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [phelsv] C:\Users\rolando\AppData\Local\Temp\phelsv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [shoms] C:\Users\rolando\AppData\Local\Temp\shoms.dll (C-Media Electronics Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Absolute Notifier] C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe (Absolute Software)
O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Clearwire Connection Manager] C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe (ClearwireCM)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [OSD_LAUNCH] c:\Program Files (x86)\OSD\Launch.exe (HH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [CX] C:\Users\rolando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CX\CX.lnk ()
O4 - HKCU..\Run: [F.lux] C:\Users\rolando\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKCU..\Run: [PicPick Start] C:\Program Files (x86)\PicPick\picpick.exe (NTeWORKS)
O4 - HKCU..\Run: [Pidgin] C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe ()
O4 - HKCU..\Run: [Xeyqcok] C:\Users\rolando\AppData\Roaming\Ynew\elek.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Ghostery - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {10000000-1000-1000-1000-100000000000} http://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab (Reg Error: Key error.)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{766C9AEC-25FD-4F88-B224-550581A5D580}: DhcpNameServer = 64.233.207.8 64.233.207.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF4D2C1A-6BB2-4BF8-93A7-D830BC05C57A}: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C227CF8A-1654-40A9-A984-88003951FD21}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F55CB451-1E36-4B4B-A799-870253D22B8C}: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F55CB451-1E36-4B4B-A799-870253D22B8C}: NameServer = 208.67.222.222,208.67.220.220
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18:64bit: - Protocol\Filter\text/html - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/html {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - C:\Program Files (x86)\GhosteryIEplugin\GhosteryMimeFilter.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll) - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{11df5cca-0222-11e1-b19f-842b2b84493c}\Shell - "" = AutoRun
O33 - MountPoints2\{11df5cca-0222-11e1-b19f-842b2b84493c}\Shell\AutoRun\command - "" = E:\INSTALL.EXE
O33 - MountPoints2\{26038a6e-2986-11e1-b8c2-4c54994f7fa7}\Shell - "" = AutoRun
O33 - MountPoints2\{26038a6e-2986-11e1-b8c2-4c54994f7fa7}\Shell\AutoRun\command - "" = G:\Start.exe
O33 - MountPoints2\{26038a6e-2986-11e1-b8c2-4c54994f7fa7}\Shell\menu1\command - "" = G:\Start.exe
O33 - MountPoints2\{ba6ea3fe-6053-11e0-a09c-c0cb388db198}\Shell - "" = AutoRun
O33 - MountPoints2\{ba6ea3fe-6053-11e0-a09c-c0cb388db198}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ba6ea402-6053-11e0-a09c-c0cb388db198}\Shell - "" = AutoRun
O33 - MountPoints2\{ba6ea402-6053-11e0-a09c-c0cb388db198}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


========== Files/Folders - Created Within 30 Days ==========

[2012/04/09 23:43:09 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\rolando\Desktop\OTL.exe
[2012/04/09 12:50:33 | 000,024,360 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\avhips.sys
[2012/04/09 12:50:33 | 000,020,264 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\avfsmn.sys
[2012/04/09 12:50:33 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anvisoft
[2012/04/09 12:50:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft
[2012/04/09 11:49:32 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{D5D058F2-0EFE-49EA-9198-3BAC9CED0CEE}
[2012/04/09 08:26:51 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{DFDD00D6-2464-4E19-8FB7-83297706BA06}
[2012/04/08 07:47:14 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{7A68058D-86D6-42BB-9757-ADA0CCE3E9B6}
[2012/04/07 15:55:19 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{535F706A-E8CD-4FEE-B433-15A43FF7194F}
[2012/04/06 07:27:50 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{1AB0B2C4-03A1-4A14-AC47-EF46BA7A23BB}
[2012/04/05 21:18:55 | 000,000,000 | ---D | C] -- C:\Users\rolando\Desktop\GrowAPairOfWingsXDRequest
[2012/04/05 20:55:44 | 000,000,000 | ---D | C] -- C:\Users\rolando\Desktop\ShinigaminoBallad
[2012/04/05 15:54:31 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{EF2EB1D3-18BC-4FDB-93F3-4647C1625765}
[2012/04/04 15:04:35 | 000,000,000 | ---D | C] -- C:\Users\rolando\Desktop\WaterDragons
[2012/04/04 14:01:18 | 000,000,000 | ---D | C] -- C:\Users\rolando\Desktop\evo-firmware-2-3
[2012/04/04 13:53:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2012/04/04 13:51:52 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/04/04 13:37:44 | 000,000,000 | ---D | C] -- C:\Users\rolando\Desktop\eng_iPlayer_OS_20120323
[2012/04/04 10:32:12 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{44E0E889-C479-48C2-843E-EDCFBA0A6A64}
[2012/04/03 14:19:10 | 000,147,248 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys
[2012/04/03 10:03:51 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{367C710F-7D9E-11E1-826D-B8AC6F996F26}
[2012/04/03 09:42:45 | 094,073,136 | ---- | C] (Oracle Corporation) -- C:\Users\rolando\Desktop\VirtualBox-4.1.12-77245-Win.exe
[2012/04/02 22:31:10 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{9241A7A1-9264-4602-AF06-DDD374DBFD22}
[2012/04/02 18:17:58 | 000,000,000 | ---D | C] -- C:\Users\rolando\Desktop\AKAIO 1.8.9z
[2012/04/02 13:34:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2012/04/02 13:23:29 | 006,118,990 | ---- | C] (LIGHTNING UK!) -- C:\Users\rolando\Desktop\SetupImgBurn_2.5.7.0.exe
[2012/04/02 10:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2012/04/02 10:39:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2012/04/02 10:30:33 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{B7D53502-9CEF-4B7F-984A-E243C10AB192}
[2012/04/02 10:24:57 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012/04/01 10:29:18 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{88218FED-A031-496B-A061-09C510ACAFF8}
[2012/03/31 09:40:59 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{524AA4D0-D9EB-4473-B6B6-180932F6BE38}
[2012/03/30 09:07:49 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{94B6C46D-A942-4E9D-A8D2-C4784186F09B}
[2012/03/29 08:50:22 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{6F660BBC-1199-47A6-80EF-4699E822A432}
[2012/03/28 20:49:59 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{418988EF-7969-4873-91D1-F9254248A4AD}
[2012/03/28 08:49:19 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{6928E010-0237-4321-9FD5-B26114C11466}
[2012/03/28 08:48:42 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{18A7BC0A-CBBA-4278-A5C9-3134D18C7AFF}
[2012/03/27 19:53:43 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{63D04DA1-D1FB-4CA7-86D7-D2431522889B}
[2012/03/26 12:44:31 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{40459B5A-767A-4F33-8B22-866B3A711547}
[2012/03/25 21:18:47 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{BF9B783A-BBED-4C47-8BC0-64FD6C04B374}
[2012/03/25 21:18:25 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{59E47D17-5801-4E80-ACD5-2DCDE33693FF}
[2012/03/25 14:18:25 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portforward.com
[2012/03/25 14:18:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PFPortChecker
[2012/03/25 09:18:00 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{57CCC2D2-3E63-4479-9EF5-FB0F87C03607}
[2012/03/25 09:15:39 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{74133FC7-FF76-4A6A-8FE5-CA8099FC3152}
[2012/03/25 00:29:06 | 000,000,000 | ---D | C] -- C:\Users\rolando\Desktop\ak2loader
[2012/03/24 23:43:48 | 000,000,000 | ---D | C] -- C:\Users\rolando\Desktop\ak2ifw_update_3ds3.0_DSi143
[2012/03/24 21:15:13 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{9375BF4B-62A2-4C37-B0D0-6A0D90938D69}
[2012/03/24 09:14:59 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{3931C4B1-C4C8-4625-818D-308C027A9C0A}
[2012/03/23 20:31:16 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{2CE60D3E-1826-4B12-9CD7-7030E391A6C0}
[2012/03/23 20:29:46 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{6CD2B6E9-3730-4B62-8E96-C70AF1A75F1B}
[2012/03/23 08:29:18 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{5BFFAB3C-2EFC-4046-8DBD-43F52E14733A}
[2012/03/23 08:27:28 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{2857329C-7C67-443C-B4B7-979BB36EB3DB}
[2012/03/22 23:03:39 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CX
[2012/03/22 22:26:53 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\Diagnostics
[2012/03/22 19:33:12 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{95C6847D-C25C-4E2B-9069-D1EB6EE81056}
[2012/03/22 07:30:30 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{0842FAEC-FF65-4BF8-847C-727078C73840}
[2012/03/22 07:29:10 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{32897AB9-3CAF-4B13-886C-56B3917DFC32}
[2012/03/21 23:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PreEmptive Solutions
[2012/03/21 19:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCF RIA Services V1.0 SP1
[2012/03/21 19:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
[2012/03/21 19:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\VS
[2012/03/21 19:48:02 | 000,000,000 | ---D | C] -- C:\407c118d82280af108
[2012/03/21 14:36:36 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\MigWiz
[2012/03/21 14:14:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/21 14:14:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/21 14:14:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/03/21 14:14:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/21 14:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012/03/21 13:33:38 | 000,000,000 | ---D | C] -- C:\Users\rolando\.VirtualBox
[2012/03/21 12:56:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WBFS to ISO
[2012/03/21 12:56:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WBFS to ISO
[2012/03/21 12:50:48 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{FCC494B8-D858-4CB6-B561-A6B0D0F8F8AB}
[2012/03/21 12:49:44 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{00FDE324-E09B-430D-9F89-CBC49EC5C3FE}
[2012/03/21 11:59:01 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{9E5318B6-17A9-4684-96C7-F7B9B4B434C4}
[2012/03/21 08:29:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
[2012/03/21 08:29:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2012/03/21 08:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Rosetta Stone
[2012/03/21 08:29:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rosetta Stone
[2012/03/21 08:25:53 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{5C8BFBC5-CF8F-4EA1-AA0B-1336C3D09986}
[2012/03/20 06:57:09 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{0ED4C59C-8FBB-43E7-B165-C682D51C5DF7}
[2012/03/19 09:29:57 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{53FC0B64-F4D3-4615-8A52-38D413160DD8}
[2012/03/18 20:41:45 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{9EDFCE81-2C53-43BF-9201-0A20A8EE22D4}
[2012/03/18 17:02:00 | 000,000,000 | ---D | C] -- C:\Users\rolando\Desktop\Damages
[2012/03/18 08:41:09 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{C6645ACE-6187-47AB-81D8-D913662D1E87}
[2012/03/18 08:40:58 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{EF9F5237-C3B0-4959-A8D7-269BBC10E102}
[2012/03/17 20:15:08 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{2EF1CE38-7D5D-4130-8833-48C86886789E}
[2012/03/17 08:14:31 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{D06D1CB3-3CBC-4E4A-9985-1E1183A9909B}
[2012/03/17 08:14:10 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{CD6FBAEF-742A-4B45-8806-9FAF7DC6B130}
[2012/03/16 20:13:28 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{E86C3EED-FAB3-42D2-B856-6755C694ACA2}
[2012/03/16 08:13:08 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{2F96DDD6-0A41-4373-B6A0-3394CA6145E3}
[2012/03/15 20:48:01 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Roaming\Zoezip
[2012/03/15 20:48:01 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Roaming\Ynew
[2012/03/15 20:48:01 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Roaming\Xaqew
[2012/03/15 13:05:20 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{3CEBEEAB-7326-4A18-AC84-29E8B316747A}
[2012/03/15 13:04:03 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{EB4DB115-025B-4C01-B04E-F4641FB44990}
[2012/03/14 11:35:48 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{491DD27F-592E-49E3-ABB5-34AFBD5FAF11}
[2012/03/14 11:34:22 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{883D09D7-EB97-4529-88BB-C441651FCF39}
[2012/03/13 21:49:38 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/13 21:49:37 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/13 21:49:37 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/13 20:12:11 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{1841F652-F063-45F4-BBBB-14250E732BEE}
[2012/03/13 20:12:01 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{E08C02CA-BD86-46CA-AD39-E96950251C78}
[2012/03/13 15:03:26 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Roaming\Microsoft Corporation
[2012/03/13 12:55:46 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/13 12:54:01 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/13 12:54:01 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/13 12:54:01 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/13 12:53:53 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/13 12:53:53 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/13 12:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\thechineseroom
[2012/03/13 12:43:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\thechineseroom
[2012/03/13 07:58:16 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{0A830A3A-47A0-4EE4-AF1A-A574B2473D21}
[2012/03/13 07:57:41 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{F506F76A-1391-4EF7-8285-DBC34C7D9D38}
[2012/03/12 17:40:22 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\CX
[2012/03/12 13:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/03/12 11:09:51 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{EA1397A3-AAA4-440E-8C86-886248941E7D}
[2012/03/12 11:08:31 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{00751156-CAF4-472D-BBCE-E0950AA82B00}
[2012/03/11 20:53:53 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{81699431-1856-40E9-8265-E34CB0D14311}
[2012/03/11 20:53:25 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{41D35921-C4E7-4EAB-9452-86A2A208E9E3}
[2012/03/11 08:52:56 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{8E011F99-2AC3-4F74-ABC1-616966B3ED15}
[2012/03/11 08:51:38 | 000,000,000 | ---D | C] -- C:\Users\rolando\AppData\Local\{CED05FDE-0A3C-4764-B3C6-284F09ADD2C7}
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/09 23:47:18 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/09 23:47:18 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/09 23:43:11 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\rolando\Desktop\OTL.exe
[2012/04/09 23:40:11 | 000,000,432 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012/04/09 23:40:06 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/04/09 23:40:06 | 000,052,224 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2012/04/09 23:39:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/09 23:39:18 | 2138,439,679 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/09 23:38:00 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/04/09 23:38:00 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/04/09 22:59:04 | 000,302,592 | ---- | M] () -- C:\Users\rolando\Desktop\2q0wcznz.exe
[2012/04/09 22:57:26 | 000,031,860 | ---- | M] () -- C:\Users\rolando\Desktop\Inside Natures Giants s04e01.thebox.hannibal.torrent
[2012/04/09 22:54:07 | 000,019,024 | ---- | M] () -- C:\Users\rolando\Desktop\Escape into Night.torrent
[2012/04/09 12:50:33 | 000,001,146 | ---- | M] () -- C:\Users\rolando\Desktop\Anvi Smart Defender.lnk
[2012/04/08 10:40:04 | 000,872,878 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/08 10:40:04 | 000,726,718 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/08 10:40:04 | 000,146,704 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/06 07:05:05 | 000,489,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/05 21:34:18 | 040,248,217 | ---- | M] () -- C:\Users\rolando\Desktop\Moonshell_210.zip
[2012/04/05 21:18:46 | 000,185,531 | ---- | M] () -- C:\Users\rolando\Desktop\GrowAPairOfWingsXDRequest.zip
[2012/04/05 20:55:22 | 000,255,425 | ---- | M] () -- C:\Users\rolando\Desktop\ShinigaminoBallad.zip
[2012/04/04 19:18:43 | 000,064,999 | ---- | M] () -- C:\Users\rolando\Desktop\how_to_train_your_dragon_2_400x240.jpg
[2012/04/04 14:58:08 | 000,119,908 | ---- | M] () -- C:\Users\rolando\Desktop\WaterDragons.zip
[2012/04/04 14:00:59 | 001,941,160 | ---- | M] () -- C:\Users\rolando\Desktop\evo-firmware-2-3.zip
[2012/04/04 13:53:09 | 000,001,102 | ---- | M] () -- C:\Users\rolando\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2012/04/04 13:53:09 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2012/04/04 13:37:33 | 013,083,518 | ---- | M] () -- C:\Users\rolando\Desktop\eng_iPlayer_OS_20120323.zip
[2012/04/03 14:19:10 | 000,147,248 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys
[2012/04/03 09:46:30 | 094,073,136 | ---- | M] (Oracle Corporation) -- C:\Users\rolando\Desktop\VirtualBox-4.1.12-77245-Win.exe
[2012/04/02 13:40:29 | 023,918,505 | ---- | M] () -- C:\Users\rolando\Desktop\4076.zip
[2012/04/02 13:24:39 | 000,001,029 | ---- | M] () -- C:\Users\rolando\Application Data\Microsoft\Internet Explorer\Quick Launch\PFPortChecker.lnk
[2012/04/02 13:23:46 | 006,118,990 | ---- | M] (LIGHTNING UK!) -- C:\Users\rolando\Desktop\SetupImgBurn_2.5.7.0.exe
[2012/04/02 10:24:57 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2012/03/26 12:51:50 | 001,328,591 | ---- | M] () -- C:\Users\rolando\Desktop\CLEAR_Spot_4G_Apollo_Users_Guide_6-14-2011.pdf
[2012/03/21 23:57:01 | 000,867,094 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/21 15:00:43 | 000,000,017 | ---- | M] () -- C:\Users\rolando\AppData\Local\resmon.resmoncfg
[2012/03/21 14:23:02 | 000,001,745 | ---- | M] () -- C:\Users\rolando\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes (2).lnk
[2012/03/21 14:22:57 | 000,001,912 | ---- | M] () -- C:\Users\rolando\Application Data\Microsoft\Internet Explorer\Quick Launch\DAEMON Tools Lite (2).lnk
[2012/03/21 14:22:45 | 000,001,121 | ---- | M] () -- C:\Users\rolando\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger (2).lnk
[2012/03/21 14:22:36 | 000,001,208 | ---- | M] () -- C:\Users\rolando\Application Data\Microsoft\Internet Explorer\Quick Launch\Auslogics Disk Defrag (2).lnk
[2012/03/21 14:05:42 | 000,001,145 | ---- | M] () -- C:\Users\rolando\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/03/21 13:36:15 | 000,005,472 | ---- | M] () -- C:\Users\rolando\Documents\cc_20120321_133605.reg
[2012/03/21 13:27:33 | 000,000,925 | ---- | M] () -- C:\Users\rolando\Application Data\Microsoft\Internet Explorer\Quick Launch\WBFS to ISO.lnk
[2012/03/21 08:43:36 | 000,001,761 | ---- | M] () -- C:\Users\rolando\Application Data\Microsoft\Internet Explorer\Quick Launch\RosettaStoneVersion3 - Shortcut.lnk
[2012/03/18 17:13:11 | 018,062,527 | ---- | M] () -- C:\Users\rolando\Desktop\Damages.zip
[2012/03/14 00:02:31 | 000,002,115 | ---- | M] () -- C:\Users\rolando\Application Data\Microsoft\Internet Explorer\Quick Launch\Dear Esther.lnk
[2012/03/13 12:47:19 | 000,002,091 | ---- | M] () -- C:\Users\Public\Desktop\Dear Esther.lnk
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/09 22:59:02 | 000,302,592 | ---- | C] () -- C:\Users\rolando\Desktop\2q0wcznz.exe
[2012/04/09 22:57:25 | 000,031,860 | ---- | C] () -- C:\Users\rolando\Desktop\Inside Natures Giants s04e01.thebox.hannibal.torrent
[2012/04/09 22:54:06 | 000,019,024 | ---- | C] () -- C:\Users\rolando\Desktop\Escape into Night.torrent
[2012/04/09 12:50:33 | 000,001,146 | ---- | C] () -- C:\Users\rolando\Desktop\Anvi Smart Defender.lnk
[2012/04/06 07:03:12 | 000,489,680 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/05 21:21:32 | 040,248,217 | ---- | C] () -- C:\Users\rolando\Desktop\Moonshell_210.zip
[2012/04/05 21:18:30 | 000,185,531 | ---- | C] () -- C:\Users\rolando\Desktop\GrowAPairOfWingsXDRequest.zip
[2012/04/05 20:54:54 | 000,255,425 | ---- | C] () -- C:\Users\rolando\Desktop\ShinigaminoBallad.zip
[2012/04/04 19:09:43 | 000,064,999 | ---- | C] () -- C:\Users\rolando\Desktop\how_to_train_your_dragon_2_400x240.jpg
[2012/04/04 14:58:07 | 000,119,908 | ---- | C] () -- C:\Users\rolando\Desktop\WaterDragons.zip
[2012/04/04 14:00:54 | 001,941,160 | ---- | C] () -- C:\Users\rolando\Desktop\evo-firmware-2-3.zip
[2012/04/04 13:53:09 | 000,001,102 | ---- | C] () -- C:\Users\rolando\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
[2012/04/04 13:53:09 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2012/04/04 11:12:36 | 013,083,518 | ---- | C] () -- C:\Users\rolando\Desktop\eng_iPlayer_OS_20120323.zip
[2012/04/02 13:39:25 | 023,918,505 | ---- | C] () -- C:\Users\rolando\Desktop\4076.zip
[2012/04/02 13:24:39 | 000,001,029 | ---- | C] () -- C:\Users\rolando\Application Data\Microsoft\Internet Explorer\Quick Launch\PFPortChecker.lnk
[2012/03/26 12:51:46 | 001,328,591 | ---- | C] () -- C:\Users\rolando\Desktop\CLEAR_Spot_4G_Apollo_Users_Guide_6-14-2011.pdf
[2012/03/21 15:00:43 | 000,000,017 | ---- | C] () -- C:\Users\rolando\AppData\Local\resmon.resmoncfg
[2012/03/21 14:23:02 | 000,001,745 | ---- | C] () -- C:\Users\rolando\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes (2).lnk
[2012/03/21 14:22:57 | 000,001,912 | ---- | C] () -- C:\Users\rolando\Application Data\Microsoft\Internet Explorer\Quick Launch\DAEMON Tools Lite (2).lnk
[2012/03/21 14:22:45 | 000,001,121 | ---- | C] () -- C:\Users\rolando\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger (2).lnk
[2012/03/21 14:22:36 | 000,001,208 | ---- | C] () -- C:\Users\rolando\Application Data\Microsoft\Internet Explorer\Quick Launch\Auslogics Disk Defrag (2).lnk
[2012/03/21 14:05:42 | 000,001,145 | ---- | C] () -- C:\Users\rolando\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/03/21 13:36:06 | 000,005,472 | ---- | C] () -- C:\Users\rolando\Documents\cc_20120321_133605.reg
[2012/03/21 13:27:33 | 000,000,925 | ---- | C] () -- C:\Users\rolando\Application Data\Microsoft\Internet Explorer\Quick Launch\WBFS to ISO.lnk
[2012/03/21 08:43:36 | 000,001,761 | ---- | C] () -- C:\Users\rolando\Application Data\Microsoft\Internet Explorer\Quick Launch\RosettaStoneVersion3 - Shortcut.lnk
[2012/03/18 17:13:09 | 018,062,527 | ---- | C] () -- C:\Users\rolando\Desktop\Damages.zip
[2012/03/14 00:02:31 | 000,002,115 | ---- | C] () -- C:\Users\rolando\Application Data\Microsoft\Internet Explorer\Quick Launch\Dear Esther.lnk
[2012/03/13 12:47:19 | 000,002,091 | ---- | C] () -- C:\Users\Public\Desktop\Dear Esther.lnk
[2012/02/15 11:43:41 | 000,867,094 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/01 08:46:48 | 000,280,976 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/12/01 08:46:47 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/11/09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/11/09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/06/24 17:10:56 | 000,000,273 | ---- | C] () -- C:\Windows\SysWow64\initparams.ini
[2011/06/17 15:33:44 | 000,000,020 | ---- | C] () -- C:\Windows\cmm.dat
[2011/05/22 18:45:04 | 000,641,021 | ---- | C] () -- C:\Windows\unins000.exe
[2011/05/22 18:45:04 | 000,187,904 | ---- | C] () -- C:\Windows\SysWow64\Lame.exe
[2011/05/22 18:45:04 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\Lame_enc.dll
[2011/05/22 18:45:04 | 000,001,679 | ---- | C] () -- C:\Windows\unins000.dat
[2011/04/26 18:52:14 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/04/26 15:27:07 | 000,020,480 | ---- | C] () -- C:\Users\rolando\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/15 18:04:33 | 033,039,360 | ---- | C] () -- C:\Windows\SysWow64\BadAppleResource4.dll
[2011/04/15 18:04:33 | 030,617,600 | ---- | C] () -- C:\Windows\SysWow64\BadAppleResource2.dll
[2011/04/15 18:04:33 | 030,380,544 | ---- | C] () -- C:\Windows\SysWow64\BadAppleResource3.dll
[2011/04/15 18:04:33 | 024,824,320 | ---- | C] () -- C:\Windows\SysWow64\BadAppleResource5.dll
[2011/04/15 18:04:33 | 022,561,792 | ---- | C] () -- C:\Windows\SysWow64\BadAppleResource6.dll
[2011/04/15 18:04:33 | 021,436,928 | ---- | C] () -- C:\Windows\SysWow64\BadAppleResource1.dll
[2011/04/15 18:04:33 | 013,176,832 | ---- | C] () -- C:\Windows\SysWow64\BadAppleResource7.dll
[2011/04/12 21:01:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/03/14 02:33:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/01/20 03:48:31 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/10 19:23:42 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\CleanMem.ini
[2010/06/25 12:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/05/21 14:38:00 | 000,097,584 | ---- | C] () -- C:\Windows\SysWow64\CCBiosSupportAPI.dll

========== Custom Scans ==========

< %systemroot%\*. /rp /s >

========== Files - Unicode (All) ==========
[2011/04/15 18:04:33 | 004,381,812 | ---- | C] ()(C:\Windows\SysWow64\????Bad Apple!! PV????.mp3) -- C:\Windows\SysWow64\【東方】Bad Apple!! PV【影絵】.mp3
[2010/07/23 02:34:06 | 004,381,812 | ---- | M] ()(C:\Windows\SysWow64\????Bad Apple!! PV????.mp3) -- C:\Windows\SysWow64\【東方】Bad Apple!! PV【影絵】.mp3

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:EA029835

< End of report >

==============================================================================================================================================================================================


OTL Extras logfile created on: 4/9/2012 11:43:50 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\rolando\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.19 Gb Available Physical Memory | 64.97% Memory free
15.98 Gb Paging File | 12.38 Gb Available in Paging File | 77.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 88.13 Gb Free Space | 19.54% Space Free | Partition Type: NTFS

Computer Name: ARTEMIS | User Name: rolando | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{11107A2A-AD44-4BC8-ABB5-E88E63BCA785}" = Intel® Network Connections 14.8.43.0
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{1E6ED082-E32D-4B2B-8B6A-70B094815135}" = Microsoft SQL Server System CLR Types (x64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java™ 6 Update 26 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java™ 7 Update 3 (64-bit)
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{35A50BE1-FDD7-4FC7-CCE5-03D2A63D4CF4}" = AMD Catalyst Install Manager
"{3C32C938-3071-BEF0-1EA5-403A420031A0}" = ccc-utility64
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{66C10F29-31F0-4A9B-B2CF-465F488AE086}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7492BCA7-9F62-4265-A727-DC26A9E3DF10}" = Oracle VM VirtualBox 4.1.12
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{89B56CFC-0270-4ACF-8BF1-048251FD9E08}" = QuickSFV
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{CB0FD760-C6C6-3AF6-AD18-FE3B3B78727D}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{F220B286-E612-4BE3-A306-BE30099BF16C}" = CLEAR Connection Manager
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"63AD5694BB6DAB8863713F85AE50BA9F539D7A3E" = Windows Driver Package - Hewlett - Packard (HidUsb) HIDClass (01/26/2010 1.12.7600.16385)
"90B012BF3F529E820A22374831C4C7D340A4CD3D" = Windows Driver Package - Hewlett-Packard (HidUsb) HIDClass (01/26/2010 1.12.7600.16385)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"DW WLAN Card Utility" = DW WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PROSetDX" = Intel® Network Connections 14.8.43.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01513E3B-EB4C-BD2E-07F0-E2D9CEFCB580}" = CCC Help Italian
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E7727-CAAE-FE78-F75C-7DAA3B86DCC3}" = CCC Help Spanish
"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{0C04BB3F-863B-E348-8633-03769E7A9097}" = CCC Help French
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = AlienRespawn
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{116B3E3B-2FBD-1585-3A41-7C033434E585}" = CCC Help Japanese
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{15EB20D6-5F13-41D0-BEF9-C9C44D6AC620}" = SDFormatter
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{213FF60A-9899-4145-8428-D144778BE117}" = HP Mouse Suite
"{2461E016-9FB4-B233-A74D-91D11A664342}" = CCC Help English
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 24
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2F3BC248-F857-F353-247C-CDC433D52DD7}" = CCC Help Swedish
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{330B7AAD-B2FE-4989-B02A-DDA5A174FCDF}" = Accidental Damage Services Agreement
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{34E86173-00D0-7BA5-12D2-EE1248F99406}" = CCC Help Chinese Standard
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3CB70B01-4BC8-4C0F-B28F-7C6E33F913CC}" = Gtk# for .Net 2.12.9
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3E915CB7-511A-0851-CC8C-4EEAFFCCD229}" = CCC Help Portuguese
"{3FB9DC57-ED98-1720-F5E7-A184EF7F4300}" = CCC Help Finnish
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{41AA8F20-FD30-4878-9080-6D5BE575FD41}" = Dell InHome Service Agreement
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4DC613E6-AE72-A110-0D0A-FC764B738C04}" = CCC Help Korean
"{51002784-18FA-8FF9-9A1A-2468E7FCA096}" = Catalyst Control Center Graphics Previews Common
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{55F0E086-2E1C-4478-B52E-DA6025A46434}_is1" = WBFS to ISO
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.57.01
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65179FD8-04C0-40A7-87FC-007F2CD5BF1E}" = LogMeIn
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{6FCFA783-CE7B-4018-AC48-0E6EEAAEA322}" = LOST PLANET COLONIES
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{7A3FFA58-876F-489C-B6CF-0503916224DF}" = HTC Sync
"{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88976B46-967A-9B1A-14AC-DC388AE2DF09}" = CCC Help Polish
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98E5A0C3-86ED-4429-9386-F0DB49E958EA}" = OSD Setup
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A00A308-1FFC-3E4E-976D-429E349CB5E0}" = CCC Help Danish
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DCA1423-F8DA-BE40-BE79-A2F60B418B01}" = CCC Help Hungarian
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = AlienRespawn - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B061ACC7-5819-B01A-87B5-712E713143A4}" = CCC Help Dutch
"{B124E6D3-91B4-4E3C-AD03-BA959B223537}" = Citrix online plug-in (Web)
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BB9B32B9-FD41-6C73-0196-D11E4B5135BF}" = CCC Help German
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{BEBFE0AC-97E2-DE43-AF13-40F86DAEB1CA}" = CCC Help Thai
"{BEF78FDE-9635-C229-60D2-FF606DF30765}" = CCC Help Chinese Traditional
"{C28422FB-F2CD-427A-ADED-9F281745CDB2}" = Secure Download Manager
"{C454E7DD-A09A-6D06-7FF9-59753475FC09}" = Catalyst Control Center
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 17.0.1000.0
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{CE23BD08-F6FD-3337-D8BC-5B55E69263A5}" = Catalyst Control Center InstallProxy
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DA109884-7CDC-5F21-5F0B-742AA74F84E1}" = Catalyst Control Center Localization All
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E19490CD-5380-4F37-B0A7-624D635605DC}" = Catalyst Control Center - Branding
"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
"{E7A7CD0A-8047-6241-1924-7F781A95BD85}" = CCC Help Norwegian
"{E847D16E-AA7A-33A3-AB9E-AC37B3D1E74F}" = CCC Help Russian
"{E8C3CF7A-9E8F-4C5D-8EC7-FF5A495E178C}" = VitalSource Bookshelf
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EBE939ED-4612-45FD-A39E-77AC199C4273}" = Absolute Notifier
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F0439D76-7759-DC14-652B-6947C005196E}" = CCC Help Czech
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F07A428D-232A-5D06-E394-2BED0F311005}" = CCC Help Turkish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDB16CB6-48A0-5C95-5184-AECFF8B9716D}" = CCC Help Greek
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Anvi Smart Defender" = Anvi Smart Defender RC2
"Belarc Advisor" = Belarc Advisor 8.1
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"CleanMem" = CleanMem
"CodeStuff Starter" = CodeStuff Starter
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-07-30
"DC++" = DC++ 0.791
"Dear Esther_is1" = Dear Esther
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8_is1" = DVDFab 8.0.6.8 (05/01/2011)
"eLab Client_is1" = eLab Client version 1.2.1.20
"Exact Audio Copy" = Exact Audio Copy 1.0beta2
"FileHippo.com" = FileHippo.com Update Checker
"Ghostery IE Plugin_is1" = Ghostery IE Plugin
"HandBrake" = HandBrake 0.9.5
"HydraIRC" = HydraIRC
"ImgBurn" = ImgBurn
"InstallShield_{AE1E0DFB-A3D9-451C-AA7F-46FD390400D4}" = Command Center
"Integrated Webcam Live! Central" = Integrated Webcam Live! Central
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.18
"KeyScrambler" = KeyScrambler
"KVIrc" = KVIrc
"LogonStudio" = LogonStudio
"Magic The Gathering - Duels of the Planeswalkers_is1" = Magic The Gathering - Duels of the Planeswalkers
"MakeMKV" = MakeMKV v1.7.2
"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"Mozilla Thunderbird 11.0.1 (x86 en-US)" = Mozilla Thunderbird 11.0.1 (x86 en-US)
"PFPortChecker" = PFPortChecker 1.0.39
"PicPick" = PicPick
"Pidgin" = Pidgin
"Postal 2_is1" = Portal 2
"PunkBusterSvc" = PunkBuster Services
"RapidCRC" = RapidCRC 0.6.1
"RARFileSource" = RAR File Source v0.9.1
"Revo Uninstaller" = Revo Uninstaller 1.92
"Smuxi" = Smuxi 0.8
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"SpeedFan" = SpeedFan (remove only)
"Steam App 1250" = Killing Floor
"TVersity Codec Pack" = TVersity Codec Pack 1.4
"TVersity Media Server" = TVersity Media Server 1.9.3
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.6.5
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.9.4
"XviD & MP3 Codec Pack_is1" = XviD & MP3 Codec Pack (remove only)
"XviD_is1" = XviD MPEG-4 Video Codec
"YACReader_is1" = YACReader 0.4.5
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CX" = CX
"Flux" = F.lux
"GameRanger" = GameRanger
"uTorrent" = µTorrent
"XBMC" = XBMC

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/8/2012 12:27:06 AM | Computer Name = Artemis | Source = PreyCronService | ID = 0
Description = The system cannot find the file specified

Error - 3/8/2012 12:37:06 AM | Computer Name = Artemis | Source = PreyCronService | ID = 0
Description = The system cannot find the file specified

Error - 3/8/2012 12:47:06 AM | Computer Name = Artemis | Source = PreyCronService | ID = 0
Description = The system cannot find the file specified

Error - 3/8/2012 12:57:06 AM | Computer Name = Artemis | Source = PreyCronService | ID = 0
Description = The system cannot find the file specified

Error - 3/8/2012 1:07:06 AM | Computer Name = Artemis | Source = PreyCronService | ID = 0
Description = The system cannot find the file specified

Error - 3/8/2012 1:17:06 AM | Computer Name = Artemis | Source = PreyCronService | ID = 0
Description = The system cannot find the file specified

Error - 3/8/2012 1:27:06 AM | Computer Name = Artemis | Source = PreyCronService | ID = 0
Description = The system cannot find the file specified

Error - 3/8/2012 1:37:06 AM | Computer Name = Artemis | Source = PreyCronService | ID = 0
Description = The system cannot find the file specified

Error - 3/8/2012 1:47:06 AM | Computer Name = Artemis | Source = PreyCronService | ID = 0
Description = The system cannot find the file specified

Error - 3/8/2012 9:53:43 AM | Computer Name = Artemis | Source = PreyCronService | ID = 0
Description = The system cannot find the file specified

[ Dell Events ]
Error - 4/3/2012 5:01:25 PM | Computer Name = Artemis | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/4/2012 10:39:26 AM | Computer Name = Artemis | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/4/2012 10:39:26 AM | Computer Name = Artemis | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/5/2012 5:04:07 PM | Computer Name = Artemis | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/5/2012 5:04:07 PM | Computer Name = Artemis | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/5/2012 5:14:39 PM | Computer Name = Artemis | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/5/2012 5:14:39 PM | Computer Name = Artemis | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/6/2012 5:56:58 PM | Computer Name = Artemis | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/6/2012 5:56:58 PM | Computer Name = Artemis | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/8/2012 11:38:57 AM | Computer Name = Artemis | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ System Events ]
Error - 4/10/2012 12:35:28 AM | Computer Name = Artemis | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 4/10/2012 12:35:28 AM | Computer Name = Artemis | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 4/10/2012 12:35:28 AM | Computer Name = Artemis | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 4/10/2012 12:37:45 AM | Computer Name = Artemis | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 4/10/2012 12:37:45 AM | Computer Name = Artemis | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 4/10/2012 12:37:45 AM | Computer Name = Artemis | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 4/10/2012 12:39:17 AM | Computer Name = Artemis | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 4/10/2012 12:40:05 AM | Computer Name = Artemis | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Alienware
Fusion Service service to connect.

Error - 4/10/2012 12:40:05 AM | Computer Name = Artemis | Source = Service Control Manager | ID = 7000
Description = The Alienware Fusion Service service failed to start due to the following
error: %%1053

Error - 4/10/2012 12:40:08 AM | Computer Name = Artemis | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ASPI32


< End of report >


==============================================================================================================================================================================================



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-09 23:54:37
-----------------------------
23:54:37.924 OS Version: Windows x64 6.1.7601 Service Pack 1
23:54:37.924 Number of processors: 8 586 0x1E05
23:54:37.925 ComputerName: ARTEMIS UserName: rolando
23:54:50.110 Initialize success
23:55:02.867 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:55:02.870 Disk 0 Vendor: ST950042 D005 Size: 476940MB BusType: 3
23:55:02.885 Disk 0 MBR read successfully
23:55:02.888 Disk 0 MBR scan
23:55:02.891 Disk 0 Windows VISTA default MBR code
23:55:02.895 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
23:55:02.906 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325
23:55:02.918 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461899 MB offset 30800325
23:55:02.940 Disk 0 scanning C:\Windows\system32\drivers
23:55:13.673 Service scanning
23:55:37.025 Modules scanning
23:55:37.033 Disk 0 trace - called modules:
23:55:37.056 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
23:55:37.060 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007c1f790]
23:55:37.066 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007a02050]
23:55:37.071 Scan finished successfully
23:55:48.989 Disk 0 MBR has been saved successfully to "C:\Users\rolando\Desktop\MBR.dat"
23:55:48.995 The log file has been saved successfully to "C:\Users\rolando\Desktop\aswMBR.txt"

Attached Files


Edited by leoliger, 10 April 2012 - 09:25 AM.


#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:41 AM

Posted 10 April 2012 - 05:46 PM

Do you have a Firefox add-on called Performance Cache? Please do this next:

Posted Image Run OTL.exe
  • Copy/paste the following text written inside of the box below into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    PRC - File not found --
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [FAStartup] File not found
    O4 - HKCU..\Run: [Xeyqcok] C:\Users\rolando\AppData\Roaming\Ynew\elek.exe File not found
    O33 - MountPoints2\{11df5cca-0222-11e1-b19f-842b2b84493c}\Shell - "" = AutoRun
    O33 - MountPoints2\{11df5cca-0222-11e1-b19f-842b2b84493c}\Shell\AutoRun\command - "" = E:\INSTALL.EXE
    O33 - MountPoints2\{26038a6e-2986-11e1-b8c2-4c54994f7fa7}\Shell - "" = AutoRun
    O33 - MountPoints2\{26038a6e-2986-11e1-b8c2-4c54994f7fa7}\Shell\AutoRun\command - "" = G:\Start.exe
    O33 - MountPoints2\{26038a6e-2986-11e1-b8c2-4c54994f7fa7}\Shell\menu1\command - "" = G:\Start.exe
    O33 - MountPoints2\{ba6ea3fe-6053-11e0-a09c-c0cb388db198}\Shell - "" = AutoRun
    O33 - MountPoints2\{ba6ea3fe-6053-11e0-a09c-c0cb388db198}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{ba6ea402-6053-11e0-a09c-c0cb388db198}\Shell - "" = AutoRun
    O33 - MountPoints2\{ba6ea402-6053-11e0-a09c-c0cb388db198}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    :Commands
    [EmptyTemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log
Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registery key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • Do you have that FF add-on installed?
  • OTL Fix log
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 leoliger

leoliger
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:41 AM

Posted 10 April 2012 - 09:28 PM

I tried running OTL for several hours and it keeps hanging up, it just won't respond so I did not do the comboFix program part of your instructions. Also, in Firefox, I do not remember of any Performance Cache add-on in FireFox and I checked the add-ons if any showed up.

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:41 AM

Posted 10 April 2012 - 09:42 PM

Go ahead and try to run ComboFix, please.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 leoliger

leoliger
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:41 AM

Posted 10 April 2012 - 10:02 PM

Here is the report of the combofix program:



ComboFix 12-04-10.02 - rolando 04/10/2012 21:51:05.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8181.6271 [GMT -5:00]
Running from: c:\users\rolando\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpwjd.exe.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpwmsd.exe.lnk
c:\users\rolando\AppData\Local\Temp\shoms.dll
c:\users\rolando\AppData\Roaming\Xaqew
c:\users\rolando\AppData\Roaming\Xaqew\yhiw.quo
.
.
((((((((((((((((((((((((( Files Created from 2012-03-11 to 2012-04-11 )))))))))))))))))))))))))))))))
.
.
2012-04-11 02:58 . 2012-04-11 02:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-10 23:18 . 2012-04-10 23:18 -------- d-----w- C:\_OTL
2012-04-10 23:04 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-10 23:04 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-10 23:04 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-10 23:01 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-10 23:01 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-10 23:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-10 23:01 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-10 23:01 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-10 23:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-10 23:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-10 14:45 . 2012-04-10 14:45 -------- d-----w- c:\users\rolando\AppData\Roaming\Malwarebytes
2012-04-10 14:45 . 2012-04-10 14:45 -------- d-----w- c:\programdata\Malwarebytes
2012-04-10 14:45 . 2012-04-10 14:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-10 14:45 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-10 14:32 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D8D7791-42CC-4703-A458-F0BFCB8D467F}\mpengine.dll
2012-04-09 17:50 . 2012-04-10 22:57 -------- d-----w- c:\program files (x86)\Anvisoft
2012-04-04 18:53 . 2012-04-03 19:19 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-04-04 18:51 . 2012-04-03 19:19 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-04-04 18:51 . 2012-04-04 18:51 -------- d-----w- c:\program files\Oracle
2012-04-03 19:19 . 2012-04-03 19:19 147248 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-04-03 15:03 . 2012-04-03 15:03 -------- d-----w- c:\users\rolando\AppData\Local\{367C710F-7D9E-11E1-826D-B8AC6F996F26}
2012-04-02 15:39 . 2012-04-02 15:39 -------- d-----w- c:\program files (x86)\Auslogics
2012-03-25 19:18 . 2012-03-25 19:18 -------- d-----w- c:\program files (x86)\PFPortChecker
2012-03-23 03:26 . 2012-03-23 14:21 -------- d-----w- c:\users\rolando\AppData\Local\Diagnostics
2012-03-22 04:46 . 2012-03-22 04:46 -------- d-----w- c:\programdata\PreEmptive Solutions
2012-03-22 00:49 . 2012-03-22 00:49 -------- d-----w- c:\programdata\VS
2012-03-22 00:48 . 2012-03-22 00:48 -------- d-----w- C:\407c118d82280af108
2012-03-21 19:36 . 2012-03-26 20:10 -------- dc----w- c:\users\rolando\AppData\Local\MigWiz
2012-03-21 19:14 . 2012-03-21 19:14 -------- d-----w- c:\program files\iTunes
2012-03-21 19:14 . 2012-03-21 19:14 -------- d-----w- c:\program files (x86)\iTunes
2012-03-21 19:14 . 2012-03-21 19:14 -------- d-----w- c:\program files\iPod
2012-03-21 18:33 . 2012-04-08 01:09 -------- d-----w- c:\users\rolando\.VirtualBox
2012-03-21 17:56 . 2012-03-21 17:56 -------- d-----w- c:\program files (x86)\WBFS to ISO
2012-03-21 13:29 . 2012-03-21 13:29 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2012-03-21 13:29 . 2012-03-25 02:11 -------- d-----w- c:\programdata\Rosetta Stone
2012-03-21 13:29 . 2012-03-21 13:29 -------- d-----w- c:\program files (x86)\Rosetta Stone
2012-03-17 22:41 . 2012-03-17 22:41 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-17 22:41 . 2012-03-17 22:41 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-16 01:48 . 2012-03-21 20:08 -------- d-----w- c:\users\rolando\AppData\Roaming\Ynew
2012-03-16 01:48 . 2012-03-16 03:38 -------- d-----w- c:\users\rolando\AppData\Roaming\Zoezip
2012-03-13 20:03 . 2012-03-13 20:03 -------- d-----w- c:\users\rolando\AppData\Roaming\Microsoft Corporation
2012-03-13 17:55 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 17:55 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 17:55 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 17:54 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 17:54 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 17:54 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 17:53 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 17:53 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 17:53 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 17:53 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 17:43 . 2012-03-13 17:43 -------- d-----w- c:\program files (x86)\thechineseroom
2012-03-12 22:40 . 2012-03-23 04:03 -------- d-----w- c:\users\rolando\AppData\Local\CX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-10 23:10 . 2011-11-01 00:21 52224 ----a-w- c:\windows\SysWow64\rpcnet.dll
2012-03-23 03:57 . 2012-03-02 01:53 2373120 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-02-28 17:37 . 2012-02-27 18:04 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2012-02-23 14:18 . 2011-04-18 21:00 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-16 05:43 . 2011-12-23 05:33 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-16 05:43 . 2011-03-14 07:05 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-02 14:18 . 2011-04-30 23:39 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-02 14:18 . 2011-04-30 23:39 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-02-02 14:18 . 2011-04-30 23:39 80768 ----a-w- c:\windows\system32\LMIinit.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7}]
2011-04-20 21:25 605888 ----a-w- c:\program files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
"PicPick Start"="c:\program files (x86)\PicPick\picpick.exe" [2012-02-11 10530816]
"F.lux"="c:\users\rolando\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-02 219952]
"Pidgin"="c:\program files (x86)\Pidgin\pidgin.exe" [2012-03-26 49340]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"OSD_LAUNCH"="c:\program files (x86)\OSD\Launch.exe" [2010-01-05 32768]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"FATrayAlert"="c:\program files\Alienware\Command Center\AlienSense\FATrayMon.exe" [2010-04-04 95560]
"Absolute Notifier"="c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2011-05-10 85672]
"Clearwire Connection Manager"="c:\program files (x86)\Clearwire\Connection Manager\ClearwireCM.exe" [2011-05-11 54608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 343168]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2012-01-05 1823744]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-17 1080096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-04-04 18:43 144712 ----a-w- c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clearwireDeviceDiagnosticsService;Clearwire Device Diagnostics Service;c:\program files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe [2010-06-17 398848]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe [2010-04-04 2409800]
R2 HappyOSD;HappyOSD;c:\program files (x86)\OSD\OSD_Service.exe [2010-01-04 16384]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 rpcld;Remote Procedure Call (RPC) LD;c:\programdata\Rpcnet\Bin\rpcld.exe [x]
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2011-11-03 63880]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64.sys [x]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CACLEARWIRE;Clearwire Con App Svc;c:\program files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe [2011-05-11 124240]
R3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files (x86)\Clearwire\Connection Manager\RcAppSvc.exe [2011-05-11 120144]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\DRIVERS\HP8207_8307.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 IAMTVE;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTVE.sys [x]
R3 IAMTXPE;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTXPE.sys [x]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys [x]
R3 ioatdma2;Intel® QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys [x]
R3 iSSetup;iSSetup;c:\windows\system32\DRIVERS\iSSetup.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\1CB5.tmp [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\DRIVERS\PTUMWBus.sys [x]
R3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\DRIVERS\PTUMWCDF.sys [x]
R3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\DRIVERS\PTUMWFLT.sys [x]
R3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\DRIVERS\PTUMWMdm.sys [x]
R3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\DRIVERS\PTUMWNET.sys [x]
R3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMWVsp.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 ioatdma;Intel® QuickData Technology device;c:\windows\System32\Drivers\ioatdma.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-02-15 3025112]
S2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2011-05-10 10920]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe [2009-03-02 89600]
S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-21 14648]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-02-02 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2011-01-13 705856]
S2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe [2011-05-11 107856]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 ITECIRfilter;ITECIR Filter Driver;c:\windows\system32\DRIVERS\ITECIRfilter.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\OSD\WinRing0x64.sys [2008-07-26 14544]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WINRING0_1_2_0
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-09-15 487424]
"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-05-21 63304]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-16 5470208]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
TCP: DhcpNameServer = 192.168.15.1
TCP: Interfaces\{F55CB451-1E36-4B4B-A799-870253D22B8C}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{F55CB451-1E36-4B4B-A799-870253D22B8C}\14246594D27554354513: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F55CB451-1E36-4B4B-A799-870253D22B8C}\2656C6B696E6E2539383: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{F55CB451-1E36-4B4B-A799-870253D22B8C}\4796765627: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{F55CB451-1E36-4B4B-A799-870253D22B8C}\C696E6B6379737: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{F55CB451-1E36-4B4B-A799-870253D22B8C}\C696E6B6379737F5F475F51303339393: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\rolando\AppData\Roaming\Mozilla\Firefox\Profiles\uj62h6yn.default\
FF - prefs.js: browser.search.selectedEngine - hxxp://www.google.com/search
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Wow6432Node-HKCU-Run-Xeyqcok - c:\users\rolando\AppData\Roaming\Ynew\elek.exe
Wow6432Node-HKLM-Run-FAStartup - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-(Default) - (no file)
HKLM-Run-phelsv - c:\users\rolando\AppData\Local\Temp\phelsv.dll
HKLM-Run-shoms - c:\users\rolando\AppData\Local\Temp\shoms.dll
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Belarc Advisor - c:\progra~2\Belarc\Advisor\Uninstall.exe
AddRemove-DVD Decrypter - c:\program files (x86)\DVD Decrypter\uninstall.exe
AddRemove-DVD Shrink_is1 - c:\program files (x86)\DVD Shrink\unins000.exe
AddRemove-XviD_is1 - c:\program files (x86)\XviD\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\1CB5.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3154224136-66872059-3589488557-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*v*.VO\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-10 22:00:27
ComboFix-quarantined-files.txt 2012-04-11 03:00
.
Pre-Run: 104,633,327,616 bytes free
Post-Run: 104,512,036,864 bytes free
.
- - End Of File - - 50782CE4AA102E87E4F577E443826D6D

Attached Files



#8 leoliger

leoliger
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:41 AM

Posted 10 April 2012 - 11:47 PM

I have been seeing windows pop up when I restart, or turn on my computer. These windows open on the start of windows they are attached with this post.

Attached Files



#9 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:41 AM

Posted 12 April 2012 - 12:21 PM

Are you still seeing those messages after running ComboFix? The ComboFix log shows that the values associated with them were removed. Please do this next:

Posted Image Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above DirLook::

DirLook::
c:\users\rolando\AppData\Local\{367C710F-7D9E-11E1-826D-B8AC6F996F26}
c:\users\rolando\AppData\Roaming\Ynew
c:\users\rolando\AppData\Roaming\Zoezip

Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Posted Image You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:\_OTL\MovedFiles or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • ComboFix log
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#10 leoliger

leoliger
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:41 AM

Posted 12 April 2012 - 09:33 PM

I have completed the tasks for the logs of the ComboFix and MalwareBytes, however I am still seeing the windows that come up at the start of opening windows that I have uploaded before. Here are the logs:


ComboFix 12-04-10.02 - rolando 04/12/2012 17:08:30.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8181.6480 [GMT -5:00]
Running from: c:\users\rolando\Desktop\ComboFix.exe
Command switches used :: c:\users\rolando\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 )))))))))))))))))))))))))))))))
.
.
2012-04-12 22:16 . 2012-04-12 22:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-12 22:07 . 2012-04-12 22:07 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D8D7791-42CC-4703-A458-F0BFCB8D467F}\offreg.dll
2012-04-11 23:41 . 2012-04-11 23:41 -------- d-----w- c:\program files\iPod
2012-04-11 23:41 . 2012-04-11 23:42 -------- d-----w- c:\program files\iTunes
2012-04-11 23:41 . 2012-04-11 23:42 -------- d-----w- c:\program files (x86)\iTunes
2012-04-11 18:41 . 2012-04-11 18:41 -------- d-----w- c:\users\rolando\AppData\Roaming\OpenDNS Updater
2012-04-11 18:41 . 2012-04-11 18:41 -------- d-----w- c:\program files (x86)\OpenDNS Updater
2012-04-10 23:18 . 2012-04-10 23:18 -------- d-----w- C:\_OTL
2012-04-10 23:04 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-10 23:04 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-10 23:04 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-10 23:01 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-10 23:01 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-10 23:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-10 23:01 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-10 23:01 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-10 23:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-10 23:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-10 14:45 . 2012-04-10 14:45 -------- d-----w- c:\users\rolando\AppData\Roaming\Malwarebytes
2012-04-10 14:45 . 2012-04-10 14:45 -------- d-----w- c:\programdata\Malwarebytes
2012-04-10 14:45 . 2012-04-10 14:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-10 14:45 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-10 14:32 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D8D7791-42CC-4703-A458-F0BFCB8D467F}\mpengine.dll
2012-04-09 17:50 . 2012-04-10 22:57 -------- d-----w- c:\program files (x86)\Anvisoft
2012-04-04 18:53 . 2012-04-03 19:19 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-04-04 18:51 . 2012-04-03 19:19 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-04-04 18:51 . 2012-04-04 18:51 -------- d-----w- c:\program files\Oracle
2012-04-03 19:19 . 2012-04-03 19:19 147248 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-04-03 15:03 . 2012-04-03 15:03 -------- d-----w- c:\users\rolando\AppData\Local\{367C710F-7D9E-11E1-826D-B8AC6F996F26}
2012-04-02 15:39 . 2012-04-02 15:39 -------- d-----w- c:\program files (x86)\Auslogics
2012-03-25 19:18 . 2012-03-25 19:18 -------- d-----w- c:\program files (x86)\PFPortChecker
2012-03-23 03:26 . 2012-03-23 14:21 -------- d-----w- c:\users\rolando\AppData\Local\Diagnostics
2012-03-22 04:46 . 2012-03-22 04:46 -------- d-----w- c:\programdata\PreEmptive Solutions
2012-03-22 00:49 . 2012-03-22 00:49 -------- d-----w- c:\programdata\VS
2012-03-22 00:48 . 2012-03-22 00:48 -------- d-----w- C:\407c118d82280af108
2012-03-21 19:36 . 2012-03-26 20:10 -------- dc----w- c:\users\rolando\AppData\Local\MigWiz
2012-03-21 18:33 . 2012-04-08 01:09 -------- d-----w- c:\users\rolando\.VirtualBox
2012-03-21 17:56 . 2012-03-21 17:56 -------- d-----w- c:\program files (x86)\WBFS to ISO
2012-03-21 13:29 . 2012-03-21 13:29 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2012-03-21 13:29 . 2012-03-25 02:11 -------- d-----w- c:\programdata\Rosetta Stone
2012-03-21 13:29 . 2012-03-21 13:29 -------- d-----w- c:\program files (x86)\Rosetta Stone
2012-03-17 22:41 . 2012-03-17 22:41 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-17 22:41 . 2012-03-17 22:41 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-16 01:48 . 2012-03-21 20:08 -------- d-----w- c:\users\rolando\AppData\Roaming\Ynew
2012-03-16 01:48 . 2012-03-16 03:38 -------- d-----w- c:\users\rolando\AppData\Roaming\Zoezip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-12 12:44 . 2011-11-01 00:21 52224 ----a-w- c:\windows\SysWow64\rpcnet.dll
2012-03-23 03:57 . 2012-03-02 01:53 2373120 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-02-28 17:37 . 2012-02-27 18:04 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2012-02-23 14:18 . 2011-04-18 21:00 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-13 17:53 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 17:53 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 17:53 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 17:53 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-16 05:43 . 2011-12-23 05:33 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-16 05:43 . 2011-03-14 07:05 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-10 06:36 . 2012-03-13 17:55 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 17:55 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-13 17:55 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-02 14:18 . 2011-04-30 23:39 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-02 14:18 . 2011-04-30 23:39 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-02-02 14:18 . 2011-04-30 23:39 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-01-25 06:38 . 2012-03-13 17:54 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-13 17:54 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-13 17:54 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\rolando\AppData\Local\{367C710F-7D9E-11E1-826D-B8AC6F996F26} ----
.
2012-04-03 15:03 . 2012-04-03 15:03 6237 ----a-w- c:\users\rolando\AppData\Local\{367C710F-7D9E-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul
2012-04-03 15:03 . 2012-04-03 15:03 939 ----a-w- c:\users\rolando\AppData\Local\{367C710F-7D9E-11E1-826D-B8AC6F996F26}\install.rdf
2012-04-03 15:03 . 2012-04-03 15:03 131 ----a-w- c:\users\rolando\AppData\Local\{367C710F-7D9E-11E1-826D-B8AC6F996F26}\chrome.manifest
.
---- Directory of c:\users\rolando\AppData\Roaming\Ynew ----
.
.
---- Directory of c:\users\rolando\AppData\Roaming\Zoezip ----
.
2012-03-16 03:38 . 2012-03-21 18:21 470676 ----a-w- c:\users\rolando\AppData\Roaming\Zoezip\hyol.muo
2011-12-02 04:45 . 2012-03-16 01:48 19908 ----a-w- c:\users\rolando\AppData\Roaming\Zoezip\hyol.tmp
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-11_02.58.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-11 03:33 . 2012-02-28 01:03 72704 c:\windows\SysWOW64\mshtmled.dll
- 2012-02-15 15:34 . 2011-12-14 02:50 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2012-04-11 03:33 . 2012-02-28 01:08 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
- 2012-02-15 15:34 . 2011-12-14 02:54 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-04-11 03:33 . 2012-02-28 01:08 65024 c:\windows\SysWOW64\jsproxy.dll
- 2012-02-15 15:34 . 2011-12-14 02:54 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2009-07-14 04:54 . 2012-04-12 12:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-21 13:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-12 12:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-21 13:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-21 13:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-12 12:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-04-12 12:48 39130 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-06 13:33 . 2012-04-11 04:42 22162 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3154224136-66872059-3589488557-1000_UserData.bin
- 2011-04-06 13:33 . 2012-04-10 23:16 22162 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3154224136-66872059-3589488557-1000_UserData.bin
- 2012-02-15 15:34 . 2011-12-14 06:57 96256 c:\windows\system32\mshtmled.dll
+ 2012-04-11 03:33 . 2012-02-28 06:43 96256 c:\windows\system32\mshtmled.dll
+ 2012-04-11 03:33 . 2012-02-28 06:47 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2012-02-15 15:34 . 2011-12-14 07:02 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-04-11 03:33 . 2012-02-28 06:47 85504 c:\windows\system32\jsproxy.dll
- 2012-02-15 15:34 . 2011-12-14 07:01 85504 c:\windows\system32\jsproxy.dll
+ 2011-03-22 23:44 . 2012-04-11 22:30 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-22 23:44 . 2012-04-10 21:31 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-22 23:44 . 2012-04-10 21:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-22 23:44 . 2012-04-11 22:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-11 22:30 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-10 21:31 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-02-02 21:55 . 2012-04-10 23:05 34144 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\oisicon.exe
+ 2012-02-02 21:55 . 2012-04-11 03:34 34144 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\oisicon.exe
- 2012-02-02 21:55 . 2012-04-10 23:05 42848 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\msouc.exe
+ 2012-02-02 21:55 . 2012-04-11 03:34 42848 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\msouc.exe
- 2012-02-02 21:55 . 2012-04-10 23:05 19296 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\cagicon.exe
+ 2012-02-02 21:55 . 2012-04-11 03:34 19296 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\cagicon.exe
- 2012-04-10 23:10 . 2012-04-10 23:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-12 12:44 . 2012-04-12 12:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-12 12:44 . 2012-04-12 12:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-10 23:10 . 2012-04-10 23:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-11 03:33 . 2012-02-28 01:09 231936 c:\windows\SysWOW64\url.dll
- 2012-02-15 15:34 . 2011-12-14 02:55 231936 c:\windows\SysWOW64\url.dll
- 2012-02-15 15:34 . 2011-12-14 02:53 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-04-11 03:33 . 2012-02-28 01:06 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-04-11 03:33 . 2012-02-28 00:59 176640 c:\windows\SysWOW64\ieui.dll
- 2012-02-15 15:34 . 2011-12-14 02:47 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-04-06 14:22 . 2012-04-11 17:40 408838 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2012-02-15 15:34 . 2011-12-14 07:03 237056 c:\windows\system32\url.dll
+ 2012-04-11 03:33 . 2012-02-28 06:48 237056 c:\windows\system32\url.dll
+ 2012-04-11 03:33 . 2012-02-28 06:45 818688 c:\windows\system32\jscript.dll
- 2012-02-15 15:34 . 2011-12-14 07:00 818688 c:\windows\system32\jscript.dll
+ 2012-04-11 03:33 . 2012-02-28 06:39 248320 c:\windows\system32\ieui.dll
- 2012-02-15 15:34 . 2011-12-14 06:53 248320 c:\windows\system32\ieui.dll
+ 2009-07-14 04:46 . 2012-04-12 21:48 106040 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 05:01 . 2012-04-10 23:07 448784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-12 04:47 448784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-11 23:42 . 2012-04-11 23:42 380928 c:\windows\Installer\{CF8FFD12-602B-422D-AF1D-511B411E7632}\iTunesIco.exe
+ 2012-02-02 21:55 . 2012-04-11 03:34 415584 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\pubs.exe
- 2012-02-02 21:55 . 2012-04-10 23:05 415584 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\pubs.exe
+ 2012-02-02 21:55 . 2012-04-11 03:34 303456 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\outicon.exe
- 2012-02-02 21:55 . 2012-04-10 23:05 303456 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\outicon.exe
- 2012-02-02 21:55 . 2012-04-10 23:05 571232 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\misc.exe
+ 2012-02-02 21:55 . 2012-04-11 03:34 571232 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\misc.exe
- 2012-02-02 21:55 . 2012-04-10 23:05 326496 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\joticon.exe
+ 2012-02-02 21:55 . 2012-04-11 03:34 326496 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\joticon.exe
+ 2012-02-02 21:55 . 2012-04-11 03:34 469856 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\inficon.exe
- 2012-02-02 21:55 . 2012-04-10 23:05 469856 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\inficon.exe
+ 2012-02-02 21:55 . 2012-04-11 03:34 178528 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\grvicons.exe
- 2012-02-02 21:55 . 2012-04-10 23:05 178528 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\grvicons.exe
+ 2012-04-11 03:33 . 2012-02-28 01:11 1127424 c:\windows\SysWOW64\wininet.dll
- 2012-02-15 15:34 . 2011-12-14 02:57 1127424 c:\windows\SysWOW64\wininet.dll
+ 2012-04-11 03:33 . 2012-02-28 01:12 1103360 c:\windows\SysWOW64\urlmon.dll
- 2012-02-15 15:34 . 2011-12-14 02:57 1103360 c:\windows\SysWOW64\urlmon.dll
+ 2012-04-11 03:33 . 2012-02-28 01:18 1799168 c:\windows\SysWOW64\jscript9.dll
+ 2012-04-11 03:33 . 2012-02-28 01:04 1792000 c:\windows\SysWOW64\iertutil.dll
- 2012-02-15 15:34 . 2011-12-14 02:52 1792000 c:\windows\SysWOW64\iertutil.dll
+ 2012-04-11 03:33 . 2012-02-28 01:27 9705984 c:\windows\SysWOW64\ieframe.dll
+ 2012-04-11 03:33 . 2012-02-28 06:49 1390080 c:\windows\system32\wininet.dll
- 2012-02-15 15:34 . 2011-12-14 07:04 1390080 c:\windows\system32\wininet.dll
+ 2012-04-11 03:33 . 2012-02-28 06:50 1345536 c:\windows\system32\urlmon.dll
- 2012-02-15 15:34 . 2011-12-14 07:04 1345536 c:\windows\system32\urlmon.dll
+ 2012-04-11 03:33 . 2012-02-28 06:56 2311168 c:\windows\system32\jscript9.dll
- 2012-02-15 15:34 . 2011-12-14 06:59 2144256 c:\windows\system32\iertutil.dll
+ 2012-04-11 03:33 . 2012-02-28 06:43 2144256 c:\windows\system32\iertutil.dll
- 2009-07-14 04:45 . 2012-04-10 23:13 7114300 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-04-11 04:43 7114300 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-03-28 18:14 . 2012-04-12 04:47 4856560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-03-28 18:14 . 2012-04-10 23:07 4856560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-03-07 20:02 . 2012-03-07 20:02 1908224 c:\windows\Installer\f1b729.msp
+ 2012-02-02 21:55 . 2012-04-11 03:34 1479520 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\xlicons.exe
- 2012-02-02 21:55 . 2012-04-10 23:05 1479520 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\xlicons.exe
+ 2012-02-02 21:55 . 2012-04-11 03:34 1858400 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\wordicon.exe
- 2012-02-02 21:55 . 2012-04-10 23:05 1858400 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\wordicon.exe
+ 2012-02-02 21:55 . 2012-04-11 03:34 3792736 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\pptico.exe
- 2012-02-02 21:55 . 2012-04-10 23:05 3792736 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\pptico.exe
- 2012-02-02 21:55 . 2012-04-10 23:05 1449312 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\accicons.exe
+ 2012-02-02 21:55 . 2012-04-11 03:34 1449312 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\accicons.exe
+ 2012-04-11 03:33 . 2012-02-28 01:52 12281856 c:\windows\SysWOW64\mshtml.dll
+ 2009-07-14 02:34 . 2012-04-11 04:39 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-04-10 23:09 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-04-11 03:33 . 2012-02-28 07:34 17790976 c:\windows\system32\mshtml.dll
+ 2012-04-11 03:33 . 2012-02-28 07:02 10888704 c:\windows\system32\ieframe.dll
+ 2011-04-13 04:27 . 2012-04-12 04:47 21939112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3154224136-66872059-3589488557-1000-12288.dat
- 2011-04-13 04:27 . 2012-04-10 23:07 21939112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3154224136-66872059-3589488557-1000-12288.dat
+ 2012-03-07 20:03 . 2012-03-07 20:03 26386944 c:\windows\Installer\f1b745.msp
+ 2012-04-11 23:40 . 2012-04-11 23:40 49125888 c:\windows\Installer\42025f.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7}]
2011-04-20 21:25 605888 ----a-w- c:\program files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
"PicPick Start"="c:\program files (x86)\PicPick\picpick.exe" [2012-02-11 10530816]
"F.lux"="c:\users\rolando\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-02 219952]
"Pidgin"="c:\program files (x86)\Pidgin\pidgin.exe" [2012-03-26 49340]
"OpenDNS Updater"="c:\program files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"OSD_LAUNCH"="c:\program files (x86)\OSD\Launch.exe" [2010-01-05 32768]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"FATrayAlert"="c:\program files\Alienware\Command Center\AlienSense\FATrayMon.exe" [2010-04-04 95560]
"Absolute Notifier"="c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2011-05-10 85672]
"Clearwire Connection Manager"="c:\program files (x86)\Clearwire\Connection Manager\ClearwireCM.exe" [2011-05-11 54608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 343168]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2012-01-05 1823744]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"FAStartup"="" [BU]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-17 1080096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-04-04 18:43 144712 ----a-w- c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clearwireDeviceDiagnosticsService;Clearwire Device Diagnostics Service;c:\program files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe [2010-06-17 398848]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HappyOSD;HappyOSD;c:\program files (x86)\OSD\OSD_Service.exe [2010-01-04 16384]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 rpcld;Remote Procedure Call (RPC) LD;c:\programdata\Rpcnet\Bin\rpcld.exe [x]
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2011-11-03 63880]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64.sys [x]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CACLEARWIRE;Clearwire Con App Svc;c:\program files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe [2011-05-11 124240]
R3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files (x86)\Clearwire\Connection Manager\RcAppSvc.exe [2011-05-11 120144]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\DRIVERS\HP8207_8307.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 IAMTVE;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTVE.sys [x]
R3 IAMTXPE;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTXPE.sys [x]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys [x]
R3 ioatdma2;Intel® QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys [x]
R3 iSSetup;iSSetup;c:\windows\system32\DRIVERS\iSSetup.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\1CB5.tmp [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\DRIVERS\PTUMWBus.sys [x]
R3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\DRIVERS\PTUMWCDF.sys [x]
R3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\DRIVERS\PTUMWFLT.sys [x]
R3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\DRIVERS\PTUMWMdm.sys [x]
R3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\DRIVERS\PTUMWNET.sys [x]
R3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMWVsp.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 ioatdma;Intel® QuickData Technology device;c:\windows\System32\Drivers\ioatdma.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-02-15 3025112]
S2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2011-05-10 10920]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe [2009-03-02 89600]
S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-21 14648]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe [2010-04-04 2409800]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-02-02 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2011-01-13 705856]
S2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe [2011-05-11 107856]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 ITECIRfilter;ITECIR Filter Driver;c:\windows\system32\DRIVERS\ITECIRfilter.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [x]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\OSD\WinRing0x64.sys [2008-07-26 14544]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PBFILTER
*NewlyCreated* - WINRING0_1_2_0
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-09-15 487424]
"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-05-21 63304]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-16 5470208]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"phelsv"="c:\users\rolando\AppData\Local\Temp\phelsv.dll" [BU]
"shoms"="c:\users\rolando\AppData\Local\Temp\shoms.dll" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
TCP: DhcpNameServer = 192.168.15.1
TCP: Interfaces\{F55CB451-1E36-4B4B-A799-870253D22B8C}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{F55CB451-1E36-4B4B-A799-870253D22B8C}\14246594D27554354513: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F55CB451-1E36-4B4B-A799-870253D22B8C}\2656C6B696E6E2539383: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{F55CB451-1E36-4B4B-A799-870253D22B8C}\4796765627: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{F55CB451-1E36-4B4B-A799-870253D22B8C}\C696E6B6379737: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{F55CB451-1E36-4B4B-A799-870253D22B8C}\C696E6B6379737F5F475F51303339393: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\rolando\AppData\Roaming\Mozilla\Firefox\Profiles\uj62h6yn.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\1CB5.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3154224136-66872059-3589488557-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*v*.VO\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-12 17:18:11
ComboFix-quarantined-files.txt 2012-04-12 22:18
ComboFix2.txt 2012-04-11 03:00
.
Pre-Run: 97,921,363,968 bytes free
Post-Run: 97,673,097,216 bytes free
.
- - End Of File - - B3C7D6DB6871C6B6938076C880E4D372





==============================================================================================================================================================================================






Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.12.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
rolando :: ARTEMIS [administrator]

4/12/2012 5:25:11 PM
mbam-log-2012-04-12 (17-25-11).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 492962
Time elapsed: 1 hour(s), 14 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#11 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:41 AM

Posted 12 April 2012 - 09:38 PM

Please do this next:

Posted Image Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Registry::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"phelsv"=-
"shoms"=-
Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#12 leoliger

leoliger
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:41 AM

Posted 13 April 2012 - 11:10 PM

Here is the result of the combofix log.



ComboFix 12-04-10.02 - rolando 04/13/2012 22:27:54.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8181.5938 [GMT -5:00]
Running from: c:\users\rolando\Desktop\ComboFix.exe
Command switches used :: c:\users\rolando\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-14 to 2012-04-14 )))))))))))))))))))))))))))))))
.
.
2012-04-14 03:35 . 2012-04-14 03:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-13 16:37 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14FC6302-ED0F-4D98-A676-49B95AD700E5}\mpengine.dll
2012-04-11 23:41 . 2012-04-11 23:41 -------- d-----w- c:\program files\iPod
2012-04-11 23:41 . 2012-04-11 23:42 -------- d-----w- c:\program files\iTunes
2012-04-11 23:41 . 2012-04-11 23:42 -------- d-----w- c:\program files (x86)\iTunes
2012-04-11 18:41 . 2012-04-11 18:41 -------- d-----w- c:\users\rolando\AppData\Roaming\OpenDNS Updater
2012-04-11 18:41 . 2012-04-11 18:41 -------- d-----w- c:\program files (x86)\OpenDNS Updater
2012-04-10 23:18 . 2012-04-10 23:18 -------- d-----w- C:\_OTL
2012-04-10 23:04 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-10 23:04 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-10 23:04 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-10 23:01 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-10 23:01 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-10 23:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-10 23:01 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-10 23:01 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-10 23:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-10 23:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-10 14:45 . 2012-04-10 14:45 -------- d-----w- c:\users\rolando\AppData\Roaming\Malwarebytes
2012-04-10 14:45 . 2012-04-10 14:45 -------- d-----w- c:\programdata\Malwarebytes
2012-04-10 14:45 . 2012-04-10 14:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-10 14:45 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-09 17:50 . 2012-04-10 22:57 -------- d-----w- c:\program files (x86)\Anvisoft
2012-04-04 18:53 . 2012-04-03 19:19 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-04-04 18:51 . 2012-04-03 19:19 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-04-04 18:51 . 2012-04-04 18:51 -------- d-----w- c:\program files\Oracle
2012-04-03 19:19 . 2012-04-03 19:19 147248 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-04-03 15:03 . 2012-04-03 15:03 -------- d-----w- c:\users\rolando\AppData\Local\{367C710F-7D9E-11E1-826D-B8AC6F996F26}
2012-04-02 15:39 . 2012-04-02 15:39 -------- d-----w- c:\program files (x86)\Auslogics
2012-03-25 19:18 . 2012-03-25 19:18 -------- d-----w- c:\program files (x86)\PFPortChecker
2012-03-23 03:26 . 2012-03-23 14:21 -------- d-----w- c:\users\rolando\AppData\Local\Diagnostics
2012-03-22 04:46 . 2012-03-22 04:46 -------- d-----w- c:\programdata\PreEmptive Solutions
2012-03-22 00:49 . 2012-03-22 00:49 -------- d-----w- c:\programdata\VS
2012-03-22 00:48 . 2012-03-22 00:48 -------- d-----w- C:\407c118d82280af108
2012-03-21 19:36 . 2012-03-26 20:10 -------- dc----w- c:\users\rolando\AppData\Local\MigWiz
2012-03-21 18:33 . 2012-04-08 01:09 -------- d-----w- c:\users\rolando\.VirtualBox
2012-03-21 17:56 . 2012-03-21 17:56 -------- d-----w- c:\program files (x86)\WBFS to ISO
2012-03-21 13:29 . 2012-03-21 13:29 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2012-03-21 13:29 . 2012-03-25 02:11 -------- d-----w- c:\programdata\Rosetta Stone
2012-03-21 13:29 . 2012-03-21 13:29 -------- d-----w- c:\program files (x86)\Rosetta Stone
2012-03-17 22:41 . 2012-03-17 22:41 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-17 22:41 . 2012-03-17 22:41 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-16 01:48 . 2012-03-21 20:08 -------- d-----w- c:\users\rolando\AppData\Roaming\Ynew
2012-03-16 01:48 . 2012-03-16 03:38 -------- d-----w- c:\users\rolando\AppData\Roaming\Zoezip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 11:10 . 2011-11-01 00:21 52224 ----a-w- c:\windows\SysWow64\rpcnet.dll
2012-03-23 03:57 . 2012-03-02 01:53 2373120 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-02-28 17:37 . 2012-02-27 18:04 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2012-02-23 14:18 . 2011-04-18 21:00 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-13 17:53 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 17:53 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 17:53 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 17:53 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-16 05:43 . 2011-12-23 05:33 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-16 05:43 . 2011-03-14 07:05 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-10 06:36 . 2012-03-13 17:55 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 17:55 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-13 17:55 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-02 14:18 . 2011-04-30 23:39 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-02 14:18 . 2011-04-30 23:39 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-02-02 14:18 . 2011-04-30 23:39 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-01-25 06:38 . 2012-03-13 17:54 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-13 17:54 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-13 17:54 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-12_22.16.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-04-13 11:19 39154 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-06 13:33 . 2012-04-13 11:19 22214 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3154224136-66872059-3589488557-1000_UserData.bin
- 2011-03-22 23:44 . 2012-04-11 22:30 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-22 23:44 . 2012-04-13 11:10 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-22 23:44 . 2012-04-11 22:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-22 23:44 . 2012-04-13 11:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-13 11:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-11 22:30 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-13 11:10 . 2012-04-13 11:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-12 12:44 . 2012-04-12 12:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-13 11:10 . 2012-04-13 11:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-12 12:44 . 2012-04-12 12:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-04-13 05:11 448784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-12 04:47 448784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-28 18:14 . 2012-04-13 05:11 4856560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-03-28 18:14 . 2012-04-12 04:47 4856560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-04-13 04:27 . 2012-04-13 05:11 22775252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3154224136-66872059-3589488557-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7}]
2011-04-20 21:25 605888 ----a-w- c:\program files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
"PicPick Start"="c:\program files (x86)\PicPick\picpick.exe" [2012-02-11 10530816]
"F.lux"="c:\users\rolando\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-02 219952]
"Pidgin"="c:\program files (x86)\Pidgin\pidgin.exe" [2012-03-26 49340]
"OpenDNS Updater"="c:\program files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"OSD_LAUNCH"="c:\program files (x86)\OSD\Launch.exe" [2010-01-05 32768]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"FATrayAlert"="c:\program files\Alienware\Command Center\AlienSense\FATrayMon.exe" [2010-04-04 95560]
"Absolute Notifier"="c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2011-05-10 85672]
"Clearwire Connection Manager"="c:\program files (x86)\Clearwire\Connection Manager\ClearwireCM.exe" [2011-05-11 54608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-10 343168]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2012-01-05 1823744]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"FAStartup"="" [BU]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-17 1080096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-04-04 18:43 144712 ----a-w- c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clearwireDeviceDiagnosticsService;Clearwire Device Diagnostics Service;c:\program files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe [2010-06-17 398848]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HappyOSD;HappyOSD;c:\program files (x86)\OSD\OSD_Service.exe [2010-01-04 16384]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 rpcld;Remote Procedure Call (RPC) LD;c:\programdata\Rpcnet\Bin\rpcld.exe [x]
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2011-11-03 63880]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64.sys [x]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CACLEARWIRE;Clearwire Con App Svc;c:\program files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe [2011-05-11 124240]
R3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files (x86)\Clearwire\Connection Manager\RcAppSvc.exe [2011-05-11 120144]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\DRIVERS\HP8207_8307.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 IAMTVE;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTVE.sys [x]
R3 IAMTXPE;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTXPE.sys [x]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys [x]
R3 ioatdma2;Intel® QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys [x]
R3 iSSetup;iSSetup;c:\windows\system32\DRIVERS\iSSetup.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\1CB5.tmp [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\DRIVERS\PTUMWBus.sys [x]
R3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\DRIVERS\PTUMWCDF.sys [x]
R3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\DRIVERS\PTUMWFLT.sys [x]
R3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\DRIVERS\PTUMWMdm.sys [x]
R3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\DRIVERS\PTUMWNET.sys [x]
R3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMWVsp.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 ioatdma;Intel® QuickData Technology device;c:\windows\System32\Drivers\ioatdma.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-02-15 3025112]
S2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2011-05-10 10920]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe [2009-03-02 89600]
S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-21 14648]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe [2010-04-04 2409800]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-02-02 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2011-01-13 705856]
S2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe [2011-05-11 107856]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 ITECIRfilter;ITECIR Filter Driver;c:\windows\system32\DRIVERS\ITECIRfilter.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [x]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\OSD\WinRing0x64.sys [2008-07-26 14544]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PBFILTER
*NewlyCreated* - WINRING0_1_2_0
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-09-15 487424]
"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-05-21 63304]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-16 5470208]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"phelsv"="c:\users\rolando\AppData\Local\Temp\phelsv.dll" [BU]
"shoms"="c:\users\rolando\AppData\Local\Temp\shoms.dll" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files (x86)\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
TCP: DhcpNameServer = 192.168.15.1
TCP: Interfaces\{F55CB451-1E36-4B4B-A799-870253D22B8C}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{F55CB451-1E36-4B4B-A799-870253D22B8C}\14246594D27554354513: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F55CB451-1E36-4B4B-A799-870253D22B8C}\2656C6B696E6E2539383: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{F55CB451-1E36-4B4B-A799-870253D22B8C}\4796765627: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{F55CB451-1E36-4B4B-A799-870253D22B8C}\C696E6B6379737: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{F55CB451-1E36-4B4B-A799-870253D22B8C}\C696E6B6379737F5F475F51303339393: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\rolando\AppData\Roaming\Mozilla\Firefox\Profiles\uj62h6yn.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\1CB5.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3154224136-66872059-3589488557-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*v*.VO\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-13 22:37:53
ComboFix-quarantined-files.txt 2012-04-14 03:37
ComboFix2.txt 2012-04-12 22:18
ComboFix3.txt 2012-04-11 03:00
.
Pre-Run: 97,882,279,936 bytes free
Post-Run: 97,573,052,416 bytes free
.
- - End Of File - - 3ED7723734A7F8B838F9BDAD71B17362

#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:41 AM

Posted 15 April 2012 - 12:28 AM

Please do this next:

Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.
Please include the following in your next post:
  • TDSSKiller log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#14 leoliger

leoliger
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:41 AM

Posted 15 April 2012 - 07:28 AM

Here is the TDSSKiller Log:


07:19:17.0069 0684 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
07:19:17.0799 0684 ============================================================
07:19:17.0799 0684 Current date / time: 2012/04/15 07:19:17.0799
07:19:17.0799 0684 SystemInfo:
07:19:17.0799 0684
07:19:17.0799 0684 OS Version: 6.1.7601 ServicePack: 1.0
07:19:17.0799 0684 Product type: Workstation
07:19:17.0799 0684 ComputerName: ARTEMIS
07:19:17.0800 0684 UserName: rolando
07:19:17.0800 0684 Windows directory: C:\Windows
07:19:17.0800 0684 System windows directory: C:\Windows
07:19:17.0800 0684 Running under WOW64
07:19:17.0800 0684 Processor architecture: Intel x64
07:19:17.0800 0684 Number of processors: 8
07:19:17.0800 0684 Page size: 0x1000
07:19:17.0800 0684 Boot type: Normal boot
07:19:17.0800 0684 ============================================================
07:19:18.0426 0684 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:19:18.0435 0684 \Device\Harddisk0\DR0:
07:19:18.0435 0684 MBR used
07:19:18.0435 0684 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
07:19:18.0435 0684 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x38625E6B
07:19:18.0464 0684 Initialize success
07:19:18.0464 0684 ============================================================
07:19:33.0888 4220 ============================================================
07:19:33.0888 4220 Scan started
07:19:33.0888 4220 Mode: Manual; TDLFS;
07:19:33.0888 4220 ============================================================
07:19:34.0194 4220 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
07:19:34.0194 4220 !SASCORE - ok
07:19:34.0320 4220 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
07:19:34.0324 4220 1394ohci - ok
07:19:34.0417 4220 a2acc (922ab7cc2c12c38dc2c4074af893d5fb) C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
07:19:34.0419 4220 a2acc - ok
07:19:34.0499 4220 a2AntiMalware (5a65a77f7a4a091e896c21db4ef18e1f) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
07:19:34.0510 4220 a2AntiMalware - ok
07:19:34.0542 4220 A2DDA (3044d0f3feb9ffe8bc953d8f34b5b504) C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
07:19:34.0542 4220 A2DDA - ok
07:19:34.0624 4220 AbsoluteNotifier (28d79aaa4e1c15577a86f930e8da5e50) C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
07:19:34.0624 4220 AbsoluteNotifier - ok
07:19:34.0729 4220 Acceler (e388503069001f0797ec200ce19b265e) C:\Windows\system32\DRIVERS\Acceler.sys
07:19:34.0730 4220 Acceler - ok
07:19:34.0785 4220 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
07:19:34.0790 4220 ACPI - ok
07:19:34.0842 4220 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
07:19:34.0844 4220 AcpiPmi - ok
07:19:34.0945 4220 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
07:19:34.0946 4220 AdobeARMservice - ok
07:19:35.0001 4220 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
07:19:35.0007 4220 adp94xx - ok
07:19:35.0023 4220 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
07:19:35.0027 4220 adpahci - ok
07:19:35.0043 4220 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
07:19:35.0064 4220 adpu320 - ok
07:19:35.0103 4220 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
07:19:35.0105 4220 AeLookupSvc - ok
07:19:35.0243 4220 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe
07:19:35.0244 4220 AESTFilters - ok
07:19:35.0304 4220 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
07:19:35.0310 4220 AFD - ok
07:19:35.0360 4220 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
07:19:35.0363 4220 agp440 - ok
07:19:35.0414 4220 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
07:19:35.0416 4220 ALG - ok
07:19:35.0495 4220 AlienFusionService (a99e57669390f265d25288c8ba042d78) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
07:19:35.0496 4220 AlienFusionService - ok
07:19:35.0671 4220 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
07:19:35.0678 4220 aliide - ok
07:19:35.0826 4220 AMD External Events Utility (402e2d41f35d148f45dc306b91dc5ca1) C:\Windows\system32\atiesrxx.exe
07:19:35.0830 4220 AMD External Events Utility - ok
07:19:35.0941 4220 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
07:19:35.0944 4220 amdide - ok
07:19:36.0070 4220 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
07:19:36.0072 4220 AmdK8 - ok
07:19:36.0229 4220 amdkmdag (b186b4fae1ecc97115a784d6ca523c76) C:\Windows\system32\DRIVERS\atikmdag.sys
07:19:36.0398 4220 amdkmdag - ok
07:19:36.0455 4220 amdkmdap (d55f040dac0e9ab470fa585d00758977) C:\Windows\system32\DRIVERS\atikmpag.sys
07:19:36.0456 4220 amdkmdap - ok
07:19:36.0477 4220 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
07:19:36.0479 4220 AmdPPM - ok
07:19:36.0534 4220 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
07:19:36.0536 4220 amdsata - ok
07:19:36.0572 4220 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
07:19:36.0575 4220 amdsbs - ok
07:19:36.0596 4220 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
07:19:36.0596 4220 amdxata - ok
07:19:36.0660 4220 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
07:19:36.0662 4220 AppID - ok
07:19:36.0710 4220 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
07:19:36.0711 4220 AppIDSvc - ok
07:19:36.0762 4220 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
07:19:36.0765 4220 Appinfo - ok
07:19:36.0864 4220 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:19:36.0865 4220 Apple Mobile Device - ok
07:19:36.0935 4220 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
07:19:36.0937 4220 arc - ok
07:19:36.0970 4220 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
07:19:36.0972 4220 arcsas - ok
07:19:37.0004 4220 ASPI32 - ok
07:19:37.0120 4220 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
07:19:37.0122 4220 aspnet_state - ok
07:19:37.0154 4220 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
07:19:37.0155 4220 AsyncMac - ok
07:19:37.0200 4220 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
07:19:37.0201 4220 atapi - ok
07:19:37.0270 4220 AtiHDAudioService (cbe5f8b3e54198f5dfe403a55a95de08) C:\Windows\system32\drivers\AtihdW76.sys
07:19:37.0271 4220 AtiHDAudioService - ok
07:19:37.0327 4220 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
07:19:37.0344 4220 AudioEndpointBuilder - ok
07:19:37.0360 4220 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
07:19:37.0363 4220 AudioSrv - ok
07:19:37.0431 4220 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
07:19:37.0433 4220 AxInstSV - ok
07:19:37.0527 4220 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
07:19:37.0532 4220 b06bdrv - ok
07:19:37.0568 4220 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
07:19:37.0573 4220 b57nd60a - ok
07:19:37.0635 4220 bcm (9053de05e07d4ea37537c5b31f20c8b6) C:\Windows\system32\DRIVERS\drxvi314_64.sys
07:19:37.0640 4220 bcm - ok
07:19:37.0676 4220 BCM42RLY (5c0f919666954885d7760dffe4b29a25) C:\Windows\system32\drivers\BCM42RLY.sys
07:19:37.0676 4220 BCM42RLY - ok
07:19:37.0768 4220 BCM43XX (bab887a2b2786310a966881f074f4a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
07:19:37.0780 4220 BCM43XX - ok
07:19:37.0904 4220 bcmbusctr (a0dcf2f105e554a95e195786d026d9fe) C:\Windows\system32\DRIVERS\BcmBusCtr_64.sys
07:19:37.0905 4220 bcmbusctr - ok
07:19:37.0962 4220 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
07:19:37.0964 4220 BDESVC - ok
07:19:38.0010 4220 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
07:19:38.0012 4220 Beep - ok
07:19:38.0085 4220 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
07:19:38.0101 4220 BFE - ok
07:19:38.0152 4220 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
07:19:38.0171 4220 BITS - ok
07:19:38.0199 4220 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
07:19:38.0200 4220 blbdrive - ok
07:19:38.0272 4220 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
07:19:38.0278 4220 Bonjour Service - ok
07:19:38.0313 4220 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
07:19:38.0314 4220 bowser - ok
07:19:38.0344 4220 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:19:38.0345 4220 BrFiltLo - ok
07:19:38.0362 4220 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:19:38.0363 4220 BrFiltUp - ok
07:19:38.0418 4220 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
07:19:38.0421 4220 BridgeMP - ok
07:19:38.0466 4220 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
07:19:38.0469 4220 Browser - ok
07:19:38.0491 4220 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
07:19:38.0495 4220 Brserid - ok
07:19:38.0513 4220 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
07:19:38.0515 4220 BrSerWdm - ok
07:19:38.0532 4220 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:19:38.0534 4220 BrUsbMdm - ok
07:19:38.0543 4220 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
07:19:38.0544 4220 BrUsbSer - ok
07:19:38.0602 4220 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
07:19:38.0604 4220 BthEnum - ok
07:19:38.0634 4220 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
07:19:38.0636 4220 BTHMODEM - ok
07:19:38.0686 4220 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
07:19:38.0689 4220 BthPan - ok
07:19:38.0745 4220 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
07:19:38.0752 4220 BTHPORT - ok
07:19:38.0802 4220 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
07:19:38.0804 4220 bthserv - ok
07:19:38.0832 4220 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
07:19:38.0834 4220 BTHUSB - ok
07:19:38.0890 4220 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys
07:19:38.0892 4220 btusbflt - ok
07:19:38.0915 4220 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
07:19:38.0917 4220 btwaudio - ok
07:19:38.0936 4220 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys
07:19:38.0939 4220 btwavdt - ok
07:19:39.0012 4220 btwdins (6dde1e97be4d50253dfb9090a6a62524) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
07:19:39.0031 4220 btwdins - ok
07:19:39.0052 4220 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
07:19:39.0053 4220 btwl2cap - ok
07:19:39.0066 4220 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
07:19:39.0067 4220 btwrchid - ok
07:19:39.0145 4220 CACLEARWIRE (8ca554e3bec5b6c7d945b401e6af390d) C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe
07:19:39.0147 4220 CACLEARWIRE - ok
07:19:39.0179 4220 catchme - ok
07:19:39.0224 4220 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
07:19:39.0226 4220 cdfs - ok
07:19:39.0298 4220 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
07:19:39.0301 4220 cdrom - ok
07:19:39.0355 4220 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
07:19:39.0357 4220 CertPropSvc - ok
07:19:39.0387 4220 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
07:19:39.0389 4220 circlass - ok
07:19:39.0477 4220 clearwireDeviceDiagnosticsService (df352ad585c99b088445c932f4817a45) C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe
07:19:39.0482 4220 clearwireDeviceDiagnosticsService - ok
07:19:39.0518 4220 CLEARWIRERcAppSvc (5bd6058a42cb8d9cf1ed67c7daa98505) C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe
07:19:39.0520 4220 CLEARWIRERcAppSvc - ok
07:19:39.0569 4220 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
07:19:39.0574 4220 CLFS - ok
07:19:39.0651 4220 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:19:39.0653 4220 clr_optimization_v2.0.50727_32 - ok
07:19:39.0709 4220 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:19:39.0711 4220 clr_optimization_v2.0.50727_64 - ok
07:19:39.0778 4220 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:19:39.0813 4220 clr_optimization_v4.0.30319_32 - ok
07:19:39.0851 4220 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:19:39.0854 4220 clr_optimization_v4.0.30319_64 - ok
07:19:39.0946 4220 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
07:19:39.0948 4220 CmBatt - ok
07:19:40.0003 4220 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
07:19:40.0004 4220 cmdide - ok
07:19:40.0063 4220 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
07:19:40.0069 4220 CNG - ok
07:19:40.0086 4220 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
07:19:40.0087 4220 Compbatt - ok
07:19:40.0137 4220 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
07:19:40.0139 4220 CompositeBus - ok
07:19:40.0152 4220 COMSysApp - ok
07:19:40.0173 4220 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
07:19:40.0174 4220 crcdisk - ok
07:19:40.0282 4220 CronService (63a7739ac9c1e38589b3edb1daeb9df5) C:\Prey\platform\windows\cronsvc.exe
07:19:40.0282 4220 CronService - ok
07:19:40.0336 4220 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
07:19:40.0339 4220 CryptSvc - ok
07:19:40.0390 4220 CtClsFlt (58cb536da016641c9d24d183197f6dbf) C:\Windows\system32\DRIVERS\CtClsFlt.sys
07:19:40.0393 4220 CtClsFlt - ok
07:19:40.0449 4220 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
07:19:40.0463 4220 DcomLaunch - ok
07:19:40.0528 4220 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
07:19:40.0532 4220 defragsvc - ok
07:19:40.0585 4220 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
07:19:40.0588 4220 DfsC - ok
07:19:40.0599 4220 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
07:19:40.0606 4220 Dhcp - ok
07:19:40.0653 4220 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
07:19:40.0654 4220 discache - ok
07:19:40.0694 4220 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
07:19:40.0696 4220 Disk - ok
07:19:40.0741 4220 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
07:19:40.0745 4220 Dnscache - ok
07:19:40.0792 4220 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
07:19:40.0796 4220 dot3svc - ok
07:19:40.0845 4220 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
07:19:40.0849 4220 DPS - ok
07:19:40.0894 4220 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
07:19:40.0896 4220 drmkaud - ok
07:19:40.0944 4220 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
07:19:40.0947 4220 DXGKrnl - ok
07:19:41.0008 4220 e1kexpress (f369e83f6cdab987ca2dd764278659a6) C:\Windows\system32\DRIVERS\e1k62x64.sys
07:19:41.0009 4220 e1kexpress - ok
07:19:41.0060 4220 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
07:19:41.0062 4220 EapHost - ok
07:19:41.0140 4220 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
07:19:41.0207 4220 ebdrv - ok
07:19:41.0270 4220 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
07:19:41.0272 4220 EFS - ok
07:19:41.0345 4220 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
07:19:41.0362 4220 ehRecvr - ok
07:19:41.0398 4220 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
07:19:41.0401 4220 ehSched - ok
07:19:41.0473 4220 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
07:19:41.0480 4220 elxstor - ok
07:19:41.0528 4220 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
07:19:41.0530 4220 ErrDev - ok
07:19:41.0593 4220 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
07:19:41.0599 4220 EventSystem - ok
07:19:41.0624 4220 ewusbnet - ok
07:19:41.0651 4220 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
07:19:41.0654 4220 exfat - ok
07:19:41.0778 4220 FACAP (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys
07:19:41.0801 4220 FACAP - ok
07:19:41.0915 4220 FAService (53e30a6e86aa93c0ffc0bc0439e3e636) C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
07:19:41.0925 4220 FAService - ok
07:19:41.0985 4220 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
07:19:41.0988 4220 fastfat - ok
07:19:42.0043 4220 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
07:19:42.0051 4220 Fax - ok
07:19:42.0082 4220 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
07:19:42.0084 4220 fdc - ok
07:19:42.0127 4220 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
07:19:42.0129 4220 fdPHost - ok
07:19:42.0142 4220 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
07:19:42.0143 4220 FDResPub - ok
07:19:42.0174 4220 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
07:19:42.0175 4220 FileInfo - ok
07:19:42.0193 4220 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
07:19:42.0194 4220 Filetrace - ok
07:19:42.0280 4220 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
07:19:42.0297 4220 FLEXnet Licensing Service - ok
07:19:42.0347 4220 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
07:19:42.0349 4220 flpydisk - ok
07:19:42.0398 4220 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
07:19:42.0402 4220 FltMgr - ok
07:19:42.0461 4220 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
07:19:42.0486 4220 FontCache - ok
07:19:42.0572 4220 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:19:42.0572 4220 FontCache3.0.0.0 - ok
07:19:42.0628 4220 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
07:19:42.0630 4220 FsDepends - ok
07:19:42.0681 4220 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
07:19:42.0681 4220 Fs_Rec - ok
07:19:42.0736 4220 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
07:19:42.0740 4220 fvevol - ok
07:19:42.0768 4220 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
07:19:42.0770 4220 gagp30kx - ok
07:19:42.0818 4220 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:19:42.0818 4220 GEARAspiWDM - ok
07:19:42.0868 4220 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
07:19:42.0885 4220 gpsvc - ok
07:19:42.0970 4220 HappyOSD (8cd92502fec49e837155b9f20e5e2d2c) C:\Program Files (x86)\OSD\OSD_Service.exe
07:19:42.0970 4220 HappyOSD - ok
07:19:43.0064 4220 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
07:19:43.0065 4220 hcw85cir - ok
07:19:43.0111 4220 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
07:19:43.0116 4220 HdAudAddService - ok
07:19:43.0169 4220 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
07:19:43.0171 4220 HDAudBus - ok
07:19:43.0198 4220 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
07:19:43.0199 4220 HidBatt - ok
07:19:43.0216 4220 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
07:19:43.0218 4220 HidBth - ok
07:19:43.0252 4220 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
07:19:43.0257 4220 HidIr - ok
07:19:43.0299 4220 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
07:19:43.0301 4220 hidserv - ok
07:19:43.0350 4220 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
07:19:43.0352 4220 HidUsb - ok
07:19:43.0397 4220 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
07:19:43.0400 4220 hkmsvc - ok
07:19:43.0440 4220 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
07:19:43.0444 4220 HomeGroupListener - ok
07:19:43.0485 4220 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
07:19:43.0489 4220 HomeGroupProvider - ok
07:19:43.0553 4220 HP8207_8307 (3015b37029ad15c67ebca5053c422f90) C:\Windows\system32\DRIVERS\HP8207_8307.sys
07:19:43.0555 4220 HP8207_8307 - ok
07:19:43.0615 4220 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
07:19:43.0617 4220 HpSAMD - ok
07:19:43.0669 4220 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
07:19:43.0671 4220 HTCAND64 - ok
07:19:43.0718 4220 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
07:19:43.0720 4220 htcnprot - ok
07:19:43.0780 4220 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
07:19:43.0797 4220 HTTP - ok
07:19:43.0821 4220 huawei_enumerator - ok
07:19:43.0840 4220 hwdatacard - ok
07:19:43.0889 4220 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
07:19:43.0890 4220 hwpolicy - ok
07:19:43.0950 4220 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
07:19:43.0952 4220 i8042prt - ok
07:19:44.0000 4220 IAMTVE (87a72502c8ac5e89b5a46ff6e874f5c5) C:\Windows\system32\DRIVERS\IAMTVE.sys
07:19:44.0002 4220 IAMTVE - ok
07:19:44.0049 4220 IAMTXPE (5516f8e518a2f6a8755498f3e73957cf) C:\Windows\system32\DRIVERS\IAMTXPE.sys
07:19:44.0050 4220 IAMTXPE - ok
07:19:44.0101 4220 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
07:19:44.0104 4220 iaStor - ok
07:19:44.0173 4220 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
07:19:44.0174 4220 IAStorDataMgrSvc - ok
07:19:44.0261 4220 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
07:19:44.0267 4220 iaStorV - ok
07:19:44.0366 4220 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:19:44.0386 4220 idsvc - ok
07:19:44.0476 4220 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
07:19:44.0478 4220 iirsp - ok
07:19:44.0534 4220 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
07:19:44.0551 4220 IKEEXT - ok
07:19:44.0606 4220 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
07:19:44.0607 4220 intelide - ok
07:19:44.0660 4220 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
07:19:44.0661 4220 intelppm - ok
07:19:44.0728 4220 ioatdma (4b846898aa05bb1e1e88313c9174a9ed) C:\Windows\system32\Drivers\ioatdma.sys
07:19:44.0728 4220 ioatdma - ok
07:19:44.0755 4220 ioatdma1 (7f4f67177e9fc600b2aff6bb21db6d04) C:\Windows\System32\Drivers\qd162x64.sys
07:19:44.0757 4220 ioatdma1 - ok
07:19:44.0777 4220 ioatdma2 (565de53fb5e4cb14314e4f53848a025d) C:\Windows\System32\Drivers\qd262x64.sys
07:19:44.0779 4220 ioatdma2 - ok
07:19:44.0818 4220 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
07:19:44.0820 4220 IPBusEnum - ok
07:19:44.0882 4220 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:19:44.0884 4220 IpFilterDriver - ok
07:19:44.0941 4220 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
07:19:44.0950 4220 iphlpsvc - ok
07:19:44.0989 4220 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
07:19:44.0991 4220 IPMIDRV - ok
07:19:45.0034 4220 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
07:19:45.0036 4220 IPNAT - ok
07:19:45.0137 4220 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
07:19:45.0158 4220 iPod Service - ok
07:19:45.0276 4220 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
07:19:45.0278 4220 IRENUM - ok
07:19:45.0329 4220 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
07:19:45.0331 4220 isapnp - ok
07:19:45.0369 4220 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
07:19:45.0373 4220 iScsiPrt - ok
07:19:45.0411 4220 iSSetup (5122b80266e2df2188466a93a31ee3b7) C:\Windows\system32\DRIVERS\iSSetup.sys
07:19:45.0415 4220 iSSetup - ok
07:19:45.0474 4220 itecir (8d990a44b4f2b68e2c56a3724ec3eb84) C:\Windows\system32\DRIVERS\itecir.sys
07:19:45.0474 4220 itecir - ok
07:19:45.0567 4220 ITECIRfilter (e5aac07b053d15ba8f67ba7d49c20971) C:\Windows\system32\DRIVERS\ITECIRfilter.sys
07:19:45.0568 4220 ITECIRfilter - ok
07:19:45.0619 4220 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
07:19:45.0620 4220 kbdclass - ok
07:19:45.0657 4220 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
07:19:45.0659 4220 kbdhid - ok
07:19:45.0708 4220 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:19:45.0709 4220 KeyIso - ok
07:19:45.0845 4220 KeyScrambler (e3cf421210ebddacb4590ae67a0226dc) C:\Windows\system32\drivers\keyscrambler.sys
07:19:45.0846 4220 KeyScrambler - ok
07:19:45.0891 4220 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
07:19:45.0893 4220 KSecDD - ok
07:19:45.0914 4220 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
07:19:45.0917 4220 KSecPkg - ok
07:19:45.0970 4220 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
07:19:45.0972 4220 ksthunk - ok
07:19:46.0282 4220 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
07:19:46.0296 4220 KtmRm - ok
07:19:46.0430 4220 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
07:19:46.0435 4220 LanmanServer - ok
07:19:46.0476 4220 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
07:19:46.0479 4220 LanmanWorkstation - ok
07:19:46.0544 4220 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
07:19:46.0546 4220 lltdio - ok
07:19:46.0595 4220 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
07:19:46.0600 4220 lltdsvc - ok
07:19:46.0625 4220 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
07:19:46.0627 4220 lmhosts - ok
07:19:46.0767 4220 LMIGuardianSvc (ad988709675d9e35a60b2616bef108e9) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
07:19:46.0769 4220 LMIGuardianSvc - ok
07:19:46.0795 4220 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
07:19:46.0796 4220 LMIInfo - ok
07:19:46.0813 4220 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
07:19:46.0813 4220 lmimirr - ok
07:19:46.0835 4220 LMIRfsClientNP - ok
07:19:46.0858 4220 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
07:19:46.0858 4220 LMIRfsDriver - ok
07:19:46.0879 4220 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
07:19:46.0884 4220 LogMeIn - ok
07:19:46.0936 4220 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
07:19:46.0939 4220 LSI_FC - ok
07:19:46.0978 4220 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
07:19:46.0980 4220 LSI_SAS - ok
07:19:46.0998 4220 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:19:46.0999 4220 LSI_SAS2 - ok
07:19:47.0011 4220 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:19:47.0012 4220 LSI_SCSI - ok
07:19:47.0035 4220 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
07:19:47.0037 4220 luafv - ok
07:19:47.0076 4220 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
07:19:47.0079 4220 Mcx2Svc - ok
07:19:47.0098 4220 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
07:19:47.0100 4220 megasas - ok
07:19:47.0148 4220 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
07:19:47.0152 4220 MegaSR - ok
07:19:47.0215 4220 MEMSWEEP2 (d70476ad02d6fd75282b196d3b58831d) C:\Windows\system32\1CB5.tmp
07:19:47.0217 4220 MEMSWEEP2 - ok
07:19:47.0348 4220 Microsoft SharePoint Workspace Audit Service - ok
07:19:47.0405 4220 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
07:19:47.0408 4220 MMCSS - ok
07:19:47.0445 4220 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
07:19:47.0447 4220 Modem - ok
07:19:47.0475 4220 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
07:19:47.0476 4220 monitor - ok
07:19:47.0531 4220 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
07:19:47.0531 4220 mouclass - ok
07:19:47.0559 4220 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
07:19:47.0561 4220 mouhid - ok
07:19:47.0607 4220 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
07:19:47.0609 4220 mountmgr - ok
07:19:47.0654 4220 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
07:19:47.0657 4220 mpio - ok
07:19:47.0677 4220 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
07:19:47.0679 4220 mpsdrv - ok
07:19:47.0727 4220 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
07:19:47.0744 4220 MpsSvc - ok
07:19:47.0785 4220 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
07:19:47.0788 4220 MRxDAV - ok
07:19:47.0832 4220 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:19:47.0835 4220 mrxsmb - ok
07:19:47.0878 4220 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:19:47.0883 4220 mrxsmb10 - ok
07:19:47.0901 4220 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:19:47.0904 4220 mrxsmb20 - ok
07:19:47.0942 4220 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
07:19:47.0942 4220 msahci - ok
07:19:47.0964 4220 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
07:19:47.0967 4220 msdsm - ok
07:19:48.0013 4220 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
07:19:48.0017 4220 MSDTC - ok
07:19:48.0066 4220 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
07:19:48.0068 4220 Msfs - ok
07:19:48.0093 4220 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
07:19:48.0094 4220 mshidkmdf - ok
07:19:48.0112 4220 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
07:19:48.0112 4220 msisadrv - ok
07:19:48.0161 4220 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
07:19:48.0165 4220 MSiSCSI - ok
07:19:48.0172 4220 msiserver - ok
07:19:48.0210 4220 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
07:19:48.0211 4220 MSKSSRV - ok
07:19:48.0234 4220 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
07:19:48.0236 4220 MSPCLOCK - ok
07:19:48.0258 4220 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
07:19:48.0259 4220 MSPQM - ok
07:19:48.0301 4220 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
07:19:48.0306 4220 MsRPC - ok
07:19:48.0326 4220 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
07:19:48.0326 4220 mssmbios - ok
07:19:48.0415 4220 MSSQL$SQLEXPRESS - ok
07:19:48.0511 4220 MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
07:19:48.0514 4220 MSSQLServerADHelper100 - ok
07:19:48.0567 4220 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
07:19:48.0569 4220 MSTEE - ok
07:19:48.0600 4220 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
07:19:48.0601 4220 MTConfig - ok
07:19:48.0617 4220 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
07:19:48.0618 4220 Mup - ok
07:19:48.0662 4220 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
07:19:48.0669 4220 napagent - ok
07:19:48.0698 4220 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
07:19:48.0702 4220 NativeWifiP - ok
07:19:48.0761 4220 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
07:19:48.0781 4220 NDIS - ok
07:19:48.0809 4220 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
07:19:48.0810 4220 NdisCap - ok
07:19:48.0839 4220 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
07:19:48.0840 4220 NdisTapi - ok
07:19:48.0891 4220 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
07:19:48.0893 4220 Ndisuio - ok
07:19:48.0941 4220 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
07:19:48.0945 4220 NdisWan - ok
07:19:48.0995 4220 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
07:19:48.0996 4220 NDProxy - ok
07:19:49.0015 4220 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
07:19:49.0016 4220 NetBIOS - ok
07:19:49.0065 4220 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
07:19:49.0069 4220 NetBT - ok
07:19:49.0107 4220 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:19:49.0108 4220 Netlogon - ok
07:19:49.0198 4220 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
07:19:49.0204 4220 Netman - ok
07:19:49.0322 4220 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:19:49.0368 4220 NetMsmqActivator - ok
07:19:49.0388 4220 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:19:49.0389 4220 NetPipeActivator - ok
07:19:49.0446 4220 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
07:19:49.0452 4220 netprofm - ok
07:19:49.0542 4220 netr28ux (618c55b392238b9467f9113e13525c49) C:\Windows\system32\DRIVERS\netr28ux.sys
07:19:49.0561 4220 netr28ux - ok
07:19:49.0669 4220 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:19:49.0670 4220 NetTcpActivator - ok
07:19:49.0674 4220 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:19:49.0674 4220 NetTcpPortSharing - ok
07:19:49.0736 4220 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
07:19:49.0738 4220 nfrd960 - ok
07:19:49.0798 4220 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
07:19:49.0803 4220 NlaSvc - ok
07:19:49.0872 4220 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
07:19:49.0873 4220 NPF - ok
07:19:49.0907 4220 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
07:19:49.0909 4220 Npfs - ok
07:19:49.0953 4220 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
07:19:49.0955 4220 nsi - ok
07:19:49.0986 4220 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
07:19:49.0987 4220 nsiproxy - ok
07:19:50.0046 4220 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
07:19:50.0074 4220 Ntfs - ok
07:19:50.0088 4220 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
07:19:50.0089 4220 Null - ok
07:19:50.0139 4220 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
07:19:50.0142 4220 nvraid - ok
07:19:50.0167 4220 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
07:19:50.0170 4220 nvstor - ok
07:19:50.0217 4220 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
07:19:50.0220 4220 nv_agp - ok
07:19:50.0282 4220 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
07:19:50.0284 4220 ohci1394 - ok
07:19:50.0375 4220 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:19:50.0378 4220 ose64 - ok
07:19:50.0526 4220 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
07:19:50.0619 4220 osppsvc - ok
07:19:50.0730 4220 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
07:19:50.0736 4220 p2pimsvc - ok
07:19:50.0778 4220 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
07:19:50.0785 4220 p2psvc - ok
07:19:50.0837 4220 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
07:19:50.0840 4220 Parport - ok
07:19:50.0898 4220 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
07:19:50.0900 4220 partmgr - ok
07:19:50.0986 4220 PassThru Service (39b9dcd7040654c2e57d7396736c718e) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
07:19:50.0987 4220 PassThru Service - ok
07:19:51.0076 4220 pbfilter (7c0582921913d00180ec2b8518ba135c) C:\Program Files\PeerBlock\pbfilter.sys
07:19:51.0076 4220 pbfilter - ok
07:19:51.0095 4220 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
07:19:51.0099 4220 PcaSvc - ok
07:19:51.0138 4220 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
07:19:51.0142 4220 pci - ok
07:19:51.0160 4220 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
07:19:51.0162 4220 pciide - ok
07:19:51.0203 4220 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
07:19:51.0207 4220 pcmcia - ok
07:19:51.0268 4220 PCTINDIS5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\Windows\system32\PCTINDIS5X64.SYS
07:19:51.0271 4220 PCTINDIS5X64 - ok
07:19:51.0288 4220 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
07:19:51.0288 4220 pcw - ok
07:19:51.0319 4220 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
07:19:51.0327 4220 PEAUTH - ok
07:19:51.0400 4220 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
07:19:51.0403 4220 PerfHost - ok
07:19:51.0494 4220 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
07:19:51.0528 4220 pla - ok
07:19:51.0588 4220 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
07:19:51.0595 4220 PlugPlay - ok
07:19:51.0624 4220 PnkBstrA - ok
07:19:51.0664 4220 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
07:19:51.0666 4220 PNRPAutoReg - ok
07:19:51.0688 4220 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
07:19:51.0691 4220 PNRPsvc - ok
07:19:51.0736 4220 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
07:19:51.0743 4220 PolicyAgent - ok
07:19:51.0780 4220 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
07:19:51.0784 4220 Power - ok
07:19:51.0851 4220 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
07:19:51.0854 4220 PptpMiniport - ok
07:19:51.0908 4220 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
07:19:51.0911 4220 Processor - ok
07:19:51.0985 4220 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
07:19:51.0990 4220 ProfSvc - ok
07:19:52.0028 4220 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:19:52.0029 4220 ProtectedStorage - ok
07:19:52.0084 4220 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
07:19:52.0087 4220 Psched - ok
07:19:52.0118 4220 PTUMWBus - ok
07:19:52.0137 4220 PTUMWCDF - ok
07:19:52.0151 4220 PTUMWFLT - ok
07:19:52.0161 4220 PTUMWMdm - ok
07:19:52.0175 4220 PTUMWNET - ok
07:19:52.0184 4220 PTUMWVsp - ok
07:19:52.0230 4220 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
07:19:52.0231 4220 PxHlpa64 - ok
07:19:52.0313 4220 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
07:19:52.0340 4220 ql2300 - ok
07:19:52.0359 4220 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
07:19:52.0362 4220 ql40xx - ok
07:19:52.0408 4220 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
07:19:52.0413 4220 QWAVE - ok
07:19:52.0430 4220 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
07:19:52.0432 4220 QWAVEdrv - ok
07:19:52.0522 4220 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
07:19:52.0525 4220 RapiMgr - ok
07:19:52.0548 4220 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
07:19:52.0549 4220 RasAcd - ok
07:19:52.0609 4220 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:19:52.0611 4220 RasAgileVpn - ok
07:19:52.0633 4220 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
07:19:52.0637 4220 RasAuto - ok
07:19:52.0681 4220 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:19:52.0683 4220 Rasl2tp - ok
07:19:52.0731 4220 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
07:19:52.0737 4220 RasMan - ok
07:19:52.0758 4220 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
07:19:52.0760 4220 RasPppoe - ok
07:19:52.0789 4220 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
07:19:52.0791 4220 RasSstp - ok
07:19:52.0832 4220 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
07:19:52.0837 4220 rdbss - ok
07:19:52.0857 4220 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
07:19:52.0860 4220 rdpbus - ok
07:19:52.0891 4220 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:19:52.0891 4220 RDPCDD - ok
07:19:52.0907 4220 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
07:19:52.0907 4220 RDPENCDD - ok
07:19:52.0935 4220 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
07:19:52.0936 4220 RDPREFMP - ok
07:19:52.0979 4220 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
07:19:52.0982 4220 RDPWD - ok
07:19:53.0022 4220 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
07:19:53.0025 4220 rdyboost - ok
07:19:53.0066 4220 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
07:19:53.0069 4220 RemoteAccess - ok
07:19:53.0117 4220 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
07:19:53.0121 4220 RemoteRegistry - ok
07:19:53.0184 4220 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
07:19:53.0187 4220 RFCOMM - ok
07:19:53.0225 4220 rimmptsk (cb7c996f3878e936bfdd9cdfe6a3a987) C:\Windows\system32\DRIVERS\rimmpx64.sys
07:19:53.0227 4220 rimmptsk - ok
07:19:53.0241 4220 rimsptsk (2c543f0e04b5f6fd5c17509d0ece6d1d) C:\Windows\system32\DRIVERS\rimspx64.sys
07:19:53.0243 4220 rimsptsk - ok
07:19:53.0289 4220 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
07:19:53.0291 4220 RimUsb - ok
07:19:53.0328 4220 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
07:19:53.0329 4220 RimVSerPort - ok
07:19:53.0353 4220 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
07:19:53.0354 4220 rismxdp - ok
07:19:53.0392 4220 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
07:19:53.0393 4220 ROOTMODEM - ok
07:19:53.0490 4220 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
07:19:53.0515 4220 RoxMediaDB12OEM - ok
07:19:53.0558 4220 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
07:19:53.0561 4220 RoxWatch12 - ok
07:19:53.0616 4220 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe
07:19:53.0619 4220 rpcapd - ok
07:19:53.0694 4220 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
07:19:53.0697 4220 RpcEptMapper - ok
07:19:53.0767 4220 rpcld (b1574dcb4ae3efacc24aa87b4ae6fc55) C:\ProgramData\Rpcnet\Bin\rpcld.exe
07:19:53.0767 4220 Suspicious file (NoAccess): C:\ProgramData\Rpcnet\Bin\rpcld.exe. md5: b1574dcb4ae3efacc24aa87b4ae6fc55
07:19:53.0767 4220 rpcld ( LockedFile.Multi.Generic ) - warning
07:19:53.0767 4220 rpcld - detected LockedFile.Multi.Generic (1)
07:19:53.0804 4220 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
07:19:53.0806 4220 RpcLocator - ok
07:19:53.0930 4220 rpcnet (2cd6e61ddb92c529808aaed97bc2a4d0) C:\Windows\SysWOW64\rpcnet.exe
07:19:53.0931 4220 rpcnet - ok
07:19:53.0976 4220 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
07:19:53.0980 4220 RpcSs - ok
07:19:54.0055 4220 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
07:19:54.0060 4220 RsFx0103 - ok
07:19:54.0115 4220 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
07:19:54.0117 4220 rspndr - ok
07:19:54.0165 4220 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:19:54.0166 4220 SamSs - ok
07:19:54.0264 4220 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
07:19:54.0264 4220 SASDIFSV - ok
07:19:54.0296 4220 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
07:19:54.0296 4220 SASKUTIL - ok
07:19:54.0370 4220 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
07:19:54.0372 4220 sbp2port - ok
07:19:54.0414 4220 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
07:19:54.0419 4220 SCardSvr - ok
07:19:54.0459 4220 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
07:19:54.0460 4220 scfilter - ok
07:19:54.0519 4220 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
07:19:54.0545 4220 Schedule - ok
07:19:54.0585 4220 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
07:19:54.0586 4220 SCPolicySvc - ok
07:19:54.0646 4220 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
07:19:54.0648 4220 sdbus - ok
07:19:54.0707 4220 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
07:19:54.0712 4220 SDRSVC - ok
07:19:54.0831 4220 SeaPort (4a5809a1d796e2675ac0332bf7b0cb11) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
07:19:54.0834 4220 SeaPort - ok
07:19:54.0898 4220 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
07:19:54.0899 4220 secdrv - ok
07:19:54.0954 4220 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
07:19:54.0957 4220 seclogon - ok
07:19:55.0013 4220 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
07:19:55.0016 4220 SENS - ok
07:19:55.0040 4220 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
07:19:55.0043 4220 SensrSvc - ok
07:19:55.0076 4220 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
07:19:55.0078 4220 Serenum - ok
07:19:55.0097 4220 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
07:19:55.0099 4220 Serial - ok
07:19:55.0142 4220 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
07:19:55.0143 4220 sermouse - ok
07:19:55.0194 4220 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
07:19:55.0197 4220 SessionEnv - ok
07:19:55.0233 4220 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
07:19:55.0234 4220 sffdisk - ok
07:19:55.0254 4220 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
07:19:55.0256 4220 sffp_mmc - ok
07:19:55.0309 4220 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
07:19:55.0311 4220 sffp_sd - ok
07:19:55.0340 4220 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
07:19:55.0341 4220 sfloppy - ok
07:19:55.0469 4220 SftService (38f88f0df46c4d42125ef721abd7f6b9) C:\Program Files (x86)\AlienRespawn\sftservice.EXE
07:19:55.0473 4220 SftService - ok
07:19:55.0513 4220 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
07:19:55.0519 4220 SharedAccess - ok
07:19:55.0564 4220 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
07:19:55.0570 4220 ShellHWDetection - ok
07:19:55.0629 4220 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:19:55.0631 4220 SiSRaid2 - ok
07:19:55.0685 4220 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
07:19:55.0687 4220 SiSRaid4 - ok
07:19:55.0717 4220 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
07:19:55.0719 4220 Smb - ok
07:19:55.0819 4220 SMSI Device Launch Service (70e81d63eaf9294274131efcfba18cfa) C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe
07:19:55.0821 4220 SMSI Device Launch Service - ok
07:19:55.0873 4220 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
07:19:55.0875 4220 SNMPTRAP - ok
07:19:55.0962 4220 speedfan (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys
07:19:55.0963 4220 speedfan - ok
07:19:56.0004 4220 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
07:19:56.0005 4220 spldr - ok
07:19:56.0056 4220 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
07:19:56.0064 4220 Spooler - ok
07:19:56.0151 4220 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
07:19:56.0210 4220 sppsvc - ok
07:19:56.0256 4220 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
07:19:56.0259 4220 sppuinotify - ok
07:19:56.0358 4220 SQLAgent$SQLEXPRESS (12e6d95cde974b131defaa44bab8b056) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
07:19:56.0363 4220 SQLAgent$SQLEXPRESS - ok
07:19:56.0470 4220 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
07:19:56.0474 4220 SQLBrowser - ok
07:19:56.0561 4220 SQLWriter (6d65985945b03ca59b67d0b73702fc7b) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
07:19:56.0564 4220 SQLWriter - ok
07:19:56.0655 4220 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
07:19:56.0661 4220 srv - ok
07:19:56.0705 4220 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
07:19:56.0711 4220 srv2 - ok
07:19:56.0748 4220 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
07:19:56.0751 4220 srvnet - ok
07:19:56.0799 4220 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
07:19:56.0804 4220 SSDPSRV - ok
07:19:56.0820 4220 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
07:19:56.0823 4220 SstpSvc - ok
07:19:56.0934 4220 STacSV (1fcaf9c8a17985a28507338f36200320) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\STacSV64.exe
07:19:56.0939 4220 STacSV - ok
07:19:56.0989 4220 Steam Client Service - ok
07:19:57.0040 4220 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
07:19:57.0042 4220 stexstor - ok
07:19:57.0085 4220 STHDA (3c400155894b9caf176eb4f64737050b) C:\Windows\system32\DRIVERS\stwrt64.sys
07:19:57.0091 4220 STHDA - ok
07:19:57.0137 4220 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
07:19:57.0145 4220 stisvc - ok
07:19:57.0208 4220 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
07:19:57.0210 4220 stllssvr - ok
07:19:57.0273 4220 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
07:19:57.0273 4220 swenum - ok
07:19:57.0321 4220 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
07:19:57.0329 4220 swprv - ok
07:19:57.0387 4220 SynTP (5c9bb68b1f4bbcb85b4f6e675fc523a0) C:\Windows\system32\DRIVERS\SynTP.sys
07:19:57.0388 4220 SynTP - ok
07:19:57.0456 4220 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
07:19:57.0489 4220 SysMain - ok
07:19:57.0536 4220 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
07:19:57.0540 4220 TabletInputService - ok
07:19:57.0575 4220 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
07:19:57.0580 4220 TapiSrv - ok
07:19:57.0624 4220 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
07:19:57.0627 4220 TBS - ok
07:19:57.0712 4220 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
07:19:57.0745 4220 Tcpip - ok
07:19:57.0786 4220 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
07:19:57.0793 4220 TCPIP6 - ok
07:19:57.0847 4220 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
07:19:57.0849 4220 tcpipreg - ok
07:19:57.0958 4220 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
07:19:57.0959 4220 TDPIPE - ok
07:19:58.0001 4220 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
07:19:58.0002 4220 TDTCP - ok
07:19:58.0063 4220 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
07:19:58.0065 4220 tdx - ok
07:19:58.0111 4220 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
07:19:58.0111 4220 TermDD - ok
07:19:58.0163 4220 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
07:19:58.0180 4220 TermService - ok
07:19:58.0220 4220 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
07:19:58.0223 4220 Themes - ok
07:19:58.0251 4220 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
07:19:58.0252 4220 THREADORDER - ok
07:19:58.0301 4220 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
07:19:58.0304 4220 TrkWks - ok
07:19:58.0343 4220 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
07:19:58.0346 4220 TrustedInstaller - ok
07:19:58.0393 4220 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:19:58.0395 4220 tssecsrv - ok
07:19:58.0455 4220 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
07:19:58.0457 4220 TsUsbFlt - ok
07:19:58.0514 4220 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
07:19:58.0516 4220 tunnel - ok
07:19:58.0617 4220 TVersityMediaServer (e0a9b5b92097211a57fd16d27f2b3750) C:\ProgramData\TVersity\Media Server\MediaServer.exe
07:19:58.0624 4220 TVersityMediaServer - ok
07:19:58.0686 4220 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
07:19:58.0688 4220 uagp35 - ok
07:19:58.0746 4220 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
07:19:58.0752 4220 udfs - ok
07:19:58.0794 4220 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
07:19:58.0797 4220 UI0Detect - ok
07:19:58.0835 4220 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
07:19:58.0837 4220 uliagpkx - ok
07:19:58.0891 4220 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
07:19:58.0892 4220 umbus - ok
07:19:58.0959 4220 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
07:19:58.0961 4220 UmPass - ok
07:19:58.0981 4220 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
07:19:58.0988 4220 upnphost - ok
07:19:59.0044 4220 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
07:19:59.0045 4220 USBAAPL64 - ok
07:19:59.0098 4220 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
07:19:59.0100 4220 usbaudio - ok
07:19:59.0133 4220 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
07:19:59.0135 4220 usbccgp - ok
07:19:59.0187 4220 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
07:19:59.0190 4220 usbcir - ok
07:19:59.0207 4220 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
07:19:59.0208 4220 usbehci - ok
07:19:59.0232 4220 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
07:19:59.0236 4220 usbhub - ok
07:19:59.0283 4220 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
07:19:59.0284 4220 usbohci - ok
07:19:59.0329 4220 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
07:19:59.0331 4220 usbprint - ok
07:19:59.0388 4220 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:19:59.0390 4220 USBSTOR - ok
07:19:59.0410 4220 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
07:19:59.0412 4220 usbuhci - ok
07:19:59.0442 4220 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
07:19:59.0445 4220 usbvideo - ok
07:19:59.0499 4220 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
07:19:59.0501 4220 usb_rndisx - ok
07:19:59.0546 4220 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
07:19:59.0549 4220 UxSms - ok
07:19:59.0601 4220 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:19:59.0602 4220 VaultSvc - ok
07:19:59.0666 4220 VBoxDrv (03837b80ad5d8a00996148ad57c09791) C:\Windows\system32\DRIVERS\VBoxDrv.sys
07:19:59.0667 4220 VBoxDrv - ok
07:19:59.0721 4220 VBoxNetAdp (51cee8e2b356fdc351db20c87f25f5a8) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
07:19:59.0721 4220 VBoxNetAdp - ok
07:19:59.0742 4220 VBoxNetFlt - ok
07:19:59.0796 4220 VBoxUSBMon (27c9a9f2fa94140ddcf7b9131e13e1b4) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
07:19:59.0797 4220 VBoxUSBMon - ok
07:19:59.0850 4220 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
07:19:59.0850 4220 vdrvroot - ok
07:19:59.0896 4220 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
07:19:59.0912 4220 vds - ok
07:19:59.0952 4220 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
07:19:59.0954 4220 vga - ok
07:19:59.0971 4220 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
07:19:59.0972 4220 VgaSave - ok
07:20:00.0002 4220 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
07:20:00.0005 4220 vhdmp - ok
07:20:00.0059 4220 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
07:20:00.0060 4220 viaide - ok
07:20:00.0087 4220 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
07:20:00.0088 4220 volmgr - ok
07:20:00.0127 4220 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
07:20:00.0132 4220 volmgrx - ok
07:20:00.0152 4220 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
07:20:00.0156 4220 volsnap - ok
07:20:00.0180 4220 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
07:20:00.0182 4220 vsmraid - ok
07:20:00.0243 4220 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
07:20:00.0269 4220 VSS - ok
07:20:00.0290 4220 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
07:20:00.0291 4220 vwifibus - ok
07:20:00.0316 4220 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
07:20:00.0318 4220 vwififlt - ok
07:20:00.0360 4220 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
07:20:00.0360 4220 vwifimp - ok
07:20:00.0414 4220 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
07:20:00.0420 4220 W32Time - ok
07:20:00.0431 4220 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
07:20:00.0432 4220 WacomPen - ok
07:20:00.0499 4220 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:20:00.0501 4220 WANARP - ok
07:20:00.0504 4220 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:20:00.0504 4220 Wanarpv6 - ok
07:20:00.0596 4220 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
07:20:00.0620 4220 WatAdminSvc - ok
07:20:00.0699 4220 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
07:20:00.0725 4220 wbengine - ok
07:20:00.0758 4220 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
07:20:00.0762 4220 WbioSrvc - ok
07:20:00.0834 4220 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
07:20:00.0839 4220 WcesComm - ok
07:20:00.0884 4220 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
07:20:00.0890 4220 wcncsvc - ok
07:20:00.0904 4220 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
07:20:00.0907 4220 WcsPlugInService - ok
07:20:00.0963 4220 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
07:20:00.0964 4220 Wd - ok
07:20:00.0992 4220 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
07:20:01.0000 4220 Wdf01000 - ok
07:20:01.0013 4220 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
07:20:01.0016 4220 WdiServiceHost - ok
07:20:01.0019 4220 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
07:20:01.0020 4220 WdiSystemHost - ok
07:20:01.0064 4220 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
07:20:01.0069 4220 WebClient - ok
07:20:01.0104 4220 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
07:20:01.0108 4220 Wecsvc - ok
07:20:01.0127 4220 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
07:20:01.0130 4220 wercplsupport - ok
07:20:01.0153 4220 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
07:20:01.0156 4220 WerSvc - ok
07:20:01.0188 4220 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
07:20:01.0190 4220 WfpLwf - ok
07:20:01.0235 4220 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
07:20:01.0238 4220 WimFltr - ok
07:20:01.0271 4220 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
07:20:01.0273 4220 WIMMount - ok
07:20:01.0293 4220 WinDefend - ok
07:20:01.0298 4220 WinHttpAutoProxySvc - ok
07:20:01.0370 4220 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
07:20:01.0374 4220 Winmgmt - ok
07:20:01.0421 4220 WinRing0_1_2_0 (0c0195c48b6b8582fa6f6373032118da) C:\Program Files (x86)\OSD\WinRing0x64.sys
07:20:01.0422 4220 WinRing0_1_2_0 - ok
07:20:01.0488 4220 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
07:20:01.0539 4220 WinRM - ok
07:20:01.0619 4220 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
07:20:01.0622 4220 WinUsb - ok
07:20:01.0673 4220 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
07:20:01.0692 4220 Wlansvc - ok
07:20:01.0763 4220 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
07:20:01.0765 4220 wlcrasvc - ok
07:20:01.0873 4220 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:20:01.0924 4220 wlidsvc - ok
07:20:01.0972 4220 wltrysvc (a96d6c0613dcf84f2d07faeb75663072) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
07:20:01.0974 4220 wltrysvc - ok
07:20:02.0070 4220 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
07:20:02.0071 4220 WmiAcpi - ok
07:20:02.0155 4220 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
07:20:02.0159 4220 wmiApSrv - ok
07:20:02.0183 4220 WMPNetworkSvc - ok
07:20:02.0225 4220 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
07:20:02.0228 4220 WPCSvc - ok
07:20:02.0273 4220 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
07:20:02.0276 4220 WPDBusEnum - ok
07:20:02.0330 4220 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
07:20:02.0330 4220 ws2ifsl - ok
07:20:02.0344 4220 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
07:20:02.0347 4220 wscsvc - ok
07:20:02.0354 4220 WSearch - ok
07:20:02.0427 4220 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
07:20:02.0487 4220 wuauserv - ok
07:20:02.0530 4220 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
07:20:02.0532 4220 WudfPf - ok
07:20:02.0562 4220 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:20:02.0565 4220 WUDFRd - ok
07:20:02.0610 4220 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
07:20:02.0613 4220 wudfsvc - ok
07:20:02.0669 4220 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
07:20:02.0673 4220 WwanSvc - ok
07:20:02.0730 4220 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
07:20:02.0732 4220 xusb21 - ok
07:20:02.0778 4220 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
07:20:03.0080 4220 \Device\Harddisk0\DR0 - ok
07:20:03.0082 4220 Boot (0x1200) (0959df3d8254dab728061dcb1e80a072) \Device\Harddisk0\DR0\Partition0
07:20:03.0086 4220 \Device\Harddisk0\DR0\Partition0 - ok
07:20:03.0136 4220 Boot (0x1200) (91189239bb5ced3558d490fcea7a6b64) \Device\Harddisk0\DR0\Partition1
07:20:03.0139 4220 \Device\Harddisk0\DR0\Partition1 - ok
07:20:03.0139 4220 ============================================================
07:20:03.0139 4220 Scan finished
07:20:03.0139 4220 ============================================================
07:20:03.0145 4748 Detected object count: 1
07:20:03.0145 4748 Actual detected object count: 1
07:20:27.0870 4748 rpcld ( LockedFile.Multi.Generic ) - skipped by user
07:20:27.0870 4748 rpcld ( LockedFile.Multi.Generic ) - User select action: Skip
07:21:13.0985 1096 Deinitialize success

#15 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:41 AM

Posted 15 April 2012 - 09:05 PM

Please do this next:

Posted Image Double click on OTL to open it
  • Under the Custom Scan box paste this in:
    netsvcs
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window. OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) and paste the contents of that file into your next post.
Please include the following in your next post:
  • OTL log

Edited by RPMcMurphy, 15 April 2012 - 09:06 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users