Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer becomes unresponsive shortly after bootup


  • This topic is locked This topic is locked
14 replies to this topic

#1 Skylark13

Skylark13

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:Montreal, Quebec, Canada
  • Local time:11:59 PM

Posted 15 April 2012 - 09:03 PM

Hello,

I suspect I have an infection, however from what I can see updated versions of Avast and Malwarebytes Anti-Malware cannot detect anything wrong. Curiously, in Safe Mode (or safe mode with networking which I am using now to post) the system works and doesn't experience these problems. So it may be a misbehaving driver or application instead of an infection, however I don't have any information to help me find out what it might be.
So here are the symptoms.

If I start my computer normally (meaning not in safe mode), either immediately after a reboot or a few minutes later the computer becomes totally unresponsive. First the foreground application will freeze (with "Not responding" in the title bar), then as I switch to other windows they will each do the same in turn. I may be able to start Task Manager with Ctrl-Shift-Esc, but that window will also be unresponsive. The mouse cursor still moves, but nothing else works. Even the taskbar and desktop will be frozen, meaning I cannot select icons on the desktop or open the start menu.

I am left with the only option to turn off the machine forcefully (pull power cable / press power button 4 seconds). When I start it up again the same happens again.

Once in a while the system will stay responsive long enough to start a scan (Avast/Malwarebytes), but generally it doesn't stay responsive long enough to complete and doesn't find anything in the time it has to work. Also, lately, when I start up the system, Avast reports that realtime scanning is disabled, and I can't re-enable it. Also going into the Services window I see that the avast service is disabled, and trying to set it to Manual or Automatic results in an "Access denied" message box. So those symptoms look like an infection.

The system is a Dell XPS 8300 (mostly because they're very silent, I was fed up with building my own machines and them always being so noisy).
Running Windows 7 x64 up to date.
As I said I normally use Avast (free) and Malwarebytes (free also) in conjunction with Microsoft Security Essentials. So I doubt I'm really undefended...

I mosly use the system for gaming but I'm a game developer (3D programmer) so I do some programming / prototyping on it too. It's performed well for me until recently.

Below is the DDS log, and attached is the Attach.txt, as requested in the Preparation Guide sticky. I hope that even though I'm running in safe mode it will show something to go on... If not I can start in normal mode and try to get the DDS run completed quickly enough, but I don't think it will.

Thanks in advance, I look forward to any suggestions you may have about this. I would really hate to have to reformat.


Edit: I forgot to mention, in safe mode I tried to scan the computer. A Malwarebytes scan completed and did not report any malware, and Avast started to scan but eventually froze (not responding again). Not the whole machine this time though, just Avast. So I may retry and see if it can complete. Though of course in safe mode its realtime scanning is disabled.




.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Run by guayj at 21:38:37 on 2012-04-15
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.16366.14534 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Tools\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{08B4414F-DCED-4304-A26D-8C95676EF0DB} : DhcpNameServer = 192.168.27.5
TCP: Interfaces\{1940DDED-A3E1-409A-A616-DC267B4D754E} : DhcpNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\guayj\AppData\Roaming\Mozilla\Firefox\Profiles\5fz4d9i2.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.6.0_22\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\guayj\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\guayj\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
S0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot64.sys --> C:\Windows\system32\drivers\pavboot64.sys [?]
S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
S1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
S1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
S1 vflt;Shrew Soft Lightweight Filter;C:\Windows\system32\DRIVERS\vfilter.sys --> C:\Windows\system32\DRIVERS\vfilter.sys [?]
S2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
S2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-4-15 44768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-20 13336]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-12-21 2348352]
S2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe --> C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [?]
S2 PS3 Media Server;PS3 Media Server;C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe [2011-5-17 366872]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-9 382272]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-13 253088]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-1-26 14216]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-1-26 8456]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 imhidusb;Immersion's HID USB Driver;C:\Windows\system32\DRIVERS\imhidusb.sys --> C:\Windows\system32\DRIVERS\imhidusb.sys [?]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 vnet;Shrew Soft Virtual Adapter;C:\Windows\system32\DRIVERS\virtualnet.sys --> C:\Windows\system32\DRIVERS\virtualnet.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Tools\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S4 CLKMSVC10_9EC60124;CyberLink Product - 2011/01/20 18:55:57;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-26 236016]
S4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;E:\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [2011-1-27 25832]
S4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-5-25 1431888]
S4 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;C:\Tools\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016]
S4 uvnc_service;uvnc_service;C:\Program Files\UltraVNC\winvnc.exe [2011-9-2 2169592]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-16 01:14:09 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-04-16 01:14:09 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-04-16 01:14:09 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-04-16 01:13:53 41184 ----a-w- C:\Windows\avastSS.scr
2012-04-16 01:12:00 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4390F933-BE35-49CE-9AC2-49024B3CA736}\mpengine.dll
2012-04-16 00:55:19 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-16 00:48:18 98816 ----a-w- C:\Windows\sed.exe
2012-04-16 00:48:18 518144 ----a-w- C:\Windows\SWREG.exe
2012-04-16 00:48:18 256000 ----a-w- C:\Windows\PEV.exe
2012-04-16 00:48:18 208896 ----a-w- C:\Windows\MBR.exe
2012-04-13 23:58:32 -------- d-----w- C:\Users\guayj\AppData\Roaming\Windows Live Writer
2012-04-13 23:58:32 -------- d-----w- C:\Users\guayj\AppData\Local\Windows Live Writer
2012-04-13 23:39:44 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-12 23:52:16 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 23:52:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 23:52:16 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 23:52:15 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 23:52:15 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 23:52:15 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 23:52:15 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-07 12:18:28 -------- d-----w- C:\Windows\SysWow64\Adobe
2012-04-06 02:31:57 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll
2012-04-01 19:47:11 -------- d-----w- C:\Users\guayj\AppData\Local\com.syntext.doc
2012-04-01 19:08:00 -------- d-----w- C:\Users\guayj\.serna-free-4.4
2012-04-01 19:07:56 -------- d-----w- C:\Program Files\Microsoft Windows Performance Toolkit
2012-04-01 19:07:10 -------- d-----w- C:\Program Files (x86)\Syntext
2012-03-26 02:08:29 -------- d-----w- C:\Program Files (x86)\FileHippo.com
2012-03-26 01:09:32 -------- d-----w- C:\Users\guayj\AppData\Roaming\SUPERAntiSpyware.com
2012-03-26 01:09:15 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-03-26 01:09:15 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-03-20 00:05:57 -------- d-----w- C:\Windows\pss
2012-03-18 23:30:51 -------- d-----w- C:\Users\guayj\AppData\Local\Unity
2012-03-17 20:34:19 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-17 20:34:19 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-17 14:17:33 -------- d-----w- C:\Program Files (x86)\Visual Assist X
.
==================== Find3M ====================
.
2012-04-13 23:39:44 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-06 02:38:10 660368 ----a-w- C:\Windows\System32\deployJava1.dll
2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-10 03:14:04 6074176 ----a-w- C:\Windows\System32\nvcpl.dll
2012-02-10 03:14:01 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-02-10 03:07:00 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-02-10 03:07:00 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-02-10 03:07:00 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-02-10 03:05:59 2497985 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-02-10 01:05:44 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-26 00:30:19 564792 ----a-w- C:\Windows\System32\drivers\sptd.sys
2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-01-17 12:46:01 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-01-17 12:45:56 188224 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-01-17 12:45:55 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
.
============= FINISH: 21:39:23.11 ===============

Attached Files


Edited by Skylark13, 15 April 2012 - 09:15 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:59 PM

Posted 17 April 2012 - 10:13 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 Skylark13

Skylark13
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:Montreal, Quebec, Canada
  • Local time:11:59 PM

Posted 17 April 2012 - 06:24 PM

Hello nasdaq, thanks for your help.

Note that I am doing these steps in Safe Mode with Networking, I hope that's OK.
Also note that I had previously run defogger to disable drive emulation software as instructed in the Preparation Guide.

TDSSKiller did not find anything, report pasted below.

aswMBR report pasted below that, and MBR.dat file zipped and attached.

Not much to go on, hope you have some ideas from this information. Thanks again!





19:02:29.0446 2276	TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
19:02:29.0842 2276	============================================================
19:02:29.0842 2276	Current date / time: 2012/04/17 19:02:29.0842
19:02:29.0842 2276	SystemInfo:
19:02:29.0842 2276	
19:02:29.0842 2276	OS Version: 6.1.7601 ServicePack: 1.0
19:02:29.0842 2276	Product type: Workstation
19:02:29.0842 2276	ComputerName: STARKILLER
19:02:29.0842 2276	UserName: guayj
19:02:29.0842 2276	Windows directory: C:\Windows
19:02:29.0842 2276	System windows directory: C:\Windows
19:02:29.0842 2276	Running under WOW64
19:02:29.0842 2276	Processor architecture: Intel x64
19:02:29.0842 2276	Number of processors: 8
19:02:29.0842 2276	Page size: 0x1000
19:02:29.0842 2276	Boot type: Safe boot with network
19:02:29.0842 2276	============================================================
19:02:30.0149 2276	Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:02:30.0168 2276	Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:02:30.0187 2276	\Device\Harddisk0\DR0:
19:02:30.0187 2276	MBR used
19:02:30.0187 2276	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x187F000
19:02:30.0187 2276	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1893000, BlocksNum 0x18554F88
19:02:30.0217 2276	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x19DE7FC7, BlocksNum 0x24977D87
19:02:30.0230 2276	\Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3E75FD8D, BlocksNum 0x35FA5C34
19:02:30.0230 2276	\Device\Harddisk1\DR1:
19:02:30.0230 2276	MBR used
19:02:30.0235 2276	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0xAEA82841
19:02:30.0326 2276	Initialize success
19:02:30.0326 2276	============================================================
19:02:32.0235 2908	============================================================
19:02:32.0235 2908	Scan started
19:02:32.0235 2908	Mode: Manual; 
19:02:32.0235 2908	============================================================
19:02:32.0730 2908	!SASCORE        (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
19:02:32.0731 2908	!SASCORE - ok
19:02:32.0810 2908	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:02:32.0812 2908	1394ohci - ok
19:02:32.0851 2908	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:02:32.0854 2908	ACPI - ok
19:02:32.0892 2908	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:02:32.0892 2908	AcpiPmi - ok
19:02:33.0000 2908	AdobeActiveFileMonitor9.0 (c004f38974f4d321b4c20a240e1175c0) C:\Tools\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
19:02:33.0002 2908	AdobeActiveFileMonitor9.0 - ok
19:02:33.0065 2908	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:02:33.0066 2908	AdobeARMservice - ok
19:02:33.0156 2908	AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:02:33.0158 2908	AdobeFlashPlayerUpdateSvc - ok
19:02:33.0187 2908	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:02:33.0191 2908	adp94xx - ok
19:02:33.0212 2908	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:02:33.0215 2908	adpahci - ok
19:02:33.0234 2908	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:02:33.0235 2908	adpu320 - ok
19:02:33.0255 2908	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:02:33.0257 2908	AeLookupSvc - ok
19:02:33.0312 2908	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:02:33.0316 2908	AFD - ok
19:02:33.0348 2908	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:02:33.0349 2908	agp440 - ok
19:02:33.0359 2908	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:02:33.0360 2908	ALG - ok
19:02:33.0391 2908	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:02:33.0392 2908	aliide - ok
19:02:33.0401 2908	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:02:33.0402 2908	amdide - ok
19:02:33.0421 2908	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:02:33.0422 2908	AmdK8 - ok
19:02:33.0437 2908	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:02:33.0438 2908	AmdPPM - ok
19:02:33.0471 2908	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:02:33.0473 2908	amdsata - ok
19:02:33.0490 2908	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:02:33.0491 2908	amdsbs - ok
19:02:33.0522 2908	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:02:33.0522 2908	amdxata - ok
19:02:33.0549 2908	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:02:33.0550 2908	AppID - ok
19:02:33.0578 2908	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:02:33.0578 2908	AppIDSvc - ok
19:02:33.0615 2908	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:02:33.0616 2908	Appinfo - ok
19:02:33.0636 2908	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
19:02:33.0638 2908	AppMgmt - ok
19:02:33.0650 2908	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:02:33.0651 2908	arc - ok
19:02:33.0659 2908	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:02:33.0660 2908	arcsas - ok
19:02:33.0714 2908	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:02:33.0715 2908	aspnet_state - ok
19:02:33.0773 2908	aswFsBlk        (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
19:02:33.0774 2908	aswFsBlk - ok
19:02:33.0845 2908	aswMonFlt       (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
19:02:33.0846 2908	aswMonFlt - ok
19:02:33.0900 2908	aswRdr          (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
19:02:33.0901 2908	aswRdr - ok
19:02:33.0942 2908	aswSnx          (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
19:02:33.0949 2908	aswSnx - ok
19:02:33.0976 2908	aswSP           (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
19:02:33.0978 2908	aswSP - ok
19:02:34.0003 2908	aswTdi          (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
19:02:34.0004 2908	aswTdi - ok
19:02:34.0019 2908	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:02:34.0020 2908	AsyncMac - ok
19:02:34.0057 2908	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:02:34.0058 2908	atapi - ok
19:02:34.0086 2908	AtiHdmiService  (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
19:02:34.0088 2908	AtiHdmiService - ok
19:02:34.0140 2908	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:02:34.0146 2908	AudioEndpointBuilder - ok
19:02:34.0153 2908	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:02:34.0155 2908	AudioSrv - ok
19:02:34.0241 2908	avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:02:34.0242 2908	avast! Antivirus - ok
19:02:34.0283 2908	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:02:34.0285 2908	AxInstSV - ok
19:02:34.0313 2908	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:02:34.0317 2908	b06bdrv - ok
19:02:34.0340 2908	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:02:34.0342 2908	b57nd60a - ok
19:02:34.0369 2908	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:02:34.0370 2908	BDESVC - ok
19:02:34.0384 2908	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:02:34.0385 2908	Beep - ok
19:02:34.0435 2908	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:02:34.0441 2908	BFE - ok
19:02:34.0462 2908	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
19:02:34.0469 2908	BITS - ok
19:02:34.0482 2908	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:02:34.0483 2908	blbdrive - ok
19:02:34.0514 2908	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:02:34.0515 2908	bowser - ok
19:02:34.0529 2908	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:02:34.0530 2908	BrFiltLo - ok
19:02:34.0537 2908	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:02:34.0538 2908	BrFiltUp - ok
19:02:34.0560 2908	BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:02:34.0561 2908	BridgeMP - ok
19:02:34.0597 2908	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:02:34.0598 2908	Browser - ok
19:02:34.0618 2908	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:02:34.0621 2908	Brserid - ok
19:02:34.0627 2908	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:02:34.0628 2908	BrSerWdm - ok
19:02:34.0633 2908	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:02:34.0634 2908	BrUsbMdm - ok
19:02:34.0640 2908	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:02:34.0640 2908	BrUsbSer - ok
19:02:34.0647 2908	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:02:34.0648 2908	BTHMODEM - ok
19:02:34.0666 2908	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:02:34.0667 2908	bthserv - ok
19:02:34.0686 2908	catchme - ok
19:02:34.0694 2908	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:02:34.0695 2908	cdfs - ok
19:02:34.0732 2908	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:02:34.0733 2908	cdrom - ok
19:02:34.0779 2908	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:02:34.0780 2908	CertPropSvc - ok
19:02:34.0786 2908	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:02:34.0787 2908	circlass - ok
19:02:34.0813 2908	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:02:34.0816 2908	CLFS - ok
19:02:34.0868 2908	CLKMSVC10_9EC60124 (730bf325e4cc1e3935b81943ac6da216) C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
19:02:34.0870 2908	CLKMSVC10_9EC60124 - ok
19:02:34.0894 2908	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:02:34.0896 2908	clr_optimization_v2.0.50727_32 - ok
19:02:34.0912 2908	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:02:34.0913 2908	clr_optimization_v2.0.50727_64 - ok
19:02:34.0953 2908	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:02:34.0965 2908	clr_optimization_v4.0.30319_32 - ok
19:02:34.0997 2908	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:02:35.0000 2908	clr_optimization_v4.0.30319_64 - ok
19:02:35.0014 2908	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:02:35.0014 2908	CmBatt - ok
19:02:35.0049 2908	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:02:35.0049 2908	cmdide - ok
19:02:35.0082 2908	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:02:35.0086 2908	CNG - ok
19:02:35.0092 2908	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:02:35.0093 2908	Compbatt - ok
19:02:35.0130 2908	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:02:35.0131 2908	CompositeBus - ok
19:02:35.0140 2908	COMSysApp - ok
19:02:35.0153 2908	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:02:35.0153 2908	crcdisk - ok
19:02:35.0187 2908	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
19:02:35.0189 2908	CryptSvc - ok
19:02:35.0220 2908	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
19:02:35.0224 2908	CSC - ok
19:02:35.0240 2908	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
19:02:35.0246 2908	CscService - ok
19:02:35.0327 2908	DAUpdaterSvc    (914a7156b0c0f10be645a02e13f576b2) e:\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe
19:02:35.0327 2908	DAUpdaterSvc - ok
19:02:35.0367 2908	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:02:35.0371 2908	DcomLaunch - ok
19:02:35.0397 2908	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:02:35.0399 2908	defragsvc - ok
19:02:35.0425 2908	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:02:35.0426 2908	DfsC - ok
19:02:35.0441 2908	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:02:35.0444 2908	Dhcp - ok
19:02:35.0457 2908	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:02:35.0458 2908	discache - ok
19:02:35.0484 2908	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:02:35.0485 2908	Disk - ok
19:02:35.0520 2908	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:02:35.0522 2908	Dnscache - ok
19:02:35.0562 2908	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:02:35.0565 2908	dot3svc - ok
19:02:35.0605 2908	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:02:35.0607 2908	DPS - ok
19:02:35.0637 2908	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:02:35.0638 2908	drmkaud - ok
19:02:35.0667 2908	dump_wmimmc - ok
19:02:35.0713 2908	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:02:35.0720 2908	DXGKrnl - ok
19:02:35.0749 2908	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:02:35.0751 2908	EapHost - ok
19:02:35.0811 2908	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:02:35.0854 2908	ebdrv - ok
19:02:35.0884 2908	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:02:35.0885 2908	EFS - ok
19:02:35.0925 2908	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:02:35.0931 2908	ehRecvr - ok
19:02:35.0949 2908	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:02:35.0950 2908	ehSched - ok
19:02:35.0975 2908	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:02:35.0980 2908	elxstor - ok
19:02:36.0005 2908	epmntdrv        (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys
19:02:36.0006 2908	epmntdrv - ok
19:02:36.0041 2908	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:02:36.0042 2908	ErrDev - ok
19:02:36.0067 2908	EuGdiDrv        (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys
19:02:36.0068 2908	EuGdiDrv - ok
19:02:36.0089 2908	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:02:36.0093 2908	EventSystem - ok
19:02:36.0100 2908	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:02:36.0102 2908	exfat - ok
19:02:36.0124 2908	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:02:36.0126 2908	fastfat - ok
19:02:36.0161 2908	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:02:36.0167 2908	Fax - ok
19:02:36.0175 2908	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:02:36.0176 2908	fdc - ok
19:02:36.0186 2908	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:02:36.0187 2908	fdPHost - ok
19:02:36.0197 2908	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:02:36.0198 2908	FDResPub - ok
19:02:36.0210 2908	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:02:36.0212 2908	FileInfo - ok
19:02:36.0227 2908	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:02:36.0228 2908	Filetrace - ok
19:02:36.0294 2908	FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:02:36.0302 2908	FLEXnet Licensing Service - ok
19:02:36.0372 2908	FLEXnet Licensing Service 64 (5cee6cd43ae5844c49300ea0b1e557ee) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
19:02:36.0397 2908	FLEXnet Licensing Service 64 - ok
19:02:36.0404 2908	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:02:36.0404 2908	flpydisk - ok
19:02:36.0427 2908	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:02:36.0429 2908	FltMgr - ok
19:02:36.0474 2908	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:02:36.0491 2908	FontCache - ok
19:02:36.0521 2908	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:02:36.0522 2908	FontCache3.0.0.0 - ok
19:02:36.0544 2908	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:02:36.0546 2908	FsDepends - ok
19:02:36.0573 2908	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:02:36.0574 2908	Fs_Rec - ok
19:02:36.0592 2908	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:02:36.0595 2908	fvevol - ok
19:02:36.0601 2908	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:02:36.0602 2908	gagp30kx - ok
19:02:36.0644 2908	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:02:36.0651 2908	gpsvc - ok
19:02:36.0657 2908	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:02:36.0657 2908	hcw85cir - ok
19:02:36.0704 2908	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:02:36.0707 2908	HdAudAddService - ok
19:02:36.0736 2908	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:02:36.0738 2908	HDAudBus - ok
19:02:36.0744 2908	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:02:36.0745 2908	HidBatt - ok
19:02:36.0751 2908	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:02:36.0752 2908	HidBth - ok
19:02:36.0768 2908	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:02:36.0769 2908	HidIr - ok
19:02:36.0789 2908	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
19:02:36.0791 2908	hidserv - ok
19:02:36.0820 2908	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:02:36.0821 2908	HidUsb - ok
19:02:36.0850 2908	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:02:36.0852 2908	hkmsvc - ok
19:02:36.0883 2908	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:02:36.0886 2908	HomeGroupListener - ok
19:02:36.0918 2908	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:02:36.0921 2908	HomeGroupProvider - ok
19:02:36.0941 2908	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:02:36.0942 2908	HpSAMD - ok
19:02:36.0975 2908	HTCAND64        (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
19:02:36.0976 2908	HTCAND64 - ok
19:02:37.0023 2908	htcnprot        (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
19:02:37.0024 2908	htcnprot - ok
19:02:37.0062 2908	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:02:37.0068 2908	HTTP - ok
19:02:37.0093 2908	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:02:37.0094 2908	hwpolicy - ok
19:02:37.0130 2908	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:02:37.0131 2908	i8042prt - ok
19:02:37.0158 2908	iaStor          (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
19:02:37.0160 2908	iaStor - ok
19:02:37.0198 2908	IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:02:37.0199 2908	IAStorDataMgrSvc - ok
19:02:37.0239 2908	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:02:37.0242 2908	iaStorV - ok
19:02:37.0304 2908	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:02:37.0312 2908	idsvc - ok
19:02:37.0485 2908	igfx            (0ac9e321d604be48a0d72b69ba484bdc) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:02:37.0654 2908	igfx - ok
19:02:37.0690 2908	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:02:37.0691 2908	iirsp - ok
19:02:37.0714 2908	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:02:37.0720 2908	IKEEXT - ok
19:02:37.0754 2908	imhidusb        (7f7313e8bc26ba77440ed1370b613870) C:\Windows\system32\DRIVERS\imhidusb.sys
19:02:37.0754 2908	imhidusb - ok
19:02:37.0777 2908	Impcd           (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
19:02:37.0778 2908	Impcd - ok
19:02:37.0834 2908	IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys
19:02:37.0868 2908	IntcAzAudAddService - ok
19:02:37.0889 2908	IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
19:02:37.0892 2908	IntcDAud - ok
19:02:37.0930 2908	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:02:37.0931 2908	intelide - ok
19:02:37.0962 2908	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:02:37.0964 2908	intelppm - ok
19:02:37.0983 2908	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:02:37.0985 2908	IPBusEnum - ok
19:02:38.0022 2908	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:02:38.0023 2908	IpFilterDriver - ok
19:02:38.0066 2908	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:02:38.0071 2908	iphlpsvc - ok
19:02:38.0102 2908	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:02:38.0103 2908	IPMIDRV - ok
19:02:38.0115 2908	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:02:38.0117 2908	IPNAT - ok
19:02:38.0142 2908	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:02:38.0143 2908	IRENUM - ok
19:02:38.0174 2908	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:02:38.0175 2908	isapnp - ok
19:02:38.0209 2908	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:02:38.0212 2908	iScsiPrt - ok
19:02:38.0232 2908	k57nd60a        (12e27942dbb7c91880163634b0d8a776) C:\Windows\system32\DRIVERS\k57nd60a.sys
19:02:38.0235 2908	k57nd60a - ok
19:02:38.0259 2908	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:02:38.0260 2908	kbdclass - ok
19:02:38.0270 2908	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:02:38.0271 2908	kbdhid - ok
19:02:38.0298 2908	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:02:38.0299 2908	KeyIso - ok
19:02:38.0336 2908	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:02:38.0338 2908	KSecDD - ok
19:02:38.0371 2908	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:02:38.0373 2908	KSecPkg - ok
19:02:38.0403 2908	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:02:38.0404 2908	ksthunk - ok
19:02:38.0429 2908	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:02:38.0433 2908	KtmRm - ok
19:02:38.0464 2908	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
19:02:38.0467 2908	LanmanServer - ok
19:02:38.0476 2908	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:02:38.0478 2908	LanmanWorkstation - ok
19:02:38.0501 2908	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:02:38.0502 2908	lltdio - ok
19:02:38.0523 2908	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:02:38.0526 2908	lltdsvc - ok
19:02:38.0544 2908	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:02:38.0545 2908	lmhosts - ok
19:02:38.0560 2908	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:02:38.0561 2908	LSI_FC - ok
19:02:38.0572 2908	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:02:38.0574 2908	LSI_SAS - ok
19:02:38.0591 2908	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:02:38.0592 2908	LSI_SAS2 - ok
19:02:38.0631 2908	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:02:38.0633 2908	LSI_SCSI - ok
19:02:38.0654 2908	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:02:38.0655 2908	luafv - ok
19:02:38.0693 2908	lvpepf64        (07389f6925e490d2db7882110e99921c) C:\Windows\system32\DRIVERS\lv302a64.sys
19:02:38.0694 2908	lvpepf64 - ok
19:02:38.0716 2908	LVRS64          (7f0ba3a6e8996f15693c6b7d81da049e) C:\Windows\system32\DRIVERS\lvrs64.sys
19:02:38.0723 2908	LVRS64 - ok
19:02:38.0781 2908	LVUSBS64        (5c3ff68267a5d242ee79ee01b993d6ce) C:\Windows\system32\drivers\LVUSBS64.sys
19:02:38.0782 2908	LVUSBS64 - ok
19:02:38.0805 2908	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:02:38.0807 2908	Mcx2Svc - ok
19:02:38.0823 2908	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:02:38.0824 2908	megasas - ok
19:02:38.0842 2908	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:02:38.0844 2908	MegaSR - ok
19:02:38.0874 2908	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
19:02:38.0875 2908	MEIx64 - ok
19:02:38.0975 2908	mi-raysat_3dsmax2012_64 (0af89452a8ce3928168f4e5b2208c68b) C:\Tools\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
19:02:38.0976 2908	mi-raysat_3dsmax2012_64 - ok
19:02:39.0000 2908	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:02:39.0002 2908	MMCSS - ok
19:02:39.0013 2908	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:02:39.0014 2908	Modem - ok
19:02:39.0044 2908	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:02:39.0045 2908	monitor - ok
19:02:39.0073 2908	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:02:39.0074 2908	mouclass - ok
19:02:39.0089 2908	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:02:39.0090 2908	mouhid - ok
19:02:39.0120 2908	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:02:39.0122 2908	mountmgr - ok
19:02:39.0153 2908	MpFilter        (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
19:02:39.0155 2908	MpFilter - ok
19:02:39.0190 2908	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:02:39.0192 2908	mpio - ok
19:02:39.0203 2908	MpNWMon         (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
19:02:39.0204 2908	MpNWMon - ok
19:02:39.0217 2908	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:02:39.0218 2908	mpsdrv - ok
19:02:39.0259 2908	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:02:39.0266 2908	MpsSvc - ok
19:02:39.0291 2908	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:02:39.0293 2908	MRxDAV - ok
19:02:39.0328 2908	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:02:39.0330 2908	mrxsmb - ok
19:02:39.0362 2908	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:02:39.0365 2908	mrxsmb10 - ok
19:02:39.0398 2908	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:02:39.0400 2908	mrxsmb20 - ok
19:02:39.0434 2908	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:02:39.0435 2908	msahci - ok
19:02:39.0442 2908	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:02:39.0443 2908	msdsm - ok
19:02:39.0467 2908	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:02:39.0469 2908	MSDTC - ok
19:02:39.0491 2908	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:02:39.0492 2908	Msfs - ok
19:02:39.0502 2908	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:02:39.0503 2908	mshidkmdf - ok
19:02:39.0515 2908	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:02:39.0516 2908	msisadrv - ok
19:02:39.0539 2908	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:02:39.0541 2908	MSiSCSI - ok
19:02:39.0546 2908	msiserver - ok
19:02:39.0574 2908	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:02:39.0575 2908	MSKSSRV - ok
19:02:39.0671 2908	MsMpSvc         (157e9e498206a3366baa7e4697bdd947) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
19:02:39.0671 2908	MsMpSvc - ok
19:02:39.0688 2908	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:02:39.0689 2908	MSPCLOCK - ok
19:02:39.0702 2908	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:02:39.0703 2908	MSPQM - ok
19:02:39.0742 2908	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:02:39.0745 2908	MsRPC - ok
19:02:39.0760 2908	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:02:39.0761 2908	mssmbios - ok
19:02:39.0773 2908	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:02:39.0774 2908	MSTEE - ok
19:02:39.0905 2908	msvsmon90       (cb4a082af58d1a0969f931816d5cfb05) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
19:02:39.0981 2908	msvsmon90 - ok
19:02:40.0011 2908	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:02:40.0012 2908	MTConfig - ok
19:02:40.0026 2908	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:02:40.0027 2908	Mup - ok
19:02:40.0060 2908	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:02:40.0064 2908	napagent - ok
19:02:40.0092 2908	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:02:40.0095 2908	NativeWifiP - ok
19:02:40.0145 2908	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:02:40.0152 2908	NDIS - ok
19:02:40.0166 2908	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:02:40.0167 2908	NdisCap - ok
19:02:40.0192 2908	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:02:40.0193 2908	NdisTapi - ok
19:02:40.0221 2908	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:02:40.0222 2908	Ndisuio - ok
19:02:40.0239 2908	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:02:40.0241 2908	NdisWan - ok
19:02:40.0274 2908	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:02:40.0275 2908	NDProxy - ok
19:02:40.0323 2908	Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
19:02:40.0324 2908	Net Driver HPZ12 - ok
19:02:40.0335 2908	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:02:40.0336 2908	NetBIOS - ok
19:02:40.0368 2908	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:02:40.0371 2908	NetBT - ok
19:02:40.0404 2908	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:02:40.0405 2908	Netlogon - ok
19:02:40.0422 2908	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:02:40.0426 2908	Netman - ok
19:02:40.0493 2908	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:02:40.0495 2908	NetMsmqActivator - ok
19:02:40.0509 2908	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:02:40.0510 2908	NetPipeActivator - ok
19:02:40.0529 2908	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:02:40.0533 2908	netprofm - ok
19:02:40.0549 2908	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:02:40.0549 2908	NetTcpActivator - ok
19:02:40.0551 2908	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:02:40.0552 2908	NetTcpPortSharing - ok
19:02:40.0577 2908	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:02:40.0578 2908	nfrd960 - ok
19:02:40.0617 2908	NisDrv          (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:02:40.0618 2908	NisDrv - ok
19:02:40.0733 2908	NisSrv          (566ddd5d82520da01d75f81428ac4c38) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
19:02:40.0736 2908	NisSrv - ok
19:02:40.0776 2908	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:02:40.0779 2908	NlaSvc - ok
19:02:40.0790 2908	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:02:40.0791 2908	Npfs - ok
19:02:40.0823 2908	npggsvc - ok
19:02:40.0840 2908	NPPTNT2 - ok
19:02:40.0863 2908	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:02:40.0864 2908	nsi - ok
19:02:40.0877 2908	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:02:40.0878 2908	nsiproxy - ok
19:02:40.0932 2908	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:02:40.0957 2908	Ntfs - ok
19:02:40.0967 2908	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:02:40.0967 2908	Null - ok
19:02:41.0009 2908	NVHDA           (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
19:02:41.0010 2908	NVHDA - ok
19:02:41.0202 2908	nvlddmkm        (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:02:41.0364 2908	nvlddmkm - ok
19:02:41.0418 2908	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:02:41.0420 2908	nvraid - ok
19:02:41.0427 2908	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:02:41.0429 2908	nvstor - ok
19:02:41.0472 2908	nvsvc           (34e5498528bb3d5a951f889f8756ad26) C:\Windows\system32\nvvsvc.exe
19:02:41.0480 2908	nvsvc - ok
19:02:41.0553 2908	nvUpdatusService (cd0bfaa6872cfe38c908d313ae17c350) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:02:41.0587 2908	nvUpdatusService - ok
19:02:41.0628 2908	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:02:41.0630 2908	nv_agp - ok
19:02:41.0664 2908	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:02:41.0665 2908	ohci1394 - ok
19:02:41.0765 2908	OpenVPNService  (ccaf7108859b6b1698a4223e2760b578) C:\Tools\OpenVPN\bin\openvpnserv.exe
19:02:41.0766 2908	OpenVPNService - ok
19:02:41.0814 2908	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:02:41.0816 2908	ose - ok
19:02:41.0843 2908	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:02:41.0847 2908	p2pimsvc - ok
19:02:41.0866 2908	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:02:41.0870 2908	p2psvc - ok
19:02:41.0890 2908	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:02:41.0891 2908	Parport - ok
19:02:41.0924 2908	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
19:02:41.0925 2908	partmgr - ok
19:02:41.0957 2908	PassThru Service - ok
19:02:42.0012 2908	pavboot         (8a0f8a9580d9f2fc512a35d5709088a9) C:\Windows\system32\drivers\pavboot64.sys
19:02:42.0013 2908	pavboot - ok
19:02:42.0030 2908	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:02:42.0032 2908	PcaSvc - ok
19:02:42.0068 2908	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:02:42.0070 2908	pci - ok
19:02:42.0084 2908	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:02:42.0085 2908	pciide - ok
19:02:42.0101 2908	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:02:42.0104 2908	pcmcia - ok
19:02:42.0121 2908	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:02:42.0122 2908	pcw - ok
19:02:42.0144 2908	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:02:42.0149 2908	PEAUTH - ok
19:02:42.0183 2908	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
19:02:42.0208 2908	PeerDistSvc - ok
19:02:42.0249 2908	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:02:42.0251 2908	PerfHost - ok
19:02:42.0318 2908	PID_PEPI        (087a343dfc337f37723dd7912de6b6cd) C:\Windows\system32\DRIVERS\LV302V64.SYS
19:02:42.0352 2908	PID_PEPI - ok
19:02:42.0396 2908	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:02:42.0421 2908	pla - ok
19:02:42.0460 2908	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:02:42.0464 2908	PlugPlay - ok
19:02:42.0510 2908	Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
19:02:42.0512 2908	Pml Driver HPZ12 - ok
19:02:42.0527 2908	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:02:42.0528 2908	PNRPAutoReg - ok
19:02:42.0543 2908	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:02:42.0544 2908	PNRPsvc - ok
19:02:42.0583 2908	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:02:42.0587 2908	PolicyAgent - ok
19:02:42.0616 2908	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:02:42.0618 2908	Power - ok
19:02:42.0657 2908	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:02:42.0659 2908	PptpMiniport - ok
19:02:42.0683 2908	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:02:42.0684 2908	Processor - ok
19:02:42.0709 2908	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
19:02:42.0711 2908	ProfSvc - ok
19:02:42.0743 2908	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:02:42.0744 2908	ProtectedStorage - ok
19:02:42.0855 2908	PS3 Media Server (e2e47486f9d39145daea03d007587a02) C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe
19:02:42.0859 2908	PS3 Media Server - ok
19:02:42.0888 2908	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:02:42.0890 2908	Psched - ok
19:02:42.0922 2908	PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
19:02:42.0923 2908	PxHlpa64 - ok
19:02:42.0958 2908	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:02:42.0981 2908	ql2300 - ok
19:02:43.0000 2908	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:02:43.0002 2908	ql40xx - ok
19:02:43.0029 2908	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:02:43.0031 2908	QWAVE - ok
19:02:43.0040 2908	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:02:43.0041 2908	QWAVEdrv - ok
19:02:43.0055 2908	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:02:43.0056 2908	RasAcd - ok
19:02:43.0072 2908	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:02:43.0073 2908	RasAgileVpn - ok
19:02:43.0085 2908	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:02:43.0087 2908	RasAuto - ok
19:02:43.0102 2908	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:02:43.0104 2908	Rasl2tp - ok
19:02:43.0142 2908	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:02:43.0146 2908	RasMan - ok
19:02:43.0157 2908	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:02:43.0159 2908	RasPppoe - ok
19:02:43.0170 2908	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:02:43.0171 2908	RasSstp - ok
19:02:43.0202 2908	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:02:43.0205 2908	rdbss - ok
19:02:43.0226 2908	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:02:43.0228 2908	rdpbus - ok
19:02:43.0243 2908	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:02:43.0243 2908	RDPCDD - ok
19:02:43.0284 2908	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
19:02:43.0286 2908	RDPDR - ok
19:02:43.0311 2908	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:02:43.0312 2908	RDPENCDD - ok
19:02:43.0329 2908	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:02:43.0330 2908	RDPREFMP - ok
19:02:43.0362 2908	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
19:02:43.0364 2908	RDPWD - ok
19:02:43.0397 2908	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:02:43.0398 2908	rdyboost - ok
19:02:43.0423 2908	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:02:43.0425 2908	RemoteAccess - ok
19:02:43.0455 2908	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:02:43.0458 2908	RemoteRegistry - ok
19:02:43.0480 2908	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:02:43.0482 2908	RpcEptMapper - ok
19:02:43.0504 2908	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:02:43.0506 2908	RpcLocator - ok
19:02:43.0541 2908	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:02:43.0543 2908	RpcSs - ok
19:02:43.0555 2908	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:02:43.0556 2908	rspndr - ok
19:02:43.0582 2908	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
19:02:43.0583 2908	s3cap - ok
19:02:43.0609 2908	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:02:43.0610 2908	SamSs - ok
19:02:43.0663 2908	SASDIFSV        (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:02:43.0664 2908	SASDIFSV - ok
19:02:43.0666 2908	SASKUTIL        (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:02:43.0667 2908	SASKUTIL - ok
19:02:43.0680 2908	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:02:43.0682 2908	sbp2port - ok
19:02:43.0713 2908	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:02:43.0715 2908	SCardSvr - ok
19:02:43.0762 2908	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:02:43.0763 2908	scfilter - ok
19:02:43.0810 2908	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:02:43.0827 2908	Schedule - ok
19:02:43.0844 2908	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:02:43.0844 2908	SCPolicySvc - ok
19:02:43.0860 2908	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:02:43.0862 2908	SDRSVC - ok
19:02:43.0878 2908	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:02:43.0880 2908	secdrv - ok
19:02:43.0890 2908	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:02:43.0891 2908	seclogon - ok
19:02:43.0917 2908	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
19:02:43.0918 2908	SENS - ok
19:02:43.0928 2908	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:02:43.0929 2908	SensrSvc - ok
19:02:43.0945 2908	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:02:43.0946 2908	Serenum - ok
19:02:43.0965 2908	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:02:43.0966 2908	Serial - ok
19:02:43.0996 2908	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:02:43.0997 2908	sermouse - ok
19:02:44.0035 2908	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:02:44.0038 2908	SessionEnv - ok
19:02:44.0065 2908	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:02:44.0066 2908	sffdisk - ok
19:02:44.0076 2908	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:02:44.0077 2908	sffp_mmc - ok
19:02:44.0088 2908	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:02:44.0089 2908	sffp_sd - ok
19:02:44.0109 2908	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:02:44.0110 2908	sfloppy - ok
19:02:44.0158 2908	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:02:44.0162 2908	SharedAccess - ok
19:02:44.0180 2908	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:02:44.0184 2908	ShellHWDetection - ok
19:02:44.0208 2908	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:02:44.0210 2908	SiSRaid2 - ok
19:02:44.0227 2908	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:02:44.0228 2908	SiSRaid4 - ok
19:02:44.0271 2908	SkypeUpdate     (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
19:02:44.0273 2908	SkypeUpdate - ok
19:02:44.0293 2908	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:02:44.0295 2908	Smb - ok
19:02:44.0310 2908	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:02:44.0312 2908	SNMPTRAP - ok
19:02:44.0317 2908	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:02:44.0318 2908	spldr - ok
19:02:44.0336 2908	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:02:44.0342 2908	Spooler - ok
19:02:44.0410 2908	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:02:44.0469 2908	sppsvc - ok
19:02:44.0482 2908	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:02:44.0483 2908	sppuinotify - ok
19:02:44.0491 2908	sptd - ok
19:02:44.0527 2908	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:02:44.0531 2908	srv - ok
19:02:44.0567 2908	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:02:44.0570 2908	srv2 - ok
19:02:44.0604 2908	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:02:44.0605 2908	srvnet - ok
19:02:44.0641 2908	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:02:44.0643 2908	SSDPSRV - ok
19:02:44.0653 2908	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:02:44.0655 2908	SstpSvc - ok
19:02:44.0691 2908	Steam Client Service - ok
19:02:44.0772 2908	Stereo Service  (8544a200c40447e465f06e58687428bb) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:02:44.0775 2908	Stereo Service - ok
19:02:44.0797 2908	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:02:44.0798 2908	stexstor - ok
19:02:44.0833 2908	StillCam        (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
19:02:44.0834 2908	StillCam - ok
19:02:44.0867 2908	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:02:44.0872 2908	stisvc - ok
19:02:44.0900 2908	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
19:02:44.0901 2908	storflt - ok
19:02:44.0926 2908	StorSvc         (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
19:02:44.0928 2908	StorSvc - ok
19:02:44.0961 2908	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
19:02:44.0963 2908	storvsc - ok
19:02:44.0991 2908	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:02:44.0992 2908	swenum - ok
19:02:45.0007 2908	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:02:45.0012 2908	swprv - ok
19:02:45.0063 2908	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:02:45.0089 2908	SysMain - ok
19:02:45.0131 2908	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:02:45.0133 2908	TabletInputService - ok
19:02:45.0172 2908	tap0901         (bcd6a90d6fd757ce9c29ddc850f7f231) C:\Windows\system32\DRIVERS\tap0901.sys
19:02:45.0173 2908	tap0901 - ok
19:02:45.0208 2908	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:02:45.0211 2908	TapiSrv - ok
19:02:45.0225 2908	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:02:45.0226 2908	TBS - ok
19:02:45.0291 2908	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
19:02:45.0324 2908	Tcpip - ok
19:02:45.0374 2908	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
19:02:45.0381 2908	TCPIP6 - ok
19:02:45.0418 2908	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:02:45.0420 2908	tcpipreg - ok
19:02:45.0426 2908	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:02:45.0427 2908	TDPIPE - ok
19:02:45.0455 2908	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:02:45.0456 2908	TDTCP - ok
19:02:45.0483 2908	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:02:45.0484 2908	tdx - ok
19:02:45.0493 2908	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:02:45.0495 2908	TermDD - ok
19:02:45.0533 2908	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:02:45.0539 2908	TermService - ok
19:02:45.0550 2908	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:02:45.0551 2908	Themes - ok
19:02:45.0576 2908	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:02:45.0577 2908	THREADORDER - ok
19:02:45.0600 2908	tifsfilter      (3e24b7fe52bc455da8d6e2cc2b4ca23f) C:\Windows\system32\DRIVERS\tifsfilt.sys
19:02:45.0601 2908	tifsfilter - ok
19:02:45.0619 2908	timounter       (ec4fd4d147985a97e881729e808e6f34) C:\Windows\system32\DRIVERS\timntr.sys
19:02:45.0625 2908	timounter - ok
19:02:45.0642 2908	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:02:45.0644 2908	TrkWks - ok
19:02:45.0655 2908	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:02:45.0657 2908	TrustedInstaller - ok
19:02:45.0685 2908	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:02:45.0686 2908	tssecsrv - ok
19:02:45.0721 2908	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:02:45.0722 2908	TsUsbFlt - ok
19:02:45.0770 2908	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:02:45.0772 2908	tunnel - ok
19:02:45.0845 2908	TVersityMediaServer (e0a9b5b92097211a57fd16d27f2b3750) C:\ProgramData\TVersity\Media Server\MediaServer.exe
19:02:45.0855 2908	TVersityMediaServer - ok
19:02:45.0878 2908	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:02:45.0880 2908	uagp35 - ok
19:02:45.0922 2908	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:02:45.0925 2908	udfs - ok
19:02:45.0946 2908	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:02:45.0948 2908	UI0Detect - ok
19:02:45.0981 2908	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:02:45.0982 2908	uliagpkx - ok
19:02:46.0018 2908	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:02:46.0019 2908	umbus - ok
19:02:46.0041 2908	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:02:46.0042 2908	UmPass - ok
19:02:46.0074 2908	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
19:02:46.0077 2908	UmRdpService - ok
19:02:46.0095 2908	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:02:46.0098 2908	upnphost - ok
19:02:46.0118 2908	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
19:02:46.0120 2908	usbaudio - ok
19:02:46.0156 2908	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:02:46.0157 2908	usbccgp - ok
19:02:46.0180 2908	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:02:46.0182 2908	usbcir - ok
19:02:46.0199 2908	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
19:02:46.0200 2908	usbehci - ok
19:02:46.0216 2908	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:02:46.0219 2908	usbhub - ok
19:02:46.0253 2908	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:02:46.0254 2908	usbohci - ok
19:02:46.0277 2908	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:02:46.0278 2908	usbprint - ok
19:02:46.0316 2908	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:02:46.0318 2908	USBSTOR - ok
19:02:46.0353 2908	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:02:46.0354 2908	usbuhci - ok
19:02:46.0444 2908	uvnc_service    (e7474dca1148597d841e8599d4ac4859) C:\Program Files\UltraVNC\WinVNC.exe
19:02:46.0478 2908	uvnc_service - ok
19:02:46.0492 2908	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:02:46.0494 2908	UxSms - ok
19:02:46.0522 2908	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:02:46.0523 2908	VaultSvc - ok
19:02:46.0565 2908	VBoxDrv         (6372eaa7cc0e8a2fc4be7b3f2de1ed62) C:\Windows\system32\DRIVERS\VBoxDrv.sys
19:02:46.0567 2908	VBoxDrv - ok
19:02:46.0598 2908	VBoxNetAdp      (b996117f6202464a56901cbc13999fe2) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
19:02:46.0600 2908	VBoxNetAdp - ok
19:02:46.0641 2908	VBoxNetFlt      (89835a2f779979f1d545e40f36d737e0) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
19:02:46.0643 2908	VBoxNetFlt - ok
19:02:46.0676 2908	VBoxUSBMon      (f9bd6cff0376d1daddb1cb2f794d9bc7) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
19:02:46.0678 2908	VBoxUSBMon - ok
19:02:46.0707 2908	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:02:46.0708 2908	vdrvroot - ok
19:02:46.0741 2908	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:02:46.0745 2908	vds - ok
19:02:46.0787 2908	vflt            (00c7df4f50962ba218ab60d32869100b) C:\Windows\system32\DRIVERS\vfilter.sys
19:02:46.0788 2908	vflt - ok
19:02:46.0801 2908	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:02:46.0802 2908	vga - ok
19:02:46.0819 2908	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:02:46.0821 2908	VgaSave - ok
19:02:46.0855 2908	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:02:46.0857 2908	vhdmp - ok
19:02:46.0879 2908	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:02:46.0880 2908	viaide - ok
19:02:46.0897 2908	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
19:02:46.0899 2908	vmbus - ok
19:02:46.0921 2908	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
19:02:46.0922 2908	VMBusHID - ok
19:02:46.0939 2908	vnet            (a99ca064ad11266fe7067a79bf78bbb5) C:\Windows\system32\DRIVERS\virtualnet.sys
19:02:46.0940 2908	vnet - ok
19:02:46.0957 2908	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:02:46.0959 2908	volmgr - ok
19:02:46.0993 2908	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:02:46.0996 2908	volmgrx - ok
19:02:47.0011 2908	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:02:47.0013 2908	volsnap - ok
19:02:47.0044 2908	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:02:47.0046 2908	vsmraid - ok
19:02:47.0091 2908	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:02:47.0117 2908	VSS - ok
19:02:47.0133 2908	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
19:02:47.0134 2908	vwifibus - ok
19:02:47.0167 2908	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:02:47.0172 2908	W32Time - ok
19:02:47.0186 2908	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:02:47.0187 2908	WacomPen - ok
19:02:47.0223 2908	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:02:47.0224 2908	WANARP - ok
19:02:47.0226 2908	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:02:47.0226 2908	Wanarpv6 - ok
19:02:47.0281 2908	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:02:47.0298 2908	WatAdminSvc - ok
19:02:47.0328 2908	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:02:47.0354 2908	wbengine - ok
19:02:47.0365 2908	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:02:47.0367 2908	WbioSrvc - ok
19:02:47.0391 2908	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:02:47.0394 2908	wcncsvc - ok
19:02:47.0432 2908	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:02:47.0433 2908	WcsPlugInService - ok
19:02:47.0452 2908	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:02:47.0452 2908	Wd - ok
19:02:47.0477 2908	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:02:47.0482 2908	Wdf01000 - ok
19:02:47.0494 2908	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:02:47.0496 2908	WdiServiceHost - ok
19:02:47.0498 2908	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:02:47.0499 2908	WdiSystemHost - ok
19:02:47.0529 2908	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:02:47.0532 2908	WebClient - ok
19:02:47.0548 2908	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:02:47.0551 2908	Wecsvc - ok
19:02:47.0574 2908	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:02:47.0576 2908	wercplsupport - ok
19:02:47.0598 2908	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:02:47.0600 2908	WerSvc - ok
19:02:47.0612 2908	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:02:47.0612 2908	WfpLwf - ok
19:02:47.0622 2908	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:02:47.0622 2908	WIMMount - ok
19:02:47.0631 2908	WinDefend - ok
19:02:47.0642 2908	WinHttpAutoProxySvc - ok
19:02:47.0685 2908	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:02:47.0688 2908	Winmgmt - ok
19:02:47.0739 2908	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:02:47.0773 2908	WinRM - ok
19:02:47.0827 2908	WinUSB          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
19:02:47.0829 2908	WinUSB - ok
19:02:47.0855 2908	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:02:47.0862 2908	Wlansvc - ok
19:02:47.0907 2908	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:02:47.0909 2908	wlcrasvc - ok
19:02:47.0985 2908	wlidsvc         (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:02:48.0019 2908	wlidsvc - ok
19:02:48.0048 2908	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:02:48.0049 2908	WmiAcpi - ok
19:02:48.0063 2908	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:02:48.0065 2908	wmiApSrv - ok
19:02:48.0073 2908	WMPNetworkSvc - ok
19:02:48.0086 2908	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:02:48.0088 2908	WPCSvc - ok
19:02:48.0115 2908	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:02:48.0117 2908	WPDBusEnum - ok
19:02:48.0133 2908	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:02:48.0133 2908	ws2ifsl - ok
19:02:48.0149 2908	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
19:02:48.0151 2908	wscsvc - ok
19:02:48.0186 2908	WSDPrintDevice  (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
19:02:48.0187 2908	WSDPrintDevice - ok
19:02:48.0191 2908	WSearch - ok
19:02:48.0266 2908	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
19:02:48.0309 2908	wuauserv - ok
19:02:48.0346 2908	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:02:48.0348 2908	WudfPf - ok
19:02:48.0364 2908	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:02:48.0366 2908	WUDFRd - ok
19:02:48.0400 2908	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:02:48.0402 2908	wudfsvc - ok
19:02:48.0418 2908	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:02:48.0421 2908	WwanSvc - ok
19:02:48.0449 2908	xusb21          (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys
19:02:48.0451 2908	xusb21 - ok
19:02:48.0488 2908	MBR (0x1B8)     (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
19:02:48.0561 2908	\Device\Harddisk0\DR0 - ok
19:02:48.0562 2908	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
19:02:48.0595 2908	\Device\Harddisk1\DR1 - ok
19:02:48.0596 2908	Boot (0x1200)   (ef07c37a17581c0c07444e0112a57d85) \Device\Harddisk0\DR0\Partition0
19:02:48.0597 2908	\Device\Harddisk0\DR0\Partition0 - ok
19:02:48.0598 2908	Boot (0x1200)   (ab264372cbb056f45130f720b299d2ee) \Device\Harddisk0\DR0\Partition1
19:02:48.0599 2908	\Device\Harddisk0\DR0\Partition1 - ok
19:02:48.0623 2908	Boot (0x1200)   (3b02026c18db539a8140b13681806010) \Device\Harddisk0\DR0\Partition2
19:02:48.0624 2908	\Device\Harddisk0\DR0\Partition2 - ok
19:02:48.0644 2908	Boot (0x1200)   (70ea2511150461402e92adfbc8c70fec) \Device\Harddisk0\DR0\Partition3
19:02:48.0645 2908	\Device\Harddisk0\DR0\Partition3 - ok
19:02:48.0651 2908	Boot (0x1200)   (90773c0a9376849b41bd3acf318139f1) \Device\Harddisk1\DR1\Partition0
19:02:48.0652 2908	\Device\Harddisk1\DR1\Partition0 - ok
19:02:48.0652 2908	============================================================
19:02:48.0652 2908	Scan finished
19:02:48.0652 2908	============================================================
19:02:48.0655 2160	Detected object count: 0
19:02:48.0655 2160	Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-17 19:04:05
-----------------------------
19:04:05.796    OS Version: Windows x64 6.1.7601 Service Pack 1
19:04:05.796    Number of processors: 8 586 0x2A07
19:04:05.797    ComputerName: STARKILLER  UserName: guayj
19:04:12.274    Initialize success
19:04:12.862    AVAST engine defs: 12041502
19:04:18.826    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:04:18.827    Disk 0 Vendor: ST310005 CC49 Size: 953869MB BusType: 3
19:04:18.828    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
19:04:18.829    Disk 1 Vendor: ST315003 CC1H Size: 1430799MB BusType: 3
19:04:18.852    Disk 0 MBR read successfully
19:04:18.853    Disk 0 MBR scan
19:04:19.059    Disk 0 Windows VISTA default MBR code
19:04:19.061    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
19:04:19.190    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        12542 MB offset 81920
19:04:19.300    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       199337 MB offset 25767936
19:04:19.310    Disk 0 Partition - 00     0F Extended LBA            741947 MB offset 434012040
19:04:19.345    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       299759 MB offset 434012103
19:04:19.373    Disk 0 Partition - 00     05     Extended            442187 MB offset 1047919950
19:04:19.392    Disk 0 Partition 5 00     07    HPFS/NTFS NTFS       442187 MB offset 1047920013
19:04:19.442    Disk 0 scanning C:\Windows\system32\drivers
19:04:30.801    Service scanning
19:04:36.022    Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
19:04:43.523    Modules scanning
19:04:43.526    Disk 0 trace - called modules:
19:04:43.543    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
19:04:43.547    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800e35d790]
19:04:43.550    3 CLASSPNP.SYS[fffff8800168c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800d534050]
19:04:43.725    AVAST engine scan C:\Windows
19:04:45.814    AVAST engine scan C:\Windows\system32
19:07:22.083    AVAST engine scan C:\Windows\system32\drivers
19:07:35.902    AVAST engine scan C:\Users\guayj
19:10:34.171    File: C:\Users\guayj\AppData\Roaming\Adobe\Flash Player\NativeCache\87751633C509CE0559A2FCA8D73AC9CC\1c0b889a\adobecp-200489-1.dll  **INFECTED** Win32:Malware-gen
19:12:32.216    AVAST engine scan C:\ProgramData
19:14:46.901    Scan finished successfully
19:20:41.385    Disk 0 MBR has been saved successfully to "D:\Users\guayj\Desktop\Troubleshooting\2012-04-15\01\MBR.dat"
19:20:41.388    The log file has been saved successfully to "D:\Users\guayj\Desktop\Troubleshooting\2012-04-15\01\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   627bytes   0 downloads


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:59 PM

Posted 18 April 2012 - 09:12 AM

Execute this in Safe Mode with Networking.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

#5 Skylark13

Skylark13
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:Montreal, Quebec, Canada
  • Local time:11:59 PM

Posted 18 April 2012 - 06:13 PM

Hello nasdaq,

Even though I followed the instructions to disable Avast and Microsoft Security Essentials, ComboFix still reported them both to be still active. I selected to disable Avast's real-time shields for 1 hour from its tray icon (which was there even though I'm in safe mode because I had run a full scan earlier), and in MSE I went to Settings - Real-time protection, unchecked "Turn on real-time protection" and clicked "save changes".

I don't know why ComboFix still thinks they are active. I decided to let it run anyways. It rebooted my computer in the middle of its scan, but when I restarted (in Safe Mode with Networking again) its window reappeared and it said "preparing log file" so I guess that reboot was normal.

Here are the contents of the C:\ComboFix.txt file.


ComboFix 12-04-18.02 - guayj 18/04/2012 18:43:33.3.8 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.16366.12855 [GMT -4:00]
Running from: d:\users\guayj\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))
.
.
2012-04-18 22:47 . 2012-04-18 22:47 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-18 22:47 . 2012-04-18 22:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-16 01:14 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-16 01:14 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-16 01:14 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-16 01:14 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-16 01:14 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-16 01:14 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-04-16 01:13 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-16 01:13 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-04-16 01:12 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4390F933-BE35-49CE-9AC2-49024B3CA736}\mpengine.dll
2012-04-13 23:58 . 2012-04-13 23:58 -------- d-----w- c:\users\guayj\AppData\Roaming\Windows Live Writer
2012-04-13 23:58 . 2012-04-13 23:58 -------- d-----w- c:\users\guayj\AppData\Local\Windows Live Writer
2012-04-13 23:39 . 2012-04-13 23:39 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-12 23:52 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 23:52 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 23:52 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 23:52 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 23:52 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 23:52 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 23:52 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-07 12:18 . 2012-04-07 12:18 -------- d-----w- c:\windows\SysWow64\Adobe
2012-04-06 02:31 . 2012-04-06 02:38 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-01 19:47 . 2012-04-01 19:47 -------- d-----w- c:\users\guayj\AppData\Local\com.syntext.doc
2012-04-01 19:08 . 2012-04-01 19:47 -------- d-----w- c:\users\guayj\.serna-free-4.4
2012-04-01 19:07 . 2012-04-01 19:07 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit
2012-04-01 19:07 . 2012-04-01 19:07 -------- d-----w- c:\program files (x86)\Syntext
2012-03-26 02:08 . 2012-03-26 02:08 -------- d-----w- c:\program files (x86)\FileHippo.com
2012-03-26 01:09 . 2012-03-26 01:09 -------- d-----w- c:\users\guayj\AppData\Roaming\SUPERAntiSpyware.com
2012-03-26 01:09 . 2012-03-26 01:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-26 01:09 . 2012-03-26 01:09 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-24 00:37 . 2012-03-24 00:37 -------- d-----w- c:\program files (x86)\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 23:39 . 2011-05-19 23:40 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-06 02:38 . 2011-01-21 00:47 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-16 03:07 . 2011-08-23 03:07 2025984 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-03-14 03:27 . 2011-02-09 01:49 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-06 23:15 . 2012-02-20 04:00 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-17 06:38 . 2012-03-14 02:37 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 02:37 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 02:37 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 02:37 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-11 03:17 . 2012-02-11 03:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD6B0B7C-2DC0-42C4-B3CF-8DCAF00CCF6F}\gapaengine.dll
2012-02-10 06:36 . 2012-03-14 02:37 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 02:37 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-10 04:13 . 2012-03-09 20:42 962368 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-02-10 04:13 . 2012-03-09 20:42 812352 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-02-10 04:13 . 2012-03-09 20:42 8008000 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-10 04:13 . 2012-03-09 20:42 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-10 04:13 . 2012-03-09 20:42 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-02-10 04:13 . 2012-03-09 20:42 5892928 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-02-10 04:13 . 2012-03-09 20:42 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-02-10 04:13 . 2012-03-09 20:42 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-02-10 04:13 . 2012-03-09 20:42 2872640 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-10 04:13 . 2012-03-09 20:42 2672448 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-10 04:13 . 2012-03-09 20:42 260416 ----a-w- c:\windows\system32\nvinitx.dll
2012-02-10 04:13 . 2012-03-09 20:42 25541952 ----a-w- c:\windows\system32\nvoglv64.dll
2012-02-10 04:13 . 2012-03-09 20:42 2517312 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-02-10 04:13 . 2012-03-09 20:42 2437440 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-02-10 04:13 . 2012-03-09 20:42 215360 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-02-10 04:13 . 2012-03-09 20:42 19443520 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-02-10 04:13 . 2012-03-09 20:42 17642816 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-02-10 04:13 . 2012-03-09 20:42 13624128 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-10 04:13 . 2012-03-09 20:42 25222976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-10 04:13 . 2012-03-09 20:42 17543488 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-02-10 04:13 . 2011-12-22 01:12 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-02-10 04:13 . 2011-12-22 01:12 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-02-10 04:13 . 2011-12-22 01:12 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-02-10 04:13 . 2011-09-10 18:20 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-02-10 04:13 . 2011-09-10 18:20 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-02-10 04:13 . 2011-09-10 18:20 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-02-10 04:13 . 2011-09-10 18:20 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-02-10 03:14 . 2011-09-10 18:25 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:14 . 2011-09-10 18:25 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-02-10 03:07 . 2011-09-10 18:25 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:07 . 2011-09-10 18:25 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-02-10 03:07 . 2011-09-10 18:25 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-10 03:05 . 2012-03-09 20:43 2497985 ----a-w- c:\windows\system32\nvcoproc.bin
2012-02-10 01:05 . 2012-02-10 01:05 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-02-03 04:34 . 2012-03-14 02:37 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2011-01-27 02:48 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-26 00:30 . 2011-01-27 02:10 564792 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-01-25 06:38 . 2012-03-14 02:37 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 02:37 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 02:37 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-16_00.55.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-04-15 23:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-18 22:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-15 23:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-18 22:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-15 23:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-18 22:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-21 01:08 . 2012-04-16 01:13 44306 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-16 01:23 33230 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-27 01:46 . 2012-04-16 01:23 11946 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1947378347-1559014787-3047873278-1000_UserData.bin
- 2012-04-16 00:54 . 2012-04-16 00:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-18 22:58 . 2012-04-18 22:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-18 22:58 . 2012-04-18 22:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-16 00:54 . 2012-04-16 00:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-18 22:48 . 2012-04-18 22:48 349255 c:\windows\temp\jna4987745919479528226.dll
- 2009-07-14 02:36 . 2012-04-16 00:46 666660 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-18 22:52 666660 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-16 00:46 126296 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-18 22:52 126296 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-04-15 02:53 290984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-18 22:57 290984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\guayj\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\guayj\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\guayj\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
R1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
R2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
R2 PS3 Media Server;PS3 Media Server;c:\program files (x86)\PS3 Media Server\win32\service\wrapper.exe [2011-05-17 366872]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-10 382272]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]
R3 dump_wmimmc;dump_wmimmc;e:\lineage ii\system\GameGuard\dump_wmimmc.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 9096]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\DRIVERS\imhidusb.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\tools\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-06 169408]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 CLKMSVC10_9EC60124;CyberLink Product - 2011/01/20 18:55;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-27 236016]
R4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;e:\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [2011-01-27 25832]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-05-25 1431888]
R4 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\tools\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-23 86016]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 uvnc_service;uvnc_service;c:\program files\UltraVNC\WinVNC.exe [2011-05-19 2169592]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 23:39]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1947378347-1559014787-3047873278-1000Core.job
- c:\users\guayj\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-20 20:05]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1947378347-1559014787-3047873278-1000UA.job
- c:\users\guayj\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-20 20:05]
.
2012-04-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-03-28 23:04]
.
2012-04-16 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-03-28 23:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\guayj\AppData\Roaming\Mozilla\Firefox\Profiles\5fz4d9i2.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers-{C5994560-53D9-4125-87C9-F193FC689CB2} - (no file)
ShellIconOverlayIdentifiers-{C5994561-53D9-4125-87C9-F193FC689CB2} - (no file)
ShellIconOverlayIdentifiers-{C5994562-53D9-4125-87C9-F193FC689CB2} - (no file)
ShellIconOverlayIdentifiers-{C5994563-53D9-4125-87C9-F193FC689CB2} - (no file)
ShellIconOverlayIdentifiers-{C5994564-53D9-4125-87C9-F193FC689CB2} - (no file)
ShellIconOverlayIdentifiers-{C5994565-53D9-4125-87C9-F193FC689CB2} - (no file)
ShellIconOverlayIdentifiers-{C5994566-53D9-4125-87C9-F193FC689CB2} - (no file)
ShellIconOverlayIdentifiers-{C5994567-53D9-4125-87C9-F193FC689CB2} - (no file)
ShellIconOverlayIdentifiers-{C5994568-53D9-4125-87C9-F193FC689CB2} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{C5994566-53D9-4125-87C9-F193FC689CB2} - (no file)
ShellIconOverlayIdentifiers-{C5994562-53D9-4125-87C9-F193FC689CB2} - (no file)
ShellIconOverlayIdentifiers-{C5994565-53D9-4125-87C9-F193FC689CB2} - (no file)
ShellIconOverlayIdentifiers-{C5994567-53D9-4125-87C9-F193FC689CB2} - (no file)
ShellIconOverlayIdentifiers-{C5994563-53D9-4125-87C9-F193FC689CB2} - (no file)
ShellIconOverlayIdentifiers-{C5994561-53D9-4125-87C9-F193FC689CB2} - (no file)
ShellIconOverlayIdentifiers-{C5994560-53D9-4125-87C9-F193FC689CB2} - (no file)
ShellIconOverlayIdentifiers-{C5994564-53D9-4125-87C9-F193FC689CB2} - (no file)
ShellIconOverlayIdentifiers-{C5994568-53D9-4125-87C9-F193FC689CB2} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-18 19:02:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-18 23:02
ComboFix2.txt 2012-04-02 23:54
.
Pre-Run: 85,949,370,368 bytes free
Post-Run: 85,817,069,568 bytes free
.
- - End Of File - - D8FA9FF90243CB49714906DBEABB1A85

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:59 PM

Posted 19 April 2012 - 09:29 AM

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

#7 Skylark13

Skylark13
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:Montreal, Quebec, Canada
  • Local time:11:59 PM

Posted 19 April 2012 - 06:17 PM

Hello nasdaq,

Here are the logs.

There are already a few things I find weird, one of which is the files from "INCA Internet Co." (seem to be part of nProtect GameGuard which is game copy/cheat protection but is also a rootkit) - could that cause the problems I am seeing when not in safe mode?

There are also some programs I don't need anymore that I will uninstall once this problem is resolved, but for now I will wait to see where you go with this information. Thanks a lot for your help thus far.


OTL.txt


OTL logfile created on: 4/19/2012 6:48:10 PM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = D:\Users\guayj\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

15.98 Gb Total Physical Memory | 14.48 Gb Available Physical Memory | 90.59% Memory free
31.96 Gb Paging File | 30.64 Gb Available in Paging File | 95.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 194.67 Gb Total Space | 79.88 Gb Free Space | 41.03% Space Free | Partition Type: NTFS
Drive D: | 1397.25 Gb Total Space | 364.92 Gb Free Space | 26.12% Space Free | Partition Type: NTFS
Drive E: | 292.73 Gb Total Space | 44.11 Gb Free Space | 15.07% Space Free | Partition Type: NTFS
Drive H: | 431.82 Gb Total Space | 27.17 Gb Free Space | 6.29% Space Free | Partition Type: NTFS

Computer Name: STARKILLER | User Name: guayj | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - D:\Users\guayj\Desktop\OTL.exe (OldTimer Tools)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV:64bit: - (uvnc_service) -- C:\Program Files\UltraVNC\winvnc.exe (UltraVNC)
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PS3 Media Server) -- C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe (Tanuki Software, Ltd.)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (mi-raysat_3dsmax2012_64) -- C:\Tools\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe ()
SRV - (DAUpdaterSvc) -- e:\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (TVersityMediaServer) -- C:\ProgramData\TVersity\Media Server\MediaServer.exe ()
SRV - (CLKMSVC10_9EC60124) -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe (CyberLink)
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AdobeActiveFileMonitor9.0) -- C:\Tools\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (OpenVPNService) -- C:\Tools\OpenVPN\bin\openvpnserv.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (tifsfilter) -- C:\Windows\SysNative\drivers\tifsfilt.sys (Acronis)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (vflt) -- C:\Windows\SysNative\drivers\vfilter.sys (Shrew Soft Inc)
DRV:64bit: - (vnet) -- C:\Windows\SysNative\drivers\virtualnet.sys (Shrew Soft Inc)
DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()
DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (k57nd60a) Broadcom NetLink ™ -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.)
DRV:64bit: - (imhidusb) -- C:\Windows\SysNative\drivers\imhidusb.sys (Immersion Corporation)
DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D45BCDBC-E19C-4028-A36B-0C63DBC6570C}
IE:64bit: - HKLM\..\SearchScopes\{D45BCDBC-E19C-4028-A36B-0C63DBC6570C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {3A9296BD-2CE9-42F0-8F60-508F3E8AF7ED}
IE - HKLM\..\SearchScopes\{3A9296BD-2CE9-42F0-8F60-508F3E8AF7ED}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\..\SearchScopes,DefaultScope = {3A9296BD-2CE9-42F0-8F60-508F3E8AF7ED}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\guayj\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\guayj\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\guayj\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/15 21:13:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/17 16:34:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/11/15 15:08:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011/01/26 21:56:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\guayj\AppData\Roaming\Mozilla\Extensions
[2011/01/26 21:56:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\guayj\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/03/09 16:53:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\guayj\AppData\Roaming\Mozilla\Firefox\Profiles\5fz4d9i2.default\extensions
[2012/03/09 16:53:51 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\guayj\AppData\Roaming\Mozilla\Firefox\Profiles\5fz4d9i2.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2012/01/07 18:52:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/15 21:13:59 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/03/17 16:34:19 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/12 11:28:07 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/12/13 08:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2012/02/12 11:28:07 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\guayj\AppData\Local\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\guayj\AppData\Local\Google\Chrome\Application\17.0.963.83\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\guayj\AppData\Local\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files (x86)\TVUPlayer\npTVUAx.dll
CHR - plugin: Google Update (Enabled) = C:\Users\guayj\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\guayj\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\
CHR - Extension: Flash Video Download = C:\Users\guayj\AppData\Local\Google\Chrome\User Data\Default\Extensions\anadfmbemnidomdljfcdgdoomhghoclk\1.3.14_0\
CHR - Extension: In the Nick of Rhyme = C:\Users\guayj\AppData\Local\Google\Chrome\User Data\Default\Extensions\eajiighhcoekmejdaoiglfhfmnnkdcbf\1.5_0\
CHR - Extension: avast! WebRep = C:\Users\guayj\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Plants vs Zombies = C:\Users\guayj\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\

O1 HOSTS File: ([2012/04/18 18:58:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08B4414F-DCED-4304-A26D-8C95676EF0DB}: DhcpNameServer = 192.168.27.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1940DDED-A3E1-409A-A616-DC267B4D754E}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/19 18:43:27 | 000,595,968 | ---- | C] (OldTimer Tools) -- D:\Users\guayj\Desktop\OTL.exe
[2012/04/18 19:02:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/18 19:00:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/18 18:36:47 | 004,467,856 | R--- | C] (Swearware) -- D:\Users\guayj\Desktop\ComboFix.exe
[2012/04/15 21:14:10 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/04/15 21:14:10 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/04/15 21:14:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/04/15 21:14:09 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/04/15 21:14:09 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/04/15 21:14:09 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/04/15 21:14:09 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/04/15 21:13:53 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/04/15 21:13:52 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/04/15 20:48:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/15 20:48:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/15 20:48:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/13 19:58:32 | 000,000,000 | ---D | C] -- C:\Users\guayj\AppData\Roaming\Windows Live Writer
[2012/04/13 19:58:32 | 000,000,000 | ---D | C] -- C:\Users\guayj\AppData\Local\Windows Live Writer
[2012/04/13 19:39:44 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/12 19:54:21 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/12 19:54:21 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/12 19:54:20 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/12 19:54:20 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/12 19:54:20 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/12 19:54:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/12 19:54:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/12 19:54:19 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/12 19:54:19 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/12 19:54:19 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/12 19:54:19 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/12 19:54:06 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/12 19:54:06 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/12 19:54:05 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/12 19:52:16 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/12 19:52:16 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/12 19:52:15 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/07 08:18:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012/04/05 22:31:57 | 000,750,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2012/04/05 13:03:38 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/04/02 19:34:25 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/02 19:33:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/01 15:08:00 | 000,000,000 | ---D | C] -- C:\Users\guayj\.serna-free-4.4
[2012/04/01 15:07:58 | 000,000,000 | ---D | C] -- C:\Users\guayj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Windows Performance Toolkit
[2012/04/01 15:07:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows Performance Toolkit
[2012/04/01 15:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syntext
[2012/04/01 15:07:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Syntext
[2012/04/01 15:05:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1
[2012/03/25 22:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2012/03/25 22:08:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2012/03/25 21:09:32 | 000,000,000 | ---D | C] -- C:\Users\guayj\AppData\Roaming\SUPERAntiSpyware.com
[2012/03/25 21:09:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/03/25 21:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/03/25 21:09:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/25 21:02:58 | 000,000,000 | ---D | C] -- C:\Users\guayj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell Inc
[2012/03/23 20:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/03/23 20:37:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/03/21 23:36:13 | 000,000,000 | ---D | C] -- D:\Users\guayj\Desktop\Troubleshooting
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/19 18:43:27 | 000,595,968 | ---- | M] (OldTimer Tools) -- D:\Users\guayj\Desktop\OTL.exe
[2012/04/18 18:58:47 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/04/18 18:58:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/18 18:58:22 | 4281,159,678 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/18 18:56:01 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/18 18:56:01 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/18 18:52:50 | 000,782,702 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/18 18:52:50 | 000,666,660 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/18 18:52:50 | 000,126,296 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/18 18:51:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/18 18:36:55 | 004,467,856 | R--- | M] (Swearware) -- D:\Users\guayj\Desktop\ComboFix.exe
[2012/04/17 21:13:38 | 008,048,738 | ---- | M] () -- D:\Users\guayj\Desktop\01 Stop (demo).m4a
[2012/04/15 21:34:24 | 000,000,188 | ---- | M] () -- C:\Users\guayj\defogger_reenable
[2012/04/15 21:25:01 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/04/15 21:25:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/15 21:22:56 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/04/15 21:20:55 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1947378347-1559014787-3047873278-1000UA.job
[2012/04/14 09:17:30 | 1029,303,225 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/13 19:39:44 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/13 19:39:44 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/12 05:19:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1947378347-1559014787-3047873278-1000Core.job
[2012/04/05 22:38:10 | 000,750,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2012/04/05 22:38:10 | 000,660,368 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/04/05 22:38:10 | 000,264,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/04/05 22:38:10 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/04/05 22:38:10 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/03/23 20:15:21 | 000,007,604 | ---- | M] () -- C:\Users\guayj\AppData\Local\resmon.resmoncfg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/17 21:13:37 | 008,048,738 | ---- | C] () -- D:\Users\guayj\Desktop\01 Stop (demo).m4a
[2012/04/15 21:34:24 | 000,000,188 | ---- | C] () -- C:\Users\guayj\defogger_reenable
[2012/04/15 20:48:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/15 20:48:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/15 20:48:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/15 20:48:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/15 20:48:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/13 19:39:46 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/08 19:53:41 | 000,001,129 | ---- | C] () -- C:\Users\guayj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoyToKey.lnk
[2012/04/05 13:03:40 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/05 13:03:39 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/03/25 22:08:29 | 000,002,051 | ---- | C] () -- C:\Users\guayj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2012/03/23 20:17:41 | 000,000,700 | ---- | C] () -- D:\Users\guayj\Desktop\Star Wars - The Old Republic.lnk
[2012/02/09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/01/28 23:22:26 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011/09/11 22:48:10 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/08/28 18:16:22 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\XSIChooser.exe
[2011/05/25 16:03:49 | 000,007,604 | ---- | C] () -- C:\Users\guayj\AppData\Local\resmon.resmoncfg
[2011/05/18 21:45:33 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/12 17:30:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/03 23:29:55 | 000,013,036 | ---- | C] () -- C:\Windows\Q-Dir.ini
[2011/02/08 19:24:30 | 000,000,600 | ---- | C] () -- C:\Users\guayj\AppData\Local\PUTTY.RND
[2011/02/07 21:16:47 | 000,768,170 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/26 22:47:00 | 000,354,304 | ---- | C] () -- C:\Windows\SysWow64\pythoncom27.dll
[2011/01/26 22:47:00 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\pywintypes27.dll
[2011/01/26 22:20:23 | 002,336,384 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011/01/26 22:20:23 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011/01/26 22:20:23 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011/01/26 22:20:23 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011/01/26 22:20:23 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011/01/20 22:19:53 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/01/20 22:19:51 | 000,206,952 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/01/20 22:19:50 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/01/20 20:52:52 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011/01/20 20:52:52 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011/01/20 20:52:52 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011/01/20 20:52:50 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/01/20 20:52:50 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

========== LOP Check ==========

[2012/03/20 20:00:15 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\.purple
[2011/05/25 15:08:55 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\Autodesk
[2011/05/13 23:14:48 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\BMG
[2011/09/23 19:38:27 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\BOXEE
[2011/03/02 23:11:38 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\cryptlib
[2012/01/05 01:15:54 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\cYo
[2012/01/28 23:13:16 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\DAEMON Tools Lite
[2012/02/05 23:08:36 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\Dexpot
[2012/03/19 19:50:14 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\Dropbox
[2011/06/18 22:50:39 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\eTeks
[2012/03/25 22:13:08 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\FileZilla
[2011/11/08 21:37:56 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\gDEBugger
[2011/10/11 20:22:39 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\GetRightToGo
[2011/12/24 00:16:30 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\gtk-2.0
[2012/01/28 23:25:23 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\HTC
[2011/12/05 22:09:59 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011/03/11 01:04:35 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\InfraRecorder
[2012/02/18 22:08:48 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\inkscape
[2012/02/11 22:10:29 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\Jose Vázquez
[2011/04/08 22:33:46 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\LolClient
[2011/07/09 17:28:58 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\Meld
[2011/03/02 23:14:11 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\NexusFile
[2011/05/30 09:18:12 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\Notepad++
[2011/01/31 00:20:59 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\OpenOffice.org
[2011/01/30 14:06:12 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\PCDr
[2011/05/18 19:53:24 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\PMS
[2011/03/03 23:35:15 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\Q-Dir
[2012/01/22 22:23:00 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\QuickScan
[2011/10/29 22:05:02 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\RIFT
[2011/07/15 00:41:44 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\ScummVM
[2011/01/26 22:47:35 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\Subversion
[2011/11/23 13:59:33 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\TeamViewer
[2011/01/26 21:56:20 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\Thunderbird
[2012/04/07 17:18:48 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\uTorrent
[2011/09/10 16:41:24 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\VertexDispenser
[2011/10/28 22:15:51 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\VisualAssist
[2011/01/31 22:52:54 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\wargaming.net
[2012/04/13 19:58:32 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\Windows Live Writer
[2012/01/07 01:07:10 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\XBMC
[2012/01/17 13:28:32 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\XnView
[2012/04/18 18:51:00 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/11/26 12:28:55 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/15 21:25:01 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >
[2012/04/18 19:00:05 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-1947378347-1559014787-3047873278-1000\desktop.ini

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< MD5 for: AGP440.SYS >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_39c1885e54505643\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010/11/20 09:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010/11/20 09:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2009/07/13 21:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009/07/13 21:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2010/11/20 08:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010/11/20 08:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: BEEP.SYS >
[2009/07/13 20:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\SysNative\drivers\beep.sys
[2009/07/13 20:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2011/01/20 22:37:41 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011/01/20 22:38:00 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/01/20 22:37:41 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2011/01/20 22:37:49 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011/01/20 22:38:00 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2011/01/20 22:37:49 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2011/01/20 22:38:00 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2011/01/20 22:37:49 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011/01/20 22:38:00 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/01/20 22:37:41 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2011/01/20 22:37:49 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2011/01/20 22:37:41 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: IASTOR.SYS >
[2010/09/14 08:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Drivers\storage\R284354\x64\iaStor.sys
[2010/09/14 08:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/09/14 08:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_2b0c50dc63f09dae\iaStor.sys
[2010/09/14 08:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_5b314ccea0aa569d\iaStor.sys

< MD5 for: IASTORV.SYS >
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 09:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 02:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 02:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 02:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: KERNEL32.DLL >
[2011/07/16 01:21:15 | 001,162,240 | ---- | M] (Microsoft Corporation) MD5=06835B46D9676BEDD80AF25ACF6845FD -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21010_none_f083035588e611da\kernel32.dll
[2011/05/14 03:20:00 | 001,162,752 | ---- | M] (Microsoft Corporation) MD5=0E1B2E16235AA7F89F064EE75DFC905E -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_f1e6ed746ce85c1b\kernel32.dll
[2011/05/14 02:22:22 | 000,837,632 | ---- | M] (Microsoft Corporation) MD5=166116134C58DC36400DE59ACD64FB39 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_fc3b97c6a1491e16\kernel32.dll
[2011/07/16 00:21:33 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=2113248DB2D1AF9CA790B09F3E6C6E85 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21010_none_fad7ada7bd46d3d5\kernel32.dll
[2011/07/16 01:28:00 | 001,163,264 | ---- | M] (Microsoft Corporation) MD5=27AC02D8EE4C02E7648C41CB880151DA -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_f22aa945863b24d8\kernel32.dll
[2011/05/14 02:32:33 | 000,837,120 | ---- | M] (Microsoft Corporation) MD5=40EACEE0B6432CBE2459A11B298E9D88 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_fa543a76a42398d3\kernel32.dll
[2011/07/16 00:30:27 | 001,048,576 | ---- | M] (Microsoft Corporation) MD5=4EA99F1644627B1EBAD99D0B93CDEE1C -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16850_none_fa22f90aa449708d\kernel32.dll
[2009/07/13 21:41:13 | 001,162,240 | ---- | M] (Microsoft Corporation) MD5=5B4B379AD10DEDA4EDA01B8C6961B193 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_efb2d6e86ffc8f55\kernel32.dll
[2009/07/13 21:11:23 | 000,836,608 | ---- | M] (Microsoft Corporation) MD5=606ECB76A424CC535407E7A24E2A34BC -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_fa07813aa45d5150\kernel32.dll
[2011/05/14 03:11:10 | 001,163,264 | ---- | M] (Microsoft Corporation) MD5=6743E8705A96FCBF71279B5AE2CCFDBC -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_f266ba9d860d312d\kernel32.dll
[2011/06/03 01:58:27 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=6EB2AEE15C20681E323E9A3E334FE6CF -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20978_none_fa9ef84dbd7012f1\kernel32.dll
[2010/11/20 09:26:42 | 001,161,216 | ---- | M] (Microsoft Corporation) MD5=7A6326D96D53048FDEC542DF23D875A0 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_f1e3eab06ceb12ef\kernel32.dll
[2011/06/03 02:54:47 | 001,162,240 | ---- | M] (Microsoft Corporation) MD5=8225958BAC83EAFCDB6BAB6EE5EDF6E6 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20978_none_f04a4dfb890f50f6\kernel32.dll
[2011/05/14 03:36:24 | 001,162,240 | ---- | M] (Microsoft Corporation) MD5=98DA1B7572DAD6BA10296E0DF0950B37 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_efff90246fc2d6d8\kernel32.dll
[2011/07/16 00:24:22 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=99C3F8E9CC59D95666EB8D8A8B4C2BEB -- C:\Windows\ERDNT\cache86\kernel32.dll
[2011/07/16 00:24:22 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=99C3F8E9CC59D95666EB8D8A8B4C2BEB -- C:\Windows\SysWOW64\kernel32.dll
[2011/07/16 00:24:22 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=99C3F8E9CC59D95666EB8D8A8B4C2BEB -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_fc0a565aa16ef5d0\kernel32.dll
[2011/07/16 01:37:12 | 001,162,752 | ---- | M] (Microsoft Corporation) MD5=B9B42A302325537D7B9DC52D47F33A73 -- C:\Windows\ERDNT\cache64\kernel32.dll
[2011/07/16 01:37:12 | 001,162,752 | ---- | M] (Microsoft Corporation) MD5=B9B42A302325537D7B9DC52D47F33A73 -- C:\Windows\SysNative\kernel32.dll
[2011/07/16 01:37:12 | 001,162,752 | ---- | M] (Microsoft Corporation) MD5=B9B42A302325537D7B9DC52D47F33A73 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_f1b5ac086d0e33d5\kernel32.dll
[2011/05/14 03:33:36 | 000,837,632 | ---- | M] (Microsoft Corporation) MD5=CC5CBC069944E7EA70D8674478A70A37 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_fcbb64efba6df328\kernel32.dll
[2011/07/16 00:49:33 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=D3CB12854171DF61D117D7C2BF22C675 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_fc7f5397ba9be6d3\kernel32.dll
[2011/07/16 01:21:32 | 001,162,240 | ---- | M] (Microsoft Corporation) MD5=DDBD24DC04DA5FD0EDF45CF72B7C01E2 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16850_none_efce4eb86fe8ae92\kernel32.dll
[2010/11/20 08:08:56 | 000,837,632 | ---- | M] (Microsoft Corporation) MD5=E80758CF485DB142FCA1EE03A34EAD05 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_fc389502a14bd4ea\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2009/07/13 21:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/20 09:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\ERDNT\cache64\mswsock.dll
[2010/11/20 09:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\SysNative\mswsock.dll
[2010/11/20 09:27:10 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2010/11/20 08:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\ERDNT\cache86\mswsock.dll
[2010/11/20 08:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\SysWOW64\mswsock.dll
[2010/11/20 08:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[2009/07/13 21:41:34 | 000,320,000 | ---- | M] (Microsoft Corporation) MD5=FC76FE3C1E1FDB761244D4F74EF560FD -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll

< MD5 for: NDIS.SYS >
[2010/11/20 09:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\ERDNT\cache64\ndis.sys
[2010/11/20 09:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\SysNative\drivers\ndis.sys
[2010/11/20 09:33:45 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys
[2009/07/13 21:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 09:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 08:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NTFS.SYS >
[2010/11/20 09:33:46 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=05D78AA5CB5F3F5C31160BDB955D0B7C -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_04972f2c338b23d4\ntfs.sys
[2009/07/13 21:48:27 | 001,659,984 | ---- | M] (Microsoft Corporation) MD5=356698A13C4630D5B31C37378D469196 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16385_none_02661b64369ca03a\ntfs.sys
[2011/03/11 02:23:06 | 001,657,216 | ---- | M] (Microsoft Corporation) MD5=378E0E0DFEA67D98AE6EA53ADBBD76BC -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16778_none_0273f3c63691c4ea\ntfs.sys
[2011/03/11 02:25:53 | 001,685,888 | ---- | M] (Microsoft Corporation) MD5=867C1395F0100CBE9ACD73B1C2741149 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.20921_none_032ca00d4f8d24c5\ntfs.sys
[2011/03/11 02:19:20 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=87B104128D4D3BA3C13098BAEBF38082 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_04d11b5b4ce521d9\ntfs.sys
[2011/03/11 02:41:34 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=A2F74975097F52A00745F9637451FDD8 -- C:\Windows\ERDNT\cache64\ntfs.sys
[2011/03/11 02:41:34 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=A2F74975097F52A00745F9637451FDD8 -- C:\Windows\SysNative\drivers\ntfs.sys
[2011/03/11 02:41:34 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=A2F74975097F52A00745F9637451FDD8 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_0459508233b9177f\ntfs.sys

< MD5 for: NVSTOR.SYS >
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 02:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 02:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 02:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 09:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: PROQUOTA.EXE >
[2009/07/13 21:39:28 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=19117589BA265AAF89BEBE1E9040000C -- C:\Windows\winsxs\amd64_microsoft-windows-proquota_31bf3856ad364e35_6.1.7600.16385_none_83bbe97eac162e90\proquota.exe
[2010/11/20 08:17:30 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E77BAB79F078654782F83F0A0AEFE31 -- C:\Windows\SysWOW64\proquota.exe
[2010/11/20 08:17:30 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E77BAB79F078654782F83F0A0AEFE31 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.1.7601.17514_none_29ce61c2f0a740f4\proquota.exe
[2009/07/13 21:14:29 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=8CDF71E78469BE54C29C1AD2FC8DE611 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.1.7600.16385_none_279d4dfaf3b8bd5a\proquota.exe
[2010/11/20 09:25:04 | 000,031,744 | ---- | M] (Microsoft Corporation) MD5=C6C83C0DF40E11FA1F06625E95E41DE7 -- C:\Windows\SysNative\proquota.exe
[2010/11/20 09:25:04 | 000,031,744 | ---- | M] (Microsoft Corporation) MD5=C6C83C0DF40E11FA1F06625E95E41DE7 -- C:\Windows\winsxs\amd64_microsoft-windows-proquota_31bf3856ad364e35_6.1.7601.17514_none_85ecfd46a904b22a\proquota.exe

< MD5 for: QMGR.DLL >
[2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\ERDNT\cache64\qmgr.dll
[2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[2009/07/13 21:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: SCECLI.DLL >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 08:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 09:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SPOOLSV.EXE >
[2011/01/20 22:37:46 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=8547491BE7086EE317163365D83A37D2 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_32ca3745f45762fc\spoolsv.exe
[2009/07/13 21:39:44 | 000,558,080 | ---- | M] (Microsoft Corporation) MD5=89E8550C5862999FCF482EA562B0E98E -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_324094c8db39cbbd\spoolsv.exe
[2010/11/20 09:25:21 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=B96C17B5DC1424D56EEA3A99E97428CD -- C:\Windows\ERDNT\cache64\spoolsv.exe
[2010/11/20 09:25:21 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=B96C17B5DC1424D56EEA3A99E97428CD -- C:\Windows\SysNative\spoolsv.exe
[2010/11/20 09:25:21 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=B96C17B5DC1424D56EEA3A99E97428CD -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_3471a890d8284f57\spoolsv.exe
[2011/01/20 22:37:46 | 000,558,592 | ---- | M] (Microsoft Corporation) MD5=F8E1FA03CB70D54A9892AC88B91D1E7B -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_3252392adb2d25f4\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TERMSRV.DLL >
[2009/07/13 21:41:55 | 000,706,560 | ---- | M] (Microsoft Corporation) MD5=0F05EC2887BFE197AD82A13287D2F404 -- C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_ea94336f6df51e09\termsrv.dll
[2010/11/20 09:27:26 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=2E648163254233755035B46DD7B89123 -- C:\Windows\ERDNT\cache64\termsrv.dll
[2010/11/20 09:27:26 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=2E648163254233755035B46DD7B89123 -- C:\Windows\SysNative\termsrv.dll
[2010/11/20 09:27:26 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=2E648163254233755035B46DD7B89123 -- C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 162 bytes -> C:\ProgramData\Temp:1489AFE4

< End of report >


Extras.txt


OTL Extras logfile created on: 4/19/2012 6:48:10 PM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = D:\Users\guayj\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

15.98 Gb Total Physical Memory | 14.48 Gb Available Physical Memory | 90.59% Memory free
31.96 Gb Paging File | 30.64 Gb Available in Paging File | 95.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 194.67 Gb Total Space | 79.88 Gb Free Space | 41.03% Space Free | Partition Type: NTFS
Drive D: | 1397.25 Gb Total Space | 364.92 Gb Free Space | 26.12% Space Free | Partition Type: NTFS
Drive E: | 292.73 Gb Total Space | 44.11 Gb Free Space | 15.07% Space Free | Partition Type: NTFS
Drive H: | 431.82 Gb Total Space | 27.17 Gb Free Space | 6.29% Space Free | Partition Type: NTFS

Computer Name: STARKILLER | User Name: guayj | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FreeCommander] -- "C:\Program Files (x86)\FreeCommander\FreeCommander.exe" "%1"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FreeCommander] -- "C:\Program Files (x86)\FreeCommander\FreeCommander.exe" "%1"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{1E6ED082-E32D-4B2B-8B6A-70B094815135}" = Microsoft SQL Server System CLR Types (x64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java™ 6 Update 30 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java™ 7 Update 3 (64-bit)
"{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
"{2C22EA92-CB30-4932-0051-000001000000}" = InfraRecorder 0.51 (x64 edition)
"{2D290715-B0FC-3898-9247-62F803A585DF}" = Microsoft Windows SDK for Windows 7 Redistributable Components for Common Tools (30514)
"{2D5E3D2B-919F-407C-8757-E64827518BB6}" = HP Officejet Pro 8600 Basic Device Software
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{43A00846-98F9-4439-85BB-49A360FA7CAE}" = Araxis Merge (x64)
"{4529F749-C362-4119-AFA0-0A3F1CA924AB}" = Autodesk MatchMover 2012 64-bit
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
"{64A3A4F4-B792-11D6-A78A-00B0D0160300}" = Java™ SE Development Kit 6 Update 30 (64-bit)
"{64AAB9DD-A53C-428C-9CA5-829BFDE81202}" = NVIDIA Parallel Nsight 2.1.0.12046 for Visual Studio
"{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{723C8298-C7B0-0409-A1B6-C3BA6F3FFAB1}" = Autodesk 3ds Max 2012 64-bit - English
"{7E8B0B79-FE18-446D-A0C7-F4CD3F4964BB}" = Autodesk Softimage 2012 64-bit
"{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{84E30D73-E30F-3A02-BAA0-5353C04DD18A}" = Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{9E6BB4E4-0B20-4922-AA37-260FA5ACFBA5}" = Autodesk Maya 2012 64-bit
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AC3E3746-8F18-4F8A-9521-1493022C6E0A}" = Autodesk DirectConnect 2012 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C32A0C11-B1A1-4ABC-8C1E-C1E2E3936D26}" = TortoiseSVN 1.7.5.22551 (64 bit)
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D21540A9-37AC-40FC-8106-15A4C1A2DD1A}" = Oracle VM VirtualBox 4.1.4
"{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D92CBF26-9174-4633-A2A1-E6A1374F5938}" = TortoiseGit 1.6.5.0 (64 bit)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{EA234BC3-39FE-4734-B72F-076086889F6D}" = Composite 2012 64-bit
"{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}" = Microsoft Device Emulator (64 bit) version 3.0 - ENU
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FC4AD39F-9DCE-4BD0-B7D0-7C81CEB9F04B}" = NVIDIA PhysX Plug-in for Autodesk Maya 2012 64 bit
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Autodesk 3ds Max 2012 64-bit - English" = Autodesk 3ds Max 2012 64-bit - English
"Autodesk DirectConnect 2012 64-bit" = Autodesk DirectConnect 2012 64-bit
"Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit" = Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit
"Autodesk Maya 2012 64-bit" = Autodesk Maya 2012 64-bit
"ComicRack" = ComicRack v0.9.150
"Dell Support Center" = Dell Support Center
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"Ultravnc2_is1" = UltraVnc

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
"{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.0.0
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0C9CB04A-5A5A-499E-95FC-F7FA9D70AA8A}" = Autodesk Softimage Mod Tool 7.5
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729)
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{111DB3F0-0C58-4475-9954-1BD5B7B28618}" = League of Legends
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{20B6BE33-525B-4EF9-9628-E1BA58093A4C}" = ZBrush 4R2
"{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729)
"{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2AD129C1-F00C-4F99-74DC-864008611F81}" = Catalyst Control Center InstallProxy
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{32939827-d8e5-470a-b126-870db3c69fdf}" = Python 2.7.1
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36C96E8B-70AD-435E-B600-6211CB97DEFD}" = Presagis Creator 4.1
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{39970EE2-C8E3-3095-8B15-A7B99863527F}" = Visual C++ 2008 x64 Runtime - KB2465361 - (v9.0.30729.5570)
"{39970EE2-C8E3-3095-8B15-A7B99863527F}.vc_x64runtime_30729_5570" = Visual C++ 2008 x64 Runtime - v9.0.30729.5570
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C11D2DA-6802-3F66-BE6B-B2C046AFE866}" = Visual C++ 2008 x64 Runtime - (v9.0.30729.4148)
"{3C11D2DA-6802-3F66-BE6B-B2C046AFE866}.vc_x64runtime_30729_4148" = Visual C++ 2008 x64 Runtime - v9.0.30729.4148
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C828DC8-8CB3-44B6-866C-DD9DA0EF4BB5}" = TortoiseGit 1.6.5.0 (32 bit)
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2012.0.0
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3E66D17B-6A22-4C1D-9931-57FCA0A04416}" = Autodesk 3ds Max 2012 SDK
"{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.6161)
"{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}.vc_x86runtime_30729_6161" = Visual C++ 2008 x86 Runtime - v9.0.30729.6161
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{434D0831-A4CC-401A-9E74-621000018401}" = F1 2010
"{434D0FA1-3E0C-4D03-A5D4-5E1000008100}" = F1 2011
"{44B660BB-EAC5-4D4F-9890-C607DD5F7630}" = Thrustmaster Calibration Tool
"{471DCE2E-75B0-4B4F-B6B1-C4EA5A3D1E2C}" = Autodesk Softimage Mod Tool 7.5
"{49A5E152-EC79-4F7B-B563-F03AC8E010AE}" = Presagis Creator 4.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{584ED208-3CDE-4E56-BA6B-0CF7E0F203AC}" = Python 2.7 PyGTK 2.22.6
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper version 3.1.0
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63934E99-A4F7-478C-8BB0-259BB9D78FFF}" = Microsoft Report Viewer Redistributable 2005
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4E70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A3FFA58-876F-489C-B6CF-0503916224DF}" = HTC Sync
"{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{7B33F480-496D-334A-BAC2-205DEC0CBC2D}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
"{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148" = Visual C++ 2008 x86 Runtime - v9.0.30729.4148
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}" = Thrustmaster Force Feedback Driver
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9838EAFF-B13B-4A03-AEAE-6D508136545D}" = X3 Reunion
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{997533E3-D425-4939-8515-8F8F14BB217F}" = gDEBugger
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCB3527-C033-415C-88B6-27173B5E3592}" = Tron: Evolution
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2425E6C-8A37-3D63-A3A7-8ED5355FDF0B}" = Visual C++ 2008 x86 Runtime - KB2465361 - (v9.0.30729.5570)
"{A2425E6C-8A37-3D63-A3A7-8ED5355FDF0B}.vc_x86runtime_30729_5570" = Visual C++ 2008 x86 Runtime - v9.0.30729.5570
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B3459B16-744E-11E1-B425-984BE15F174E}" = Evernote v. 4.5.4
"{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012
"{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2883AB6-09B4-4981-AAF8-E695411EEC9A}" = Sculptris Alpha 6
"{D2F0D72B-F613-4AF8-970F-FDFF424FCFA0}" = Presagis Licensing Tools 3.1.3
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.9 Game
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0D9E5D2-426D-486D-B14A-28650C70FFF2}" = Presagis Vega Prime 4.1 - VC9 (Win32)
"{E7E58A3A-D9BD-3D4B-9475-AE757454AD82}" = Visual C++ 2008 x64 Runtime - (v9.0.30729.6161)
"{E7E58A3A-D9BD-3D4B-9475-AE757454AD82}.vc_x64runtime_30729_6161" = Visual C++ 2008 x64 Runtime - v9.0.30729.6161
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FC272B66-8372-49EF-A642-28CAD2B9EAC9}" = Tron 2.0
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Afterburner" = MSI Afterburner 2.1.0
"ArcaniA" = ArcaniA - Gothic 4
"AutoHotkey" = AutoHotkey 1.0.92.02
"avast" = avast! Free Antivirus
"BOXEE" = Boxee
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CMake" = CMake 2.8 a cross-platform, open-source build system
"com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation
"DAEMON Tools Lite" = DAEMON Tools Lite
"DOSBox 0.74 Installer" = DOSBox 0.74 Installer 0.74
"EA Installer.221215020" = EA Installer
"EADM" = EA Download Manager
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 7.0.1 Home Edition
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FileHippo.com" = FileHippo.com Update Checker
"FileZilla Client" = FileZilla Client 3.5.3
"GFWL_{434D0FA1-3E0C-4D03-A5D4-5E1000008100}" = F1 2011
"Git_is1" = Git version 1.7.4-preview20110204
"Inkscape" = Inkscape 0.48.2
"InstallShield_{20B6BE33-525B-4EF9-9628-E1BA58093A4C}" = ZBrush 4R2
"InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"InstallShield_{D2883AB6-09B4-4981-AAF8-E695411EEC9A}" = Sculptris Alpha 6
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"Mozilla Thunderbird 11.0.1 (x86 en-US)" = Mozilla Thunderbird 11.0.1 (x86 en-US)
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"OpenVPN" = OpenVPN 2.1.1
"Pidgin" = Pidgin
"PremElem90" = Adobe Premiere Elements 9
"Presagis Utilities Manager 1.0" = Presagis Utilities Manager 1.0
"PS3 Media Server" = PS3 Media Server
"PuTTY_is1" = PuTTY development snapshot 2011-01-30:r9078
"pywin32-py2.7" = Python 2.7 pywin32-214
"Qt OpenSource 4.7.0 - C:_Tools_Qt_4.7.0_vs2008" = Qt OpenSource 4.7.0
"Qt Visual Studio Add-in 1.1.7 - C:_Tools_Qt_Qt4VSAddin" = Qt Visual Studio Add-in 1.1.7
"scons-py2.7" = Python 2.7 SCons - a software construction tool
"ScummVM_is1" = ScummVM 1.3.1
"Steam App 17450" = Dragon Age: Origins
"Steam App 18510" = Defense Grid: The Awakening Demo
"Steam App 203970" = Kingdoms of Amalur: Reckoning Demo
"Steam App 206650" = Scoregasm Demo
"Steam App 207510" = Rayman Origins Demo
"Steam App 220" = Half-Life 2
"Steam App 33310" = R.U.S.E. Demo
"Steam App 3332" = Zuma Deluxe Demo
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 34350" = Total War: SHOGUN 2 Demo
"Steam App 35020" = Batman: Arkham Asylum - Demo
"Steam App 3592" = Plants vs. Zombies Demo
"Steam App 3622" = Zuma's Revenge Demo
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 40310" = Risen - Demo
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 44300" = DiRT 2 - Demo
"Steam App 44310" = F1 2010â„¢
"Steam App 47900" = Dragon Age II
"Steam App 55410" = Warhammer 40,000: Space Marine Demo
"Steam App 57940" = Duke Nukem Forever Demo
"Steam App 97010" = Solar 2 - Demo
"Steam App 9900" = Star Trek Online
"Steam App 99850" = Crysis 2 Demo
"Syntext Serna Free 4.4.0_is1" = Syntext Serna Free 4.4.0
"The Witcher 2 - Assassins of Kings_is1" = The Witcher 2 - Assassins of Kings
"The Witcher Enhanced Edition Director's Cut_is1" = The Witcher Enhanced Edition Director's Cut
"TVersity Codec Pack" = TVersity Codec Pack 1.4
"TVersity Media Server" = TVersity Media Server 1.9.3
"UltraDefrag" = Ultra Defragmenter
"uTorrent" = µTorrent
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.1.10
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"XnView Shell Extension_is1" = XnView Shell Extension 2.9.0 (64bits)
"XnView_is1" = XnView 1.97.8

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bd4d3a0508d364f5" = Dell Driver Download Manager
"Dexpot" = Dexpot
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Detector Plug-in
"XBMC" = XBMC

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:59 PM

Posted 20 April 2012 - 07:33 AM

There are already a few things I find weird, one of which is the files from "INCA Internet Co." (seem to be part of nProtect GameGuard which is game copy/cheat protection but is also a rootkit) - could that cause the problems I am seeing when not in safe mode?

Nothing to worry about.


Run OTL - Double-click OTL.exe Posted Image to start it.

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    @Alternate Data Stream - 162 bytes -> C:\ProgramData\Temp:1489AFE4
    
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
===

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know what problem persists.

#9 Skylark13

Skylark13
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:Montreal, Quebec, Canada
  • Local time:11:59 PM

Posted 20 April 2012 - 05:38 PM

Hello nasdaq,

I ran the OTL fix you gave me. After that you said to restart the PC, so I tried to restart in normal mode (not safe mode) and it still did the same thing, after a few minutes all programs (including the task bar and the desktop) would freeze. So it seems like the problem is still present.

So I am back in Safe Mode with Networking, and ran the OTL Quick Scan and the Security Check from there.

Here are the logs you requested.

In the Security Check scan, I notice my Java version is very out of date. I generally get automatic update notifications, but I disabled the java update startup program a little while back (trying to troubleshoot this very same problem I'm having you check now, thinking it may be some startup program that made my PC freeze up shortly after starting). I think I'll re-enable it when we're done with this. As I understand it there are often security holes in Java that malware will exploit, so having an out of date version is not very safe...

In that same log, the warning that the Windows Security Center service is not running is just because I'm in Safe Mode I think.

Thanks in advance.


OTL fix log


========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
ADS C:\ProgramData\Temp:1489AFE4 deleted successfully.

OTL by OldTimer - Version 3.2.40.0 log created on 04202012_181453



OTL Quick Scan log (OTL.txt)


OTL logfile created on: 4/20/2012 6:28:59 PM - Run 2
OTL by OldTimer - Version 3.2.40.0 Folder = D:\Users\guayj\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

15.98 Gb Total Physical Memory | 14.54 Gb Available Physical Memory | 90.97% Memory free
31.96 Gb Paging File | 30.58 Gb Available in Paging File | 95.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 194.67 Gb Total Space | 80.15 Gb Free Space | 41.18% Space Free | Partition Type: NTFS
Drive D: | 1397.25 Gb Total Space | 364.91 Gb Free Space | 26.12% Space Free | Partition Type: NTFS
Drive E: | 292.73 Gb Total Space | 44.11 Gb Free Space | 15.07% Space Free | Partition Type: NTFS
Drive H: | 431.82 Gb Total Space | 27.17 Gb Free Space | 6.29% Space Free | Partition Type: NTFS

Computer Name: STARKILLER | User Name: guayj | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - D:\Users\guayj\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Tools\TortoiseSVN\bin\libsasl32.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Tools\TortoiseGit (x86)\bin\zlib1.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV:64bit: - (uvnc_service) -- C:\Program Files\UltraVNC\winvnc.exe (UltraVNC)
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PS3 Media Server) -- C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe (Tanuki Software, Ltd.)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (mi-raysat_3dsmax2012_64) -- C:\Tools\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe ()
SRV - (DAUpdaterSvc) -- e:\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (TVersityMediaServer) -- C:\ProgramData\TVersity\Media Server\MediaServer.exe ()
SRV - (CLKMSVC10_9EC60124) -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe (CyberLink)
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AdobeActiveFileMonitor9.0) -- C:\Tools\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (OpenVPNService) -- C:\Tools\OpenVPN\bin\openvpnserv.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (tifsfilter) -- C:\Windows\SysNative\drivers\tifsfilt.sys (Acronis)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (vflt) -- C:\Windows\SysNative\drivers\vfilter.sys (Shrew Soft Inc)
DRV:64bit: - (vnet) -- C:\Windows\SysNative\drivers\virtualnet.sys (Shrew Soft Inc)
DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()
DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (k57nd60a) Broadcom NetLink ™ -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.)
DRV:64bit: - (imhidusb) -- C:\Windows\SysNative\drivers\imhidusb.sys (Immersion Corporation)
DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D45BCDBC-E19C-4028-A36B-0C63DBC6570C}
IE:64bit: - HKLM\..\SearchScopes\{D45BCDBC-E19C-4028-A36B-0C63DBC6570C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {3A9296BD-2CE9-42F0-8F60-508F3E8AF7ED}
IE - HKLM\..\SearchScopes\{3A9296BD-2CE9-42F0-8F60-508F3E8AF7ED}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\..\SearchScopes,DefaultScope = {3A9296BD-2CE9-42F0-8F60-508F3E8AF7ED}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre1.6.0_22\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\guayj\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\guayj\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\guayj\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/15 21:13:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/17 16:34:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/11/15 15:08:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011/01/26 21:56:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\guayj\AppData\Roaming\Mozilla\Extensions
[2011/01/26 21:56:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\guayj\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/03/09 16:53:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\guayj\AppData\Roaming\Mozilla\Firefox\Profiles\5fz4d9i2.default\extensions
[2012/03/09 16:53:51 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\guayj\AppData\Roaming\Mozilla\Firefox\Profiles\5fz4d9i2.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2012/01/07 18:52:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/15 21:13:59 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/03/17 16:34:19 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/12 11:28:07 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/12/13 08:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2012/02/12 11:28:07 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\guayj\AppData\Local\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\guayj\AppData\Local\Google\Chrome\Application\17.0.963.83\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\guayj\AppData\Local\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files (x86)\TVUPlayer\npTVUAx.dll
CHR - plugin: Google Update (Enabled) = C:\Users\guayj\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\guayj\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2_0\
CHR - Extension: Flash Video Download = C:\Users\guayj\AppData\Local\Google\Chrome\User Data\Default\Extensions\anadfmbemnidomdljfcdgdoomhghoclk\1.3.14_0\
CHR - Extension: In the Nick of Rhyme = C:\Users\guayj\AppData\Local\Google\Chrome\User Data\Default\Extensions\eajiighhcoekmejdaoiglfhfmnnkdcbf\1.5_0\
CHR - Extension: avast! WebRep = C:\Users\guayj\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Plants vs Zombies = C:\Users\guayj\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\

O1 HOSTS File: ([2012/04/18 18:58:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08B4414F-DCED-4304-A26D-8C95676EF0DB}: DhcpNameServer = 192.168.27.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1940DDED-A3E1-409A-A616-DC267B4D754E}: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/19 18:43:27 | 000,595,968 | ---- | C] (OldTimer Tools) -- D:\Users\guayj\Desktop\OTL.exe
[2012/04/18 19:02:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/18 19:00:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/18 18:36:47 | 004,467,856 | R--- | C] (Swearware) -- D:\Users\guayj\Desktop\ComboFix.exe
[2012/04/15 21:14:10 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/04/15 21:14:10 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/04/15 21:14:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/04/15 21:14:09 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/04/15 21:14:09 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/04/15 21:14:09 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/04/15 21:14:09 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/04/15 21:13:53 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/04/15 21:13:52 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/04/15 20:48:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/15 20:48:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/15 20:48:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/13 19:58:32 | 000,000,000 | ---D | C] -- C:\Users\guayj\AppData\Roaming\Windows Live Writer
[2012/04/13 19:58:32 | 000,000,000 | ---D | C] -- C:\Users\guayj\AppData\Local\Windows Live Writer
[2012/04/07 08:18:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012/04/05 13:03:38 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/04/02 19:34:25 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/02 19:33:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/01 15:08:00 | 000,000,000 | ---D | C] -- C:\Users\guayj\.serna-free-4.4
[2012/04/01 15:07:58 | 000,000,000 | ---D | C] -- C:\Users\guayj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Windows Performance Toolkit
[2012/04/01 15:07:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows Performance Toolkit
[2012/04/01 15:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syntext
[2012/04/01 15:07:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Syntext
[2012/04/01 15:05:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1
[2012/03/25 22:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2012/03/25 22:08:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2012/03/25 21:09:32 | 000,000,000 | ---D | C] -- C:\Users\guayj\AppData\Roaming\SUPERAntiSpyware.com
[2012/03/25 21:09:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/03/25 21:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/03/25 21:09:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/25 21:02:58 | 000,000,000 | ---D | C] -- C:\Users\guayj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell Inc
[2012/03/23 20:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/03/23 20:37:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/03/21 23:36:13 | 000,000,000 | ---D | C] -- D:\Users\guayj\Desktop\Troubleshooting
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/20 18:26:30 | 000,782,702 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/20 18:26:30 | 000,666,660 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/20 18:26:30 | 000,126,296 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/20 18:22:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/20 18:22:06 | 4281,159,678 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/20 18:19:09 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1947378347-1559014787-3047873278-1000UA.job
[2012/04/20 18:15:57 | 000,879,714 | ---- | M] () -- D:\Users\guayj\Desktop\SecurityCheck.exe
[2012/04/19 18:43:27 | 000,595,968 | ---- | M] (OldTimer Tools) -- D:\Users\guayj\Desktop\OTL.exe
[2012/04/18 18:58:47 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/04/18 18:56:01 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/18 18:56:01 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/18 18:51:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/18 18:36:55 | 004,467,856 | R--- | M] (Swearware) -- D:\Users\guayj\Desktop\ComboFix.exe
[2012/04/17 21:13:38 | 008,048,738 | ---- | M] () -- D:\Users\guayj\Desktop\01 Stop (demo).m4a
[2012/04/15 21:34:24 | 000,000,188 | ---- | M] () -- C:\Users\guayj\defogger_reenable
[2012/04/15 21:25:01 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/04/15 21:25:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/15 21:22:56 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/04/14 09:17:30 | 1029,303,225 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/12 05:19:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1947378347-1559014787-3047873278-1000Core.job
[2012/03/23 20:15:21 | 000,007,604 | ---- | M] () -- C:\Users\guayj\AppData\Local\resmon.resmoncfg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/20 18:16:16 | 000,879,714 | ---- | C] () -- D:\Users\guayj\Desktop\SecurityCheck.exe
[2012/04/17 21:13:37 | 008,048,738 | ---- | C] () -- D:\Users\guayj\Desktop\01 Stop (demo).m4a
[2012/04/15 21:34:24 | 000,000,188 | ---- | C] () -- C:\Users\guayj\defogger_reenable
[2012/04/15 20:48:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/15 20:48:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/15 20:48:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/15 20:48:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/15 20:48:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/13 19:39:46 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/08 19:53:41 | 000,001,129 | ---- | C] () -- C:\Users\guayj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoyToKey.lnk
[2012/04/05 13:03:40 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/05 13:03:39 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/03/25 22:08:29 | 000,002,051 | ---- | C] () -- C:\Users\guayj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2012/03/23 20:17:41 | 000,000,700 | ---- | C] () -- D:\Users\guayj\Desktop\Star Wars - The Old Republic.lnk
[2012/02/09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/01/28 23:22:26 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011/09/11 22:48:10 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/08/28 18:16:22 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\XSIChooser.exe
[2011/05/25 16:03:49 | 000,007,604 | ---- | C] () -- C:\Users\guayj\AppData\Local\resmon.resmoncfg
[2011/05/18 21:45:33 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/12 17:30:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/03 23:29:55 | 000,013,036 | ---- | C] () -- C:\Windows\Q-Dir.ini
[2011/02/08 19:24:30 | 000,000,600 | ---- | C] () -- C:\Users\guayj\AppData\Local\PUTTY.RND
[2011/02/07 21:16:47 | 000,768,170 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/26 22:47:00 | 000,354,304 | ---- | C] () -- C:\Windows\SysWow64\pythoncom27.dll
[2011/01/26 22:47:00 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\pywintypes27.dll
[2011/01/26 22:20:23 | 002,336,384 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011/01/26 22:20:23 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011/01/26 22:20:23 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011/01/26 22:20:23 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011/01/26 22:20:23 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011/01/20 22:19:53 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/01/20 22:19:51 | 000,206,952 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/01/20 22:19:50 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/01/20 20:52:52 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011/01/20 20:52:52 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011/01/20 20:52:52 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011/01/20 20:52:50 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/01/20 20:52:50 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

========== LOP Check ==========

[2012/03/20 20:00:15 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\.purple
[2011/05/25 15:08:55 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\Autodesk
[2011/05/13 23:14:48 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\BMG
[2011/09/23 19:38:27 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\BOXEE
[2011/03/02 23:11:38 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\cryptlib
[2012/01/05 01:15:54 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\cYo
[2012/01/28 23:13:16 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\DAEMON Tools Lite
[2012/02/05 23:08:36 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\Dexpot
[2012/03/19 19:50:14 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\Dropbox
[2011/06/18 22:50:39 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\eTeks
[2012/03/25 22:13:08 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\FileZilla
[2011/11/08 21:37:56 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\gDEBugger
[2011/10/11 20:22:39 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\GetRightToGo
[2011/12/24 00:16:30 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\gtk-2.0
[2012/01/28 23:25:23 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\HTC
[2011/12/05 22:09:59 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011/03/11 01:04:35 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\InfraRecorder
[2012/02/18 22:08:48 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\inkscape
[2012/02/11 22:10:29 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\Jose Vázquez
[2011/04/08 22:33:46 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\LolClient
[2011/07/09 17:28:58 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\Meld
[2011/03/02 23:14:11 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\NexusFile
[2011/05/30 09:18:12 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\Notepad++
[2011/01/31 00:20:59 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\OpenOffice.org
[2011/01/30 14:06:12 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\PCDr
[2011/05/18 19:53:24 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\PMS
[2011/03/03 23:35:15 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\Q-Dir
[2012/01/22 22:23:00 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\QuickScan
[2011/10/29 22:05:02 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\RIFT
[2011/07/15 00:41:44 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\ScummVM
[2011/01/26 22:47:35 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\Subversion
[2011/11/23 13:59:33 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\TeamViewer
[2011/01/26 21:56:20 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\Thunderbird
[2012/04/07 17:18:48 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\uTorrent
[2011/09/10 16:41:24 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\VertexDispenser
[2011/10/28 22:15:51 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\VisualAssist
[2011/01/31 22:52:54 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\wargaming.net
[2012/04/13 19:58:32 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\Windows Live Writer
[2012/01/07 01:07:10 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\XBMC
[2012/01/17 13:28:32 | 000,000,000 | ---D | M] -- C:\Users\guayj\AppData\Roaming\XnView
[2012/04/18 18:51:00 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/11/26 12:28:55 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/15 21:25:01 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



< End of report >



Security Check log (checkup.txt)


Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 22
Java version out of date!
Adobe Reader X (10.1.2)
Mozilla Firefox (11.0.)
Mozilla Thunderbird (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

Edited by Skylark13, 20 April 2012 - 06:53 PM.


#10 Skylark13

Skylark13
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:Montreal, Quebec, Canada
  • Local time:11:59 PM

Posted 20 April 2012 - 08:25 PM

Sorry for the double-post, but I felt it important to post this separately from the logs above.

I may be on to something. On a hunch, I restarted in normal mode and then immediately disabled Microsoft Security Essentials.

Background: I don't know where I read this, but I had read that MSE was the only antivirus that was safe to run alongside another antivirus. So I was running both Avast and MSE, thinking it was OK.

Anyways, Since I disabled MSE, I haven't had the PC freeze. It's been over 30 minutes now, in normal mode. I'll continue using it and see if it happens again. I also tried another test, I disabled Avast (using "disable shields for 1 hour") and re-enabled MSE, and had it run a scan. It ran to the end, nothing froze. It didn't find anything either, but that's not the point.

And in the mean time, I looked at articles on the net again, and I found several sources that say that running MSE with another antivirus is NOT a good idea. So I guess that source I had read before was wrong, and I think my problems were being caused by that. I've uninstalled MSE and kept Avast. We'll see how it goes.

In the mean time I'm still curious to see if you find anything else in the logs above. Thanks for all your help.

Edit: It's been over 12 hours now and things seem to be going well. I've mostly been doing web and reading emails, nothing really taxing, but before it would freeze even when doing just these things and now it seems to be going well.

Edited by Skylark13, 21 April 2012 - 09:27 AM.


#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:59 PM

Posted 21 April 2012 - 09:37 AM

I may be on to something. On a hunch, I restarted in normal mode and then immediately disabled Microsoft Security Essentials.

I misses the boat on this one. Normally having 2 AV programs running will only slowdow the computer not to the point of having to restart the computer.
I suppose that with more and more checking done by these programs that some additional difficulties will arise.
I will keep a eye on this. Thanks.


Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 22


If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

Edited by nasdaq, 21 April 2012 - 09:37 AM.


#12 Skylark13

Skylark13
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:Montreal, Quebec, Canada
  • Local time:11:59 PM

Posted 21 April 2012 - 10:34 AM

Hello nasdaq,

I have updated Java to 6 update 31 and re-enabled the automatic update notifications.

I ran ComboFix /uninstall.

I think the problem came from the fact that MSE was trying to do a scan at startup, and Avast was running at that point, so MSE froze and made all other programs on the machine freeze as well. It's possible that if MSE had been kept active but just hadn't started a scan, it would have been fine.

I've read the link you posted about prevention, but I have a few more in-depth questions.

First, I have MalwareBytes Anti-Malware and SuperAntiSpyware installed and run them regularly, but they are free versions and don't have an active scan component. Is active malware protection necessary? If so, is there any free anti-malware you could recommend with an active scan, to supplement Avast I use for antivirus?

Second, in addition to Avast I sometimes run ESET Online Scanner which I have seen many sites (including some experts on this one) recommend. Is that what you would recommend too? Obviously I keep Avast up to date but once in a while I like to run another scan and I find ESET sometimes finds small things Avast hasn't found.

Thanks for all your help.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:59 PM

Posted 21 April 2012 - 12:46 PM

If so, is there any free anti-malware you could recommend with an active scan, to supplement Avast I use for antivirus?

The only anti-malware protection that I know is Malwarebytes.

Avast and any other good virus protection cover Trojan and Worms.

You must understand that none of these programs are up to date to the last minute or second.
All we can do is keep it up to date.

#14 Skylark13

Skylark13
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:Montreal, Quebec, Canada
  • Local time:11:59 PM

Posted 21 April 2012 - 02:23 PM

Thank you for your advice. I understand I have to practice safe browsing because nothing can be that up to date. And I do keep everything up to date as much as possible.

Thanks a lot for all your help!

#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:59 PM

Posted 27 April 2012 - 07:31 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users