Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

googledoubleclicks.com redirect on IE9


  • This topic is locked This topic is locked
13 replies to this topic

#1 vernontan

vernontan

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 24 June 2012 - 12:31 AM

Hi,

I've been getting redirects to random websites after I click on a google search result. Sometimes, it takes me directly to the desired website after a short period of redirecting (visible on the web browser tab which shows googledoubleclicks.com) and other times, I'm redirected to random websites.

Eset has picked up a trojan and quarantined it (a variant of Win32/Medfos.AG trojan in C:\Users\TAN\AppData\Roaming\drdms.dll). Now, whenever I start up my laptop, I get a RunDLL error message :

There was a problem starting C:\Users\TAN\AppData\Roaming\drdms.dll
The specified module could not be found

Below is the dds log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by TAN at 14:54:32 on 2012-06-24
Microsoft Windows 7 Ultimate N 6.1.7601.1.1252.1.1033.18.8088.5919 [GMT 9.5:30]
.
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\ThinkPad\Utilities\TpKmapMn.exe
C:\Windows\SysWOW64\rundll32.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\TAN\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.my/
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Advertising Cookie Opt-out: {8e425eb4-adbd-4816-b1e8-49bb9decf034} - C:\Program Files (x86)\Google\Advertising Cookie Opt-out\opt_out.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: {4064EA35-578D-4073-A834-C96D82CBCF40} - No File
uRun: [AdobeBridge]
uRun: [TPKMAPMN] "C:\Program Files (x86)\ThinkPad\Utilities\TpKmapMn.exe"
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [Google Update] "C:\Users\TAN\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [TPKMAPHELPER] "C:\Program Files (x86)\ThinkPad\Utilities\TpKmapAp.exe" -helper
mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: C:\Users\TAN\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 139.130.4.4 203.50.2.71
TCP: Interfaces\{550967E6-7719-4864-B035-83D18C1FE89C} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{6A72E282-E2C3-4812-9184-A29923A09C90} : DhcpNameServer = 139.130.4.4 203.50.2.71
TCP: Interfaces\{6A72E282-E2C3-4812-9184-A29923A09C90}\B4C434D275942554C4543535 : DhcpNameServer = 139.130.4.4 203.50.2.71
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Advertising Cookie Opt-out: {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files (x86)\Google\Advertising Cookie Opt-out\opt_out.dll
BHO-X64: Advertising Cookie Opt-out - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: {4064EA35-578D-4073-A834-C96D82CBCF40} - No File
mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun-x64: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun-x64: [TPKMAPHELPER] "C:\Program Files (x86)\ThinkPad\Utilities\TpKmapAp.exe" -helper
mRun-x64: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
mRun-x64: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun-x64: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);C:\Windows\system32\DRIVERS\tdrpm258.sys --> C:\Windows\system32\DRIVERS\tdrpm258.sys [?]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]
R1 SBRE;SBRE;\??\C:\Windows\system32\drivers\SBREdrv.sys --> C:\Windows\system32\drivers\SBREdrv.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-16 19968]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-1-12 810144]
R2 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 20992]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2011-11-26 133992]
R2 MSSQL$DOLPHIN;SQL Server (DOLPHIN);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 Sentinel64;Sentinel64;C:\Windows\system32\Drivers\Sentinel64.sys --> C:\Windows\system32\Drivers\Sentinel64.sys [?]
R2 SentinelKeysServer;Sentinel Keys Server;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2008-7-11 328992]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2011-11-26 145256]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-11-26 142696]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;C:\Windows\system32\Drivers\ATSwpWDF.sys --> C:\Windows\system32\Drivers\ATSwpWDF.sys [?]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-18 116648]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2011-11-26 101736]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
S3 B-Service;B-Service;C:\Users\TAN\AppData\Roaming\Mikogo\B-Service.exe [2010-4-20 185640]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-2-21 478056]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-6-4 1030600]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-18 116648]
S3 libusb0;Atmel - LibUsb Kernel Driver 07/07/2009, 1.12.0.1;C:\Windows\system32\DRIVERS\libusb0.sys --> C:\Windows\system32\DRIVERS\libusb0.sys [?]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
S3 M4-Service;M4-Service;C:\Users\TAN\AppData\Roaming\Mikogo\M4-Service.exe [2011-11-20 1003888]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2010-3-10 89152]
S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]
S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2011-5-15 175168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-3-26 2480048]
S4 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\HOTKEY\cammute.exe [2010-1-30 54632]
S4 nsService;NovaStor NovaBACKUP Backup/Copy Engine;"C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe" --> C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe [?]
.
=============== Created Last 30 ================
.
2012-06-23 11:51:26 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-23 11:51:05 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-23 11:50:28 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-23 11:50:28 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-17 23:22:29 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A6C0098D-E551-4BB0-8B90-492E97ACDCD4}\mpengine.dll
2012-06-14 06:46:17 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-14 06:46:16 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-14 06:46:16 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-14 06:46:02 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-14 06:46:01 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-14 06:38:05 333824 ------w- C:\Users\TAN\AppData\Roaming\progp.dll
2012-06-12 03:40:46 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-06-12 03:25:33 -------- d-----w- C:\ProgramData\PC Tools
2012-06-06 23:49:20 265216 ----a-w- C:\Users\TAN\AppData\Roaming\kbals.dll
2012-06-04 05:06:33 300032 ----a-w- C:\Users\TAN\AppData\Roaming\snladi.dll
2012-06-02 04:13:38 291840 ----a-w- C:\Users\TAN\AppData\Roaming\wemsr.dll
2012-06-02 04:12:59 133120 ----a-w- C:\Users\TAN\AppData\Roaming\dipiz.dll
2012-05-27 12:10:58 -------- d-----w- C:\Users\TAN\AppData\Local\{99E26F18-CBEC-4727-840F-D340E0F7B31A}
.
==================== Find3M ====================
.
2012-06-24 05:17:37 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat
2012-06-14 06:37:48 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-14 06:37:48 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 05:32:05 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-04 06:26:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 14:55:51.93 ===============


Any help is greatly appreciated. Thank you.

Edited by vernontan, 24 June 2012 - 12:33 AM.


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:13 PM

Posted 24 June 2012 - 11:47 AM

Hello vernontan,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
Do you have a USB Flash Drive you can use?
How is your machine running now?

Edited by fireman4it, 24 June 2012 - 11:47 AM.
grammar

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 vernontan

vernontan
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 26 June 2012 - 03:21 AM

Hi fireman4it,

Thank you for your assistance! When I reboot my laptop, I get the following RunDLL error messages:

There was a problem starting
C:\Users\TAN\AppData\Roaming\drdms.dll
C:\Users\TAN\AppData\Roaming\progp.dll
C:\Users\TAN\AppData\Roaming\dipiz.dll

The specified module could not be found.

Internet explorer seems to be working fine at the moment. No more redirects. Shall test out further and report back. Yes, I do have a spare USB Flash Drive. Thank you once again.



Below are the logs:

16:58:39.0613 3736 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
16:58:40.0728 3736 ============================================================
16:58:40.0728 3736 Current date / time: 2012/06/26 16:58:40.0728
16:58:40.0728 3736 SystemInfo:
16:58:40.0728 3736
16:58:40.0728 3736 OS Version: 6.1.7601 ServicePack: 1.0
16:58:40.0728 3736 Product type: Workstation
16:58:40.0728 3736 ComputerName: TAN-PC
16:58:40.0728 3736 UserName: TAN
16:58:40.0728 3736 Windows directory: C:\Windows
16:58:40.0728 3736 System windows directory: C:\Windows
16:58:40.0728 3736 Running under WOW64
16:58:40.0728 3736 Processor architecture: Intel x64
16:58:40.0728 3736 Number of processors: 2
16:58:40.0728 3736 Page size: 0x1000
16:58:40.0728 3736 Boot type: Normal boot
16:58:40.0728 3736 ============================================================
16:58:41.0440 3736 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
16:58:41.0446 3736 ============================================================
16:58:41.0446 3736 \Device\Harddisk0\DR0:
16:58:41.0446 3736 MBR partitions:
16:58:41.0446 3736 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
16:58:41.0446 3736 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1001A800
16:58:41.0446 3736 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x10309000, BlocksNum 0x27106B0
16:58:41.0446 3736 ============================================================
16:58:41.0475 3736 C: <-> \Device\Harddisk0\DR0\Partition1
16:58:41.0530 3736 D: <-> \Device\Harddisk0\DR0\Partition2
16:58:41.0531 3736 ============================================================
16:58:41.0531 3736 Initialize success
16:58:41.0531 3736 ============================================================
16:58:50.0608 4176 ============================================================
16:58:50.0608 4176 Scan started
16:58:50.0608 4176 Mode: Manual;
16:58:50.0608 4176 ============================================================
16:58:52.0115 4176 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:58:52.0181 4176 1394ohci - ok
16:58:52.0244 4176 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:58:52.0250 4176 ACPI - ok
16:58:52.0272 4176 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:58:52.0288 4176 AcpiPmi - ok
16:58:52.0513 4176 AcrSch2Svc (00bfc7a51046cbd77e2a71f237ed2838) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
16:58:52.0536 4176 AcrSch2Svc - ok
16:58:52.0586 4176 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
16:58:52.0652 4176 adfs - ok
16:58:52.0738 4176 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:58:52.0776 4176 adp94xx - ok
16:58:52.0833 4176 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:58:52.0911 4176 adpahci - ok
16:58:52.0940 4176 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:58:52.0946 4176 adpu320 - ok
16:58:52.0991 4176 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:58:52.0993 4176 AeLookupSvc - ok
16:58:53.0068 4176 afcdp (3f5fdc12ffa4794fc3a178a26d48e7cf) C:\Windows\system32\DRIVERS\afcdp.sys
16:58:53.0108 4176 afcdp - ok
16:58:53.0393 4176 afcdpsrv (b8c03e224e49e0f9726cddef872237eb) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
16:58:53.0434 4176 afcdpsrv - ok
16:58:53.0656 4176 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:58:53.0706 4176 AFD - ok
16:58:53.0761 4176 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:58:53.0792 4176 agp440 - ok
16:58:53.0832 4176 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:58:53.0836 4176 ALG - ok
16:58:53.0860 4176 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:58:53.0906 4176 aliide - ok
16:58:53.0963 4176 AMD External Events Utility (0b387cbb0c445893ea4907df6312d367) C:\Windows\system32\atiesrxx.exe
16:58:53.0969 4176 AMD External Events Utility - ok
16:58:53.0987 4176 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:58:54.0014 4176 amdide - ok
16:58:54.0054 4176 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:58:54.0096 4176 AmdK8 - ok
16:58:54.0732 4176 amdkmdag (393d90b57b1fa56caf4e6ccc7a55b069) C:\Windows\system32\DRIVERS\atikmdag.sys
16:58:54.0891 4176 amdkmdag - ok
16:58:55.0104 4176 amdkmdap (62171b584a80e74fff16a55bf95dd4c6) C:\Windows\system32\DRIVERS\atikmpag.sys
16:58:55.0111 4176 amdkmdap - ok
16:58:55.0149 4176 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:58:55.0173 4176 AmdPPM - ok
16:58:55.0222 4176 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:58:55.0268 4176 amdsata - ok
16:58:55.0310 4176 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:58:55.0338 4176 amdsbs - ok
16:58:55.0374 4176 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:58:55.0411 4176 amdxata - ok
16:58:55.0483 4176 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:58:55.0502 4176 AppID - ok
16:58:55.0533 4176 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:58:55.0536 4176 AppIDSvc - ok
16:58:55.0595 4176 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:58:55.0599 4176 Appinfo - ok
16:58:55.0676 4176 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
16:58:55.0681 4176 AppMgmt - ok
16:58:55.0705 4176 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:58:55.0730 4176 arc - ok
16:58:55.0745 4176 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:58:55.0749 4176 arcsas - ok
16:58:55.0897 4176 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:58:55.0902 4176 aspnet_state - ok
16:58:55.0957 4176 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:58:55.0979 4176 AsyncMac - ok
16:58:56.0026 4176 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:58:56.0050 4176 atapi - ok
16:58:56.0606 4176 atikmdag (393d90b57b1fa56caf4e6ccc7a55b069) C:\Windows\system32\DRIVERS\atikmdag.sys
16:58:56.0651 4176 atikmdag - ok
16:58:56.0840 4176 ATSwpWDF (ea512f43f4a28d18b52cafe8c93984fb) C:\Windows\system32\Drivers\ATSwpWDF.sys
16:58:56.0869 4176 ATSwpWDF - ok
16:58:56.0969 4176 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:58:56.0979 4176 AudioEndpointBuilder - ok
16:58:56.0986 4176 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:58:56.0990 4176 AudioSrv - ok
16:58:57.0049 4176 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:58:57.0063 4176 AxInstSV - ok
16:58:57.0232 4176 B-Service (c3edb060c0427607eb9344ec861585ff) C:\Users\TAN\AppData\Roaming\Mikogo\B-Service.exe
16:58:57.0238 4176 B-Service - ok
16:58:57.0322 4176 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:58:57.0336 4176 b06bdrv - ok
16:58:57.0381 4176 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:58:57.0402 4176 b57nd60a - ok
16:58:57.0462 4176 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:58:57.0465 4176 BDESVC - ok
16:58:57.0492 4176 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:58:57.0496 4176 Beep - ok
16:58:57.0587 4176 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:58:57.0598 4176 BFE - ok
16:58:57.0675 4176 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
16:58:57.0692 4176 BITS - ok
16:58:57.0753 4176 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:58:57.0770 4176 blbdrive - ok
16:58:57.0822 4176 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:58:57.0860 4176 bowser - ok
16:58:57.0874 4176 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:58:57.0876 4176 BrFiltLo - ok
16:58:57.0894 4176 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:58:57.0896 4176 BrFiltUp - ok
16:58:57.0946 4176 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:58:57.0950 4176 Browser - ok
16:58:57.0982 4176 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:58:58.0005 4176 Brserid - ok
16:58:58.0024 4176 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:58:58.0065 4176 BrSerWdm - ok
16:58:58.0074 4176 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:58:58.0102 4176 BrUsbMdm - ok
16:58:58.0108 4176 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:58:58.0119 4176 BrUsbSer - ok
16:58:58.0159 4176 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
16:58:58.0177 4176 BthEnum - ok
16:58:58.0193 4176 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:58:58.0214 4176 BTHMODEM - ok
16:58:58.0243 4176 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
16:58:58.0251 4176 BthPan - ok
16:58:58.0319 4176 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
16:58:58.0353 4176 BTHPORT - ok
16:58:58.0412 4176 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:58:58.0417 4176 bthserv - ok
16:58:58.0452 4176 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
16:58:58.0472 4176 BTHUSB - ok
16:58:58.0541 4176 CAXHWAZL (9c4e50bea239e2d45099ec919f779db0) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
16:58:58.0548 4176 CAXHWAZL - ok
16:58:58.0588 4176 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:58:58.0591 4176 cdfs - ok
16:58:58.0666 4176 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:58:58.0686 4176 cdrom - ok
16:58:58.0735 4176 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:58:58.0737 4176 CertPropSvc - ok
16:58:58.0768 4176 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:58:58.0770 4176 circlass - ok
16:58:58.0808 4176 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:58:58.0844 4176 CLFS - ok
16:58:58.0936 4176 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:58:58.0946 4176 clr_optimization_v2.0.50727_32 - ok
16:58:59.0011 4176 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:58:59.0015 4176 clr_optimization_v2.0.50727_64 - ok
16:58:59.0103 4176 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:58:59.0107 4176 clr_optimization_v4.0.30319_32 - ok
16:58:59.0151 4176 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:58:59.0153 4176 clr_optimization_v4.0.30319_64 - ok
16:58:59.0214 4176 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:58:59.0232 4176 CmBatt - ok
16:58:59.0264 4176 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:58:59.0281 4176 cmdide - ok
16:58:59.0344 4176 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:58:59.0375 4176 CNG - ok
16:58:59.0460 4176 CnxtHdAudService (d3c4f72e8f8dc523b02a0c313ceeea99) C:\Windows\system32\drivers\CHDRT64.sys
16:58:59.0481 4176 CnxtHdAudService - ok
16:58:59.0504 4176 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:58:59.0522 4176 Compbatt - ok
16:58:59.0585 4176 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:58:59.0587 4176 CompositeBus - ok
16:58:59.0596 4176 COMSysApp - ok
16:58:59.0616 4176 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:58:59.0618 4176 crcdisk - ok
16:58:59.0679 4176 CronService (63a7739ac9c1e38589b3edb1daeb9df5) C:\Prey\platform\windows\cronsvc.exe
16:58:59.0680 4176 CronService - ok
16:58:59.0731 4176 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
16:58:59.0735 4176 CryptSvc - ok
16:58:59.0807 4176 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:58:59.0817 4176 CSC - ok
16:58:59.0873 4176 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
16:58:59.0884 4176 CscService - ok
16:58:59.0951 4176 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:58:59.0961 4176 DcomLaunch - ok
16:59:00.0013 4176 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:59:00.0022 4176 defragsvc - ok
16:59:00.0090 4176 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:59:00.0096 4176 DfsC - ok
16:59:00.0142 4176 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:59:00.0148 4176 Dhcp - ok
16:59:00.0186 4176 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:59:00.0222 4176 discache - ok
16:59:00.0254 4176 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:59:00.0275 4176 Disk - ok
16:59:00.0315 4176 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:59:00.0319 4176 Dnscache - ok
16:59:00.0392 4176 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:59:00.0405 4176 dot3svc - ok
16:59:00.0566 4176 DozeSvc (277247b79da2230d0c3aeb83e6cd8ca7) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
16:59:00.0576 4176 DozeSvc - ok
16:59:00.0622 4176 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:59:00.0626 4176 DPS - ok
16:59:00.0664 4176 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:59:00.0685 4176 drmkaud - ok
16:59:00.0774 4176 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:59:00.0790 4176 DXGKrnl - ok
16:59:00.0856 4176 DzHDD64 (ce4cffd9f64b86bceb1c343fc9924d72) C:\Windows\system32\DRIVERS\DzHDD64.sys
16:59:00.0862 4176 DzHDD64 - ok
16:59:00.0908 4176 e1yexpress (d608110adb132e683360fca0f6b2bb53) C:\Windows\system32\DRIVERS\e1y60x64.sys
16:59:00.0956 4176 e1yexpress - ok
16:59:00.0999 4176 eamonm (aca3fe4f18a945b7bf2618a79f6f670b) C:\Windows\system32\DRIVERS\eamonm.sys
16:59:01.0021 4176 eamonm - ok
16:59:01.0068 4176 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:59:01.0070 4176 EapHost - ok
16:59:01.0351 4176 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:59:01.0440 4176 ebdrv - ok
16:59:01.0602 4176 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:59:01.0607 4176 EFS - ok
16:59:01.0681 4176 ehdrv (6672438bdcbfd87250d22112d458294d) C:\Windows\system32\DRIVERS\ehdrv.sys
16:59:01.0718 4176 ehdrv - ok
16:59:01.0818 4176 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:59:01.0829 4176 ehRecvr - ok
16:59:01.0875 4176 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:59:01.0879 4176 ehSched - ok
16:59:01.0998 4176 EhttpSrv (deb2b067745d92ff17a5068dfd2360bc) C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
16:59:02.0003 4176 EhttpSrv - ok
16:59:02.0110 4176 ekrn (191d8eccc40f05b52fac0513f35ba01d) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
16:59:02.0116 4176 ekrn - ok
16:59:02.0286 4176 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:59:02.0304 4176 elxstor - ok
16:59:02.0378 4176 epfw (443805b5b11c859ac8ca35297648ff0c) C:\Windows\system32\DRIVERS\epfw.sys
16:59:02.0406 4176 epfw - ok
16:59:02.0446 4176 Epfwndis (66e61bc6c9f519a99275eb0f0e530bf4) C:\Windows\system32\DRIVERS\Epfwndis.sys
16:59:02.0489 4176 Epfwndis - ok
16:59:02.0517 4176 epfwwfp (f72c97f3d34ea5ec919c73e3901266bb) C:\Windows\system32\DRIVERS\epfwwfp.sys
16:59:02.0547 4176 epfwwfp - ok
16:59:02.0577 4176 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:59:02.0593 4176 ErrDev - ok
16:59:02.0672 4176 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:59:02.0680 4176 EventSystem - ok
16:59:02.0912 4176 EvtEng (bdf87981c5fea94fd259f110fb8b1a72) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:59:02.0935 4176 EvtEng - ok
16:59:03.0126 4176 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:59:03.0198 4176 exfat - ok
16:59:03.0230 4176 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:59:03.0264 4176 fastfat - ok
16:59:03.0357 4176 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:59:03.0368 4176 Fax - ok
16:59:03.0387 4176 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:59:03.0417 4176 fdc - ok
16:59:03.0468 4176 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:59:03.0473 4176 fdPHost - ok
16:59:03.0487 4176 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:59:03.0490 4176 FDResPub - ok
16:59:03.0509 4176 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:59:03.0534 4176 FileInfo - ok
16:59:03.0550 4176 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:59:03.0570 4176 Filetrace - ok
16:59:03.0751 4176 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:59:03.0774 4176 FLEXnet Licensing Service - ok
16:59:03.0951 4176 FLEXnet Licensing Service 64 (259dc094e2d3f08654c8fb73d8ecc0f5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
16:59:03.0969 4176 FLEXnet Licensing Service 64 - ok
16:59:04.0127 4176 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:59:04.0132 4176 flpydisk - ok
16:59:04.0204 4176 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:59:04.0261 4176 FltMgr - ok
16:59:04.0326 4176 FLxHCIc (10b5ab16c34d4e316edb825386f57da6) C:\Windows\system32\DRIVERS\FLxHCIc.sys
16:59:04.0338 4176 FLxHCIc - ok
16:59:04.0374 4176 FLxHCIh (66de264c2defe746cb2e71f3a5eb5c2c) C:\Windows\system32\DRIVERS\FLxHCIh.sys
16:59:04.0379 4176 FLxHCIh - ok
16:59:04.0499 4176 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:59:04.0519 4176 FontCache - ok
16:59:04.0641 4176 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:59:04.0646 4176 FontCache3.0.0.0 - ok
16:59:04.0667 4176 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:59:04.0687 4176 FsDepends - ok
16:59:04.0717 4176 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:59:04.0734 4176 Fs_Rec - ok
16:59:04.0797 4176 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:59:04.0858 4176 fvevol - ok
16:59:04.0879 4176 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:59:04.0924 4176 gagp30kx - ok
16:59:05.0012 4176 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:59:05.0024 4176 gpsvc - ok
16:59:05.0168 4176 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:59:05.0169 4176 gupdate - ok
16:59:05.0189 4176 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:59:05.0190 4176 gupdatem - ok
16:59:05.0229 4176 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:59:05.0231 4176 hcw85cir - ok
16:59:05.0304 4176 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:59:05.0312 4176 HdAudAddService - ok
16:59:05.0353 4176 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:59:05.0356 4176 HDAudBus - ok
16:59:05.0421 4176 HECIx64 (15c9789470b8855ac2f54fdf96802d13) C:\Windows\system32\DRIVERS\HECIx64.sys
16:59:05.0428 4176 HECIx64 - ok
16:59:05.0446 4176 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:59:05.0477 4176 HidBatt - ok
16:59:05.0505 4176 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:59:05.0524 4176 HidBth - ok
16:59:05.0564 4176 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:59:05.0595 4176 HidIr - ok
16:59:05.0630 4176 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
16:59:05.0632 4176 hidserv - ok
16:59:05.0668 4176 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
16:59:05.0687 4176 HidUsb - ok
16:59:05.0730 4176 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:59:05.0732 4176 hkmsvc - ok
16:59:05.0783 4176 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:59:05.0789 4176 HomeGroupListener - ok
16:59:05.0840 4176 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:59:05.0844 4176 HomeGroupProvider - ok
16:59:05.0889 4176 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:59:05.0896 4176 HpSAMD - ok
16:59:06.0065 4176 HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\Windows\SysWOW64\XAudio64.dll
16:59:06.0079 4176 HsfXAudioService - ok
16:59:06.0231 4176 HSF_DPV (5a518b63d408b2dbc1778788456e1a66) C:\Windows\system32\DRIVERS\CAX_DPV.sys
16:59:06.0279 4176 HSF_DPV - ok
16:59:06.0509 4176 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:59:06.0557 4176 HTTP - ok
16:59:06.0602 4176 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:59:06.0633 4176 hwpolicy - ok
16:59:06.0696 4176 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:59:06.0715 4176 i8042prt - ok
16:59:06.0766 4176 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
16:59:06.0768 4176 iaStor - ok
16:59:06.0845 4176 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:59:06.0903 4176 iaStorV - ok
16:59:06.0947 4176 IBMPMDRV (2151176db657aeff9b873d23380c3f5b) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
16:59:06.0951 4176 IBMPMDRV - ok
16:59:06.0979 4176 IBMPMSVC (c76a67aed080538d420550c903696788) C:\Windows\system32\ibmpmsvc.exe
16:59:06.0982 4176 IBMPMSVC - ok
16:59:07.0114 4176 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:59:07.0121 4176 IDriverT - ok
16:59:07.0281 4176 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:59:07.0297 4176 idsvc - ok
16:59:08.0107 4176 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:59:08.0412 4176 igfx - ok
16:59:08.0586 4176 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:59:08.0591 4176 iirsp - ok
16:59:08.0727 4176 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:59:08.0750 4176 IKEEXT - ok
16:59:08.0793 4176 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:59:08.0796 4176 intelide - ok
16:59:09.0623 4176 intelkmd (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdpmd64.sys
16:59:09.0917 4176 intelkmd - ok
16:59:10.0096 4176 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:59:10.0139 4176 intelppm - ok
16:59:10.0179 4176 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:59:10.0183 4176 IPBusEnum - ok
16:59:10.0220 4176 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:59:10.0225 4176 IpFilterDriver - ok
16:59:10.0299 4176 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:59:10.0314 4176 iphlpsvc - ok
16:59:10.0364 4176 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:59:10.0371 4176 IPMIDRV - ok
16:59:10.0400 4176 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:59:10.0442 4176 IPNAT - ok
16:59:10.0462 4176 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:59:10.0464 4176 IRENUM - ok
16:59:10.0480 4176 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:59:10.0496 4176 isapnp - ok
16:59:10.0526 4176 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:59:10.0547 4176 iScsiPrt - ok
16:59:10.0577 4176 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:59:10.0580 4176 kbdclass - ok16:59:10.0610 4176 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:59:10.0613 4176 kbdhid - ok
16:59:10.0651 4176 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:59:10.0655 4176 KeyIso - ok
16:59:10.0697 4176 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:59:10.0706 4176 KSecDD - ok
16:59:10.0759 4176 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:59:10.0800 4176 KSecPkg - ok
16:59:10.0838 4176 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:59:10.0855 4176 ksthunk - ok
16:59:10.0916 4176 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:59:10.0924 4176 KtmRm - ok
16:59:10.0975 4176 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
16:59:10.0985 4176 LanmanServer - ok
16:59:11.0035 4176 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:59:11.0039 4176 LanmanWorkstation - ok
16:59:11.0158 4176 LENOVO.CAMMUTE (a4aefd644cade44f99ceafa49004426c) C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe
16:59:11.0168 4176 LENOVO.CAMMUTE - ok
16:59:11.0223 4176 LENOVO.MICMUTE (340288b3b2edc8afd5ff127df85142a7) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
16:59:11.0227 4176 LENOVO.MICMUTE - ok
16:59:11.0257 4176 lenovo.smi (2b9d8555dc004e240082d18e7725ce20) C:\Windows\system32\DRIVERS\smiifx64.sys
16:59:11.0290 4176 lenovo.smi - ok
16:59:11.0370 4176 Lenovo.VIRTSCRLSVC (f7de50781dc4d162c1005eb30d98f931) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
16:59:11.0373 4176 Lenovo.VIRTSCRLSVC - ok
16:59:11.0426 4176 libusb0 (8cfa53e39545934e13ae47fc55382dd7) C:\Windows\system32\DRIVERS\libusb0.sys
16:59:11.0449 4176 libusb0 - ok
16:59:11.0479 4176 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:59:11.0496 4176 lltdio - ok
16:59:11.0554 4176 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:59:11.0566 4176 lltdsvc - ok
16:59:11.0590 4176 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:59:11.0592 4176 lmhosts - ok
16:59:11.0651 4176 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:59:11.0697 4176 LSI_FC - ok
16:59:11.0721 4176 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:59:11.0746 4176 LSI_SAS - ok
16:59:11.0766 4176 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:59:11.0792 4176 LSI_SAS2 - ok
16:59:11.0816 4176 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:59:11.0844 4176 LSI_SCSI - ok
16:59:11.0878 4176 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:59:11.0883 4176 luafv - ok
16:59:11.0914 4176 LVUSBS64 (6562fcee704f14c05f5338b147d67a16) C:\Windows\system32\drivers\LVUSBS64.sys
16:59:11.0918 4176 LVUSBS64 - ok
16:59:12.0131 4176 M4-Service (9bc888cb301d553888c69d5f1dd69a0e) C:/Users/TAN/AppData/Roaming/Mikogo\M4-Service.exe
16:59:12.0231 4176 M4-Service - ok
16:59:12.0339 4176 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:59:12.0343 4176 Mcx2Svc - ok
16:59:12.0379 4176 mdmxsdk (fc631425ed761ea1f24738aa15ff5a7d) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:59:12.0382 4176 mdmxsdk - ok
16:59:12.0423 4176 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:59:12.0456 4176 megasas - ok
16:59:12.0489 4176 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:59:12.0516 4176 MegaSR - ok
16:59:12.0624 4176 Microsoft SharePoint Workspace Audit Service - ok
16:59:12.0681 4176 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:59:12.0683 4176 MMCSS - ok
16:59:12.0696 4176 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:59:12.0698 4176 Modem - ok
16:59:12.0727 4176 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:59:12.0745 4176 monitor - ok
16:59:12.0794 4176 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
16:59:12.0796 4176 mouclass - ok
16:59:12.0827 4176 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:59:12.0829 4176 mouhid - ok
16:59:12.0878 4176 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:59:12.0930 4176 mountmgr - ok
16:59:12.0990 4176 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:59:13.0007 4176 mpio - ok
16:59:13.0048 4176 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:59:13.0083 4176 mpsdrv - ok
16:59:13.0177 4176 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:59:13.0197 4176 MpsSvc - ok
16:59:13.0239 4176 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:59:13.0244 4176 MRxDAV - ok
16:59:13.0289 4176 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:59:13.0294 4176 mrxsmb - ok
16:59:13.0360 4176 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:59:13.0408 4176 mrxsmb10 - ok
16:59:13.0436 4176 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:59:13.0454 4176 mrxsmb20 - ok
16:59:13.0474 4176 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:59:13.0490 4176 msahci - ok
16:59:13.0527 4176 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:59:13.0577 4176 msdsm - ok
16:59:13.0616 4176 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:59:13.0625 4176 MSDTC - ok
16:59:13.0660 4176 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:59:13.0663 4176 Msfs - ok
16:59:13.0697 4176 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:59:13.0700 4176 mshidkmdf - ok
16:59:13.0735 4176 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:59:13.0758 4176 msisadrv - ok
16:59:13.0824 4176 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:59:13.0833 4176 MSiSCSI - ok
16:59:13.0842 4176 msiserver - ok
16:59:13.0912 4176 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:59:13.0916 4176 MSKSSRV - ok
16:59:13.0955 4176 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:59:13.0957 4176 MSPCLOCK - ok
16:59:13.0975 4176 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:59:13.0991 4176 MSPQM - ok
16:59:14.0060 4176 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:59:14.0074 4176 MsRPC - ok
16:59:14.0096 4176 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:59:14.0099 4176 mssmbios - ok
16:59:14.0214 4176 MSSQL$DOLPHIN - ok
16:59:14.0261 4176 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
16:59:14.0270 4176 MSSQLServerADHelper - ok
16:59:14.0287 4176 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:59:14.0289 4176 MSTEE - ok
16:59:14.0308 4176 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:59:14.0311 4176 MTConfig - ok
16:59:14.0329 4176 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:59:14.0354 4176 Mup - ok
16:59:14.0428 4176 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:59:14.0436 4176 napagent - ok
16:59:14.0508 4176 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:59:14.0555 4176 NativeWifiP - ok
16:59:14.0661 4176 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
16:59:14.0716 4176 NDIS - ok
16:59:14.0737 4176 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:59:14.0754 4176 NdisCap - ok
16:59:14.0777 4176 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:59:14.0779 4176 NdisTapi - ok
16:59:14.0817 4176 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:59:14.0824 4176 Ndisuio - ok
16:59:14.0877 4176 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:59:14.0914 4176 NdisWan - ok
16:59:14.0952 4176 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:59:14.0983 4176 NDProxy - ok
16:59:15.0140 4176 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
16:59:15.0160 4176 Nero BackItUp Scheduler 4.0 - ok
16:59:15.0214 4176 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:59:15.0237 4176 NetBIOS - ok
16:59:15.0288 4176 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:59:15.0309 4176 NetBT - ok
16:59:15.0343 4176 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:59:15.0345 4176 Netlogon - ok
16:59:15.0424 4176 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:59:15.0437 4176 Netman - ok
16:59:15.0577 4176 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:59:15.0582 4176 NetMsmqActivator - ok
16:59:15.0587 4176 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:59:15.0589 4176 NetPipeActivator - ok
16:59:15.0638 4176 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:59:15.0654 4176 netprofm - ok
16:59:15.0663 4176 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:59:15.0667 4176 NetTcpActivator - ok
16:59:15.0676 4176 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:59:15.0679 4176 NetTcpPortSharing - ok
16:59:16.0333 4176 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
16:59:16.0527 4176 NETw5s64 - ok
16:59:17.0105 4176 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
16:59:17.0207 4176 netw5v64 - ok
16:59:18.0060 4176 NETwNs64 (9aa75919d0a5f33bea0df7b9db09b755) C:\Windows\system32\DRIVERS\NETwNs64.sys
16:59:18.0208 4176 NETwNs64 - ok
16:59:18.0411 4176 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:59:18.0465 4176 nfrd960 - ok
16:59:18.0534 4176 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:59:18.0546 4176 NlaSvc - ok
16:59:18.0565 4176 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:59:18.0589 4176 Npfs - ok
16:59:18.0625 4176 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:59:18.0631 4176 nsi - ok
16:59:18.0650 4176 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:59:18.0676 4176 nsiproxy - ok
16:59:18.0758 4176 nsService - ok
16:59:18.0935 4176 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:59:19.0006 4176 Ntfs - ok
16:59:19.0183 4176 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:59:19.0200 4176 Null - ok
16:59:19.0241 4176 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:59:19.0261 4176 nvraid - ok
16:59:19.0292 4176 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:59:19.0326 4176 nvstor - ok
16:59:19.0374 4176 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:59:19.0393 4176 nv_agp - ok
16:59:19.0418 4176 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:59:19.0437 4176 ohci1394 - ok
16:59:19.0535 4176 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:59:19.0539 4176 ose - ok
16:59:20.0039 4176 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:59:20.0134 4176 osppsvc - ok
16:59:20.0300 4176 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:59:20.0311 4176 p2pimsvc - ok
16:59:20.0362 4176 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:59:20.0373 4176 p2psvc - ok
16:59:20.0439 4176 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:59:20.0465 4176 Parport - ok
16:59:20.0498 4176 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
16:59:20.0528 4176 partmgr - ok
16:59:20.0556 4176 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:59:20.0561 4176 PcaSvc - ok
16:59:20.0626 4176 PCDSRVC{127174DC-C366ED8B-06000000}_0 - ok
16:59:20.0650 4176 PCDSRVC{184E4FA0-DE8C26D4-06000000}_0 - ok
16:59:20.0709 4176 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:59:20.0762 4176 pci - ok
16:59:20.0777 4176 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:59:20.0793 4176 pciide - ok
16:59:20.0824 4176 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:59:20.0844 4176 pcmcia - ok
16:59:20.0862 4176 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:59:20.0879 4176 pcw - ok
16:59:20.0933 4176 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:59:20.0959 4176 PEAUTH - ok
16:59:21.0101 4176 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
16:59:21.0123 4176 PeerDistSvc - ok
16:59:21.0228 4176 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:59:21.0237 4176 PerfHost - ok
16:59:21.0447 4176 PID_0928 (db5c32a4130e6b36cd6ed7a5a6c7751e) C:\Windows\system32\DRIVERS\LV561V64.SYS
16:59:21.0475 4176 PID_0928 - ok
16:59:21.0602 4176 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:59:21.0627 4176 pla - ok
16:59:21.0692 4176 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:59:21.0701 4176 PlugPlay - ok
16:59:21.0758 4176 Pml Driver HPZ12 (f485770eec8959684cc4c4786b63c06c) C:\Windows\system32\HPZipm12.dll
16:59:21.0760 4176 Pml Driver HPZ12 - ok
16:59:21.0792 4176 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:59:21.0795 4176 PNRPAutoReg - ok
16:59:21.0829 4176 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:59:21.0833 4176 PNRPsvc - ok
16:59:21.0874 4176 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:59:21.0883 4176 PolicyAgent - ok
16:59:21.0939 4176 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:59:21.0944 4176 Power - ok
16:59:22.0068 4176 Power Manager DBC Service (836fe79de8767d77136b6491a3d61089) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
16:59:22.0077 4176 Power Manager DBC Service - ok
16:59:22.0173 4176 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:59:22.0244 4176 PptpMiniport - ok
16:59:22.0282 4176 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:59:22.0299 4176 Processor - ok
16:59:22.0366 4176 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
16:59:22.0377 4176 ProfSvc - ok
16:59:22.0427 4176 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:59:22.0430 4176 ProtectedStorage - ok
16:59:22.0485 4176 psadd (4a768fb063a38b0a78ad97617d3a04f5) C:\Windows\system32\DRIVERS\psadd.sys
16:59:22.0490 4176 psadd - ok
16:59:22.0555 4176 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:59:22.0595 4176 Psched - ok
16:59:22.0637 4176 pwdrvio (9e97e62098fa1238d189181aab13c402) C:\Windows\system32\pwdrvio.sys
16:59:22.0661 4176 pwdrvio - ok
16:59:22.0709 4176 pwdspio (1a8011b9bd9b5cb53783e7f91109b946) C:\Windows\system32\pwdspio.sys
16:59:22.0713 4176 pwdspio - ok
16:59:22.0770 4176 PwmEWSvc (576444157f1cb25ae2057eed586d4889) C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
16:59:22.0775 4176 PwmEWSvc - ok
16:59:22.0909 4176 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:59:22.0939 4176 ql2300 - ok
16:59:23.0129 4176 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:59:23.0137 4176 ql40xx - ok
16:59:23.0197 4176 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:59:23.0212 4176 QWAVE - ok
16:59:23.0232 4176 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:59:23.0250 4176 QWAVEdrv - ok
16:59:23.0318 4176 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
16:59:23.0322 4176 RapiMgr - ok
16:59:23.0339 4176 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:59:23.0356 4176 RasAcd - ok
16:59:23.0401 4176 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:59:23.0403 4176 RasAgileVpn - ok
16:59:23.0433 4176 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:59:23.0441 4176 RasAuto - ok
16:59:23.0496 4176 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:59:23.0560 4176 Rasl2tp - ok
16:59:23.0616 4176 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:59:23.0622 4176 RasMan - ok
16:59:23.0639 4176 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:59:23.0642 4176 RasPppoe - ok
16:59:23.0658 4176 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:59:23.0675 4176 RasSstp - ok
16:59:23.0727 4176 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:59:23.0734 4176 rdbss - ok
16:59:23.0776 4176 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:59:23.0809 4176 rdpbus - ok
16:59:23.0817 4176 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:59:23.0819 4176 RDPCDD - ok
16:59:23.0865 4176 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:59:23.0898 4176 RDPDR - ok
16:59:23.0916 4176 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:59:23.0920 4176 RDPENCDD - ok
16:59:23.0941 4176 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:59:23.0943 4176 RDPREFMP - ok
16:59:24.0031 4176 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
16:59:24.0086 4176 RdpVideoMiniport - ok
16:59:24.0127 4176 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
16:59:24.0147 4176 RDPWD - ok
16:59:24.0229 4176 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:59:24.0240 4176 rdyboost - ok
16:59:24.0394 4176 RegSrvc (2528d733da7f5ac8d3d32c74ee4cff16) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:59:24.0408 4176 RegSrvc - ok
16:59:24.0455 4176 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:59:24.0462 4176 RemoteAccess - ok
16:59:24.0514 4176 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:59:24.0523 4176 RemoteRegistry - ok
16:59:24.0622 4176 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
16:59:24.0662 4176 Revoflt - ok
16:59:24.0707 4176 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
16:59:24.0733 4176 RFCOMM - ok
16:59:24.0770 4176 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:59:24.0774 4176 RpcEptMapper - ok
16:59:24.0814 4176 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:59:24.0816 4176 RpcLocator - ok
16:59:24.0895 4176 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:59:24.0901 4176 RpcSs - ok
16:59:24.0952 4176 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:59:24.0976 4176 rspndr - ok
16:59:25.0009 4176 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:59:25.0011 4176 s3cap - ok
16:59:25.0043 4176 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:59:25.0044 4176 SamSs - ok
16:59:25.0071 4176 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:59:25.0089 4176 sbp2port - ok
16:59:25.0148 4176 SBRE (36fc62160426ff355011113659f89832) C:\Windows\system32\drivers\SBREdrv.sys
16:59:25.0154 4176 SBRE - ok
16:59:25.0213 4176 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:59:25.0224 4176 SCardSvr - ok
16:59:25.0257 4176 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:59:25.0281 4176 scfilter - ok
16:59:25.0398 4176 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:59:25.0416 4176 Schedule - ok
16:59:25.0452 4176 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:59:25.0454 4176 SCPolicySvc - ok
16:59:25.0502 4176 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:59:25.0509 4176 SDRSVC - ok
16:59:25.0591 4176 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:59:25.0626 4176 secdrv - ok
16:59:25.0663 4176 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:59:25.0667 4176 seclogon - ok
16:59:25.0688 4176 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
16:59:25.0692 4176 SENS - ok
16:59:25.0709 4176 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:59:25.0713 4176 SensrSvc - ok
16:59:25.0765 4176 Sentinel64 (255476b54c82a89416efdf09fd62f107) C:\Windows\System32\Drivers\Sentinel64.sys
16:59:25.0827 4176 Sentinel64 - ok
16:59:25.0948 4176 SentinelKeysServer (a9eeb7b09b898a53ec8b7063b923ac32) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
16:59:25.0961 4176 SentinelKeysServer - ok
16:59:26.0003 4176 SentinelProtectionServer (fd8723219c907c7ab753c93334fa4610) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
16:59:26.0015 4176 SentinelProtectionServer - ok
16:59:26.0034 4176 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:59:26.0052 4176 Serenum - ok
16:59:26.0066 4176 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:59:26.0125 4176 Serial - ok
16:59:26.0168 4176 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:59:26.0185 4176 sermouse - ok
16:59:26.0242 4176 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:59:26.0245 4176 SessionEnv - ok
16:59:26.0278 4176 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:59:26.0295 4176 sffdisk - ok
16:59:26.0306 4176 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:59:26.0323 4176 sffp_mmc - ok
16:59:26.0337 4176 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:59:26.0340 4176 sffp_sd - ok
16:59:26.0372 4176 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:59:26.0390 4176 sfloppy - ok
16:59:26.0465 4176 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:59:26.0472 4176 SharedAccess - ok
16:59:26.0529 4176 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:59:26.0537 4176 ShellHWDetection - ok
16:59:26.0582 4176 Shockprf (29e316de2c0261c30c08f872032c53a2) C:\Windows\system32\DRIVERS\Apsx64.sys
16:59:26.0588 4176 Shockprf - ok
16:59:26.0608 4176 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:59:26.0640 4176 SiSRaid2 - ok
16:59:26.0662 4176 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:59:26.0680 4176 SiSRaid4 - ok
16:59:26.0795 4176 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
16:59:26.0814 4176 SkypeUpdate - ok
16:59:26.0849 4176 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:59:26.0853 4176 Smb - ok
16:59:26.0920 4176 snapman (27ba49f89468fddae6c2b311c53bce3a) C:\Windows\system32\DRIVERS\snapman.sys
16:59:26.0932 4176 snapman - ok
16:59:26.0987 4176 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:59:26.0995 4176 SNMPTRAP - ok
16:59:27.0031 4176 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:59:27.0055 4176 spldr - ok
16:59:27.0134 4176 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:59:27.0146 4176 Spooler - ok
16:59:27.0450 4176 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:59:27.0507 4176 sppsvc - ok
16:59:27.0660 4176 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:59:27.0668 4176 sppuinotify - ok
16:59:27.0825 4176 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
16:59:27.0826 4176 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
16:59:27.0830 4176 sptd ( LockedFile.Multi.Generic ) - warning
16:59:27.0830 4176 sptd - detected LockedFile.Multi.Generic (1)
16:59:27.0947 4176 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
16:59:27.0958 4176 SQLBrowser - ok
16:59:28.0069 4176 SQLWriter (3c432a96363097870995e2a3c8b66abd) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
16:59:28.0075 4176 SQLWriter - ok
16:59:28.0226 4176 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:59:28.0288 4176 srv - ok
16:59:28.0320 4176 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:59:28.0342 4176 srv2 - ok
16:59:28.0405 4176 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
16:59:28.0413 4176 SrvHsfHDA - ok
16:59:28.0545 4176 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
16:59:28.0608 4176 SrvHsfV92 - ok
16:59:28.0763 4176 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
16:59:28.0814 4176 SrvHsfWinac - ok
16:59:28.0852 4176 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:59:28.0857 4176 srvnet - ok
16:59:28.0912 4176 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:59:28.0918 4176 SSDPSRV - ok
16:59:28.0934 4176 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:59:28.0938 4176 SstpSvc - ok
16:59:28.0971 4176 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:59:28.0974 4176 stexstor - ok
16:59:29.0047 4176 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:59:29.0060 4176 stisvc - ok
16:59:29.0111 4176 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
16:59:29.0117 4176 storflt - ok
16:59:29.0140 4176 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
16:59:29.0171 4176 storvsc - ok
16:59:29.0300 4176 SUService (6ea2f517373771cac5188e82617c9c0b) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
16:59:29.0302 4176 SUService - ok
16:59:29.0311 4176 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:59:29.0334 4176 swenum - ok
16:59:29.0427 4176 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
16:59:29.0440 4176 SwitchBoard - ok
16:59:29.0510 4176 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:59:29.0522 4176 swprv - ok
16:59:29.0540 4176 Synth3dVsc - ok
16:59:29.0689 4176 SynTP (b49fa98afad439cd7e33164c3a19bb88) C:\Windows\system32\DRIVERS\SynTP.sys
16:59:29.0733 4176 SynTP - ok
16:59:30.0026 4176 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:59:30.0056 4176 SysMain - ok
16:59:30.0143 4176 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:59:30.0152 4176 TabletInputService - ok
16:59:30.0196 4176 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:59:30.0203 4176 TapiSrv - ok
16:59:30.0248 4176 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:59:30.0251 4176 TBS - ok
16:59:30.0474 4176 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
16:59:30.0516 4176 Tcpip - ok
16:59:30.0747 4176 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
16:59:30.0761 4176 TCPIP6 - ok
16:59:30.0842 4176 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:59:30.0848 4176 tcpipreg - ok
16:59:30.0895 4176 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:59:30.0933 4176 TDPIPE - ok
16:59:31.0084 4176 tdrpman258 (bf7ac81df6fbe09438d9dc7188178ea9) C:\Windows\system32\DRIVERS\tdrpm258.sys
16:59:31.0158 4176 tdrpman258 - ok
16:59:31.0275 4176 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:59:31.0293 4176 TDTCP - ok
16:59:31.0353 4176 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:59:31.0389 4176 tdx - ok
16:59:31.0427 4176 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:59:31.0445 4176 TermDD - ok
16:59:31.0527 4176 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:59:31.0547 4176 TermService - ok
16:59:31.0589 4176 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:59:31.0597 4176 Themes - ok
16:59:31.0650 4176 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:59:31.0655 4176 THREADORDER - ok
16:59:31.0758 4176 timounter (2c1caf5563548a15515eab07d2a069c6) C:\Windows\system32\DRIVERS\timntr.sys
16:59:31.0814 4176 timounter - ok
16:59:31.0835 4176 TPDIGIMN (8b359a7f4c715b84c76de3c5167797c5) C:\Windows\system32\DRIVERS\ApsHM64.sys
16:59:31.0837 4176 TPDIGIMN - ok
16:59:31.0866 4176 TPHDEXLGSVC (0c1c7753a5539c898adaffde835df7a8) C:\Windows\system32\TPHDEXLG64.exe
16:59:31.0870 4176 TPHDEXLGSVC - ok
16:59:31.0992 4176 TPHKLOAD (83415782d47f8064fcafea308abb2246) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
16:59:31.0998 4176 TPHKLOAD - ok
16:59:32.0046 4176 TPHKSVC (c04bb65441913ab621c58a8bd3169b23) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
16:59:32.0052 4176 TPHKSVC - ok
16:59:32.0108 4176 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
16:59:32.0111 4176 TPM - ok
16:59:32.0149 4176 TPPWRIF (7165b5a9b4867f64a6d6935f57d4196b) C:\Windows\system32\drivers\Tppwr64v.sys
16:59:32.0152 4176 TPPWRIF - ok
16:59:32.0207 4176 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:59:32.0211 4176 TrkWks - ok
16:59:32.0298 4176 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:59:32.0302 4176 TrustedInstaller - ok
16:59:32.0348 4176 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:59:32.0351 4176 tssecsrv - ok
16:59:32.0410 4176 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:59:32.0455 4176 TsUsbFlt - ok
16:59:32.0473 4176 tsusbhub - ok
16:59:32.0528 4176 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:59:32.0547 4176 tunnel - ok
16:59:32.0586 4176 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:59:32.0605 4176 uagp35 - ok
16:59:32.0641 4176 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:59:32.0648 4176 udfs - ok
16:59:32.0669 4176 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:59:32.0673 4176 UI0Detect - ok
16:59:32.0707 4176 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:59:32.0725 4176 uliagpkx - ok
16:59:32.0747 4176 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:59:32.0764 4176 umbus - ok
16:59:32.0779 4176 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:59:32.0796 4176 UmPass - ok
16:59:32.0840 4176 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
16:59:32.0844 4176 UmRdpService - ok
16:59:32.0912 4176 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:59:32.0926 4176 upnphost - ok
16:59:32.0977 4176 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:59:33.0001 4176 usbccgp - ok
16:59:33.0047 4176 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:59:33.0053 4176 usbcir - ok
16:59:33.0087 4176 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:59:33.0104 4176 usbehci - ok
16:59:33.0175 4176 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:59:33.0197 4176 usbhub - ok
16:59:33.0234 4176 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
16:59:33.0253 4176 usbohci - ok
16:59:33.0293 4176 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:59:33.0311 4176 usbprint - ok
16:59:33.0340 4176 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:59:33.0372 4176 USBSTOR - ok
16:59:33.0403 4176 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
16:59:33.0405 4176 usbuhci - ok
16:59:33.0442 4176 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
16:59:33.0458 4176 usb_rndisx - ok
16:59:33.0471 4176 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:59:33.0474 4176 UxSms - ok
16:59:33.0518 4176 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:59:33.0520 4176 VaultSvc - ok
16:59:33.0574 4176 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:59:33.0607 4176 vdrvroot - ok
16:59:33.0670 4176 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:59:33.0682 4176 vds - ok
16:59:33.0709 4176 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:59:33.0712 4176 vga - ok
16:59:33.0738 4176 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:59:33.0755 4176 VgaSave - ok
16:59:33.0781 4176 VGPU - ok
16:59:33.0813 4176 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:59:33.0834 4176 vhdmp - ok
16:59:33.0847 4176 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:59:33.0865 4176 viaide - ok
16:59:33.0892 4176 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
16:59:33.0956 4176 vmbus - ok
16:59:33.0975 4176 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
16:59:33.0992 4176 VMBusHID - ok
16:59:34.0012 4176 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:59:34.0048 4176 volmgr - ok
16:59:34.0103 4176 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:59:34.0113 4176 volmgrx - ok
16:59:34.0138 4176 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:59:34.0167 4176 volsnap - ok
16:59:34.0212 4176 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:59:34.0233 4176 vsmraid - ok
16:59:34.0357 4176 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:59:34.0381 4176 VSS - ok
16:59:34.0521 4176 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:59:34.0539 4176 vwifibus - ok
16:59:34.0564 4176 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:59:34.0567 4176 vwififlt - ok
16:59:34.0588 4176 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:59:34.0606 4176 vwifimp - ok
16:59:34.0662 4176 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:59:34.0668 4176 W32Time - ok
16:59:34.0687 4176 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:59:34.0690 4176 WacomPen - ok
16:59:34.0752 4176 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:59:34.0770 4176 WANARP - ok
16:59:34.0773 4176 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:59:34.0774 4176 Wanarpv6 - ok
16:59:34.0877 4176 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:59:34.0900 4176 WatAdminSvc - ok
16:59:35.0019 4176 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:59:35.0043 4176 wbengine - ok
16:59:35.0226 4176 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:59:35.0239 4176 WbioSrvc - ok
16:59:35.0333 4176 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
16:59:35.0347 4176 WcesComm - ok
16:59:35.0423 4176 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:59:35.0433 4176 wcncsvc - ok
16:59:35.0451 4176 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:59:35.0455 4176 WcsPlugInService - ok
16:59:35.0545 4176 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:59:35.0550 4176 Wd - ok
16:59:35.0584 4176 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
16:59:35.0587 4176 WDC_SAM - ok
16:59:35.0646 4176 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:59:35.0661 4176 Wdf01000 - ok
16:59:35.0697 4176 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:59:35.0702 4176 WdiServiceHost - ok
16:59:35.0706 4176 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:59:35.0709 4176 WdiSystemHost - ok
16:59:35.0773 4176 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:59:35.0784 4176 WebClient - ok
16:59:35.0851 4176 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:59:35.0864 4176 Wecsvc - ok
16:59:35.0897 4176 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:59:35.0901 4176 wercplsupport - ok
16:59:35.0937 4176 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:59:35.0942 4176 WerSvc - ok
16:59:35.0972 4176 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:59:35.0996 4176 WfpLwf - ok
16:59:36.0008 4176 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:59:36.0025 4176 WIMMount - ok
16:59:36.0116 4176 winachsf (7387ce6730baab8254da0ce3776a4b28) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
16:59:36.0151 4176 winachsf - ok
16:59:36.0213 4176 WinDefend - ok
16:59:36.0236 4176 WinHttpAutoProxySvc - ok
16:59:36.0316 4176 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:59:36.0321 4176 Winmgmt - ok
16:59:36.0505 4176 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:59:36.0541 4176 WinRM - ok
16:59:36.0760 4176 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:59:36.0798 4176 WinUsb - ok
16:59:36.0898 4176 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:59:36.0915 4176 Wlansvc - ok
16:59:37.0242 4176 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:59:37.0282 4176 wlidsvc - ok
16:59:37.0457 4176 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:59:37.0474 4176 WmiAcpi - ok
16:59:37.0549 4176 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:59:37.0556 4176 wmiApSrv - ok
16:59:37.0620 4176 WMPNetworkSvc - ok
16:59:37.0667 4176 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:59:37.0675 4176 WPCSvc - ok
16:59:37.0740 4176 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:59:37.0748 4176 WPDBusEnum - ok
16:59:37.0789 4176 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:59:37.0830 4176 ws2ifsl - ok
16:59:37.0840 4176 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
16:59:37.0843 4176 wscsvc - ok
16:59:37.0847 4176 WSearch - ok
16:59:38.0131 4176 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
16:59:38.0208 4176 wuauserv - ok
16:59:38.0392 4176 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:59:38.0411 4176 WudfPf - ok
16:59:38.0458 4176 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:59:38.0478 4176 WUDFRd - ok
16:59:38.0519 4176 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:59:38.0523 4176 wudfsvc - ok
16:59:38.0570 4176 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:59:38.0577 4176 WwanSvc - ok
16:59:38.0610 4176 XAudio (9907bc1cc78c37073ac78a4541710b61) C:\Windows\system32\DRIVERS\XAudio64.sys
16:59:38.0612 4176 XAudio - ok
16:59:38.0682 4176 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:59:38.0931 4176 \Device\Harddisk0\DR0 - ok
16:59:38.0935 4176 Boot (0x1200) (1ba6ccdc6d4086f296ea4a71891bbe0f) \Device\Harddisk0\DR0\Partition0
16:59:38.0936 4176 \Device\Harddisk0\DR0\Partition0 - ok
16:59:38.0950 4176 Boot (0x1200) (eb4d6a428d0e62b72d73ed74c2c6c712) \Device\Harddisk0\DR0\Partition1
16:59:38.0952 4176 \Device\Harddisk0\DR0\Partition1 - ok
16:59:38.0975 4176 Boot (0x1200) (6eb440cf691b56f940862292718fb706) \Device\Harddisk0\DR0\Partition2
16:59:38.0976 4176 \Device\Harddisk0\DR0\Partition2 - ok
16:59:38.0977 4176 ============================================================
16:59:38.0977 4176 Scan finished
16:59:38.0977 4176 ============================================================
16:59:38.0990 7156 Detected object count: 1
16:59:38.0990 7156 Actual detected object count: 1
17:00:11.0140 7156 sptd ( LockedFile.Multi.Generic ) - skipped by user
17:00:11.0140 7156 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
17:00:14.0159 1772 Deinitialize success



ComboFix 12-06-25.05 - TAN 26/06/2012 17:07:15.1.2 - x64
Microsoft Windows 7 Ultimate N 6.1.7601.1.1252.1.1033.18.8088.6082 [GMT 9.5:30]
Running from: C:\Users\TAN\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\ProgramData\logs
C:\ProgramData\Roaming
C:\Users\TAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\{754F4691-E620-415B-A36B-369385FB79C8}.xps
C:\Users\TAN\AppData\Roaming\dipiz.dll
C:\Users\TAN\AppData\Roaming\kbals.dll
C:\Users\TAN\AppData\Roaming\progp.dll
C:\Users\TAN\AppData\Roaming\snladi.dll
C:\Users\TAN\AppData\Roaming\wemsr.dll
C:\Windows\iun6002.exe
C:\Windows\kaio.INI
C:\Windows\system32\drivers\etc\hosts.ics
C:\Windows\SysWow64\SETFBB9.tmp
C:\Windows\XSxS


((((((((((((((((((((((((( Files Created from 2012-05-26 to 2012-06-26 )))))))))))))))))))))))))))))))


2012-06-26 07:48:15 . 2012-06-26 07:48:15 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-06-26 01:05:14 . 2012-05-31 04:04:02 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7A918B32-E1A4-4988-B33C-86093AB928E5}\mpengine.dll
2012-06-23 11:51:27 . 2012-06-02 22:19:42 57880 ----a-w- C:\Windows\system32\wuauclt.exe
2012-06-23 11:51:27 . 2012-06-02 22:19:42 44056 ----a-w- C:\Windows\system32\wups2.dll
2012-06-23 11:51:26 . 2012-06-02 22:19:43 2428952 ----a-w- C:\Windows\system32\wuaueng.dll
2012-06-23 11:51:26 . 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\system32\wucltux.dll
2012-06-23 11:51:05 . 2012-06-02 22:19:46 38424 ----a-w- C:\Windows\system32\wups.dll
2012-06-23 11:51:05 . 2012-06-02 22:19:23 701976 ----a-w- C:\Windows\system32\wuapi.dll
2012-06-23 11:51:05 . 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\system32\wudriver.dll
2012-06-23 11:50:28 . 2012-06-02 05:49:42 186752 ----a-w- C:\Windows\system32\wuwebv.dll
2012-06-23 11:50:28 . 2012-06-02 05:45:12 36864 ----a-w- C:\Windows\system32\wuapp.exe
2012-06-18 04:22:26 . 2012-06-18 04:22:39 -------- d-----w- C:\Program Files (x86)\Google
2012-06-14 06:46:17 . 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\system32\rdpcorekmts.dll
2012-06-14 06:46:16 . 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\system32\rdpwsx.dll
2012-06-14 06:46:16 . 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\system32\rdrmemptylst.exe
2012-06-14 06:46:02 . 2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\system32\msi.dll
2012-06-14 06:46:01 . 2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-12 03:40:46 . 2012-06-12 05:47:35 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-06-12 03:25:33 . 2012-06-12 03:34:19 -------- d-----w- C:\ProgramData\PC Tools
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-06-26 07:51:45 . 2011-06-20 08:25:51 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat
2012-06-14 06:37:48 . 2012-04-04 04:34:12 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-14 06:37:48 . 2011-06-04 09:41:43 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 06:26:40 . 2010-06-24 11:09:31 24904 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-03-30 11:35:47 . 2012-05-09 03:12:30 1918320 ----a-w- C:\Windows\system32\drivers\tcpip.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:13 PM

Posted 26 June 2012 - 01:49 PM

Hello,

Please download and run the following tools. These are to check for any leftovers.



1.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


2.
TrendMicro™ HouseCall Java Scan
  • Please go HERE to run the Trend Micro™ HouseCall Scan.
  • Click Scan now. It's free!
  • Read and put a Check next to Yes I accept the terms of use.
  • Click the Launching HouseCall>> button.
  • If confirmed that HouseCall can run on your system, under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
  • You may receive a Security Warning about the TrendMicro Java applet, click YES.
  • Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
  • Please be patient while it installs, updates, and scans your system.
  • Once the scan is complete, it will take you to the summary page.
  • Under Cleanup options, choose clean all detected infections automatically.
  • Click the Clean now>> button.
  • If anything was found you may be prompted to run the scan again, you can just close the browser window.


Things to include in your next reply::
MBAM log
TrendMicro log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 vernontan

vernontan
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 26 June 2012 - 07:57 PM

Hi, thanks again for your assistance. I'm still getting the RunDLL error messages everytime I boot up my laptop. There're 3 separate RunDLL error messages now as described in my previous post. I've not been getting anymore redirects on IE9 now.

The Trend Micro HouseCall scan did not generate any .txt log but then again, no threats were found. Below is the MABM log:


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.26.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
TAN :: TAN-PC [administrator]

27/06/2012 9:42:55 AM
mbam-log-2012-06-27 (09-42-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228975
Time elapsed: 6 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Thanks again!

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:13 PM

Posted 26 June 2012 - 09:04 PM

I think I know whats going on with those dll's. Let me get an Otl log so I know for sure.





  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    c:\windows\*. /SL
    c:\windows\*. /RP 
    netsvcs
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav 
    %systemroot%\system32\drivers\*.sys /90
    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 vernontan

vernontan
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 26 June 2012 - 09:22 PM

Hi, here are the reports:

OTL Extras logfile created on: 27/06/2012 11:39:51 AM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\TAN\Desktop
64bit- Ultimate Edition N Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

7.90 Gb Total Physical Memory | 5.28 Gb Available Physical Memory | 66.90% Memory free
15.80 Gb Paging File | 12.76 Gb Available in Paging File | 80.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 128.05 Gb Total Space | 30.77 Gb Free Space | 24.03% Space Free | Partition Type: NTFS
Drive D: | 19.53 Gb Total Space | 12.94 Gb Free Space | 66.27% Space Free | Partition Type: NTFS

Computer Name: TAN-PC | User Name: TAN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 61 01 DA 5A 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00598DF7-EB8E-4159-8C1E-E3D6594C964D}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{15A2AD40-95A4-495C-87F9-541F45718A6E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1AD887F4-ACF4-49A2-BFA0-E1E91BEBF34D}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2CC8A98A-BC80-4123-B033-93ABB75CCCA8}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2D3F4ECD-7C32-4FF4-BF90-3FC5B4F71EB9}" = rport=2869 | protocol=6 | dir=out | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{39A4B079-AB74-4FB1-A5E0-4924F1A81585}" = lport=2869 | protocol=6 | dir=in | app=system |
"{403E3BD3-53C1-46C8-9671-706F3B6639CF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4211B48C-1F34-4933-B18B-C021C66A072D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4FBB8C08-1FE2-44C8-800E-B18B3919FE44}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{7D539FF4-30FB-466F-A071-ADC0618D0583}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{92BCF3AF-7D07-4BC0-9908-8915576C1129}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9FEC708F-8722-476A-83DA-441E9054571B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CA361B39-C80C-4951-B7A4-46DC9850D405}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CA98B24C-EB4A-42BF-90EC-11CA5AE39451}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{040AA65D-D4BF-4D6F-8CA7-58615EB1B38F}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{09F3FF69-0AB1-4289-A840-41F3ED515A9A}" = protocol=17 | dir=in | app=c:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe |
"{0FA5DB47-B7B8-4082-829D-6D5CBE01D2A5}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{15F78691-775F-4370-8EDD-E6E9EABA5954}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{1CCE0010-C3BB-408F-8555-88F8B1F27DFC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{28CBD687-59BC-490A-BD23-0AB251FCA127}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{2F697079-46DD-420D-990A-D76BD0556310}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3DE4EA24-8571-4FAF-AD82-315B89A1B700}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{49E7E7CE-505E-4088-8F58-0787C775FA99}" = protocol=6 | dir=in | app=c:\program files (x86)\voipstunt.com\voipstunt\voipstunt.exe |
"{504448EB-410A-4A47-81FD-3EAFDF255370}" = protocol=17 | dir=in | app=c:\users\tan\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{573DCE53-E839-4987-925C-82B9B2D4E492}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{58E57386-A27C-4755-92D7-C3C52CDDA777}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{695B5EFC-5E1E-4F8D-B5C5-0E7C885E252C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{7CEDA967-F58D-44BA-AC4F-DDA16F265A91}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{863928BC-3367-4D7E-A7EB-B13F9D7EEC57}" = protocol=6 | dir=in | app=c:\users\tan\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8A19676C-DC52-4795-9F03-1148036375B9}" = protocol=17 | dir=in | app=c:\users\tan\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{9D85E39E-0464-425C-B55C-85C9F466DDAE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{BE86F9AC-1E13-4B89-AFAC-32525D5A89BC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C380AB8F-2EED-4E9A-A532-5F217906132C}" = protocol=6 | dir=in | app=c:\users\tan\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D7D7C4E4-F02A-4591-B280-7CFDF46B68FA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EB9A5B18-B75C-4068-B52A-5E18593FE100}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F8DF3C24-210F-48D4-BDF7-C0A9FD36E983}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{FB171442-A783-4AEE-A976-C832EEAF796B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{5575A937-8E3F-4ADC-91C3-E951AEBADD78}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{B5596BD8-A053-478B-8573-913D372BDAA0}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{33A80C41-B1DB-4337-9CF0-19121FFA150B}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{3AE5F72B-8648-4D02-A783-41FB1ADEE78C}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{233B6B34-0F9C-A0FE-644F-AD095159A13F}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java™ 7 Update 1 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5B9F1BB4-4C06-41E8-877D-B458742B0D0A}" = Fresco Logic USB3.0 Host Controller
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.1.5
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{965DF723-5688-359E-84D2-417CAFE644B5}" = Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x64
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AEC6013A-8D16-AECA-8056-A5C069C53775}" = ATI Catalyst Install Manager
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C0D93E4E-0866-43C8-A104-BF41A803EA84}" = ESET Smart Security
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D75AEB5B-FA18-4BD4-9EED-54CA46DB5AE8}" = Intel® PROSet/Wireless WiFi Software
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ATI Uninstaller" = ATI Uninstaller
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"HECI" = Intel® Management Engine Interface
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"OnScreenDisplay" = On Screen Display
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel® Network Connections Drivers
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01F94DD7-23FC-F9A3-E6CB-FFF62D3781E5}" = Catalyst Control Center InstallProxy
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{036F4752-39E3-4B9C-AD93-2A856A867C1E}" = Ez3D2009
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{135564A5-0EFA-2F0B-EDCF-B72A418A5BF7}" = CCC Help German
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDFD690-5E51-9FD5-9F0C-D8FE63F3345B}" = Catalyst Control Center Localization All
"{1EB00890-0240-4C6E-00FC-8C9BE40A4D2F}" = CCC Help Portuguese
"{1FA85D65-C835-47DD-918C-C89E94F82B76}" = CCC Help Japanese
"{1FEB4B4E-25A3-8DEC-9D2A-811B2ECEF9CB}" = CCC Help Chinese Traditional
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (DOLPHIN)
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft VC80 Support DLLs
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4415B0E6-B266-49C3-B501-FFEF76C3D71B}" = Google Advertising Cookie Opt-out
"{44D9A2CB-0692-3180-B5E2-26F4E807D067}" = Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86
"{467B5735-3B42-D37C-C54D-AB18AD66D926}" = CCC Help Chinese Standard
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{536e3144-b27a-49c8-b9c6-0cfb21e6ff10}" = Nero 9 Trial
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5B367DD2-2579-0B71-FDEF-DE647C99F7E6}" = ccc-core-static
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{652DB766-49B5-041F-6E4A-B04D7CDAAADF}" = CCC Help Spanish
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis True Image Home
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73ED3EA3-F96F-D098-7EE4-146FBD30113E}" = PX Profile Update
"{766BE352-7FEF-48F3-A7E7-0271FD62A1B0}" = CCC Help Dutch
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}" = EndNote X4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95903DC0-1F68-958D-88C2-EE128AC2A59A}" = CCC Help Korean
"{96AAFA4F-F32A-4545-8A48-C83A5FA4092F}" = Catalyst Control Center - Branding
"{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A2A7B30A-06C7-E43E-29EF-5F0F5C68C9AE}" = CCC Help French
"{A4EEF9EC-DE66-E8E9-1FBB-3DDEB32CC069}" = CCC Help Swedish
"{A5A63519-F5C2-4F4A-849A-F28A1AB3D522}" = Sentinel Protection Installer 7.5.0
"{A62EA688-9C10-4500-5248-8495842932AA}" = CCC Help English
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BD097E7D-A033-24B9-6D13-C7C63D775A0E}" = Catalyst Control Center Graphics Previews Vista
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C078C299-C2C2-4110-A6EF-8D5E66C228DA}" = e-tax 2011
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3355E5C-965C-4f67-8A8C-E9A0FA9FD80F}" = Rhinoceros 4.0 Evaluation
"{E45D1CA0-C70E-4FF4-B46B-1F6ED85501F9}" = ClinCheck
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F1F5AFB0-2822-90A3-1AE0-E6603B7BE1E7}" = CCC Help Italian
"{FBC51784-0430-4D7B-BCE5-22A0D5D0A290}" = Dolphin Imaging
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Grasshopper" = Grasshopper
"InstallShield_{E45D1CA0-C70E-4FF4-B46B-1F6ED85501F9}" = ClinCheck
"InstallShield_{FBC51784-0430-4D7B-BCE5-22A0D5D0A290}" = Dolphin Imaging 11.0
"JDownloader" = JDownloader
"KeynoteConnector" = Keynote Connector
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.2.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mikogo" = Mikogo
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PDF Password Remover v3.1_is1" = PDF Password Remover v3.1
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"VoipStunt_is1" = VoipStunt
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 25/06/2012 9:05:49 PM | Computer Name = TAN-PC | Source = ESENT | ID = 623
Description = wuaueng.dll (1168) SUS20ClientDataStore: The version store for this
instance (0) has reached its maximum size of 32Mb. It is likely that a long-running
transaction is preventing cleanup of the version store and causing it to build
up in size. Updates will be rejected until the long-running transaction has been
completely committed or rolled back. Possible long-running transaction: SessionId:
0x0000000000F004A0 Session-context: 0x00000000 Session-context ThreadId: 0x0000000000001044

Cleanup:
1

Error - 25/06/2012 9:06:28 PM | Computer Name = TAN-PC | Source = ESENT | ID = 623
Description = wuaueng.dll (1168) SUS20ClientDataStore: The version store for this
instance (0) has reached its maximum size of 32Mb. It is likely that a long-running
transaction is preventing cleanup of the version store and causing it to build
up in size. Updates will be rejected until the long-running transaction has been
completely committed or rolled back. Possible long-running transaction: SessionId:
0x0000000000F004A0 Session-context: 0x00000000 Session-context ThreadId: 0x0000000000001044

Cleanup:
1

Error - 25/06/2012 9:23:06 PM | Computer Name = TAN-PC | Source = ESENT | ID = 623
Description = wuaueng.dll (1168) SUS20ClientDataStore: The version store for this
instance (0) has reached its maximum size of 32Mb. It is likely that a long-running
transaction is preventing cleanup of the version store and causing it to build
up in size. Updates will be rejected until the long-running transaction has been
completely committed or rolled back. Possible long-running transaction: SessionId:
0x00000000011E04A0 Session-context: 0x00000000 Session-context ThreadId: 0x00000000000015FC

Cleanup:
1

Error - 26/06/2012 3:55:42 AM | Computer Name = TAN-PC | Source = ESENT | ID = 623
Description = wuaueng.dll (1152) SUS20ClientDataStore: The version store for this
instance (0) has reached its maximum size of 32Mb. It is likely that a long-running
transaction is preventing cleanup of the version store and causing it to build
up in size. Updates will be rejected until the long-running transaction has been
completely committed or rolled back. Possible long-running transaction: SessionId:
0x00000000014F04A0 Session-context: 0x00000000 Session-context ThreadId: 0x0000000000000A14

Cleanup:
1

Error - 26/06/2012 4:20:18 AM | Computer Name = TAN-PC | Source = ESENT | ID = 623
Description = wuaueng.dll (1112) SUS20ClientDataStore: The version store for this
instance (0) has reached its maximum size of 32Mb. It is likely that a long-running
transaction is preventing cleanup of the version store and causing it to build
up in size. Updates will be rejected until the long-running transaction has been
completely committed or rolled back. Possible long-running transaction: SessionId:
0x00000000014004A0 Session-context: 0x00000000 Session-context ThreadId: 0x00000000000016EC

Cleanup:
1

Error - 26/06/2012 4:20:44 AM | Computer Name = TAN-PC | Source = ESENT | ID = 623
Description = wuaueng.dll (1112) SUS20ClientDataStore: The version store for this
instance (0) has reached its maximum size of 32Mb. It is likely that a long-running
transaction is preventing cleanup of the version store and causing it to build
up in size. Updates will be rejected until the long-running transaction has been
completely committed or rolled back. Possible long-running transaction: SessionId:
0x00000000014004A0 Session-context: 0x00000000 Session-context ThreadId: 0x00000000000016EC

Cleanup:
1

Error - 26/06/2012 9:20:32 AM | Computer Name = TAN-PC | Source = ESENT | ID = 623
Description = wuaueng.dll (1144) SUS20ClientDataStore: The version store for this
instance (0) has reached its maximum size of 32Mb. It is likely that a long-running
transaction is preventing cleanup of the version store and causing it to build
up in size. Updates will be rejected until the long-running transaction has been
completely committed or rolled back. Possible long-running transaction: SessionId:
0x0000000000EC04A0 Session-context: 0x00000000 Session-context ThreadId: 0x0000000000000274

Cleanup:
1

Error - 26/06/2012 9:20:59 AM | Computer Name = TAN-PC | Source = ESENT | ID = 623
Description = wuaueng.dll (1144) SUS20ClientDataStore: The version store for this
instance (0) has reached its maximum size of 32Mb. It is likely that a long-running
transaction is preventing cleanup of the version store and causing it to build
up in size. Updates will be rejected until the long-running transaction has been
completely committed or rolled back. Possible long-running transaction: SessionId:
0x0000000000EC04A0 Session-context: 0x00000000 Session-context ThreadId: 0x0000000000000274

Cleanup:
1

Error - 26/06/2012 8:08:22 PM | Computer Name = TAN-PC | Source = ESENT | ID = 623
Description = wuaueng.dll (1160) SUS20ClientDataStore: The version store for this
instance (0) has reached its maximum size of 32Mb. It is likely that a long-running
transaction is preventing cleanup of the version store and causing it to build
up in size. Updates will be rejected until the long-running transaction has been
completely committed or rolled back. Possible long-running transaction: SessionId:
0x00000000012E04A0 Session-context: 0x00000000 Session-context ThreadId: 0x0000000000001084

Cleanup:
1

Error - 26/06/2012 8:10:16 PM | Computer Name = TAN-PC | Source = ESENT | ID = 623
Description = wuaueng.dll (1160) SUS20ClientDataStore: The version store for this
instance (0) has reached its maximum size of 32Mb. It is likely that a long-running
transaction is preventing cleanup of the version store and causing it to build
up in size. Updates will be rejected until the long-running transaction has been
completely committed or rolled back. Possible long-running transaction: SessionId:
0x00000000012E04A0 Session-context: 0x00000000 Session-context ThreadId: 0x0000000000001084

Cleanup:
1

[ System Events ]
Error - 26/06/2012 12:18:41 AM | Computer Name = TAN-PC | Source = ipnathlp | ID = 31004
Description =

Error - 26/06/2012 3:40:47 AM | Computer Name = TAN-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 26/06/2012 3:43:59 AM | Computer Name = TAN-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 26/06/2012 3:49:57 AM | Computer Name = TAN-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 26/06/2012 3:51:19 AM | Computer Name = TAN-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 26/06/2012 4:02:12 AM | Computer Name = TAN-PC | Source = DCOM | ID = 10010
Description =

Error - 26/06/2012 4:08:02 AM | Computer Name = TAN-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 26/06/2012 9:07:34 AM | Computer Name = TAN-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 26/06/2012 8:07:07 PM | Computer Name = TAN-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 26/06/2012 8:07:33 PM | Computer Name = TAN-PC | Source = ipnathlp | ID = 31004
Description =


< End of report >




OTL logfile created on: 27/06/2012 11:39:51 AM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\TAN\Desktop
64bit- Ultimate Edition N Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

7.90 Gb Total Physical Memory | 5.28 Gb Available Physical Memory | 66.90% Memory free
15.80 Gb Paging File | 12.76 Gb Available in Paging File | 80.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 128.05 Gb Total Space | 30.77 Gb Free Space | 24.03% Space Free | Partition Type: NTFS
Drive D: | 19.53 Gb Total Space | 12.94 Gb Free Space | 66.27% Space Free | Partition Type: NTFS

Computer Name: TAN-PC | User Name: TAN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/27 11:38:24 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\TAN\Desktop\OTL.exe
PRC - [2012/06/23 21:53:56 | 000,079,384 | ---- | M] (Google) -- C:\Users\TAN\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/10/04 02:04:00 | 000,064,576 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011/09/06 02:35:00 | 000,373,648 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe
PRC - [2011/09/06 02:34:58 | 002,904,984 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011/08/11 18:04:14 | 000,328,552 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/07/25 23:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2011/07/12 17:03:32 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2011/07/12 16:17:04 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/07/12 15:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/02/16 01:31:48 | 000,019,968 | ---- | M] (Fork Ltd.) -- C:\Prey\platform\windows\cronsvc.exe
PRC - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2009/11/15 00:56:20 | 000,324,976 | ---- | M] (Flexera Software, Inc.) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2009/11/12 02:48:30 | 005,106,904 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/07/11 07:05:00 | 000,226,592 | ---- | M] (SafeNet, Inc) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2008/07/11 01:02:10 | 000,328,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2007/02/26 17:45:22 | 000,063,024 | ---- | M] () -- C:\Program Files (x86)\ThinkPad\Utilities\TpKmapMn.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/06 02:35:06 | 000,249,232 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\sqlite.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2007/02/26 17:45:26 | 000,103,984 | ---- | M] () -- C:\Program Files (x86)\ThinkPad\Utilities\TpKmapHk.dll
MOD - [2007/02/26 17:45:22 | 000,063,024 | ---- | M] () -- C:\Program Files (x86)\ThinkPad\Utilities\TpKmapMn.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 10:20:42 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2011/07/12 15:53:58 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2011/07/12 15:53:40 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2011/07/12 15:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2011/07/12 15:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2011/06/04 16:10:52 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/04/25 12:03:46 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/01/12 16:44:02 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/10/19 13:51:44 | 001,430,288 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV:64bit: - [2010/10/19 13:29:38 | 000,838,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV:64bit: - [2010/06/16 12:44:38 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2009/11/09 12:48:34 | 000,054,632 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Program Files\Lenovo\HOTKEY\cammute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2009/07/14 11:10:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/20 16:22:49 | 001,003,888 | ---- | M] () [On_Demand | Stopped] -- C:/Users/TAN/AppData/Roaming/Mikogo\M4-Service.exe -- (M4-Service)
SRV - [2011/10/04 02:04:00 | 000,478,056 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2011/10/04 02:04:00 | 000,175,168 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2011/10/04 02:04:00 | 000,089,152 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011/07/25 23:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011/06/02 19:48:23 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/02/16 01:31:48 | 000,019,968 | ---- | M] (Fork Ltd.) [Auto | Running] -- C:\Prey\platform\windows\cronsvc.exe -- (CronService)
SRV - [2010/04/20 21:17:46 | 000,185,640 | ---- | M] () [On_Demand | Stopped] -- C:\Users\TAN\AppData\Roaming\Mikogo\B-Service.exe -- (B-Service)
SRV - [2010/03/26 22:42:15 | 002,480,048 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/11/12 02:50:24 | 000,894,136 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/09/23 12:38:18 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/11 06:53:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/29 10:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2008/07/11 07:05:00 | 000,226,592 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2008/07/11 01:02:10 | 000,328,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- c:\program files\pc-doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06000000}_0)
DRV:64bit: - [2012/03/01 16:16:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/04 02:04:00 | 000,031,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2011/10/04 02:04:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2011/08/11 10:20:42 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2011/04/25 12:30:32 | 008,013,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/25 12:30:32 | 008,013,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/25 11:23:34 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 16:11:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:11:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/24 17:01:14 | 000,302,592 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc) Fresco Logic xHCI (USB3)
DRV:64bit: - [2011/02/24 17:01:14 | 000,081,920 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh) Fresco Logic xHCI (USB3)
DRV:64bit: - [2011/02/17 18:25:02 | 001,419,824 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/21 15:04:06 | 000,170,640 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/12/21 15:04:06 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/12/21 13:47:38 | 000,170,640 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2010/12/21 13:47:38 | 000,050,624 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2010/12/21 13:47:38 | 000,034,144 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis)
DRV:64bit: - [2010/12/17 15:51:46 | 000,299,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2010/12/17 15:51:44 | 001,493,632 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2010/12/17 15:51:42 | 000,748,160 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2010/11/20 23:03:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:37:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:33:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/04 08:23:56 | 000,016,896 | ---- | M] (http://www.atmel.com) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2010/10/18 01:21:32 | 008,153,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010/09/07 13:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010/08/26 01:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010/08/26 01:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/16 12:44:38 | 000,136,816 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2010/06/16 12:44:38 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2010/05/10 13:47:58 | 000,016,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2010/05/10 13:43:24 | 000,023,736 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2010/04/09 13:17:04 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2010/04/09 13:16:58 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2010/03/26 22:42:17 | 000,251,488 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2010/03/26 22:42:12 | 001,477,728 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV:64bit: - [2010/03/26 22:42:10 | 000,943,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010/03/26 22:41:55 | 000,257,120 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010/02/21 18:29:12 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/01/21 04:13:02 | 000,045,656 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
DRV:64bit: - [2010/01/13 08:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/12/30 11:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/12/03 15:48:32 | 000,716,872 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2009/10/05 16:58:18 | 000,649,216 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/07/14 11:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 09:39:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/14 08:51:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/23 11:50:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/06/11 06:31:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/11 06:31:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/11 06:31:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/11 06:05:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/11 06:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/08/22 21:10:26 | 000,316,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2008/07/11 07:05:00 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2008/06/27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/10/12 01:00:22 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/10/12 00:56:34 | 000,582,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV561V64.sys -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV:64bit: - [2007/02/19 15:26:38 | 000,027,136 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV - [2009/07/14 10:49:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {F8305D7D-CF69-465a-9003-813C6013A702}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{F8305D7D-CF69-465a-9003-813C6013A702}: "URL" = http://start.flashvideodownloader.org/result.php?cx=partner-pub-5087362176467115:lyglkqaff6i&cof=FORID:10&ie=ISO-8859-1&sa=Search&q={searchTerms}
IE - HKLM\..\SearchScopes\{F8305D7D-CF79-465a-9003-813C6013A702}: "URL" = http://start.flashvideodownloader.org/result.php?cx=partner-pub-5087362176467115:h6z8ss-efx2&cof=FORID:10&ie=ISO-8859-1&sa=Search&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.my/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2A 8C 3B 68 A7 AE CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{F8305D7D-CF69-465a-9003-813C6013A702}: "URL" = http://start.flashvideodownloader.org/result.php?cx=partner-pub-5087362176467115:lyglkqaff6i&cof=FORID:10&ie=ISO-8859-1&sa=Search&q={searchTerms}
IE - HKCU\..\SearchScopes\{F8305D7D-CF79-465a-9003-813C6013A702}: "URL" = http://start.flashvideodownloader.org/result.php?cx=partner-pub-5087362176467115:h6z8ss-efx2&cof=FORID:10&ie=ISO-8859-1&sa=Search&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\TAN\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\TAN\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\TAN\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\TAN\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2011/06/21 20:56:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/11/15 14:17:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/06/21 20:56:17 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/06/26 20:11:42 | 000,000,057 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Advertising Cookie Opt-out) - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files (x86)\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4064EA35-578D-4073-A834-C96D82CBCF40} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [dipiz] rundll32.exe "C:\Users\TAN\AppData\Roaming\dipiz.dll",SteamMatchmaking File not found
O4:64bit: - HKLM..\Run: [drdms] "C:\Windows\System32\rundll32.exe" "C:\Users\TAN\AppData\Roaming\drdms.dll",LoadSurfaceFromResourceW File not found
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [progp] "C:\Windows\System32\rundll32.exe" "C:\Users\TAN\AppData\Roaming\progp.dll",mpegInUpdateFiles File not found
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] "%windir%\WindowsMobile\wmdc.exe" File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [FLxHCIm] C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe (Windows ® Win 7 DDK provider)
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files (x86)\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Flexera Software, Inc.)
O4 - HKCU..\Run: [TPKMAPMN] C:\Program Files (x86)\ThinkPad\Utilities\TpKmapMn.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab (Keynote Connector Launcher 2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 139.130.4.4 203.50.2.71
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A2B4C1D-6287-4EF2-A5A6-FF4CBC3DE7DF}: DhcpNameServer = 139.130.4.4 203.50.2.71
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{550967E6-7719-4864-B035-83D18C1FE89C}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A72E282-E2C3-4812-9184-A29923A09C90}: DhcpNameServer = 139.130.4.4 203.50.2.71
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {68FCB05F-017B-EC25-7B72-5357A7DC7550} - Browser Customizations
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {8EA0252F-1A61-8DDB-7781-2016847E0713} - Internet Explorer
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {B579AAE7-3666-6F10-8C89-45AB668F3A72} - Themes Setup
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3D266043-78BC-AA96-8F9D-C8EA3F9D60C9} - Java (Sun)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {4FB245D0-AC2A-D2AE-FFE6-67261A626948} - Java (Sun)
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {60FE0349-1B8D-17BD-FB5F-C7B9857E714B} - Java (Sun)
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8F631520-2C8F-DE36-80B6-810F521D9899} - Offline Browsing Pack
ActiveX: {92529B3B-D952-844A-5325-23D748793261} - Java (Sun)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9E364CE5-B92B-DB67-FB23-1225D52535EE} - Themes Setup
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.I420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.MP42 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/27 11:38:24 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\TAN\Desktop\OTL.exe
[2012/06/27 09:53:41 | 002,405,568 | ---- | C] (Trend Micro Inc.) -- C:\Users\TAN\Desktop\HousecallLauncher64.exe
[2012/06/26 17:21:33 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/06/26 17:05:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/26 17:05:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/26 17:05:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/26 17:05:17 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/26 17:05:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/26 17:04:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/26 17:02:56 | 004,569,239 | R--- | C] (Swearware) -- C:\Users\TAN\Desktop\ComboFix.exe
[2012/06/26 03:06:32 | 000,000,000 | ---D | C] -- C:\Users\TAN\AppData\Roaming\Mozilla
[2012/06/24 14:54:26 | 000,000,000 | ---D | C] -- C:\Users\TAN\Desktop\av
[2012/06/18 13:52:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/06/12 13:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/06/12 12:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/05/30 16:27:55 | 000,000,000 | ---D | C] -- C:\Users\TAN\Desktop\Sampson DCP4 Lectures
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Users\TAN\Desktop\*.tmp files -> C:\Users\TAN\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/27 11:38:24 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\TAN\Desktop\OTL.exe
[2012/06/27 11:37:30 | 000,000,029 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat
[2012/06/27 11:05:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3823343706-1866832251-565126543-1000UA.job
[2012/06/27 10:57:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/27 10:19:36 | 000,913,766 | ---- | M] () -- C:\Users\TAN\AppData\Local\census.cache
[2012/06/27 10:19:31 | 000,121,952 | ---- | M] () -- C:\Users\TAN\AppData\Local\ars.cache
[2012/06/27 09:53:54 | 000,000,036 | ---- | M] () -- C:\Users\TAN\AppData\Local\housecall.guid.cache
[2012/06/27 09:53:51 | 002,405,568 | ---- | M] (Trend Micro Inc.) -- C:\Users\TAN\Desktop\HousecallLauncher64.exe
[2012/06/27 09:45:33 | 000,028,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/27 09:45:33 | 000,028,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/27 09:41:40 | 000,848,932 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/27 09:41:40 | 000,710,158 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/27 09:41:40 | 000,139,748 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/27 09:37:25 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012/06/27 09:37:05 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/27 09:36:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/27 09:36:39 | 2065,702,911 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/26 22:05:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3823343706-1866832251-565126543-1000Core.job
[2012/06/26 20:11:42 | 000,000,057 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/26 19:55:38 | 001,066,691 | ---- | M] () -- C:\Users\TAN\Desktop\A-TPT ADB setup info.pdf
[2012/06/26 17:38:54 | 000,054,091 | ---- | M] () -- C:\Users\TAN\Desktop\Capture.JPG
[2012/06/26 17:03:20 | 004,569,239 | R--- | M] (Swearware) -- C:\Users\TAN\Desktop\ComboFix.exe
[2012/06/26 16:58:00 | 002,109,806 | ---- | M] () -- C:\Users\TAN\Desktop\tdsskiller.zip
[2012/06/25 12:00:20 | 654,297,645 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/18 14:46:47 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLev.DAT
[2012/06/14 19:57:21 | 004,985,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/14 09:17:37 | 000,019,893 | ---- | M] () -- C:\Users\TAN\Desktop\dll.JPG
[2012/06/12 12:58:05 | 001,985,662 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/06/06 12:39:20 | 002,604,708 | ---- | M] () -- C:\Users\TAN\Desktop\2012-Postgraduate-Meeting-Conference-Schedule.pdf
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Users\TAN\Desktop\*.tmp files -> C:\Users\TAN\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/27 10:10:24 | 000,913,766 | ---- | C] () -- C:\Users\TAN\AppData\Local\census.cache
[2012/06/27 10:10:08 | 000,121,952 | ---- | C] () -- C:\Users\TAN\AppData\Local\ars.cache
[2012/06/27 09:53:54 | 000,000,036 | ---- | C] () -- C:\Users\TAN\AppData\Local\housecall.guid.cache
[2012/06/26 19:55:35 | 001,066,691 | ---- | C] () -- C:\Users\TAN\Desktop\A-TPT ADB setup info.pdf
[2012/06/26 17:38:53 | 000,054,091 | ---- | C] () -- C:\Users\TAN\Desktop\Capture.JPG
[2012/06/26 17:05:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/26 17:05:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/26 17:05:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/26 17:05:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/26 17:05:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/26 16:57:43 | 002,109,806 | ---- | C] () -- C:\Users\TAN\Desktop\tdsskiller.zip
[2012/06/25 12:00:20 | 654,297,645 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/06/18 13:52:28 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/18 13:52:27 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/14 09:17:36 | 000,019,893 | ---- | C] () -- C:\Users\TAN\Desktop\dll.JPG
[2012/06/12 12:57:24 | 001,985,662 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/06/06 12:37:55 | 002,604,708 | ---- | C] () -- C:\Users\TAN\Desktop\2012-Postgraduate-Meeting-Conference-Schedule.pdf
[2012/02/29 20:14:15 | 000,000,400 | ---- | C] () -- C:\Windows\g_pjspur491.ini
[2012/02/29 20:14:15 | 000,000,400 | ---- | C] () -- C:\Windows\SysWow64\drivers\bjvtwin115.dat
[2011/11/13 14:29:34 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Limiter
[2011/11/13 14:29:34 | 000,000,268 | RH-- | C] () -- C:\Users\TAN\AppData\Roaming\Legacy
[2011/11/13 14:29:34 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Nature
[2011/11/13 14:29:09 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Light Machine
[2011/11/13 14:29:09 | 000,000,012 | RH-- | C] () -- C:\ProgramData\NetServices
[2011/11/13 14:29:09 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Metadata Importer
[2011/11/13 14:26:28 | 000,000,000 | ---- | C] () -- C:\ProgramData\Legacy
[2011/11/13 14:26:26 | 000,000,000 | ---- | C] () -- C:\ProgramData\LaserPrinter
[2011/08/08 15:00:56 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/07/27 10:23:29 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/06/14 19:34:56 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011/06/14 19:34:56 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/06/14 19:34:56 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/06/14 19:34:55 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2011/06/14 19:34:52 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011/06/04 19:39:21 | 000,007,605 | ---- | C] () -- C:\Users\TAN\AppData\Local\Resmon.ResmonCfg
[2011/06/02 19:48:43 | 000,000,231 | ---- | C] () -- C:\Windows\rfCommonBase.INI
[2011/05/05 15:02:46 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
[2011/05/04 16:16:21 | 000,000,268 | RH-- | C] () -- C:\Users\TAN\AppData\Roaming\Libraries
[2011/05/04 16:16:21 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/05/04 16:16:21 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011/05/04 16:16:20 | 000,000,268 | RH-- | C] () -- C:\Users\TAN\AppData\Roaming\LaunchAgents
[2011/05/04 16:16:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/03/28 15:07:21 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/03/19 19:25:29 | 000,001,374 | ---- | C] () -- C:\Windows\SysWow64\bash.exe.stackdump
[2011/02/16 18:41:17 | 000,000,016 | -H-- | C] () -- C:\ProgramData\obtf504
[2010/11/17 10:45:00 | 000,004,608 | ---- | C] () -- C:\Users\TAN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/05 11:19:56 | 000,000,029 | ---- | C] () -- C:\Users\TAN\AppData\Roaming\default.rss
[2010/02/16 20:03:56 | 000,038,425 | ---- | C] () -- C:\Users\TAN\AppData\Roaming\Comma Separated Values (Windows).ADR

========== LOP Check ==========

[2010/03/25 20:15:41 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Acronis
[2010/02/21 18:43:53 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\DAEMON Tools Lite
[2011/09/27 12:22:18 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\DxO Labs
[2011/02/07 09:56:48 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\EndNote
[2010/06/13 12:55:03 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\ESET
[2011/07/24 21:48:51 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\FVDIEPlugin
[2010/07/02 17:32:02 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\GARMIN
[2011/02/16 18:41:17 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\GraphPad Software
[2012/03/08 20:09:51 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Grasshopper
[2011/04/04 19:49:51 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\HD Tune Pro
[2011/08/14 16:17:41 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Keynote Systems
[2011/11/20 16:22:51 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Mikogo
[2011/10/31 22:18:43 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Myuwk
[2011/05/05 14:55:46 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Nikon
[2011/09/27 12:21:02 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\PACE Anti-Piracy
[2011/10/31 21:18:35 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Puilo
[2011/02/21 14:00:59 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\PwrMgr
[2012/03/15 13:11:36 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/11/14 15:18:24 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\SyncCell
[2012/04/01 21:38:53 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\VoipStunt
[2012/05/22 08:03:41 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< c:\windows\*. /SL >

< c:\windows\*. /RP >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010/03/25 20:15:41 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Acronis
[2011/06/18 15:20:22 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Adobe
[2012/03/15 13:11:37 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Adobe Mini Bridge CS5
[2011/02/14 15:40:01 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\AdobeLensProfileDownloader
[2010/02/16 11:41:04 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\ATI
[2010/02/21 18:43:53 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\DAEMON Tools Lite
[2011/09/27 12:22:18 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\DxO Labs
[2011/02/07 09:56:48 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\EndNote
[2010/06/13 12:55:03 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\ESET
[2011/03/07 12:06:03 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\FLEXnet
[2011/07/24 21:48:51 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\FVDIEPlugin
[2010/07/02 17:32:02 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\GARMIN
[2011/02/16 18:41:17 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\GraphPad Software
[2012/03/08 20:09:51 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Grasshopper
[2011/04/04 19:49:51 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\HD Tune Pro
[2010/02/16 10:49:32 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Identities
[2010/02/16 11:54:18 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\InstallShield
[2010/02/16 11:58:14 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Intel
[2011/08/14 16:17:41 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Keynote Systems
[2010/02/16 13:57:54 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Macromedia
[2011/03/07 12:06:36 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Macrovision
[2010/06/24 20:39:38 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Malwarebytes
[2010/02/21 18:44:51 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Media Player Classic
[2011/11/14 19:31:43 | 000,000,000 | --SD | M] -- C:\Users\TAN\AppData\Roaming\Microsoft
[2011/11/20 16:22:51 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Mikogo
[2012/06/26 03:06:32 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Mozilla
[2011/10/31 22:18:43 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Myuwk
[2010/07/05 17:03:51 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Nero
[2011/05/05 14:55:46 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Nikon
[2011/09/27 12:21:02 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\PACE Anti-Piracy
[2011/10/31 21:18:35 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Puilo
[2011/02/21 14:00:59 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\PwrMgr
[2010/07/04 20:11:48 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\QuosaDDM
[2012/06/26 23:23:11 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Skype
[2012/01/18 15:14:05 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\skypePM
[2012/03/15 13:11:36 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/11/14 15:18:24 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\SyncCell
[2012/04/01 21:38:53 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\VoipStunt
[2010/02/16 12:09:36 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2011/05/31 13:24:23 | 001,373,552 | ---- | M] (Flexera Software, Inc.) -- C:\Users\TAN\AppData\Roaming\FLEXnet\Connect\11\agent.exe
[2011/05/31 13:24:27 | 000,206,112 | ---- | M] (InstallShield Software Corporation) -- C:\Users\TAN\AppData\Roaming\FLEXnet\Connect\11\dwusplay.exe
[2011/05/31 13:24:25 | 000,439,664 | ---- | M] (Flexera Software, Inc.) -- C:\Users\TAN\AppData\Roaming\FLEXnet\Connect\11\isdm.exe
[2011/05/31 13:24:26 | 000,087,408 | ---- | M] (Flexera Software, Inc.) -- C:\Users\TAN\AppData\Roaming\FLEXnet\Connect\11\issch.exe
[2011/02/14 15:41:03 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\TAN\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011/05/31 13:24:31 | 000,718,192 | ---- | M] (Flexera Software, Inc.) -- C:\Users\TAN\AppData\Roaming\Macrovision\FLEXnet Connect\11\agent.exe
[2011/05/31 13:24:30 | 000,742,768 | ---- | M] (Flexera Software, Inc.) -- C:\Users\TAN\AppData\Roaming\Macrovision\FLEXnet Connect\6\agent.exe
[2011/11/26 15:40:00 | 000,010,134 | R--- | M] () -- C:\Users\TAN\AppData\Roaming\Microsoft\Installer\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}\ARPPRODUCTICON.exe
[2011/11/26 15:40:03 | 000,010,134 | R--- | M] () -- C:\Users\TAN\AppData\Roaming\Microsoft\Installer\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}\ARPPRODUCTICON.exe
[2010/02/16 11:40:16 | 000,010,134 | R--- | M] () -- C:\Users\TAN\AppData\Roaming\Microsoft\Installer\{73ED3EA3-F96F-D098-7EE4-146FBD30113E}\ARPPRODUCTICON.exe
[2011/11/13 14:30:01 | 000,057,344 | R--- | M] (InstallShield Software Corp.) -- C:\Users\TAN\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
[2011/08/08 15:04:41 | 000,010,134 | R--- | M] () -- C:\Users\TAN\AppData\Roaming\Microsoft\Installer\{A02153E8-8DF8-42E6-B7BF-D88EEA33565F}\ARPPRODUCTICON.exe
[2010/04/20 21:17:47 | 000,024,576 | ---- | M] () -- C:\Users\TAN\AppData\Roaming\Mikogo\B-Capture.exe
[2010/04/20 21:17:46 | 000,185,640 | ---- | M] () -- C:\Users\TAN\AppData\Roaming\Mikogo\B-Service.exe
[2011/11/20 16:22:51 | 001,587,552 | ---- | M] () -- C:\Users\TAN\AppData\Roaming\Mikogo\M4-Capture.exe
[2011/11/20 16:22:49 | 001,003,888 | ---- | M] () -- C:\Users\TAN\AppData\Roaming\Mikogo\M4-Service.exe
[2011/11/20 16:21:20 | 005,420,408 | ---- | M] () -- C:\Users\TAN\AppData\Roaming\Mikogo\Mikogo-Host.exe
[2011/11/20 16:20:57 | 000,230,744 | ---- | M] () -- C:\Users\TAN\AppData\Roaming\Mikogo\NewVer.exe
[2010/04/20 21:14:29 | 000,144,688 | ---- | M] (Mikogo) -- C:\Users\TAN\AppData\Roaming\Mikogo\remover.exe
[2010/04/20 21:14:29 | 001,249,280 | ---- | M] (BeamYourScreen) -- C:\Users\TAN\AppData\Roaming\Mikogo\SessionPlayer.exe

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 278 bytes -> C:\ProgramData\TEMP:DDDD9F92
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:23273E2C
@Alternate Data Stream - 1217 bytes -> C:\ProgramData\Microsoft:BeOl2PWfekHaoLgfX77
@Alternate Data Stream - 1199 bytes -> C:\Program Files (x86)\Common Files\System:COSLrXQt7yKyI3pMMoEp
@Alternate Data Stream - 1147 bytes -> C:\ProgramData\Microsoft:h3FrbJKxW9Pc3ooa4GjOC
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 1069 bytes -> C:\Program Files (x86)\Common Files\System:4KosE2vSUmtTXpaXSP2U
@Alternate Data Stream - 1045 bytes -> C:\ProgramData\Microsoft:UBPFXug6ZHBMf4eAoMqsxCbiWK
@Alternate Data Stream - 1037 bytes -> C:\Program Files (x86)\Outlook Express:JwubG41CIb9WEzyLTeIb9M2

< End of report >


Cheers!

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:13 PM

Posted 27 June 2012 - 02:48 PM

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :otl
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4064EA35-578D-4073-A834-C96D82CBCF40} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [] File not found
    O4:64bit: - HKLM..\Run: [dipiz] rundll32.exe "C:\Users\TAN\AppData\Roaming\dipiz.dll",SteamMatchmaking File not found
    O4:64bit: - HKLM..\Run: [drdms] "C:\Windows\System32\rundll32.exe" "C:\Users\TAN\AppData\Roaming\drdms.dll",LoadSurfaceFromResourceW File not found
    O4:64bit: - HKLM..\Run: [progp] "C:\Windows\System32\rundll32.exe" "C:\Users\TAN\AppData\Roaming\progp.dll",mpegInUpdateFiles File not found
    4bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.)
    O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    [2011/10/31 22:18:43 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Myuwk
    [2011/10/31 21:18:35 | 000,000,000 | ---D | M] -- C:\Users\TAN\AppData\Roaming\Puilo
    @Alternate Data Stream - 278 bytes -> C:\ProgramData\TEMP:DDDD9F92
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:23273E2C
    @Alternate Data Stream - 1217 bytes -> C:\ProgramData\Microsoft:BeOl2PWfekHaoLgfX77
    @Alternate Data Stream - 1199 bytes -> C:\Program Files (x86)\Common Files\System:COSLrXQt7yKyI3pMMoEp
    @Alternate Data Stream - 1147 bytes -> C:\ProgramData\Microsoft:h3FrbJKxW9Pc3ooa4GjOC
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 1069 bytes -> C:\Program Files (x86)\Common Files\System:4KosE2vSUmtTXpaXSP2U
    @Alternate Data Stream - 1045 bytes -> C:\ProgramData\Microsoft:UBPFXug6ZHBMf4eAoMqsxCbiWK
    @Alternate Data Stream - 1037 bytes -> C:\Program Files (x86)\Outlook Express:JwubG41CIb9WEzyLTeIb9M2
    
    :commands
    [RESETHOSTS]
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [EmptyFlash]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.


Things to include in your next reply::
OTL fix log
Still getting those .dll error?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 vernontan

vernontan
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 27 June 2012 - 07:08 PM

Hi, I've run the OTL fix and the .dll errors are gone now. I've not been getting any redirects on IE9 so far. Attched below is the report:


All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4064EA35-578D-4073-A834-C96D82CBCF40} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4064EA35-578D-4073-A834-C96D82CBCF40}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\dipiz deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\drdms deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\progp deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
C:\Users\TAN\AppData\Roaming\Myuwk folder moved successfully.
C:\Users\TAN\AppData\Roaming\Puilo folder moved successfully.
ADS C:\ProgramData\TEMP:DDDD9F92 deleted successfully.
ADS C:\ProgramData\TEMP:23273E2C deleted successfully.
ADS C:\ProgramData\Microsoft:BeOl2PWfekHaoLgfX77 deleted successfully.
ADS C:\Program Files (x86)\Common Files\System:COSLrXQt7yKyI3pMMoEp deleted successfully.
ADS C:\ProgramData\Microsoft:h3FrbJKxW9Pc3ooa4GjOC deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Program Files (x86)\Common Files\System:4KosE2vSUmtTXpaXSP2U deleted successfully.
ADS C:\ProgramData\Microsoft:UBPFXug6ZHBMf4eAoMqsxCbiWK deleted successfully.
ADS C:\Program Files (x86)\Outlook Express:JwubG41CIb9WEzyLTeIb9M2 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: TAN
->Temp folder emptied: 140287450 bytes
->Temporary Internet Files folder emptied: 118615373 bytes
->Java cache emptied: 1 bytes
->Flash cache emptied: 211000 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 578360 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2328 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 7006092 bytes

Total Files Cleaned = 254.00 mb

Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: TAN
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.53.0 log created on 06282012_091724

Files\Folders moved on Reboot...
C:\Users\TAN\AppData\Local\Temp\debug.log moved successfully.
C:\Users\TAN\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\TAN\AppData\Local\Temp\~DF471E434A83692CCE.TMP not found!
File\Folder C:\Users\TAN\AppData\Local\Temp\~DF5D56368EB8076D82.TMP not found!
File\Folder C:\Users\TAN\AppData\Local\Temp\~DF7CDBBA05782C8F8E.TMP not found!
File\Folder C:\Users\TAN\AppData\Local\Temp\~DFA7E8A71E5D66710D.TMP not found!
File\Folder C:\Users\TAN\AppData\Local\Temp\~DFB69C85F80EB8CBE8.TMP not found!
File\Folder C:\Users\TAN\AppData\Local\Temp\~DFF53D36A244057F5A.TMP not found!
C:\Users\TAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
File\Folder C:\Users\TAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TN9EJYZO\bind[1].htm not found!
C:\Users\TAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TN9EJYZO\mail[1].htm moved successfully.
C:\Users\TAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3CK4PF1\mail[2].htm moved successfully.
File move failed. C:\Windows\temp\gnserv.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\spserv.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\TAN\AppData\Local\Temp\debug.log not found!
File C:\Users\TAN\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\TAN\AppData\Local\Temp\~DF471E434A83692CCE.TMP not found!
File C:\Users\TAN\AppData\Local\Temp\~DF5D56368EB8076D82.TMP not found!
File C:\Users\TAN\AppData\Local\Temp\~DF7CDBBA05782C8F8E.TMP not found!
File C:\Users\TAN\AppData\Local\Temp\~DFA7E8A71E5D66710D.TMP not found!
File C:\Users\TAN\AppData\Local\Temp\~DFB69C85F80EB8CBE8.TMP not found!
File C:\Users\TAN\AppData\Local\Temp\~DFF53D36A244057F5A.TMP not found!
File C:\Users\TAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\TAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TN9EJYZO\bind[1].htm not found!
File C:\Users\TAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TN9EJYZO\mail[1].htm not found!
File C:\Users\TAN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I3CK4PF1\mail[2].htm not found!
[2012/06/28 09:25:08 | 000,001,024 | -H-- | M] () C:\Windows\temp\gnserv.dat : Unable to obtain MD5
[2012/06/28 09:25:08 | 000,001,024 | -H-- | M] () C:\Windows\temp\spserv.dat : Unable to obtain MD5

Registry entries deleted on Reboot...

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:13 PM

Posted 27 June 2012 - 07:12 PM

Hello, vernontan.
Congratulations! You now appear clean! :cool:


Uninstall Combofix
  • Make sure that Combofix.exe that you downloaded is on your Desktop but Do not run it!
    o *If it is not on your Desktop, the below will not work.
  • Click on Posted Image then Run....
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall

    Posted Image

    <Notice the space between the "x" and "/".> <--- It needs to be there
    Windows Vista users: Press the Windows Key + R to bring the Run... Command and then from there you can add in the Combofix /Uninstall

  • Please advise if this step is missed for any reason as it performs some important actions:
    "This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
    It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore".


Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.




One of the most common questions found when cleaning malware is "how did my machine get infected?"

There are a variety of reasons, but the most common ones are that you are not practicing Safe Internet, you are not running the proper security software or that your computer's security settings are set too low.

Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.

Do not use P2P programs
Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest. It is almost impossible to know whether the file you’re downloading through P2P programs is safe.

It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.

Practice Safe Internet
Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will.

Below are a list of simple precautions to take to keep your computer clean and running securely:
  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here.
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge. You can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your http://en.wikipedia.org/wiki/Taskbar#Screenshots '>Taskbar, right click and chose close.
  • Do not visit pornographic websites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link you should message back to the person asking if it is legit.
  • Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
    Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.

Keep Windows up-to-date
Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.

  • Windows XP users
    You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.
  • Windows Vista users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP2) can be obtained directly from Microsoft here.
  • Windows 7 users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here


Keep your browser secure
Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.

The latest versions of the three common browsers can be found below:

Use an AntiVirus Software
It is very important that your computer has an up-to-date anti-virus software on it which has a real-time agent running. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources, a couple of free Anti-Virus programs you may be interested in are Microsoft Security Essentials and Avast.

It is imperative that you update your Antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).

In addition, if you connect to the internet via a router, this will normally have a firewall in-built.

Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls

Install an Anti-Malware program
Recommended, and free, Anti-Malware programs are Malwarebytes Anti-Malware and SuperAntiSpyware.

You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with an antivirus software.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java). You can check these by visiting Secunia Software Inspector.

Follow this list and your potential for being infected again will reduce dramatically.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 vernontan

vernontan
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 27 June 2012 - 07:29 PM

Hi fireman4it,

Thank you very much for your help. Really appreciate it. This is probably the most tenacious infection I've gotten in recent years. By the way, during the combofix uninstall, an error popped up:

The contents of folder C:\Windows\erdnt\Hiv-backup could not be completely deleted

As far as I can see, the uninstall was completed except for the error midway through. Is it safe to ignore? Thanks again.

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:13 PM

Posted 28 June 2012 - 02:25 PM

Please download and run this Combofix uninstaller.
http://download.bleepingcomputer.com/sUBs/CF_UNINST.EXE

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 vernontan

vernontan
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 28 June 2012 - 06:54 PM

Hi,combofix uninstall was completed. Everything seems to be running fine now.

Thank you once again!!

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:13 PM

Posted 28 June 2012 - 07:58 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users