Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help removing Win32: Downloader - PKU


  • This topic is locked This topic is locked
21 replies to this topic

#1 Rbara

Rbara

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 22 July 2012 - 03:02 AM

Hi I have been dealing with this virus for a couple of days and I think there is another similar to it as well.

Unfortunately I cannot post a GMER log because my computer blue screened after almost 12 hours of it scanning my files. I tried to copy and paste the info it did have but that's what caused it to crash. I could have it run again and pick up some of the stuff it had.

Any help will be greatly appreciated.

Here is my DDS report


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Steven at 1:23:08 on 2012-07-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1469 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\snuvcdsm.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\Steven\AppData\Local\Akamai\netsession_win.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Users\Steven\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Users\Steven\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Users\Steven\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Steven\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Steven\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Steven\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Steven\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Steven\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Steven\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Steven\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\MSN\Toolbar\3.0.0541.0\msntask.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - c:\program files\microsoft visual studio 10.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "c:\users\steven\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Akamai NetSession Interface] "c:\users\steven\appdata\local\akamai\netsession_win.exe"
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [SNUVCDSM] c:\windows\snuvcdsm.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\users\steven\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\steven\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\steven\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 63.203.35.55 206.13.28.12
TCP: Interfaces\{3BDFF917-870B-4778-9481-2265541AF5B8} : NameServer = 8.8.4.4,8.8.8.8
TCP: Interfaces\{85654884-94CF-4105-B782-AFFF3610D24B} : DhcpNameServer = 63.203.35.55 206.13.28.12
TCP: Interfaces\{B2F380AF-AA9C-43CB-B60A-D901F28C9E82} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B2F380AF-AA9C-43CB-B60A-D901F28C9E82}\05279667164756 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B2F380AF-AA9C-43CB-B60A-D901F28C9E82}\24964736865637 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{B2F380AF-AA9C-43CB-B60A-D901F28C9E82}\2656C6B696E6E2166383 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B2F380AF-AA9C-43CB-B60A-D901F28C9E82}\2656C6B696E6E2366336 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B2F380AF-AA9C-43CB-B60A-D901F28C9E82}\7545240214775637F6D6560275966496 : DhcpNameServer = 192.168.2.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\steven\appdata\roaming\mozilla\firefox\profiles\fikbg67e.default\
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\byond\bin\npbyond.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbyond.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\steven\appdata\local\e-academy inc\mozilla\firefox\plugins\npHostSdmLoader.dll
FF - plugin: c:\users\steven\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\steven\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\steven\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-20 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-20 353688]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2011-5-23 47968]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-20 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-7-20 57656]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-7-20 44808]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2012-3-23 2321520]
R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-3-10 86016]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-20 365952]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 52\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-20 228408]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-3-15 127488]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-15 136176]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
S2 MySQL_1;MySQL_1;"c:\program files\mysql\mysql server 5.5\bin\mysqld" --defaults-file="c:\programdata\mysql\mysql server 5.5\my.ini" mysql_1 --> c:\program files\mysql\mysql server 5.5\bin\mysqld [?]
S2 MySQL_1_1;MySQL_1_1;"c:\program files\mysql\mysql server 5.5\bin\mysqld" --defaults-file="c:\programdata\mysql\mysql server 5.5\my.ini" mysql_1_1 --> c:\program files\mysql\mysql server 5.5\bin\mysqld [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-15 136176]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-20 52224]
S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\microsoft visual studio 10.0\team tools\performance tools\VSPerfDrv100.sys [2011-1-18 54144]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-9 1343400]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2007-2-22 2808664]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2012-07-21 01:53:27 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-21 01:53:23 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-21 01:53:19 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-21 01:52:41 41224 ----a-w- c:\windows\avastSS.scr
2012-07-11 09:51:08 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 06:24:33 -------- d-----w- C:\Riot Games
2012-07-10 05:29:40 -------- d-----w- C:\League of legends
2012-07-10 05:09:39 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-10 05:09:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-10 05:08:57 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-07-10 05:08:57 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-09 09:59:40 -------- d-----w- c:\users\steven\appdata\roaming\SUPERAntiSpyware.com
2012-07-09 09:59:25 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-09 09:59:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-09 06:04:39 -------- d-----w- c:\programdata\AVAST Software
2012-07-09 06:04:39 -------- d-----w- c:\program files\AVAST Software
2012-07-09 04:28:55 -------- d-----w- c:\program files\McAfee Security Scan
2012-07-04 00:40:21 -------- d-----w- c:\programdata\HP Photo Creations
2012-07-04 00:40:21 -------- d-----w- c:\program files\HP Photo Creations
2012-07-04 00:40:19 -------- d-----w- c:\program files\Coupons
2012-07-04 00:38:27 -------- d-----w- c:\users\steven\appdata\local\HP
.
==================== Find3M ====================
.
2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-01 04:44:12 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:17:07 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45:55 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41:16 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 04:36:42 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- c:\windows\system32\cryptnet.dll
.
============= FINISH: 1:25:58.76 ===============

Edited by Rbara, 22 July 2012 - 03:03 AM.


BC AdBot (Login to Remove)

 


#2 Rbara

Rbara
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 22 July 2012 - 03:07 PM

Bumping. Every 5-10 mins avast will pop-up saying that it was blocked the Win32: Downloader - PKU and also Sirefef-A.

#3 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:32 PM

Posted 23 July 2012 - 09:13 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]Please include the following in your next post:
  • FRST log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#4 Rbara

Rbara
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 23 July 2012 - 10:48 PM

Thank you for replying!


Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 20-07-2012 01
Ran by SYSTEM at 23-07-2012 20:38:23
Running from G:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [320056 2009-06-24] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [218408 2008-11-14] (CyberLink Corp.)
HKLM\...\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" [210216 2008-06-13] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2008-10-06] (CyberLink Corp.)
HKLM\...\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [513080 2009-05-11] (Hewlett-Packard)
HKLM\...\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" [468264 2009-06-23] (CyberLink Corp.)
HKLM\...\Run: [PLFSetL] C:\Windows\PLFSetL.exe [94208 2008-07-03] (sonix)
HKLM\...\Run: [SNUVCDSM] C:\Windows\snuvcdsm.exe [27184 2009-08-10] ()
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [136216 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [171032 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [170520 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1246544 2010-11-03] (Logitech, Inc.)
HKLM\...\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [300472 2010-05-12] (Citrix Systems, Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4273976 2012-07-03] (AVAST Software)
HKU\Steven\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2387968 2009-01-27] (Hewlett-Packard Company)
HKU\Steven\...\Run: [Google Update] "C:\Users\Steven\AppData\Local\Google\Update\GoogleUpdate.exe" /c [135664 2009-12-11] (Google Inc.)
HKU\Steven\...\Run: [Akamai NetSession Interface] "C:\Users\Steven\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-26] (Akamai Technologies, Inc)
HKU\Steven\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation)
HKU\Steven\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4777856 2012-07-09] (SUPERAntiSpyware.com)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3BDFF917-870B-4778-9481-2265541AF5B8}: [NameServer]8.8.4.4,8.8.8.8
Startup: C:\Users\Steven\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Steven\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

================================ Services (Whitelisted) ==================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [116608 2011-08-11] (SUPERAntiSpyware.com)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-07-03] (AVAST Software)
2 avgfws; "C:\Program Files\AVG\AVG2012\avgfws.exe" [2321520 2012-03-23] (AVG Technologies CZ, s.r.o.)
2 AVGIDSAgent; "C:\Program Files\AVG\AVG2012\avgidsagent.exe" [5106744 2012-04-30] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 mi-raysat_3dsmax2011_32; "C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe" [86016 2010-03-10] ()
4 msvsmon80; "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 [2808664 2007-02-22] (Microsoft Corporation)
2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-10-06] ()
2 RichVideo; "C:\Program Files\CyberLink\Shared files\RichVideo.exe" [241734 2008-09-15] ()
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [160944 2012-07-03] (Skype Technologies)
2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software)
2 Akamai; c:\program files\common files\akamai/netsession_win_4f7fccd.dll [x]
2 MSSQL$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [x]
4 MSSQLServerADHelper100; "c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [x]
4 SQLAgent$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [x]

========================== Drivers (Whitelisted) =============

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-07-03] (AVAST Software)
2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [57656 2012-07-03] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [44784 2012-07-03] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [721000 2012-07-03] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [353688 2012-07-03] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [54232 2012-07-03] (AVAST Software)
1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47968 2011-05-23] (AVG Technologies CZ, s.r.o.)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [139856 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [235216 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [301248 2012-03-19] (AVG Technologies CZ, s.r.o.)
3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-04-23] (LogMeIn, Inc.)
3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [127488 2010-03-15] (Intel® Corporation)
2 MySQL; "C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.5\my.ini" MySQL [8917 2012-02-11] ()
2 MySQL_1; "C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.5\my.ini" MySQL_1 [9172 2012-02-11] ()
2 MySQL_1_1; "C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.5\my.ini" MySQL_1_1 [9172 2012-02-11] ()
2 RMCAST; C:\Windows\System32\DRIVERS\RMCAST.sys [117760 2010-11-20] (Microsoft Corporation)
4 RsFx0103; C:\Windows\System32\DRIVERS\RsFx0103.sys [239336 2009-03-30] (Microsoft Corporation)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1761280 2009-09-10] ()
4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-03-19] (Duplex Secure Ltd.)
3 VSPerfDrv100; \??\C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [54144 2011-01-18] (Microsoft Corporation)
4 eabfiltr; [x]
3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
3 WPRO_40_1340; C:\Windows\System32\drivers\WPRO_40_1340.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-21 23:49 - 2012-07-21 23:50 - 00149512 ____A C:\Windows\Minidump\072212-49545-01.dmp
2012-07-21 02:47 - 2012-07-21 02:48 - 00146688 ____A C:\Windows\Minidump\072112-38813-01.dmp
2012-07-21 00:31 - 2011-07-16 21:21 - 00302592 ____A C:\Users\Steven\Desktop\gmer.exe
2012-07-21 00:30 - 2012-07-21 00:30 - 00294216 ____A C:\Users\Steven\Downloads\gmer.zip
2012-07-21 00:29 - 2012-07-21 00:29 - 00302592 ____A C:\Users\Steven\Downloads\91zusq0c.exe
2012-07-21 00:29 - 2012-07-21 00:29 - 00019803 ____A C:\Users\Steven\Desktop\Attach.txt
2012-07-21 00:28 - 2012-07-21 00:28 - 00024814 ____A C:\Users\Steven\Desktop\DDS.txt
2012-07-21 00:21 - 2012-07-21 00:21 - 00607260 ____R (Swearware) C:\Users\Steven\Downloads\dds.scr
2012-07-21 00:08 - 2012-07-21 00:08 - 00000702 ____A C:\Users\Steven\Downloads\defogger_disable.log
2012-07-21 00:08 - 2012-07-21 00:08 - 00000202 ____A C:\Users\Steven\defogger_reenable
2012-07-21 00:07 - 2012-07-21 00:07 - 00050477 ____A C:\Users\Steven\Downloads\Defogger.exe
2012-07-20 23:22 - 2012-07-20 23:22 - 04986272 ____A (SpeedyPC Software) C:\Users\Steven\Downloads\SpeedyPC Pro Installer.exe
2012-07-20 23:21 - 2012-07-20 23:21 - 00001205 ____A C:\Users\Steven\Downloads\FixNCR.reg
2012-07-20 19:58 - 2012-07-23 12:28 - 00000512 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task bac72025-4fb2-4d6d-a0e4-67f1d14c1510.job
2012-07-20 19:58 - 2012-07-23 01:37 - 00000512 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0c498be2-3d90-4076-ace0-957ff462ea3f.job
2012-07-20 19:57 - 2012-07-20 19:57 - 00001957 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-07-20 19:56 - 2012-07-20 19:56 - 18714840 ____A (SUPERAntiSpyware.com) C:\Users\Steven\Downloads\SUPERAntiSpyware.exe
2012-07-20 17:53 - 2012-07-20 17:53 - 00002071 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-07-20 17:53 - 2012-07-03 08:21 - 00721000 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-07-20 17:53 - 2012-07-03 08:21 - 00353688 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-07-20 17:53 - 2012-07-03 08:21 - 00057656 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-07-20 17:53 - 2012-07-03 08:21 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-07-20 17:53 - 2012-07-03 08:21 - 00044784 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-07-20 17:53 - 2012-07-03 08:21 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-07-20 17:52 - 2012-07-03 08:21 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-07-20 17:52 - 2012-07-03 08:21 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-07-20 17:50 - 2012-07-20 17:51 - 89340632 ____A C:\Users\Steven\Downloads\avast_free_antivirus_setup (1).exe
2012-07-17 19:59 - 2012-07-17 19:59 - 00000000 ____D C:\Users\Steven\Desktop\lolthing
2012-07-17 19:58 - 2012-07-17 19:58 - 00752333 ____A C:\Users\Steven\Downloads\LoLFavorites v0.1.zip
2012-07-17 14:59 - 2012-07-17 15:00 - 24116634 ____A C:\Users\Steven\Downloads\Yellow Overdrive English.rar
2012-07-17 12:01 - 2012-07-17 12:11 - 62451582 ____A C:\Users\Steven\Desktop\Directx Stuff.zip
2012-07-16 02:49 - 2012-07-16 02:54 - 103989270 ____A C:\Users\Steven\Downloads\MATSU TAKESHI part 1.zip
2012-07-16 02:28 - 2012-07-16 02:29 - 14435798 ____A C:\Users\Steven\Downloads\[E] 4 Seasons.zip
2012-07-14 20:33 - 2012-07-14 20:33 - 00772608 ____A C:\Users\Steven\Downloads\SDM_EN (1).msi
2012-07-14 20:33 - 2012-07-14 20:33 - 00000183 ____A C:\Users\Steven\Downloads\100093929119.sdx
2012-07-14 20:33 - 2012-07-14 20:33 - 00000183 ____A C:\Users\Steven\Downloads\100093929119 (2).sdx
2012-07-14 20:33 - 2012-07-14 20:33 - 00000183 ____A C:\Users\Steven\Downloads\100093929119 (1).sdx
2012-07-11 01:56 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 01:56 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 01:56 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 01:56 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 01:56 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 01:56 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 01:56 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 01:56 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 01:56 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 01:56 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 01:56 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 01:56 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 01:56 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 01:56 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 01:51 - 2012-06-11 18:40 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 18:27 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 18:27 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 18:27 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 18:27 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 18:27 - 2012-06-01 20:45 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 18:27 - 2012-06-01 20:45 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 18:27 - 2012-06-01 20:40 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 18:27 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 18:27 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 18:27 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-09 22:34 - 2012-07-09 22:34 - 00001720 ____A C:\Users\Public\Desktop\Play League of Legends.lnk
2012-07-09 22:24 - 2012-07-09 22:24 - 00000000 ____D C:\Riot Games
2012-07-09 21:29 - 2012-07-09 22:23 - 00000000 ____D C:\League of legends
2012-07-09 21:26 - 2012-07-09 21:26 - 02353512 ____A C:\Users\Steven\Downloads\LeagueofLegends (2).exe
2012-07-09 21:09 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-07-09 21:09 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-07-09 21:09 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-07-09 21:09 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-07-09 21:09 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-07-09 21:09 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-07-09 21:09 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-07-09 21:08 - 2012-06-02 14:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-07-09 21:08 - 2012-06-02 14:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-07-09 15:12 - 2012-07-09 15:14 - 89340632 ____A C:\Users\Steven\Downloads\avast_free_antivirus_setup.exe
2012-07-09 14:22 - 2012-07-09 14:41 - 00000000 ____D C:\Users\Steven\Desktop\realtek driver
2012-07-09 01:59 - 2012-07-20 19:57 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-07-09 01:59 - 2012-07-09 01:59 - 00000000 ____D C:\Users\Steven\AppData\Roaming\SUPERAntiSpyware.com
2012-07-09 01:59 - 2012-07-09 01:59 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-07-08 22:04 - 2012-07-20 17:52 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-07-08 22:04 - 2012-07-20 17:52 - 00000000 ____D C:\Program Files\AVAST Software
2012-07-08 20:28 - 2012-07-09 14:42 - 00000000 ____D C:\Program Files\McAfee Security Scan
2012-07-08 20:28 - 2012-07-08 20:28 - 00000000 ____D C:\Users\All Users\McAfee
2012-07-06 23:54 - 2012-07-07 00:01 - 85713295 ____A C:\Users\Steven\Downloads\The best Trio.rar
2012-07-03 16:40 - 2012-07-09 14:42 - 00000000 ____D C:\Users\All Users\HP Photo Creations
2012-07-03 16:40 - 2012-07-09 14:42 - 00000000 ____D C:\Program Files\HP Photo Creations
2012-07-03 16:40 - 2012-07-09 14:42 - 00000000 ____D C:\Program Files\Coupons
2012-07-03 16:39 - 2012-07-09 14:42 - 00000000 ____D C:\Users\All Users\HP
2012-07-03 16:38 - 2012-07-03 16:38 - 00000000 ____D C:\Users\Steven\AppData\Local\HP


============ 3 Months Modified Files ========================

2012-07-23 19:30 - 2009-12-11 22:54 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864913512-2566987906-69195654-1000UA.job
2012-07-23 19:30 - 2009-12-11 21:47 - 00871990 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-23 19:30 - 2009-12-11 21:39 - 01357302 ____A C:\Windows\WindowsUpdate.log
2012-07-23 19:27 - 2009-07-13 20:39 - 41874970 ____A C:\Windows\setupact.log
2012-07-23 19:10 - 2011-09-14 23:30 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-23 12:28 - 2012-07-20 19:58 - 00000512 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task bac72025-4fb2-4d6d-a0e4-67f1d14c1510.job
2012-07-23 08:08 - 2011-09-14 23:29 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-23 01:37 - 2012-07-20 19:58 - 00000512 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0c498be2-3d90-4076-ace0-957ff462ea3f.job
2012-07-22 23:30 - 2009-12-11 22:54 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864913512-2566987906-69195654-1000Core.job
2012-07-22 11:51 - 2009-12-11 20:42 - 00011440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-22 11:51 - 2009-12-11 20:42 - 00011440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-22 11:43 - 2009-12-11 22:13 - 00000284 ____A C:\Users\All Users\hpqp.ini
2012-07-22 11:43 - 2009-09-07 11:10 - 00000434 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-07-22 11:41 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-21 23:50 - 2012-07-21 23:49 - 00149512 ____A C:\Windows\Minidump\072212-49545-01.dmp
2012-07-21 23:49 - 2009-12-25 20:24 - 833031401 ____A C:\Windows\MEMORY.DMP
2012-07-21 02:48 - 2012-07-21 02:47 - 00146688 ____A C:\Windows\Minidump\072112-38813-01.dmp
2012-07-21 00:30 - 2012-07-21 00:30 - 00294216 ____A C:\Users\Steven\Downloads\gmer.zip
2012-07-21 00:29 - 2012-07-21 00:29 - 00302592 ____A C:\Users\Steven\Downloads\91zusq0c.exe
2012-07-21 00:29 - 2012-07-21 00:29 - 00019803 ____A C:\Users\Steven\Desktop\Attach.txt
2012-07-21 00:28 - 2012-07-21 00:28 - 00024814 ____A C:\Users\Steven\Desktop\DDS.txt
2012-07-21 00:21 - 2012-07-21 00:21 - 00607260 ____R (Swearware) C:\Users\Steven\Downloads\dds.scr
2012-07-21 00:08 - 2012-07-21 00:08 - 00000702 ____A C:\Users\Steven\Downloads\defogger_disable.log
2012-07-21 00:08 - 2012-07-21 00:08 - 00000202 ____A C:\Users\Steven\defogger_reenable
2012-07-21 00:07 - 2012-07-21 00:07 - 00050477 ____A C:\Users\Steven\Downloads\Defogger.exe
2012-07-20 23:22 - 2012-07-20 23:22 - 04986272 ____A (SpeedyPC Software) C:\Users\Steven\Downloads\SpeedyPC Pro Installer.exe
2012-07-20 23:21 - 2012-07-20 23:21 - 00001205 ____A C:\Users\Steven\Downloads\FixNCR.reg
2012-07-20 19:57 - 2012-07-20 19:57 - 00001957 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-07-20 19:56 - 2012-07-20 19:56 - 18714840 ____A (SUPERAntiSpyware.com) C:\Users\Steven\Downloads\SUPERAntiSpyware.exe
2012-07-20 17:53 - 2012-07-20 17:53 - 00002071 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-07-20 17:53 - 2009-07-13 18:04 - 00002577 ____A C:\Windows\System32\config.nt
2012-07-20 17:51 - 2012-07-20 17:50 - 89340632 ____A C:\Users\Steven\Downloads\avast_free_antivirus_setup (1).exe
2012-07-17 19:58 - 2012-07-17 19:58 - 00752333 ____A C:\Users\Steven\Downloads\LoLFavorites v0.1.zip
2012-07-17 15:00 - 2012-07-17 14:59 - 24116634 ____A C:\Users\Steven\Downloads\Yellow Overdrive English.rar
2012-07-17 12:11 - 2012-07-17 12:01 - 62451582 ____A C:\Users\Steven\Desktop\Directx Stuff.zip
2012-07-16 02:54 - 2012-07-16 02:49 - 103989270 ____A C:\Users\Steven\Downloads\MATSU TAKESHI part 1.zip
2012-07-16 02:29 - 2012-07-16 02:28 - 14435798 ____A C:\Users\Steven\Downloads\[E] 4 Seasons.zip
2012-07-14 20:33 - 2012-07-14 20:33 - 00772608 ____A C:\Users\Steven\Downloads\SDM_EN (1).msi
2012-07-14 20:33 - 2012-07-14 20:33 - 00000183 ____A C:\Users\Steven\Downloads\100093929119.sdx
2012-07-14 20:33 - 2012-07-14 20:33 - 00000183 ____A C:\Users\Steven\Downloads\100093929119 (2).sdx
2012-07-14 20:33 - 2012-07-14 20:33 - 00000183 ____A C:\Users\Steven\Downloads\100093929119 (1).sdx
2012-07-11 15:24 - 2009-12-11 22:54 - 00002397 ____A C:\Users\Steven\Desktop\Google Chrome.lnk
2012-07-11 12:26 - 2009-07-13 20:33 - 00350216 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 01:51 - 2010-03-09 17:03 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-09 22:34 - 2012-07-09 22:34 - 00001720 ____A C:\Users\Public\Desktop\Play League of Legends.lnk
2012-07-09 21:26 - 2012-07-09 21:26 - 02353512 ____A C:\Users\Steven\Downloads\LeagueofLegends (2).exe
2012-07-09 17:56 - 2009-08-27 20:44 - 00000326 ____A C:\Windows\Tasks\HPCeeScheduleForSteven.job
2012-07-09 15:14 - 2012-07-09 15:12 - 89340632 ____A C:\Users\Steven\Downloads\avast_free_antivirus_setup.exe
2012-07-07 00:01 - 2012-07-06 23:54 - 85713295 ____A C:\Users\Steven\Downloads\The best Trio.rar
2012-07-03 08:21 - 2012-07-20 17:53 - 00721000 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-07-03 08:21 - 2012-07-20 17:53 - 00353688 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-07-03 08:21 - 2012-07-20 17:53 - 00057656 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-07-03 08:21 - 2012-07-20 17:53 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-07-03 08:21 - 2012-07-20 17:53 - 00044784 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-07-03 08:21 - 2012-07-20 17:53 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-07-03 08:21 - 2012-07-20 17:52 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-07-03 08:21 - 2012-07-20 17:52 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-06-15 13:20 - 2009-10-29 17:38 - 00005161 ____A C:\Users\Public\Documents\Global.sw2
2012-06-14 03:03 - 2012-06-14 03:03 - 00165888 ____A C:\Users\Steven\Downloads\bush01.max
2012-06-14 02:59 - 2012-06-14 02:59 - 00065580 ____A C:\Users\Steven\Downloads\texture_palm_128x128.tga
2012-06-12 20:06 - 2012-06-12 20:06 - 00078029 ____A C:\Users\Steven\Downloads\persuasive speech template.pptx
2012-06-11 22:10 - 2012-06-11 22:10 - 00049931 ____A C:\Users\Steven\Downloads\Tree.zip
2012-06-11 18:40 - 2012-07-11 01:51 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 20:41 - 2012-07-10 18:27 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-05 21:05 - 2012-07-10 18:27 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:05 - 2012-07-10 18:27 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:03 - 2012-07-10 18:27 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-02 14:19 - 2012-07-09 21:09 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-07-09 21:09 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-07-09 21:09 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-07-09 21:09 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-07-09 21:09 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-07-09 21:08 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:12 - 2012-07-09 21:09 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-07-09 21:09 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-07-09 21:08 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 01:07 - 2012-07-11 01:56 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 00:43 - 2012-07-11 01:56 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 00:33 - 2012-07-11 01:56 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 00:26 - 2012-07-11 01:56 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 00:25 - 2012-07-11 01:56 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 01:56 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 00:23 - 2012-07-11 01:56 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 00:21 - 2012-07-11 01:56 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 01:56 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 01:56 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 00:19 - 2012-07-11 01:56 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 00:17 - 2012-07-11 01:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 01:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 01:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-01 20:45 - 2012-07-10 18:27 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 20:45 - 2012-07-10 18:27 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 20:40 - 2012-07-10 18:27 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 20:40 - 2012-07-10 18:27 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 20:39 - 2012-07-10 18:27 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-29 19:12 - 2012-05-29 19:12 - 00005885 ____A C:\Users\Steven\Documents\2012-2013VerificationWorksheet.txt
2012-05-26 18:45 - 2012-05-26 18:45 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-05-23 14:05 - 2012-05-23 14:05 - 03941464 ____A (NCH Software) C:\Users\Steven\Downloads\vpsetup.exe
2012-05-15 00:50 - 2012-05-15 00:49 - 44813866 ____A C:\Users\Steven\Downloads\forge-1.2.6.tar.bz2
2012-05-13 22:21 - 2012-05-13 22:21 - 00007732 ____A C:\Users\Steven\Downloads\[kat.ph]game.of.thrones.s02e07.720p.hdtv.x264.immerse.torrent
2012-05-13 22:18 - 2012-05-13 22:18 - 06379888 ____A (BitTorrent, Inc.) C:\Users\Steven\Downloads\BitTorrent (2).exe
2012-05-08 11:06 - 2009-12-11 21:24 - 00243192 ____A C:\Windows\PFRO.log
2012-05-06 21:49 - 2012-05-06 21:49 - 00041436 ____A C:\Users\Steven\Downloads\[kat.ph]game.of.thrones.s02e06.hdtv.xvid.xs.ettv.torrent
2012-05-06 21:48 - 2012-05-06 21:48 - 06379888 ____A (BitTorrent, Inc.) C:\Users\Steven\Downloads\BitTorrent (1).exe
2012-05-06 21:46 - 2012-05-06 21:46 - 06379888 ____A (BitTorrent, Inc.) C:\Users\Steven\Downloads\BitTorrent.exe
2012-05-06 13:22 - 2012-05-06 13:22 - 00040083 ____A C:\Users\Steven\Downloads\Characters.zip
2012-04-30 20:44 - 2012-06-12 20:13 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-29 18:48 - 2012-04-29 18:48 - 00879984 ____A (BitTorrent, Inc.) C:\Users\Steven\Downloads\uTorrent (2).exe
2012-04-29 18:48 - 2012-04-29 18:48 - 00879984 ____A (BitTorrent, Inc.) C:\Users\Steven\Downloads\uTorrent (1).exe
2012-04-29 18:46 - 2012-04-29 18:45 - 00879984 ____A (BitTorrent, Inc.) C:\Users\Steven\Downloads\uTorrent.exe
2012-04-27 19:17 - 2012-06-12 20:13 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 20:45 - 2012-06-12 20:13 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 20:45 - 2012-06-12 20:13 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 20:41 - 2012-06-12 20:13 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe


ZeroAccess:
C:\Users\Steven\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
C:\Users\Steven\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
C:\Users\Steven\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L
C:\Users\Steven\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\n
C:\Users\Steven\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U
C:\Users\Steven\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L\00000004.@
C:\Users\Steven\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000004.@
C:\Users\Steven\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000008.@
C:\Users\Steven\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\000000cb.@
C:\Users\Steven\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\trz20CF.tmp

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 3003.19 MB
Available physical RAM: 2477.11 MB
Total Pagefile: 3001.47 MB
Available Pagefile: 2489.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.7 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:287.17 GB) (Free:95.26 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:10.92 GB) (Free:1.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: (TRAVELDRIVE) (Removable) (Total:7.45 GB) (Free:1.95 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 2048 KB
Disk 1 No Media 0 B 0 B
Disk 2 Online 7644 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 287 GB 1024 KB
Partition 2 Primary 10 GB 287 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 287 GB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D RECOVERY NTFS Partition 10 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7640 MB 4032 KB

==================================================================================

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G TRAVELDRIVE FAT32 Removable 7640 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-18 00:19

======================= End Of Log ==========================

#5 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:32 PM

Posted 24 July 2012 - 07:42 AM

Please do this next:

Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registery key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#6 Rbara

Rbara
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 24 July 2012 - 05:17 PM

At the time that I am writing this, ComboFix has been scanning my files for almost an hour. It says usually only takes 10-20mins. Is this normal? Should I let it keep going? I'll post again with the log if it finishes before I get a reply.
Edit: Ok I have let it run for 3 1/2 hours and it still has not finished scanning. I have stopped it and will wait to see what to do next.

Edited by Rbara, 24 July 2012 - 07:57 PM.


#7 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:32 PM

Posted 24 July 2012 - 09:10 PM

Let's try a different approach:

Posted Image Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

C:\Users\Steven\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options again.
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
Posted Image Once that's done, reboot and try running ComboFix again.

Please include the following in your next post:
  • The Fixlog.txt file from your flash drive
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#8 Rbara

Rbara
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 25 July 2012 - 03:34 PM

After running the fix from farbar, ComboFix was able to get past the part it was stuck on last time. However, this time it restarted the computer and ran until it got to "Completed Stage_49" then wasn't updating anymore for 3 hours. So I stopped it once again and still don't have a log for it. I made sure avast and SuperAntiSpyware had their shields off but maybe SAS was still interfering when the computer restarted.



Here is the Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012 01
Ran by SYSTEM at 2012-07-24 19:43:02 Run:1
Running from G:\

==============================================

C:\Users\Steven\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888} moved successfully.

==== End of Fixlog ====

#9 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:32 PM

Posted 25 July 2012 - 09:01 PM

Please try running ComboFix from the Safe Mode. If that fails, just let me know and I'll have further instructions for you.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#10 Rbara

Rbara
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 27 July 2012 - 12:59 AM

Same thing happened as last time. Got stuck at "Completed Stage_49."

#11 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:32 PM

Posted 27 July 2012 - 02:58 PM

OK, please do this next:

Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.
Posted Image Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and paste them into your next post.
Please include the following in your next post:
  • TDSSKiller log
  • OTL and Extras.txt logs

Edited by RPMcMurphy, 27 July 2012 - 02:58 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#12 Rbara

Rbara
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 28 July 2012 - 06:37 PM

TDSS Killer log:

15:54:59.0910 2104 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
15:55:00.0457 2104 ============================================================
15:55:00.0457 2104 Current date / time: 2012/07/28 15:55:00.0457
15:55:00.0457 2104 SystemInfo:
15:55:00.0457 2104
15:55:00.0457 2104 OS Version: 6.1.7601 ServicePack: 1.0
15:55:00.0457 2104 Product type: Workstation
15:55:00.0457 2104 ComputerName: FLYNNPC
15:55:00.0457 2104 UserName: Steven
15:55:00.0457 2104 Windows directory: C:\Windows
15:55:00.0458 2104 System windows directory: C:\Windows
15:55:00.0458 2104 Processor architecture: Intel x86
15:55:00.0458 2104 Number of processors: 2
15:55:00.0458 2104 Page size: 0x1000
15:55:00.0458 2104 Boot type: Normal boot
15:55:00.0458 2104 ============================================================
15:55:03.0614 2104 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x13135, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x7F, Type 'K0', Flags 0x00000050
15:55:03.0654 2104 Drive \Device\Harddisk1\DR1 - Size: 0x1DDC00000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:55:03.0656 2104 ============================================================
15:55:03.0656 2104 \Device\Harddisk0\DR0:
15:55:03.0714 2104 MBR partitions:
15:55:03.0714 2104 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x23E55000
15:55:03.0714 2104 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23E55800, BlocksNum 0x15D7800
15:55:03.0714 2104 \Device\Harddisk1\DR1:
15:55:03.0714 2104 MBR partitions:
15:55:03.0714 2104 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xEEC080
15:55:03.0714 2104 ============================================================
15:55:03.0729 2104 C: <-> \Device\Harddisk0\DR0\Partition0
15:55:03.0777 2104 D: <-> \Device\Harddisk0\DR0\Partition1
15:55:03.0778 2104 ============================================================
15:55:03.0778 2104 Initialize success
15:55:03.0778 2104 ============================================================
15:55:24.0302 4980 ============================================================
15:55:24.0302 4980 Scan started
15:55:24.0302 4980 Mode: Manual; TDLFS;
15:55:24.0302 4980 ============================================================
15:55:27.0046 4980 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
15:55:27.0049 4980 !SASCORE - ok
15:55:27.0292 4980 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
15:55:27.0343 4980 1394ohci - ok
15:55:27.0429 4980 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
15:55:27.0433 4980 ACPI - ok
15:55:27.0501 4980 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
15:55:27.0503 4980 AcpiPmi - ok
15:55:27.0576 4980 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
15:55:27.0582 4980 adp94xx - ok
15:55:27.0613 4980 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
15:55:27.0618 4980 adpahci - ok
15:55:27.0698 4980 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
15:55:27.0702 4980 adpu320 - ok
15:55:27.0782 4980 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
15:55:27.0784 4980 AeLookupSvc - ok
15:55:27.0852 4980 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
15:55:27.0857 4980 AFD - ok
15:55:27.0890 4980 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
15:55:27.0892 4980 agp440 - ok
15:55:27.0953 4980 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
15:55:27.0955 4980 aic78xx - ok
15:55:28.0418 4980 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files\common files\akamai/netsession_win_4f7fccd.dll
15:55:28.0419 4980 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
15:55:28.0429 4980 Akamai ( HiddenFile.Multi.Generic ) - warning
15:55:28.0429 4980 Akamai - detected HiddenFile.Multi.Generic (1)
15:55:28.0613 4980 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
15:55:28.0615 4980 ALG - ok
15:55:28.0707 4980 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
15:55:28.0709 4980 aliide - ok
15:55:28.0780 4980 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
15:55:28.0783 4980 amdagp - ok
15:55:28.0805 4980 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
15:55:28.0807 4980 amdide - ok
15:55:28.0861 4980 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
15:55:28.0918 4980 AmdK8 - ok
15:55:28.0947 4980 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
15:55:28.0998 4980 AmdPPM - ok
15:55:29.0075 4980 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
15:55:29.0078 4980 amdsata - ok
15:55:29.0133 4980 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
15:55:29.0138 4980 amdsbs - ok
15:55:29.0154 4980 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
15:55:29.0156 4980 amdxata - ok
15:55:29.0208 4980 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
15:55:29.0269 4980 AppID - ok
15:55:29.0333 4980 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
15:55:29.0336 4980 AppIDSvc - ok
15:55:29.0396 4980 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
15:55:29.0398 4980 Appinfo - ok
15:55:29.0516 4980 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:55:29.0518 4980 Apple Mobile Device - ok
15:55:29.0592 4980 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
15:55:29.0595 4980 arc - ok
15:55:29.0620 4980 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
15:55:29.0622 4980 arcsas - ok
15:55:29.0811 4980 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
15:55:29.0846 4980 aspnet_state - ok
15:55:29.0922 4980 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\Windows\system32\drivers\aswFsBlk.sys
15:55:29.0925 4980 aswFsBlk - ok
15:55:30.0018 4980 aswMonFlt (a48d8015af2a0d8b4937613ffbfd28de) C:\Windows\system32\drivers\aswMonFlt.sys
15:55:30.0021 4980 aswMonFlt - ok
15:55:30.0101 4980 aswRdr (4a951beba9e49410cde478b6f6abb252) C:\Windows\System32\Drivers\aswrdr2.sys
15:55:30.0125 4980 aswRdr - ok
15:55:30.0239 4980 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\Windows\system32\drivers\aswSnx.sys
15:55:30.0251 4980 aswSnx - ok
15:55:30.0363 4980 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\Windows\system32\drivers\aswSP.sys
15:55:30.0369 4980 aswSP - ok
15:55:30.0454 4980 aswTdi (7109a9aa551f37cd168c02368465957e) C:\Windows\system32\drivers\aswTdi.sys
15:55:30.0457 4980 aswTdi - ok
15:55:30.0520 4980 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
15:55:30.0521 4980 AsyncMac - ok
15:55:30.0562 4980 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
15:55:30.0563 4980 atapi - ok
15:55:30.0651 4980 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
15:55:30.0657 4980 AudioEndpointBuilder - ok
15:55:30.0665 4980 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
15:55:30.0670 4980 Audiosrv - ok
15:55:30.0888 4980 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:55:30.0890 4980 avast! Antivirus - ok
15:55:30.0980 4980 Avgfwfd (c46ba2c177df0b84f9c0bfc1e4574dc7) C:\Windows\system32\DRIVERS\avgfwd6x.sys
15:55:30.0983 4980 Avgfwfd - ok
15:55:31.0253 4980 avgfws (3f246752bc1309f71a737c6a90dd5295) C:\Program Files\AVG\AVG2012\avgfws.exe
15:55:31.0285 4980 avgfws - ok
15:55:31.0741 4980 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\avgidsagent.exe
15:55:31.0908 4980 AVGIDSAgent - ok
15:55:32.0115 4980 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys
15:55:32.0118 4980 AVGIDSDriver - ok
15:55:32.0163 4980 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys
15:55:32.0166 4980 AVGIDSFilter - ok
15:55:32.0261 4980 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys
15:55:32.0263 4980 AVGIDSHX - ok
15:55:32.0323 4980 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys
15:55:32.0326 4980 AVGIDSShim - ok
15:55:32.0395 4980 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys
15:55:32.0400 4980 Avgldx86 - ok
15:55:32.0431 4980 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys
15:55:32.0434 4980 Avgmfx86 - ok
15:55:32.0518 4980 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys
15:55:32.0521 4980 Avgrkx86 - ok
15:55:32.0561 4980 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys
15:55:32.0568 4980 Avgtdix - ok
15:55:32.0704 4980 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
15:55:32.0708 4980 avgwd - ok
15:55:32.0772 4980 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
15:55:32.0775 4980 AxInstSV - ok
15:55:32.0915 4980 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
15:55:32.0945 4980 b06bdrv - ok
15:55:33.0018 4980 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:55:33.0024 4980 b57nd60x - ok
15:55:33.0083 4980 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
15:55:33.0086 4980 BDESVC - ok
15:55:33.0148 4980 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
15:55:33.0150 4980 Beep - ok
15:55:33.0267 4980 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
15:55:33.0276 4980 BFE - ok
15:55:33.0375 4980 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
15:55:33.0391 4980 BITS - ok
15:55:33.0434 4980 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
15:55:33.0435 4980 blbdrive - ok
15:55:33.0568 4980 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
15:55:33.0575 4980 Bonjour Service - ok
15:55:33.0630 4980 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
15:55:33.0632 4980 bowser - ok
15:55:33.0677 4980 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:55:33.0679 4980 BrFiltLo - ok
15:55:33.0702 4980 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:55:33.0703 4980 BrFiltUp - ok
15:55:33.0837 4980 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
15:55:33.0898 4980 BridgeMP - ok
15:55:33.0970 4980 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
15:55:33.0972 4980 Browser - ok
15:55:34.0046 4980 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
15:55:34.0093 4980 Brserid - ok
15:55:34.0167 4980 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
15:55:34.0226 4980 BrSerWdm - ok
15:55:34.0259 4980 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:55:34.0261 4980 BrUsbMdm - ok
15:55:34.0309 4980 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
15:55:34.0312 4980 BrUsbSer - ok
15:55:34.0336 4980 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
15:55:34.0339 4980 BTHMODEM - ok
15:55:34.0455 4980 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
15:55:34.0458 4980 bthserv - ok
15:55:34.0602 4980 catchme - ok
15:55:34.0726 4980 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
15:55:34.0857 4980 cdfs - ok
15:55:34.0931 4980 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
15:55:34.0994 4980 cdrom - ok
15:55:35.0058 4980 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
15:55:35.0062 4980 CertPropSvc - ok
15:55:35.0120 4980 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
15:55:35.0123 4980 circlass - ok
15:55:35.0187 4980 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
15:55:35.0192 4980 CLFS - ok
15:55:35.0311 4980 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:55:35.0453 4980 clr_optimization_v2.0.50727_32 - ok
15:55:35.0531 4980 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:55:35.0660 4980 clr_optimization_v4.0.30319_32 - ok
15:55:35.0785 4980 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
15:55:35.0787 4980 CmBatt - ok
15:55:35.0875 4980 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
15:55:35.0877 4980 cmdide - ok
15:55:35.0938 4980 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
15:55:35.0945 4980 CNG - ok
15:55:36.0019 4980 CnxtHdAudService (dda0cb141150fef87419926790cd26c8) C:\Windows\system32\drivers\CHDRT32.sys
15:55:36.0060 4980 CnxtHdAudService - ok
15:55:36.0248 4980 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
15:55:36.0252 4980 Com4QLBEx - ok
15:55:36.0333 4980 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
15:55:36.0336 4980 Compbatt - ok
15:55:36.0395 4980 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
15:55:36.0397 4980 CompositeBus - ok
15:55:36.0414 4980 COMSysApp - ok
15:55:36.0431 4980 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
15:55:36.0446 4980 crcdisk - ok
15:55:36.0505 4980 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
15:55:36.0508 4980 CryptSvc - ok
15:55:36.0577 4980 dc3d (91c1736e77cff029302728b431d0eedb) C:\Windows\system32\DRIVERS\dc3d.sys
15:55:36.0616 4980 dc3d - ok
15:55:36.0706 4980 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
15:55:36.0719 4980 DcomLaunch - ok
15:55:36.0805 4980 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
15:55:36.0811 4980 defragsvc - ok
15:55:36.0853 4980 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
15:55:36.0872 4980 DfsC - ok
15:55:36.0967 4980 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
15:55:36.0974 4980 Dhcp - ok
15:55:37.0006 4980 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
15:55:37.0008 4980 discache - ok
15:55:37.0059 4980 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
15:55:37.0063 4980 Disk - ok
15:55:37.0112 4980 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
15:55:37.0117 4980 Dnscache - ok
15:55:37.0181 4980 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
15:55:37.0188 4980 dot3svc - ok
15:55:37.0251 4980 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
15:55:37.0256 4980 DPS - ok
15:55:37.0305 4980 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
15:55:37.0308 4980 drmkaud - ok
15:55:37.0399 4980 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
15:55:37.0437 4980 DXGKrnl - ok
15:55:37.0477 4980 EagleXNt - ok
15:55:37.0529 4980 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
15:55:37.0534 4980 EapHost - ok
15:55:37.0788 4980 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
15:55:37.0928 4980 ebdrv - ok
15:55:38.0094 4980 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
15:55:38.0101 4980 EFS - ok
15:55:38.0214 4980 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
15:55:38.0225 4980 ehRecvr - ok
15:55:38.0279 4980 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
15:55:38.0283 4980 ehSched - ok
15:55:38.0418 4980 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
15:55:38.0426 4980 elxstor - ok
15:55:38.0474 4980 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
15:55:38.0476 4980 ErrDev - ok
15:55:38.0604 4980 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
15:55:38.0643 4980 EventSystem - ok
15:55:38.0790 4980 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
15:55:38.0837 4980 exfat - ok
15:55:38.0871 4980 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
15:55:38.0873 4980 fastfat - ok
15:55:39.0041 4980 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
15:55:39.0062 4980 Fax - ok
15:55:39.0150 4980 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
15:55:39.0152 4980 fdc - ok
15:55:39.0212 4980 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
15:55:39.0216 4980 fdPHost - ok
15:55:39.0235 4980 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
15:55:39.0239 4980 FDResPub - ok
15:55:39.0258 4980 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
15:55:39.0261 4980 FileInfo - ok
15:55:39.0307 4980 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
15:55:39.0310 4980 Filetrace - ok
15:55:39.0587 4980 FLEXnet Licensing Service (d60ef46dc0e757fe5eb579db95b88954) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:55:39.0677 4980 FLEXnet Licensing Service - ok
15:55:39.0752 4980 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
15:55:39.0754 4980 flpydisk - ok
15:55:39.0790 4980 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
15:55:39.0793 4980 FltMgr - ok
15:55:39.0885 4980 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
15:55:39.0896 4980 FontCache - ok
15:55:40.0161 4980 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:55:40.0164 4980 FontCache3.0.0.0 - ok
15:55:40.0227 4980 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
15:55:40.0230 4980 FsDepends - ok
15:55:40.0266 4980 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
15:55:40.0269 4980 Fs_Rec - ok
15:55:40.0368 4980 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
15:55:40.0372 4980 fvevol - ok
15:55:40.0426 4980 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:55:40.0430 4980 gagp30kx - ok
15:55:40.0705 4980 GameConsoleService (617dc2877015270914ca3c03873560d5) C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
15:55:40.0764 4980 GameConsoleService - ok
15:55:40.0857 4980 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:55:40.0859 4980 GEARAspiWDM - ok
15:55:40.0941 4980 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
15:55:40.0973 4980 gpsvc - ok
15:55:41.0155 4980 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:55:41.0159 4980 gupdate - ok
15:55:41.0165 4980 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:55:41.0168 4980 gupdatem - ok
15:55:41.0199 4980 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
15:55:41.0236 4980 hamachi - ok
15:55:41.0277 4980 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
15:55:41.0279 4980 hcw85cir - ok
15:55:41.0339 4980 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
15:55:41.0340 4980 HDAudBus - ok
15:55:41.0353 4980 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
15:55:41.0355 4980 HidBatt - ok
15:55:41.0380 4980 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
15:55:41.0383 4980 HidBth - ok
15:55:41.0446 4980 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
15:55:41.0449 4980 HidIr - ok
15:55:41.0499 4980 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
15:55:41.0505 4980 hidserv - ok
15:55:41.0601 4980 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
15:55:41.0603 4980 HidUsb - ok
15:55:41.0648 4980 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
15:55:41.0653 4980 hkmsvc - ok
15:55:41.0674 4980 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
15:55:41.0680 4980 HomeGroupListener - ok
15:55:41.0813 4980 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
15:55:41.0824 4980 HomeGroupProvider - ok
15:55:41.0853 4980 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
15:55:41.0856 4980 HpqKbFiltr - ok
15:55:42.0042 4980 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
15:55:42.0047 4980 hpqwmiex - ok
15:55:42.0102 4980 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
15:55:42.0105 4980 HpSAMD - ok
15:55:42.0202 4980 HsfXAudioService (210388fd8225b02bd83d77628aae64a9) C:\Windows\system32\XAudio32.dll
15:55:42.0224 4980 HsfXAudioService - ok
15:55:42.0379 4980 HSF_DPV (227c3ba25012752bb7450235392c719f) C:\Windows\system32\DRIVERS\HSX_DPV.sys
15:55:42.0504 4980 HSF_DPV - ok
15:55:42.0609 4980 HSXHWAZL (4df5c76302dc2f8f3465966c8426a292) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
15:55:42.0735 4980 HSXHWAZL - ok
15:55:42.0833 4980 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
15:55:42.0842 4980 HTTP - ok
15:55:42.0880 4980 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
15:55:42.0882 4980 hwpolicy - ok
15:55:42.0939 4980 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
15:55:43.0086 4980 i8042prt - ok
15:55:43.0193 4980 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
15:55:43.0200 4980 iaStorV - ok
15:55:43.0385 4980 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
15:55:43.0391 4980 IDriverT - ok
15:55:43.0701 4980 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:55:43.0807 4980 idsvc - ok
15:55:45.0316 4980 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:55:45.0606 4980 igfx - ok
15:55:46.0091 4980 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
15:55:46.0094 4980 iirsp - ok
15:55:46.0242 4980 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
15:55:46.0272 4980 IKEEXT - ok
15:55:46.0361 4980 IntcHdmiAddService (81486f0eb4238b65c317f97de246c4ac) C:\Windows\system32\drivers\IntcHdmi.sys
15:55:46.0423 4980 IntcHdmiAddService - ok
15:55:46.0498 4980 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
15:55:46.0501 4980 intelide - ok
15:55:46.0560 4980 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
15:55:46.0562 4980 intelppm - ok
15:55:46.0653 4980 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
15:55:46.0659 4980 IPBusEnum - ok
15:55:46.0684 4980 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:55:46.0729 4980 IpFilterDriver - ok
15:55:46.0818 4980 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
15:55:46.0830 4980 iphlpsvc - ok
15:55:46.0889 4980 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
15:55:46.0906 4980 IPMIDRV - ok
15:55:46.0954 4980 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
15:55:46.0957 4980 IPNAT - ok
15:55:47.0187 4980 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
15:55:47.0221 4980 iPod Service - ok
15:55:47.0327 4980 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
15:55:47.0329 4980 IRENUM - ok
15:55:47.0377 4980 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
15:55:47.0380 4980 isapnp - ok
15:55:47.0477 4980 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
15:55:47.0503 4980 iScsiPrt - ok
15:55:47.0543 4980 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
15:55:47.0546 4980 kbdclass - ok
15:55:47.0662 4980 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
15:55:47.0664 4980 kbdhid - ok
15:55:47.0706 4980 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:55:47.0712 4980 KeyIso - ok
15:55:47.0806 4980 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
15:55:47.0809 4980 KSecDD - ok
15:55:47.0859 4980 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
15:55:47.0863 4980 KSecPkg - ok
15:55:47.0933 4980 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
15:55:47.0944 4980 KtmRm - ok
15:55:48.0040 4980 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
15:55:48.0052 4980 LanmanServer - ok
15:55:48.0099 4980 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
15:55:48.0125 4980 LanmanWorkstation - ok
15:55:48.0284 4980 LightScribeService (9188d073cd14f886790d6037d1986063) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
15:55:48.0287 4980 LightScribeService - ok
15:55:48.0472 4980 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
15:55:48.0483 4980 lltdio - ok
15:55:48.0546 4980 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
15:55:48.0555 4980 lltdsvc - ok
15:55:48.0571 4980 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
15:55:48.0577 4980 lmhosts - ok
15:55:48.0652 4980 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:55:48.0656 4980 LSI_FC - ok
15:55:48.0683 4980 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:55:48.0687 4980 LSI_SAS - ok
15:55:48.0758 4980 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:55:48.0761 4980 LSI_SAS2 - ok
15:55:48.0794 4980 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:55:48.0797 4980 LSI_SCSI - ok
15:55:48.0830 4980 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
15:55:48.0833 4980 luafv - ok
15:55:48.0884 4980 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
15:55:48.0891 4980 Mcx2Svc - ok
15:55:48.0931 4980 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:55:48.0934 4980 mdmxsdk - ok
15:55:48.0982 4980 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
15:55:48.0985 4980 megasas - ok
15:55:49.0031 4980 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
15:55:49.0037 4980 MegaSR - ok
15:55:49.0336 4980 mi-raysat_3dsmax2011_32 (0af89452a8ce3928168f4e5b2208c68b) C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
15:55:49.0339 4980 mi-raysat_3dsmax2011_32 - ok
15:55:49.0385 4980 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
15:55:49.0392 4980 MMCSS - ok
15:55:49.0409 4980 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
15:55:49.0412 4980 Modem - ok
15:55:49.0470 4980 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
15:55:49.0472 4980 monitor - ok
15:55:49.0580 4980 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
15:55:49.0591 4980 mouclass - ok
15:55:49.0670 4980 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
15:55:49.0673 4980 mouhid - ok
15:55:49.0723 4980 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
15:55:49.0725 4980 mountmgr - ok
15:55:49.0772 4980 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
15:55:49.0776 4980 mpio - ok
15:55:49.0824 4980 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
15:55:49.0828 4980 mpsdrv - ok
15:55:49.0960 4980 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
15:55:49.0975 4980 MpsSvc - ok
15:55:50.0039 4980 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
15:55:50.0070 4980 MRxDAV - ok
15:55:50.0136 4980 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:55:50.0140 4980 mrxsmb - ok
15:55:50.0200 4980 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:55:50.0205 4980 mrxsmb10 - ok
15:55:50.0224 4980 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:55:50.0227 4980 mrxsmb20 - ok
15:55:50.0298 4980 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
15:55:50.0301 4980 msahci - ok
15:55:50.0356 4980 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
15:55:50.0359 4980 msdsm - ok
15:55:50.0434 4980 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
15:55:50.0442 4980 MSDTC - ok
15:55:50.0497 4980 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
15:55:50.0499 4980 Msfs - ok
15:55:50.0514 4980 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
15:55:50.0516 4980 mshidkmdf - ok
15:55:50.0567 4980 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
15:55:50.0570 4980 msisadrv - ok
15:55:50.0653 4980 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
15:55:50.0660 4980 MSiSCSI - ok
15:55:50.0666 4980 msiserver - ok
15:55:50.0757 4980 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
15:55:50.0760 4980 MSKSSRV - ok
15:55:50.0795 4980 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
15:55:50.0797 4980 MSPCLOCK - ok
15:55:50.0813 4980 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
15:55:50.0816 4980 MSPQM - ok
15:55:50.0839 4980 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
15:55:50.0842 4980 MsRPC - ok
15:55:50.0884 4980 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
15:55:50.0886 4980 mssmbios - ok
15:55:51.0218 4980 MSSQL$SQLEXPRESS - ok
15:55:51.0362 4980 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
15:55:51.0365 4980 MSSQLServerADHelper100 - ok
15:55:51.0422 4980 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
15:55:51.0425 4980 MSTEE - ok
15:55:52.0066 4980 msvsmon80 (211fc58c9dbd1f3a824e34023d16babc) C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
15:55:52.0256 4980 msvsmon80 - ok
15:55:52.0626 4980 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
15:55:52.0629 4980 MTConfig - ok
15:55:52.0664 4980 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
15:55:52.0668 4980 Mup - ok
15:55:52.0959 4980 MySQL - ok
15:55:53.0004 4980 MySQL_1 - ok
15:55:53.0012 4980 MySQL_1_1 - ok
15:55:53.0173 4980 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
15:55:53.0186 4980 napagent - ok
15:55:53.0264 4980 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
15:55:53.0270 4980 NativeWifiP - ok
15:55:53.0517 4980 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
15:55:53.0550 4980 NDIS - ok
15:55:53.0604 4980 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
15:55:53.0607 4980 NdisCap - ok
15:55:53.0644 4980 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
15:55:53.0646 4980 NdisTapi - ok
15:55:53.0756 4980 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
15:55:53.0759 4980 Ndisuio - ok
15:55:53.0854 4980 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
15:55:53.0922 4980 NdisWan - ok
15:55:53.0987 4980 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
15:55:54.0023 4980 NDProxy - ok
15:55:54.0093 4980 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
15:55:54.0096 4980 NetBIOS - ok
15:55:54.0132 4980 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
15:55:54.0136 4980 NetBT - ok
15:55:54.0173 4980 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:55:54.0179 4980 Netlogon - ok
15:55:54.0254 4980 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
15:55:54.0266 4980 Netman - ok
15:55:54.0413 4980 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:55:54.0417 4980 NetMsmqActivator - ok
15:55:54.0438 4980 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:55:54.0440 4980 NetPipeActivator - ok
15:55:54.0531 4980 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
15:55:54.0574 4980 netprofm - ok
15:55:54.0596 4980 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:55:54.0599 4980 NetTcpActivator - ok
15:55:54.0606 4980 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:55:54.0609 4980 NetTcpPortSharing - ok
15:55:56.0391 4980 NETw5s32 (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\Windows\system32\DRIVERS\NETw5s32.sys
15:55:56.0600 4980 NETw5s32 - ok
15:55:57.0861 4980 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
15:55:58.0048 4980 netw5v32 - ok
15:55:58.0481 4980 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
15:55:58.0484 4980 nfrd960 - ok
15:55:58.0582 4980 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
15:55:58.0605 4980 NlaSvc - ok
15:55:58.0647 4980 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
15:55:58.0650 4980 Npfs - ok
15:55:58.0691 4980 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
15:55:58.0695 4980 nsi - ok
15:55:58.0773 4980 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
15:55:58.0775 4980 nsiproxy - ok
15:55:59.0041 4980 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
15:55:59.0099 4980 Ntfs - ok
15:55:59.0541 4980 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
15:55:59.0543 4980 Null - ok
15:55:59.0612 4980 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
15:55:59.0616 4980 nvraid - ok
15:55:59.0649 4980 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
15:55:59.0652 4980 nvstor - ok
15:55:59.0672 4980 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
15:55:59.0675 4980 nv_agp - ok
15:55:59.0931 4980 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:55:59.0965 4980 odserv - ok
15:56:00.0106 4980 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
15:56:00.0173 4980 ohci1394 - ok
15:56:00.0721 4980 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:56:00.0772 4980 ose - ok
15:56:01.0626 4980 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:56:01.0804 4980 osppsvc - ok
15:56:02.0038 4980 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
15:56:02.0049 4980 p2pimsvc - ok
15:56:02.0119 4980 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
15:56:02.0131 4980 p2psvc - ok
15:56:02.0231 4980 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
15:56:02.0234 4980 Parport - ok
15:56:02.0297 4980 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
15:56:02.0300 4980 partmgr - ok
15:56:02.0325 4980 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
15:56:02.0327 4980 Parvdm - ok
15:56:02.0399 4980 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
15:56:02.0409 4980 PcaSvc - ok
15:56:02.0459 4980 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
15:56:02.0463 4980 pci - ok
15:56:02.0485 4980 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
15:56:02.0487 4980 pciide - ok
15:56:02.0536 4980 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
15:56:02.0541 4980 pcmcia - ok
15:56:02.0567 4980 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
15:56:02.0571 4980 pcw - ok
15:56:02.0660 4980 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
15:56:02.0681 4980 PEAUTH - ok
15:56:03.0192 4980 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
15:56:03.0271 4980 pla - ok
15:56:03.0672 4980 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
15:56:03.0686 4980 PlugPlay - ok
15:56:03.0739 4980 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
15:56:03.0744 4980 PNRPAutoReg - ok
15:56:03.0762 4980 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
15:56:03.0768 4980 PNRPsvc - ok
15:56:03.0818 4980 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
15:56:03.0825 4980 PolicyAgent - ok
15:56:03.0878 4980 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
15:56:03.0890 4980 Power - ok
15:56:04.0030 4980 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
15:56:04.0077 4980 PptpMiniport - ok
15:56:04.0112 4980 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
15:56:04.0154 4980 Processor - ok
15:56:04.0226 4980 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
15:56:04.0236 4980 ProfSvc - ok
15:56:04.0284 4980 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:56:04.0290 4980 ProtectedStorage - ok
15:56:04.0352 4980 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
15:56:04.0355 4980 Psched - ok
15:56:04.0449 4980 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
15:56:04.0466 4980 ql2300 - ok
15:56:04.0658 4980 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
15:56:04.0662 4980 ql40xx - ok
15:56:04.0755 4980 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
15:56:04.0762 4980 QWAVE - ok
15:56:04.0889 4980 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
15:56:04.0892 4980 QWAVEdrv - ok
15:56:04.0916 4980 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
15:56:04.0918 4980 RasAcd - ok
15:56:05.0020 4980 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:56:05.0023 4980 RasAgileVpn - ok
15:56:05.0073 4980 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
15:56:05.0083 4980 RasAuto - ok
15:56:05.0132 4980 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:56:05.0169 4980 Rasl2tp - ok
15:56:05.0224 4980 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
15:56:05.0236 4980 RasMan - ok
15:56:05.0270 4980 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
15:56:05.0292 4980 RasPppoe - ok
15:56:05.0344 4980 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
15:56:05.0368 4980 RasSstp - ok
15:56:05.0424 4980 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
15:56:05.0430 4980 rdbss - ok
15:56:05.0483 4980 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
15:56:05.0486 4980 rdpbus - ok
15:56:05.0537 4980 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:56:05.0539 4980 RDPCDD - ok
15:56:05.0565 4980 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
15:56:05.0567 4980 RDPENCDD - ok
15:56:05.0712 4980 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
15:56:05.0714 4980 RDPREFMP - ok
15:56:05.0757 4980 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
15:56:05.0819 4980 RDPWD - ok
15:56:05.0909 4980 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
15:56:05.0914 4980 rdyboost - ok
15:56:06.0093 4980 Recovery Service for Windows (0d362785bef9bdf5a6e1f4628d06716d) C:\Program Files\SMINST\BLService.exe
15:56:06.0100 4980 Recovery Service for Windows - ok
15:56:06.0151 4980 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
15:56:06.0158 4980 RemoteAccess - ok
15:56:06.0213 4980 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
15:56:06.0225 4980 RemoteRegistry - ok
15:56:06.0378 4980 RichVideo (805ae1f90c64758d19aaa001cf8cba12) C:\Program Files\CyberLink\Shared files\RichVideo.exe
15:56:06.0383 4980 RichVideo - ok
15:56:06.0473 4980 RMCAST (906dcfc5ebf4ec0433f8d4fffb0ba334) C:\Windows\system32\DRIVERS\RMCAST.sys
15:56:06.0477 4980 RMCAST - ok
15:56:06.0516 4980 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
15:56:06.0525 4980 RpcEptMapper - ok
15:56:06.0566 4980 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
15:56:06.0572 4980 RpcLocator - ok
15:56:06.0643 4980 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
15:56:06.0655 4980 RpcSs - ok
15:56:06.0749 4980 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
15:56:06.0755 4980 RsFx0103 - ok
15:56:06.0805 4980 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
15:56:06.0808 4980 rspndr - ok
15:56:06.0857 4980 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
15:56:06.0860 4980 RTL8167 - ok
15:56:06.0917 4980 RTL8169 (125c504a34d0a2e152517e342e7e432c) C:\Windows\system32\DRIVERS\Rtlh86.sys
15:56:06.0973 4980 RTL8169 - ok
15:56:07.0004 4980 RTSTOR (8dab5975b5c7923d61506a48e251dbad) C:\Windows\system32\drivers\RTSTOR.SYS
15:56:07.0048 4980 RTSTOR - ok
15:56:07.0095 4980 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:56:07.0101 4980 SamSs - ok
15:56:07.0312 4980 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:56:07.0314 4980 SASDIFSV - ok
15:56:07.0391 4980 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:56:07.0393 4980 SASKUTIL - ok
15:56:07.0459 4980 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
15:56:07.0463 4980 sbp2port - ok
15:56:07.0527 4980 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
15:56:07.0537 4980 SCardSvr - ok
15:56:07.0746 4980 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
15:56:07.0749 4980 scfilter - ok
15:56:07.0964 4980 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
15:56:07.0982 4980 Schedule - ok
15:56:08.0103 4980 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
15:56:08.0104 4980 SCPolicySvc - ok
15:56:08.0178 4980 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
15:56:08.0189 4980 SDRSVC - ok
15:56:09.0410 4980 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:56:09.0521 4980 secdrv - ok
15:56:09.0928 4980 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
15:56:09.0937 4980 seclogon - ok
15:56:10.0049 4980 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
15:56:10.0059 4980 SENS - ok
15:56:10.0105 4980 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
15:56:10.0112 4980 SensrSvc - ok
15:56:10.0209 4980 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
15:56:10.0211 4980 Serenum - ok
15:56:10.0276 4980 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
15:56:10.0279 4980 Serial - ok
15:56:10.0386 4980 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
15:56:10.0389 4980 sermouse - ok
15:56:10.0457 4980 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
15:56:10.0463 4980 SessionEnv - ok
15:56:10.0509 4980 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
15:56:10.0511 4980 sffdisk - ok
15:56:10.0543 4980 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
15:56:10.0545 4980 sffp_mmc - ok
15:56:10.0573 4980 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
15:56:10.0575 4980 sffp_sd - ok
15:56:10.0614 4980 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
15:56:10.0616 4980 sfloppy - ok
15:56:10.0695 4980 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
15:56:10.0704 4980 SharedAccess - ok
15:56:10.0791 4980 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
15:56:10.0804 4980 ShellHWDetection - ok
15:56:10.0871 4980 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
15:56:10.0874 4980 sisagp - ok
15:56:10.0925 4980 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:56:10.0928 4980 SiSRaid2 - ok
15:56:10.0949 4980 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
15:56:10.0952 4980 SiSRaid4 - ok
15:56:11.0207 4980 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Program Files\Skype\Updater\Updater.exe
15:56:11.0214 4980 SkypeUpdate - ok
15:56:11.0268 4980 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
15:56:11.0307 4980 Smb - ok
15:56:11.0388 4980 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
15:56:11.0402 4980 SNMPTRAP - ok
15:56:11.0516 4980 SNP2UVC (59c9b920a1767cb857c5fb2e1e66e7e4) C:\Windows\system32\DRIVERS\snp2uvc.sys
15:56:11.0628 4980 SNP2UVC - ok
15:56:11.0976 4980 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
15:56:11.0979 4980 spldr - ok
15:56:12.0042 4980 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
15:56:12.0052 4980 Spooler - ok
15:56:12.0212 4980 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
15:56:12.0298 4980 sppsvc - ok
15:56:12.0633 4980 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
15:56:12.0642 4980 sppuinotify - ok
15:56:12.0805 4980 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
15:56:12.0817 4980 sptd - ok
15:56:13.0102 4980 SQLAgent$SQLEXPRESS (a687b5b326afcfcf182c4931d1ff9771) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
15:56:13.0109 4980 SQLAgent$SQLEXPRESS - ok
15:56:13.0234 4980 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:56:13.0239 4980 SQLBrowser - ok
15:56:13.0284 4980 SQLWriter (637a0f23f9012358e92e6f99835494d1) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:56:13.0286 4980 SQLWriter - ok
15:56:13.0485 4980 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
15:56:13.0492 4980 srv - ok
15:56:13.0517 4980 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
15:56:13.0521 4980 srv2 - ok
15:56:13.0568 4980 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
15:56:13.0572 4980 srvnet - ok
15:56:13.0619 4980 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
15:56:13.0629 4980 SSDPSRV - ok
15:56:13.0705 4980 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
15:56:13.0715 4980 SstpSvc - ok
15:56:13.0821 4980 StarWindServiceAE (b1691af4a072cb674d600db16dd7308e) C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
15:56:13.0826 4980 StarWindServiceAE - ok
15:56:13.0911 4980 Steam Client Service - ok
15:56:13.0960 4980 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
15:56:13.0963 4980 stexstor - ok
15:56:14.0108 4980 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
15:56:14.0126 4980 StiSvc - ok
15:56:14.0263 4980 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
15:56:14.0266 4980 swenum - ok
15:56:14.0336 4980 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
15:56:14.0345 4980 swprv - ok
15:56:14.0413 4980 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
15:56:14.0417 4980 SynTP - ok
15:56:14.0610 4980 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
15:56:14.0658 4980 SysMain - ok
15:56:14.0707 4980 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
15:56:14.0718 4980 TabletInputService - ok
15:56:14.0776 4980 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
15:56:14.0789 4980 TapiSrv - ok
15:56:14.0832 4980 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
15:56:14.0838 4980 TBS - ok
15:56:15.0132 4980 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
15:56:15.0152 4980 Tcpip - ok
15:56:15.0376 4980 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
15:56:15.0385 4980 TCPIP6 - ok
15:56:15.0553 4980 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
15:56:15.0555 4980 tcpipreg - ok
15:56:15.0613 4980 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
15:56:15.0616 4980 TDPIPE - ok
15:56:15.0663 4980 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
15:56:15.0666 4980 TDTCP - ok
15:56:15.0742 4980 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
15:56:15.0746 4980 tdx - ok
15:56:15.0761 4980 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
15:56:15.0764 4980 TermDD - ok
15:56:15.0819 4980 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
15:56:15.0833 4980 TermService - ok
15:56:15.0886 4980 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
15:56:15.0894 4980 Themes - ok
15:56:15.0941 4980 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
15:56:15.0946 4980 THREADORDER - ok
15:56:15.0968 4980 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
15:56:15.0977 4980 TrkWks - ok
15:56:16.0141 4980 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
15:56:16.0145 4980 TrustedInstaller - ok
15:56:16.0171 4980 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:56:16.0173 4980 tssecsrv - ok
15:56:16.0275 4980 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
15:56:16.0278 4980 TsUsbFlt - ok
15:56:16.0339 4980 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
15:56:16.0342 4980 tunnel - ok
15:56:16.0386 4980 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
15:56:16.0389 4980 uagp35 - ok
15:56:16.0439 4980 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
15:56:16.0468 4980 udfs - ok
15:56:16.0521 4980 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
15:56:16.0528 4980 UI0Detect - ok
15:56:16.0587 4980 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
15:56:16.0591 4980 uliagpkx - ok
15:56:16.0651 4980 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
15:56:16.0654 4980 umbus - ok
15:56:16.0743 4980 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
15:56:16.0745 4980 UmPass - ok
15:56:16.0814 4980 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
15:56:16.0827 4980 upnphost - ok
15:56:16.0881 4980 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
15:56:16.0965 4980 USBAAPL - ok
15:56:17.0051 4980 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
15:56:17.0056 4980 usbaudio - ok
15:56:17.0104 4980 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
15:56:17.0142 4980 usbccgp - ok
15:56:17.0205 4980 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
15:56:17.0210 4980 usbcir - ok
15:56:17.0233 4980 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
15:56:17.0236 4980 usbehci - ok
15:56:17.0284 4980 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
15:56:17.0325 4980 usbhub - ok
15:56:17.0367 4980 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
15:56:17.0370 4980 usbohci - ok
15:56:17.0427 4980 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
15:56:17.0429 4980 usbprint - ok
15:56:17.0457 4980 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:56:17.0458 4980 USBSTOR - ok
15:56:17.0494 4980 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
15:56:17.0496 4980 usbuhci - ok
15:56:17.0537 4980 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
15:56:17.0562 4980 usbvideo - ok
15:56:17.0635 4980 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
15:56:17.0645 4980 UxSms - ok
15:56:17.0685 4980 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:56:17.0691 4980 VaultSvc - ok
15:56:17.0753 4980 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
15:56:17.0756 4980 vdrvroot - ok
15:56:17.0871 4980 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
15:56:17.0885 4980 vds - ok
15:56:17.0933 4980 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
15:56:17.0935 4980 vga - ok
15:56:17.0951 4980 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
15:56:17.0953 4980 VgaSave - ok
15:56:17.0998 4980 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
15:56:18.0001 4980 vhdmp - ok
15:56:18.0040 4980 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
15:56:18.0042 4980 viaagp - ok
15:56:18.0081 4980 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
15:56:18.0105 4980 ViaC7 - ok
15:56:18.0151 4980 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
15:56:18.0154 4980 viaide - ok
15:56:18.0172 4980 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
15:56:18.0175 4980 volmgr - ok
15:56:18.0201 4980 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
15:56:18.0205 4980 volmgrx - ok
15:56:18.0293 4980 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
15:56:18.0299 4980 volsnap - ok
15:56:18.0377 4980 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
15:56:18.0382 4980 vsmraid - ok
15:56:18.0503 4980 VSPerfDrv100 (143c873a90e834f38733bb05d686a9e7) C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys
15:56:18.0508 4980 VSPerfDrv100 - ok
15:56:18.0617 4980 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
15:56:18.0642 4980 VSS - ok
15:56:18.0737 4980 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
15:56:18.0740 4980 vwifibus - ok
15:56:18.0828 4980 VWiFiFlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
15:56:18.0833 4980 VWiFiFlt - ok
15:56:18.0863 4980 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
15:56:18.0865 4980 vwifimp - ok
15:56:18.0924 4980 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
15:56:18.0938 4980 W32Time - ok
15:56:18.0991 4980 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
15:56:18.0995 4980 WacomPen - ok
15:56:19.0049 4980 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:56:19.0053 4980 WANARP - ok
15:56:19.0058 4980 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:56:19.0061 4980 Wanarpv6 - ok
15:56:19.0202 4980 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
15:56:19.0228 4980 WatAdminSvc - ok
15:56:19.0465 4980 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
15:56:19.0486 4980 wbengine - ok
15:56:19.0530 4980 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
15:56:19.0542 4980 WbioSrvc - ok
15:56:19.0607 4980 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
15:56:19.0621 4980 wcncsvc - ok
15:56:19.0639 4980 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
15:56:19.0646 4980 WcsPlugInService - ok
15:56:19.0752 4980 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
15:56:19.0754 4980 Wd - ok
15:56:19.0790 4980 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:56:19.0798 4980 Wdf01000 - ok
15:56:19.0839 4980 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
15:56:19.0847 4980 WdiServiceHost - ok
15:56:19.0852 4980 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
15:56:19.0860 4980 WdiSystemHost - ok
15:56:19.0915 4980 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
15:56:19.0923 4980 WebClient - ok
15:56:19.0950 4980 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
15:56:19.0957 4980 Wecsvc - ok
15:56:19.0995 4980 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
15:56:20.0002 4980 wercplsupport - ok
15:56:20.0036 4980 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
15:56:20.0043 4980 WerSvc - ok
15:56:20.0101 4980 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
15:56:20.0104 4980 WfpLwf - ok
15:56:20.0128 4980 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
15:56:20.0131 4980 WIMMount - ok
15:56:20.0189 4980 winachsf (8b976d4ca270110111df4f313da0e6e8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
15:56:20.0304 4980 winachsf - ok
15:56:20.0434 4980 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
15:56:20.0447 4980 WinDefend - ok
15:56:20.0460 4980 WinHttpAutoProxySvc - ok
15:56:20.0675 4980 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
15:56:20.0680 4980 Winmgmt - ok
15:56:20.0841 4980 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
15:56:20.0868 4980 WinRM - ok
15:56:20.0976 4980 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
15:56:20.0979 4980 WinUsb - ok
15:56:21.0075 4980 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
15:56:21.0097 4980 Wlansvc - ok
15:56:21.0391 4980 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:56:21.0412 4980 wlidsvc - ok
15:56:21.0582 4980 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
15:56:21.0583 4980 WmiAcpi - ok
15:56:21.0673 4980 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
15:56:21.0677 4980 wmiApSrv - ok
15:56:21.0861 4980 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:56:21.0875 4980 WMPNetworkSvc - ok
15:56:22.0051 4980 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
15:56:22.0062 4980 WPCSvc - ok
15:56:22.0110 4980 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
15:56:22.0122 4980 WPDBusEnum - ok
15:56:22.0183 4980 WPRO_40_1340 - ok
15:56:22.0230 4980 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
15:56:22.0232 4980 ws2ifsl - ok
15:56:22.0299 4980 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
15:56:22.0311 4980 wscsvc - ok
15:56:22.0319 4980 WSearch - ok
15:56:22.0482 4980 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
15:56:22.0512 4980 wuauserv - ok
15:56:22.0752 4980 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
15:56:22.0756 4980 WudfPf - ok
15:56:22.0804 4980 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:56:22.0808 4980 WUDFRd - ok
15:56:22.0863 4980 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
15:56:22.0875 4980 wudfsvc - ok
15:56:22.0925 4980 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
15:56:22.0933 4980 WwanSvc - ok
15:56:22.0959 4980 XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
15:56:22.0961 4980 XAudio - ok
15:56:23.0017 4980 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0
15:56:24.0015 4980 \Device\Harddisk0\DR0 - ok
15:56:24.0021 4980 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR1
15:56:24.0667 4980 \Device\Harddisk1\DR1 - ok
15:56:24.0688 4980 Boot (0x1200) (fcad12b20d197c8ad8a26d87bea4f2c9) \Device\Harddisk0\DR0\Partition0
15:56:24.0689 4980 \Device\Harddisk0\DR0\Partition0 - ok
15:56:24.0724 4980 Boot (0x1200) (2ffd5d5e62731ea8a56678ea62c57f9f) \Device\Harddisk0\DR0\Partition1
15:56:24.0725 4980 \Device\Harddisk0\DR0\Partition1 - ok
15:56:24.0729 4980 Boot (0x1200) (c51455b1eab7ffca0f77a04eb5e24472) \Device\Harddisk1\DR1\Partition0
15:56:24.0730 4980 \Device\Harddisk1\DR1\Partition0 - ok
15:56:24.0731 4980 ============================================================
15:56:24.0731 4980 Scan finished
15:56:24.0731 4980 ============================================================
15:56:24.0744 0696 Detected object count: 1
15:56:24.0744 0696 Actual detected object count: 1
15:57:07.0799 0696 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
15:57:07.0799 0696 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
15:58:40.0591 2992 Deinitialize success

OTL log:

OTL logfile created on: 7/28/2012 3:59:44 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Steven\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 62.70% Memory free
5.86 Gb Paging File | 4.22 Gb Available in Paging File | 72.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.17 Gb Total Space | 95.31 Gb Free Space | 33.19% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.82 Gb Free Space | 16.68% Space Free | Partition Type: NTFS

Computer Name: FLYNNPC | User Name: Steven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/28 15:51:50 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Steven\Desktop\OTL.exe
PRC - [2012/07/09 16:38:53 | 004,777,856 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/07/03 09:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 09:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Steven\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/05/24 11:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Steven\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/03/23 05:57:00 | 002,321,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgfws.exe
PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2012/02/13 19:58:30 | 000,275,736 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2011/08/11 16:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/05/12 17:04:48 | 000,599,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/05/12 17:03:22 | 000,300,472 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2010/03/10 02:10:38 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
PRC - [2009/08/10 09:14:26 | 000,027,184 | ---- | M] () -- C:\Windows\snuvcdsm.exe
PRC - [2008/10/06 09:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2007/05/28 09:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/28 15:52:09 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/07/28 15:52:09 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/07/20 20:58:16 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/07/20 20:58:16 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/06/14 04:55:43 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 04:55:33 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/10 19:06:42 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/10 04:29:50 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/10 04:29:46 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/10 04:29:45 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/10 04:29:17 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/02/13 19:58:02 | 000,070,424 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/08/10 09:14:26 | 000,027,184 | ---- | M] () -- C:\Windows\snuvcdsm.exe
MOD - [2009/01/27 21:37:20 | 007,331,840 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009/01/27 21:37:20 | 002,023,424 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009/01/27 21:37:10 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/07/10 15:16:58 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/03 09:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/03/23 05:57:00 | 002,321,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/12/16 22:41:52 | 008,178,176 | ---- | M] () [Auto | Stopped] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL_1_1)
SRV - [2011/12/16 22:41:52 | 008,178,176 | ---- | M] () [Auto | Stopped] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL_1)
SRV - [2011/12/16 22:41:52 | 008,178,176 | ---- | M] () [Auto | Stopped] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL)
SRV - [2011/12/12 02:38:59 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/11 16:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/10/03 14:46:37 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/10 02:10:38 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe -- (mi-raysat_3dsmax2011_32)
SRV - [2010/03/09 18:02:08 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/29 03:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/10/06 09:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2007/05/28 09:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/02/22 19:39:44 | 002,808,664 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\WPRO_40_1340.sys -- (WPRO_40_1340)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Steven\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/07/03 09:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 09:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 09:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 09:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/07/03 09:21:53 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/07/03 09:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/23 01:03:28 | 000,047,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2011/01/18 18:38:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys -- (VSPerfDrv100)
DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 03:06:36 | 000,117,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/07/07 18:18:56 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/03/20 00:00:48 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/03/15 08:44:48 | 000,127,488 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2010/01/13 16:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2009/09/10 11:29:50 | 001,761,280 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 15:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/04/29 09:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/04/29 03:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/04/23 11:15:06 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/06/10 11:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {B7BA1697-368E-4C6E-AD99-97A1E7188EDA}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{98B479F5-B95C-4F0B-AB3C-BB349B7CB935}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{B7BA1697-368E-4C6E-AD99-97A1E7188EDA}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {B7BA1697-368E-4C6E-AD99-97A1E7188EDA}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{98B479F5-B95C-4F0B-AB3C-BB349B7CB935}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{B7BA1697-368E-4C6E-AD99-97A1E7188EDA}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@e-academy.com/Host SDM Plugin; version=1.0.0.0: C:\Users\Steven\AppData\Local\e-academy Inc\Mozilla\Firefox\plugins\npHostSdmLoader.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Steven\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Steven\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Steven\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Steven\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\BYOND: C:\Program Files\BYOND\bin\npbyond.dll (BYOND)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/07/09 15:42:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/09 15:42:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/20 18:53:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/26 19:38:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/26 19:38:57 | 000,000,000 | ---D | M]

[2009/12/11 22:18:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steven\AppData\Roaming\Mozilla\Extensions
[2012/05/06 22:48:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\fikbg67e.default\extensions
[2009/12/11 22:18:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\fikbg67e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/29 19:47:53 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\fikbg67e.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/05/06 22:48:29 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\fikbg67e.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2011/10/29 15:05:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/21 00:32:26 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/21 00:32:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2012/07/21 00:32:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2012/07/21 00:32:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2012/07/21 00:32:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/08/22 21:54:30 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/05/12 16:42:04 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/05/12 16:43:54 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/05/12 16:42:52 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/05/12 16:42:32 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2008/07/08 14:07:06 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files\mozilla firefox\plugins\npbyond.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/05/12 17:22:36 | 000,423,328 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2010/05/12 16:43:56 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Steven\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Steven\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Steven\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Steven\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Logitech Device Detection (Enabled) = C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\npLogitechDeviceDetection.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: BYOND stub plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbyond.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Steven\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Steven\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: NPAPI plugin to host SDM ActiveX (Enabled) = C:\Users\Steven\AppData\Local\e-academy Inc\Mozilla\Firefox\plugins\npHostSdmLoader.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Logitech Device Detection = C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\
CHR - Extension: AdBlock = C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.38_0\
CHR - Extension: avast! WebRep = C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.1.2_0\
CHR - Extension: Skype Click to Call = C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: CLGaming Streams = C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lphdejmiokjkgnomajhahdnghfioaboe\1.1_0\
CHR - Extension: Gmail = C:\Users\Steven\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [SNUVCDSM] C:\Windows\snuvcdsm.exe ()
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Steven\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Steven\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BDFF917-870B-4778-9481-2265541AF5B8}: NameServer = 8.8.4.4,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85654884-94CF-4105-B782-AFFF3610D24B}: DhcpNameServer = 63.203.35.55 206.13.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2F380AF-AA9C-43CB-B60A-D901F28C9E82}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Steven\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Steven\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/19 23:19:32 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/28 15:54:36 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Steven\Desktop\OTL.exe
[2012/07/28 15:54:27 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Steven\Desktop\TDSSKiller.exe
[2012/07/26 22:20:17 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/07/24 14:18:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/24 14:18:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/24 14:18:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/24 14:17:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/24 14:16:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/24 14:11:56 | 004,584,441 | R--- | C] (Swearware) -- C:\Users\Steven\Desktop\ComboFix.exe
[2012/07/23 21:38:06 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/20 20:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/07/20 18:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/07/20 18:53:32 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/07/20 18:53:31 | 000,353,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/07/20 18:53:27 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/07/20 18:53:26 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/07/20 18:53:23 | 000,721,000 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/07/20 18:53:19 | 000,057,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/07/20 18:52:41 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/20 18:52:40 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/07/17 20:59:40 | 000,000,000 | ---D | C] -- C:\Users\Steven\Desktop\lolthing
[2012/07/11 02:56:15 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/07/11 02:56:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/07/11 02:56:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/07/11 02:56:12 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/07/11 02:56:11 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/07/11 02:56:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/07/11 02:56:10 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/07/11 02:51:08 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/07/10 19:27:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012/07/10 19:27:10 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/07/10 19:27:08 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012/07/09 23:24:33 | 000,000,000 | ---D | C] -- C:\Riot Games
[2012/07/09 22:29:40 | 000,000,000 | ---D | C] -- C:\League of legends
[2012/07/09 22:09:39 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/07/09 22:09:39 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/07/09 22:09:12 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/07/09 22:09:12 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/07/09 22:09:12 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/07/09 22:08:57 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/07/09 22:08:57 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/07/09 15:22:03 | 000,000,000 | ---D | C] -- C:\Users\Steven\Desktop\realtek driver
[2012/07/09 02:59:40 | 000,000,000 | ---D | C] -- C:\Users\Steven\AppData\Roaming\SUPERAntiSpyware.com
[2012/07/09 02:59:25 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/07/09 02:59:25 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/07/08 23:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/07/08 23:04:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/07/08 21:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/07/08 21:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012/07/03 17:40:21 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2012/07/03 17:40:21 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2012/07/03 17:40:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2012/07/03 17:40:19 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2012/07/03 17:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012/07/03 17:38:27 | 000,000,000 | ---D | C] -- C:\Users\Steven\AppData\Local\HP
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/28 15:57:33 | 000,011,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/28 15:57:33 | 000,011,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/28 15:56:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/28 15:54:47 | 000,726,310 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/28 15:54:47 | 000,146,006 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/28 15:51:50 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Steven\Desktop\OTL.exe
[2012/07/28 15:51:25 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/07/28 15:50:30 | 000,000,434 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012/07/28 15:50:08 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/28 15:48:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/28 15:48:26 | 2361,802,752 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/26 21:30:04 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-864913512-2566987906-69195654-1000UA.job
[2012/07/26 20:58:01 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task bac72025-4fb2-4d6d-a0e4-67f1d14c1510.job
[2012/07/26 20:24:25 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-864913512-2566987906-69195654-1000Core.job
[2012/07/26 20:24:23 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 0c498be2-3d90-4076-ace0-957ff462ea3f.job
[2012/07/24 19:56:42 | 544,518,215 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/24 14:12:22 | 004,584,441 | R--- | M] (Swearware) -- C:\Users\Steven\Desktop\ComboFix.exe
[2012/07/24 13:22:36 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Steven\Desktop\TDSSKiller.exe
[2012/07/23 23:36:13 | 000,004,608 | ---- | M] () -- C:\Users\Steven\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/21 01:08:28 | 000,000,202 | ---- | M] () -- C:\Users\Steven\defogger_reenable
[2012/07/20 20:57:21 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/07/20 18:53:33 | 000,002,071 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/20 18:53:19 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/07/17 13:11:08 | 062,451,582 | ---- | M] () -- C:\Users\Steven\Desktop\Directx Stuff.zip
[2012/07/11 16:24:46 | 000,002,397 | ---- | M] () -- C:\Users\Steven\Desktop\Google Chrome.lnk
[2012/07/11 13:26:31 | 000,350,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/09 23:34:12 | 000,001,720 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/07/09 18:56:26 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSteven.job
[2012/07/03 09:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/07/03 09:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/07/03 09:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/07/03 09:21:53 | 000,057,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/07/03 09:21:53 | 000,044,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/07/03 09:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/07/03 09:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/03 09:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/24 14:18:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/24 14:18:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/24 14:18:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/24 14:18:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/24 14:18:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/23 23:36:08 | 000,004,608 | ---- | C] () -- C:\Users\Steven\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/21 01:31:32 | 000,302,592 | ---- | C] () -- C:\Users\Steven\Desktop\gmer.exe
[2012/07/21 01:08:02 | 000,000,202 | ---- | C] () -- C:\Users\Steven\defogger_reenable
[2012/07/20 20:58:12 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task bac72025-4fb2-4d6d-a0e4-67f1d14c1510.job
[2012/07/20 20:58:11 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 0c498be2-3d90-4076-ace0-957ff462ea3f.job
[2012/07/20 20:57:21 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/07/20 18:53:33 | 000,002,071 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/17 13:01:59 | 062,451,582 | ---- | C] () -- C:\Users\Steven\Desktop\Directx Stuff.zip
[2012/07/09 23:34:12 | 000,001,720 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/02/12 00:21:06 | 000,000,445 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/09/07 13:23:52 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2011/09/07 13:23:24 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nvISWOW64.dll
[2011/05/08 18:24:30 | 000,728,845 | ---- | C] () -- C:\Users\Steven\DSCN2843.JPG
[2011/05/08 18:24:30 | 000,719,465 | ---- | C] () -- C:\Users\Steven\DSCN2840.JPG
[2011/05/08 18:24:30 | 000,692,415 | ---- | C] () -- C:\Users\Steven\DSCN2842.JPG
[2011/05/08 18:24:30 | 000,688,164 | ---- | C] () -- C:\Users\Steven\DSCN2841.JPG
[2011/05/08 18:24:30 | 000,667,710 | ---- | C] () -- C:\Users\Steven\DSCN2844.JPG
[2011/04/18 22:39:06 | 000,009,651 | ---- | C] () -- C:\Users\Steven\.recently-used.xbel
[2011/03/23 14:52:09 | 000,000,036 | ---- | C] () -- C:\Users\Steven\.org.eclipse.epp.usagedata.recording.userId
[2010/10/11 02:34:53 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/10/04 05:29:23 | 000,007,597 | ---- | C] () -- C:\Users\Steven\AppData\Local\Resmon.ResmonCfg
[2010/08/25 12:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 12:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 12:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 11:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/08/25 11:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 11:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 11:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/08/12 19:04:54 | 000,073,728 | ---- | C] () -- C:\Windows\System32\pv_c3.exe
[2010/05/19 18:04:03 | 000,000,044 | ---- | C] () -- C:\ProgramData\{3D55D1F4-1059-11DC-B281-197056D89593}
[2009/12/12 23:58:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/11 23:13:10 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/10/02 19:29:40 | 000,000,111 | ---- | C] () -- C:\Users\Steven\AppData\Roaming\burnaware.ini
[2009/09/08 17:56:45 | 000,002,018 | ---- | C] () -- C:\Users\Steven\AppData\Roaming\wklnhst.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:EA029835

< End of report >
==============================================================================================================================

Extras:

OTL Extras logfile created on: 7/28/2012 3:59:44 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Steven\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 62.70% Memory free
5.86 Gb Paging File | 4.22 Gb Available in Paging File | 72.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.17 Gb Total Space | 95.31 Gb Free Space | 33.19% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.82 Gb Free Space | 16.68% Space Free | Partition Type: NTFS

Computer Name: FLYNNPC | User Name: Steven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CB3A62-DCBF-4E8A-8CF8-A46485F716CF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{09F39241-E7C7-4F17-89C3-3141C08CB4E6}" = rport=2869 | protocol=6 | dir=out | app=system |
"{0F0F7521-63EA-43CB-9909-F26A0313B7CE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{11365F7C-D34F-4122-958B-578F75389F95}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{218A9FFD-FD0F-4FD4-B92E-F9755297CF90}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{290C4B46-CEA0-496E-851C-2E6B5FA7E108}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2DF7A6CC-05D0-426F-8BCE-D90AAB03E748}" = lport=445 | protocol=6 | dir=in | app=system |
"{372467E0-60E0-439B-AA42-EAC5E44C05B9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4A596AD6-BD9E-469D-B0A0-968A3307B42F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4E083ACB-E395-42BE-8018-74E033B97317}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{516F0C9A-6C57-47E7-9C53-29B7C19DB846}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5384EE62-CC05-4445-A042-8FB3F73A4898}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5760B315-279A-4FA2-8C05-759D6F88D339}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5D4D65F2-D329-483D-A799-9251CB84ABB9}" = lport=137 | protocol=17 | dir=in | app=system |
"{627BF1E9-1811-46C9-A2FB-BDD37EC46E7C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6348967B-E48A-496E-9603-8E5E534A0447}" = rport=137 | protocol=17 | dir=out | app=system |
"{67C1F1E5-EAAF-4313-A0BC-A7CDC130C7E0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{68C573D8-C1E1-42B3-9EE5-B4E3ADAFAC9F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6D0D2E38-74A6-42A4-AE57-37497E740D02}" = lport=1034 | protocol=6 | dir=in | name=akamai netsession interface |
"{6F53B566-A2C5-4FA3-BD5B-273B4C6DAC7A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{72A50FC4-C531-4DB8-83C1-F0C0F6999191}" = rport=138 | protocol=17 | dir=out | app=system |
"{75FBE146-244A-4331-B237-3B6A6FB64FE7}" = lport=139 | protocol=6 | dir=in | app=system |
"{79AA1AD2-2F23-45BA-9BBA-A624F622BCFD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7D30756C-E9AC-4449-8E23-4EA363D58DD0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7DEEE38D-ADA4-466C-A9E1-293123393CCE}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{7F33EF1B-9E9D-4290-8256-06AFEAFCB4C4}" = lport=138 | protocol=17 | dir=in | app=system |
"{81F368E5-8BD3-4AAA-823C-30E4796B49B5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{84A0FCC6-BFD5-47D4-A5FF-0023F80A5C3A}" = lport=8380 | protocol=6 | dir=in | name=league of legends launcher |
"{8E44DA27-2441-4BB0-B129-C24264A8DBCD}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{902AA958-189A-4A7A-8002-7FDCC5003513}" = rport=445 | protocol=6 | dir=out | app=system |
"{955EFB94-CB2C-4C95-83E0-5EB6C46A143D}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{9AA7885B-1310-4678-B643-F45E3AD57E98}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9AF66C55-49E1-439B-9CAE-5399B835E19B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A4B87084-4065-4030-8F23-35D765F4CE21}" = lport=1056 | protocol=6 | dir=in | name=akamai netsession interface |
"{A56A23B9-F18A-40E3-B684-D37BDCE0500A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A5DFD909-4420-4BF6-93C7-506D02A74891}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A5EED393-9EDB-415B-91E5-C308EC0825AF}" = rport=139 | protocol=6 | dir=out | app=system |
"{A723BDEA-8A4D-40E1-9BF6-5E3976F2214D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B0F7D782-F36B-4FA2-9A7D-C50BEEC4F293}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{B5B8AB86-8DF1-421D-8A56-9AFC8465BC8A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B857C034-21FC-4E0D-85BD-C24839B161BF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BA914875-A58D-42B7-97B7-9BEAC5989DFA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{C0E41672-9B84-46B5-B779-96503F5F4267}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CD2AD273-D648-4A08-A4AF-AB03A541242E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D1B7C33F-768C-46EC-9922-D4EA6FE9DC96}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D5621A7A-14B7-41F4-B388-1F3A036EA820}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E59684A3-B82D-401E-AA33-C15171860AD3}" = lport=8380 | protocol=17 | dir=in | name=league of legends launcher |
"{E6D30591-4AE5-4126-8B05-C2E75FB585AE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EF28B649-D949-41FD-BB6B-8BE2E850BA79}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F64A38B5-C040-40D2-B9CB-C04B3018724F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC1057B7-35F1-4D5F-9BB6-5EE79266FF24}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FE42C235-1C4B-4BAE-8203-A8228E623E0A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F8914C-571C-4A57-B93D-49ADC019C23D}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{073CEA94-EF07-4385-A476-426050982A0A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{07B71C54-3646-4A9F-BA29-1A7ADDCD9311}" = protocol=6 | dir=out | app=system |
"{0A504770-862F-4F38-B303-694753C7BCB6}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{0BD5C072-B072-43B7-B963-66CD2BAE03E5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0EDE4A59-BBD2-4145-B304-093A95C2B0EE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{11A89F41-DE80-4803-99BD-D037C97A2BA2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{134778C1-72A9-4189-BCF1-AD2E7E976601}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32.exe |
"{1477FA9F-D9F2-4F2F-A644-B2396C6322B4}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{20818609-7B59-40AA-9CBF-C48298A6333C}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe |
"{216C8D5A-E798-4D07-AFAB-F0F18E86B68A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{21B7C521-F512-4D52-A3F9-0040952282E4}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{23408C48-CE3C-4F95-B7C6-5ED5158C3C79}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2011\3dsmax.exe |
"{24CF799F-B7EB-4328-B020-C4758049F362}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{29104A3E-4F2B-45A5-94A4-2CECA33E104B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{2BD2B286-6899-4598-B88B-74F035C7F5E9}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{30753B2E-71FF-429D-98C2-C8E01E826DDF}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{3688CD37-A502-4AAF-A5CB-922DB6306023}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3BECED5E-D33C-4023-913A-2CDE51A57881}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{3BF7450C-39DF-49D9-B0C6-3EE7746ED23D}" = protocol=6 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{3C4DB70D-F9BF-4594-B45E-4F1CBDC6E282}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{3CF713C8-EF84-46D0-A1AE-EE358BA2799F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3E528ECB-BAC8-42AA-A5B1-7184D6480FD8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 teaser\smp.exe |
"{45ED38A3-339C-41D8-9AE6-B9403CC53B32}" = protocol=17 | dir=in | app=c:\users\steven\appdata\local\akamai\netsession_win.exe |
"{4694CA86-F2F9-4E30-855E-F6F539FC3667}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{46EAB073-FC03-42AF-AB67-A66559CB5EC3}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{48378F98-59AD-45E8-ADBE-9EC1F8F3A69E}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4E25C239-F714-4CB4-AC33-F6B09FCF61D6}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{51CC9F18-BF08-4B80-99FB-0D32F7AA8305}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{537CF62B-5DFD-4F69-B397-41D6CAB1F3EA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{55941679-ECF0-4052-88DD-B1B11308E6F6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{5709133D-6811-47D2-B40C-B3D243ACFEDD}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{59597D1C-B660-49B5-9202-37B5DC9264F2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{59AF022F-9FDB-4F24-BFF3-F0E66BD6C747}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{5AC683E0-9D4A-4E93-972F-1871D055229D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{642D4633-2070-4F74-9B2F-DD60F7CD101E}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{652F3319-AD43-4684-918C-0C6B26E2C9DC}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{66EB0DF1-449A-4E5F-AB7D-DEFD4D11C523}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{701345AD-A9F9-4977-ACF8-D301F08F5E0D}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{718D5BCA-7F70-436A-ADD4-59D96C655C7B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{74A36463-0C8F-42C0-BC0A-385388E08882}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{75192948-B629-4D07-881A-2B2FC745203B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{75FCE2C1-D26A-4268-8945-86820FEBC746}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{76885C41-6320-4E58-93F8-3FB51A6C6AB5}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{7B1F5F19-1C46-43BE-8027-C05ABE5F9549}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7D9BB6FF-F668-438B-A08D-8AAD01607700}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7E7D1666-47CA-4991-8A5F-FFDAEFBDA648}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{83412A12-A47C-411C-BC14-81C4B2238935}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{862821A3-F4F0-494C-BA1F-73EBFFD12703}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{87685326-D1EA-4BBF-99BB-41692DFD79A4}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2011\3dsmax.exe |
"{8BCCD676-1FE7-4490-A460-E075DD1B3B26}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{8C846E3A-9030-47C8-80E5-44309C212605}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{8D75A7F9-6E83-45E0-AD68-C52F97EB7B94}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{9180416D-C6A1-4FA7-B8CA-F6AC442950C3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 teaser\smp.exe |
"{93CC8CA7-879D-4368-93FE-E8A4DDE118BF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{94C46737-CBAA-4D57-9C06-5BC26D4D794E}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{953D270C-B945-4CF4-99E4-8AAED7EA76BB}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe |
"{982AA02E-5A47-465F-9CE8-EC1DFEC879D2}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32.exe |
"{9963A0EB-F300-4632-9FEE-87DC27625A43}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{9A6DC7C5-C41F-47E1-9F78-63A2A04D55FF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9B3C0CB3-B06C-4110-AD81-185DD2E986B4}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{9C28AFDB-BF86-4DA0-8618-FF4D87639015}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{9E37AFF6-2AB7-4D93-B5F0-8479EE09B86C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{A1D70C49-5CCA-4136-8FAB-AD5F9C776C51}" = protocol=17 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{A35DB74F-7F93-4907-92EB-507AF2800388}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{A5BE8DC3-3A0B-4961-BB37-3834365BCF2A}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{A69D144A-10F5-4A43-8190-566E35648DC6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{A7601006-063C-4850-8685-A46CC69C1A9C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A8E0ED23-C46F-4D4A-818B-F642B652C595}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A9EBDCAF-8C79-4305-A85A-13A728B331F7}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{A9FC2E7F-DB63-4706-AF71-74BAF8ACBB6E}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{AA36A4F3-35BB-4148-8BC2-F062F6AF73E9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AFABB92E-7C31-48A0-8B67-71A01A06C9D8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{B175DDC3-C19B-4152-9B47-2E050B2C1183}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{B313E9A6-2C78-4E7B-AFA6-5AB6B71804BB}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{B3FA9B31-9272-4C89-BBF9-E70D49C39EC1}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{B45012E5-A94D-4676-9A26-7A6231B90026}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{B73F697E-B3C2-4AEA-BB10-2248E8563785}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{B7D5D737-992F-41A1-8884-726ADDB0E7B7}" = protocol=17 | dir=in | app=c:\users\steven\appdata\roaming\dropbox\bin\dropbox.exe |
"{B88DC93B-A28F-4F0E-AD1B-F9B2F1CEDE9E}" = protocol=6 | dir=in | app=c:\users\steven\appdata\roaming\dropbox\bin\dropbox.exe |
"{B95E2BAF-8052-44FB-946F-EE9661827D14}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{BA4EF704-D766-40B1-8756-5E00C1535E8C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe |
"{BB52F36B-B1C8-487F-84AB-9252445366B5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{BBE21DF2-7246-490A-A81B-CDFD0E81E013}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe |
"{BEA0E54A-26CE-495F-B896-AD0945CA07F7}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{BF0485DE-7C9E-493D-81D7-E0767A9CF4AC}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{C367250E-F4D9-47FF-922A-A1D5BDAD01AE}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{CB43FA06-127B-49FC-B905-069AD0F49E81}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CC23A34F-A341-44D2-A138-F1153506BB45}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CC61C4E3-789E-46B1-AC75-0B84198D0113}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D094015E-CCDF-4383-8C81-9FA4669F3C2F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{D0F1F377-36C9-41B7-8697-A8369D89AF36}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{D13D4133-FCB0-4D35-9346-D444BFBC0A7A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D1CF4E7E-97F6-46CF-8AB2-2291873E7CB8}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{D63E18B1-1BB1-4617-B575-37C0AF2B9EFE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D65E18EA-8ADA-4049-9B31-B6131F37E541}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D8EB0597-38C1-468D-9CA9-2051AEDC026B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe |
"{D96D5FDC-03AF-438A-8343-AF2386D5AEE2}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{DC1EDB56-6EBB-4CC8-8DE4-125490AA9285}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{DF7EE8DE-0E69-456B-870C-D0DF00B6DC39}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E040D058-F90B-40DC-AFAA-88DDE6DC054B}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E7318A4C-F34C-4B0D-BF13-62D6576E75EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E81717F4-D867-4D3D-A7A2-6099230E241F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{E98AB9CF-A972-404A-9D96-3F7E5A483772}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E9C2C350-D6AA-46BC-816C-07B7546BDCE6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe |
"{EEB049D9-AB12-4A68-9D84-09BB5990EF2B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{F12598A8-B936-469A-892B-C7CC5EB41F58}" = protocol=6 | dir=in | app=c:\users\steven\appdata\local\akamai\netsession_win.exe |
"{F4A6ECC8-B43B-4C6C-9BDA-8C782E5B6DD0}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{F54949B6-7AD9-4756-B8EB-9D2FED1652A7}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{F7C18287-F966-47E9-BB36-45983098C0F1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FE4E87B3-197C-4ACA-84BE-E7407798D824}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0057ADE2-7619-44F6-A4B5-42D2283D94E5}C:\udk\udk-2010-01\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\udk\udk-2010-01\binaries\win32\udk.exe |
"TCP Query User{0F8F1736-ABEB-4FC3-806B-34C53051CD05}C:\users\steven\desktop\senior project\trunk\gow_server\debug\gow_server.exe" = protocol=6 | dir=in | app=c:\users\steven\desktop\senior project\trunk\gow_server\debug\gow_server.exe |
"TCP Query User{11C013EF-E409-40A7-BA49-9CE8A15EDC92}C:\program files\byond\bin\byond.exe" = protocol=6 | dir=in | app=c:\program files\byond\bin\byond.exe |
"TCP Query User{12B040E0-8C46-465E-88D1-BBFD84FC859F}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{1C8815CE-4514-4E45-856E-77B800108B60}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{25BC01F9-6825-4AA6-913E-444C92234C15}C:\program files\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files\lolreplay\lolreplay.exe |
"TCP Query User{2FB700FA-B05A-4AF4-99E3-02F33C1CB534}C:\users\steven\desktop\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\steven\desktop\warcraft iii\war3.exe |
"TCP Query User{3698B6A9-C7F1-45EB-9311-E01BB9484F0F}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{38D30D3F-670D-4E92-A67E-1C59046661DD}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{3D0B5C32-C7BA-4B75-995B-9900CA006DA1}C:\program files\kaiba corp vds\kcvds.exe" = protocol=6 | dir=in | app=c:\program files\kaiba corp vds\kcvds.exe |
"TCP Query User{4086FB20-2A4F-4A27-9FC3-8696AC42C151}C:\program files\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files\heroes of newerth\hon.exe |
"TCP Query User{4AF3A2AF-F825-449D-BC26-70A6A775AE28}C:\program files\kaiba corp vds\kcvds.exe" = protocol=6 | dir=in | app=c:\program files\kaiba corp vds\kcvds.exe |
"TCP Query User{75329B44-EECD-4EDE-B978-15DB3467FCE5}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"TCP Query User{7D58E468-17CD-4AD5-88E5-A9DC999E4EBC}C:\udk\udk-2010-10\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\udk\udk-2010-10\binaries\win32\udk.exe |
"TCP Query User{959FD9AD-078A-4FCE-946A-3A84B00FFC05}C:\users\steven\desktop\classes\gsp networking\tcp server\tcp server\release\tcp server.exe" = protocol=6 | dir=in | app=c:\users\steven\desktop\classes\gsp networking\tcp server\tcp server\release\tcp server.exe |
"TCP Query User{A68BB194-4196-4132-B781-EEC8B7437512}C:\users\steven\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\steven\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{B1ED4C08-4ECD-4F92-8DD7-548183DB13F0}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{B715AEF2-94C0-4637-9991-853C24683029}C:\users\steven\desktop\classes\gsp networking\udp server\udp server\release\udp server.exe" = protocol=6 | dir=in | app=c:\users\steven\desktop\classes\gsp networking\udp server\udp server\release\udp server.exe |
"TCP Query User{C3A9ED0E-6668-48CC-858B-63A06AC18754}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{CA86AF54-BB8E-4333-9637-DD190A96E5FA}C:\program files\byond\bin\byond.exe" = protocol=6 | dir=in | app=c:\program files\byond\bin\byond.exe |
"TCP Query User{CD92FA62-4F01-4C7A-91D1-A37068BC185A}C:\users\steven\desktop\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\steven\desktop\eclipse\eclipse.exe |
"TCP Query User{D5404C24-F2D3-491F-87E9-14C10CABF2E5}C:\users\steven\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\steven\appdata\local\akamai\netsession_win.exe |
"TCP Query User{D73E1CA1-F21B-4A41-815E-E8497EA49FEC}C:\program files\stunlock studios\bloodline champions beta\binary\bloodlinechampionsloader.exe" = protocol=6 | dir=in | app=c:\program files\stunlock studios\bloodline champions beta\binary\bloodlinechampionsloader.exe |
"TCP Query User{F1727D27-5C68-4A30-AFF9-D7828338DD2C}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{FCA96DE5-9BEF-41B7-8758-DEA5206825A8}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{FEEFBCED-FA85-4268-8937-4FF045DB9246}C:\program files\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files\lolreplay\lolreplay.exe |
"UDP Query User{0B7C2951-E27D-40F8-93AD-966498C228DA}C:\program files\stunlock studios\bloodline champions beta\binary\bloodlinechampionsloader.exe" = protocol=17 | dir=in | app=c:\program files\stunlock studios\bloodline champions beta\binary\bloodlinechampionsloader.exe |
"UDP Query User{1E584C3B-E3FD-4FE1-A64D-32D6DA7E0B4A}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{3E8D44E4-F42A-4058-BE2B-BE1960A82D5D}C:\users\steven\desktop\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\steven\desktop\warcraft iii\war3.exe |
"UDP Query User{427C1910-B288-45E8-BA41-3194A72E60ED}C:\udk\udk-2010-01\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\udk\udk-2010-01\binaries\win32\udk.exe |
"UDP Query User{445B467D-3887-4FC2-AAE7-E1FF0F30DF9B}C:\users\steven\desktop\classes\gsp networking\udp server\udp server\release\udp server.exe" = protocol=17 | dir=in | app=c:\users\steven\desktop\classes\gsp networking\udp server\udp server\release\udp server.exe |
"UDP Query User{479A8F0C-B5F2-46AF-B4B5-3DB2709E90C6}C:\users\steven\desktop\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\steven\desktop\eclipse\eclipse.exe |
"UDP Query User{4CAB3324-39CC-42C5-9D96-AE9118363ACF}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{50211A19-48D0-449B-8BAF-24F54C77B33B}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{6267D3AF-CD49-489F-AA48-FEE632CDC3A0}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{64132515-2659-42F8-BF4B-3D4C9547AE29}C:\users\steven\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\steven\appdata\local\akamai\netsession_win.exe |
"UDP Query User{693245F1-3886-4070-BF71-516C95246B76}C:\program files\byond\bin\byond.exe" = protocol=17 | dir=in | app=c:\program files\byond\bin\byond.exe |
"UDP Query User{78B9B26D-3A2A-44CD-A064-70536F8640DD}C:\program files\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files\lolreplay\lolreplay.exe |
"UDP Query User{846B4544-A80A-44D2-A6A6-3B43306A4FB3}C:\users\steven\desktop\senior project\trunk\gow_server\debug\gow_server.exe" = protocol=17 | dir=in | app=c:\users\steven\desktop\senior project\trunk\gow_server\debug\gow_server.exe |
"UDP Query User{84D252C2-90B7-4755-8C38-7117711FB5F4}C:\program files\kaiba corp vds\kcvds.exe" = protocol=17 | dir=in | app=c:\program files\kaiba corp vds\kcvds.exe |
"UDP Query User{8F58D071-9ACE-476B-956E-3283E68FF894}C:\program files\kaiba corp vds\kcvds.exe" = protocol=17 | dir=in | app=c:\program files\kaiba corp vds\kcvds.exe |
"UDP Query User{95693DFC-8469-4689-8524-383F4EE9B8C1}C:\users\steven\desktop\classes\gsp networking\tcp server\tcp server\release\tcp server.exe" = protocol=17 | dir=in | app=c:\users\steven\desktop\classes\gsp networking\tcp server\tcp server\release\tcp server.exe |
"UDP Query User{A0118BE0-93A4-40F4-8C43-B4FF8FB0DA88}C:\program files\byond\bin\byond.exe" = protocol=17 | dir=in | app=c:\program files\byond\bin\byond.exe |
"UDP Query User{AD7E979E-D41A-4C1C-98C4-95DF2D9B83AE}C:\program files\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files\lolreplay\lolreplay.exe |
"UDP Query User{AF5D875B-30B5-4BD0-85A7-39ACFFC8CFB4}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{B75E273C-6569-436B-99F0-89B1B15DDFA8}C:\udk\udk-2010-10\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\udk\udk-2010-10\binaries\win32\udk.exe |
"UDP Query User{CAF8F7B2-9B9A-4390-BC75-D1E5F9A349C2}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{DC15C1BC-7440-410D-8BA5-67AD66F9E844}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{F27BA161-820C-4DAD-B173-D6387DD7CE22}C:\program files\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files\heroes of newerth\hon.exe |
"UDP Query User{F31D0FC1-3BC4-4484-AAA8-A5B6628075EF}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"UDP Query User{F3358E3B-7315-40E1-A513-E21DD4178A23}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{F7CFA9F9-F155-4D0B-9CFD-8A1C927397E9}C:\users\steven\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\steven\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05703B9C-EF06-4E27-B9F0-9041987BAEB1}" = MySQL Installer
"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{11477E2B-84F7-4ED6-AA41-BFEEE3925A02}" = NVIDIA Developer Tools Software Activation
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{170DE2A7-4768-370C-9671-D8D17826EFBF}" = Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{1813DB85-5702-425A-9E75-727A4B77AF00}" = MySQL Connector/ODBC 3.51
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{21180AC3-8C4D-43B2-9977-ABAC6373C662}" = MySQL Connector C++ 1.1.0
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 29
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{295F6CAE-4C7D-47BA-BD85-7CEFB696C251}" = MySQL Server 5.5
"{2B095022-00FF-45D5-8717-3A20DFCB8C6B}" = RIFT
"{2D28E018-60D9-4357-B58C-66FCCA1C715E}" = MySQL Connector C 6.0.2
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{3752A515-BC59-4D67-86FE-F2030D86605C}" = MySQL Documents 5.5
"{37AC7F94-2C0C-3DFF-8039-4B6AB79150D0}" = Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39556553-8C77-4C5E-8F30-4083274948A2}" = Application Verifier
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{4073AAEC-B01B-4000-BC9B-1447E3A7BD87}" = AVG 2012
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4112625F-2D38-49EF-924F-48511BC5CD34}" = Microsoft SQL Server 2008 Database Engine Services
"{41A01180-D9FD-3428-9FD6-749F4C637CBF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{484B100E-6FBE-4631-BC55-5F872FD8E020}" = HP Wireless Assistant
"{485C9280-B899-4D46-86F3-B3E459636EE5}" = Yu-Gi-Oh! Power of Chaos KAIBA THE REVENGE
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4A9849CA-E11C-4F24-8BB1-97C717A1C898}" = LightScribe System Software
"{4AF9E60E-0C91-4E25-A264-6E47EB1CC25C}" = Secure Download Manager
"{4B509F1E-BEA7-3D0E-BE94-3BBF85E8D698}" = Microsoft Windows SDK .NET Framework Tools (30514)
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F30BC2B-5441-3149-91D7-FAA2332E2F5F}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60E2C8C9-6CF3-4B1A-9618-E304946C94E6}" = Python 2.4.4
"{6151cf20-0bd8-4023-a4a0-6a86dcfe58e5}" = Python 2.6.6
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{6406E3EA-9777-45B7-A0C0-89741E629352}" = Composite 2011
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}" = HP User Guides 0118
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67574624-BF0F-0409-AF6D-19FBD86FF7F7}" = Autodesk 3ds Max 2011 32-bit
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{699C970F-1E17-3CD8-A2EA-87AB9EDEDFF4}" = Microsoft Windows SDK for Windows 7 Samples (30514)
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{6B6383FE-C0CE-479A-BDDF-BD34579B676A}" = NVIDIA FX Composer 2.5
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6CD2B48F-CA5F-469C-8CC3-3877FC9F3EE8}" = MySQL Connector/ODBC 5.1
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{7AFFE35D-047A-3D27-B204-1CD849933C02}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81927AC8-8231-45BB-8C37-F65B01C79A9B}" = Subversion
"{827990C7-4D30-3627-A2D1-5FFA09198BB2}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{83A5D4E9-7FE6-336D-9525-F1C879496014}" = Google Talk Plugin
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
"{85C977FB-2A5B-3223-8AC5-828558EAF7D9}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PRJPROR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PRJPROR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PRJPROR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
"{90140000-00B4-0409-0000-0000000FF1CE}_Office14.PRJPROR_{18A0C151-8F8A-4B68-A960-60C464B94329}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PRJPROR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{928D2FB1-291A-362B-89A4-7075A9D904A4}" = Microsoft Windows SDK for Windows 7 (7.1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96C39A4E-8636-439B-B439-02E908C05A2A}" = League of Legends
"{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library
"{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9C11FA-AE85-3B48-86BE-5FA83D0384B3}" = Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
"{9AA16B0A-CCDA-44CE-8944-3235727C4EEA}" = MySQL Connector Net 6.4.4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D73FF54-9B45-4DD9-B07C-33419CE70135}" = MySQL Examples and Samples 5.5
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3827AD3-3553-4463-87B3-D1B88B24C468}" = TortoiseSVN 1.7.5.22551 (32 bit)
"{A7836FF5-7293-40A4-B86E-E2038F82E8F3}" = AVG 2012
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{ADD72094-D289-4714-A62E-70574478A2BC}" = System Requirements Lab for Intel
"{B124E6D3-91B4-4E3C-AD03-BA959B223537}" = Citrix online plug-in (Web)
"{B1D46FFA-BCA1-4810-A8C1-D091E65D544B}" = League of Legends
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3D1CFF9-C5DA-3590-894B-40821DDB67C5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{B4552068-73FD-406A-816B-2196F4DFCF75}" = NVIDIA FX Composer 2.5 Shader Debugger plugin
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7072091-4582-396F-87E2-412C85AC7095}" = Microsoft Windows SDK MSHelp (30514)
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C617EC41-9E21-3915-AA7E-F156B74F7D07}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CA206913-EE9F-495F-AD43-032E5833EE13}" = AnkhSVN 2.1.8420.8
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4197D6B-F046-33E7-ABDE-51FF373FDC76}" = Windows SDK IntellisenseNFX
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F67F2A84-63C9-4AE0-96F5-4057B4AF4229}" = MySQL Workbench 5.2 SE
"{F7B32144-0618-495B-8BA3-8A5B8037F72F}" = mental mill ® Artist Edition
"{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface Service
"Arena_0" = Arena 4.0
"Autodesk FBX Plug-in 2011.1 - 3ds Max 2011" = Autodesk FBX Plug-in 2011.1 - 3ds Max 2011
"avast" = avast! Free Antivirus
"AVG" = AVG 2012
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"Blender" = Blender (remove only)
"Build Your Own Net Dream" = Build Your Own Net Dream (remove only)
"BurnAware Free_is1" = BurnAware Free 2.4
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Game Maker 8.0" = Game Maker 8.0
"Graboid Video" = Graboid Video 2.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"hon" = Heroes of Newerth
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2B095022-00FF-45D5-8717-3A20DFCB8C6B}" = RIFT
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"Kaiba Corp VDS_is1" = Kaiba Corp Virtual Duel System 1.16
"LOLReplay" = LOLReplay
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MSNINST" = MSN
"MyScribe" = MyScribe
"Office14.PRJPROR" = Microsoft Project Professional 2010
"OpenAL" = OpenAL
"RapidSVN-0.12.0_is1" = RapidSVN-0.12.0
"Realm Of The Titans" = Realm Of The Titans
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam App 1250" = Killing Floor
"Steam App 13210" = Unreal Tournament 3: Black Edition
"Steam App 35420" = Killing Floor Mod: Defence Alliance 2
"Steam App 440" = Team Fortress 2
"Steam App 630" = Alien Swarm
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UDK-0e874b82-e19d-4429-b0c6-5984e7a89977" = Unreal Development Kit: 2010-01
"uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar
"VideoPad" = VideoPad Video Editor
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 2.0.1
"WildTangent hp Master Uninstall" = My HP Games
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/27/2012 1:28:32 AM | Computer Name = FlynnPC | Source = WinMgmt | ID = 10
Description =

Error - 7/28/2012 6:49:49 PM | Computer Name = FlynnPC | Source = MySQL | ID = 100
Description = Plugin 'InnoDB' init function returned error. For more information,
see Help and Support Center at http://www.mysql.com.

Error - 7/28/2012 6:49:49 PM | Computer Name = FlynnPC | Source = MySQL | ID = 100
Description = Plugin 'InnoDB' registration as a STORAGE ENGINE failed. For more information,
see Help and Support Center at http://www.mysql.com.

Error - 7/28/2012 6:49:49 PM | Computer Name = FlynnPC | Source = MySQL | ID = 100
Description = Unknown/unsupported storage engine: INNODB For more information, see
Help and Support Center at http://www.mysql.com.

Error - 7/28/2012 6:49:49 PM | Computer Name = FlynnPC | Source = MySQL | ID = 100
Description = Aborting For more information, see Help and Support Center at http://www.mysql.com.



Error - 7/28/2012 6:49:56 PM | Computer Name = FlynnPC | Source = WinMgmt | ID = 10
Description =

Error - 7/28/2012 6:49:59 PM | Computer Name = FlynnPC | Source = MySQL | ID = 100
Description = Plugin 'InnoDB' init function returned error. For more information,
see Help and Support Center at http://www.mysql.com.

Error - 7/28/2012 6:49:59 PM | Computer Name = FlynnPC | Source = MySQL | ID = 100
Description = Plugin 'InnoDB' registration as a STORAGE ENGINE failed. For more information,
see Help and Support Center at http://www.mysql.com.

Error - 7/28/2012 6:49:59 PM | Computer Name = FlynnPC | Source = MySQL | ID = 100
Description = Unknown/unsupported storage engine: INNODB For more information, see
Help and Support Center at http://www.mysql.com.

Error - 7/28/2012 6:49:59 PM | Computer Name = FlynnPC | Source = MySQL | ID = 100
Description = Aborting For more information, see Help and Support Center at http://www.mysql.com.



Error - 7/28/2012 6:50:19 PM | Computer Name = FlynnPC | Source = Application Error | ID = 1000
Description = Faulting application name: avgidsagent.exe, version: 12.0.0.2171,
time stamp: 0x4f39bdd4 Faulting module name: avgidsagent.exe, version: 12.0.0.2171,
time stamp: 0x4f39bdd4 Exception code: 0xc0000005 Fault offset: 0x0019633f Faulting
process id: 0xdd8 Faulting application start time: 0x01cd6d134eedccd0 Faulting application
path: C:\Program Files\AVG\AVG2012\avgidsagent.exe Faulting module path: C:\Program
Files\AVG\AVG2012\avgidsagent.exe Report Id: 9a7e35ca-d906-11e1-b447-001f16e3305e

[ System Events ]
Error - 7/28/2012 6:49:29 PM | Computer Name = FlynnPC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the MySQL
service to connect.

Error - 7/28/2012 6:49:29 PM | Computer Name = FlynnPC | Source = Service Control Manager | ID = 7000
Description = The MySQL service failed to start due to the following error: %%1053

Error - 7/28/2012 6:50:30 PM | Computer Name = FlynnPC | Source = Service Control Manager | ID = 7034
Description = The AVGIDSAgent service terminated unexpectedly. It has done this
1 time(s).

Error - 7/28/2012 6:50:30 PM | Computer Name = FlynnPC | Source = Service Control Manager | ID = 7034
Description = The MySQL_1 service terminated unexpectedly. It has done this 1 time(s).

Error - 7/28/2012 6:50:30 PM | Computer Name = FlynnPC | Source = Service Control Manager | ID = 7034
Description = The MySQL_1_1 service terminated unexpectedly. It has done this 1
time(s).

Error - 7/28/2012 6:50:31 PM | Computer Name = FlynnPC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 7/28/2012 6:53:21 PM | Computer Name = FlynnPC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 7/28/2012 6:53:22 PM | Computer Name = FlynnPC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 7/28/2012 6:53:22 PM | Computer Name = FlynnPC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 7/28/2012 6:53:23 PM | Computer Name = FlynnPC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.


< End of report >

#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:32 PM

Posted 28 July 2012 - 10:02 PM

Please do this next:

Posted Image Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:EA029835
    :Commands
    [EmptyTemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log
Posted Image Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
Posted Image Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Be sure that everything else is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post the results.
Please include the following in your next post:
  • OTL Fix log
  • FSS log
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#14 Rbara

Rbara
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 30 July 2012 - 12:05 AM

The first time I ran the Malwarebytes scan I had to leave it going overnight and when I checked on it, it said my computer had recovered from an unexpected shutdown. I ran it again and left it going for 4 hours but it began to become extremely slow so I stopped it and cleaned what had came up.





OTL fix:

All processes killed
========== OTL ==========
ADS C:\ProgramData\Temp:EA029835 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 81569 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Steven
->Temp folder emptied: 1409103742 bytes
->Temporary Internet Files folder emptied: 752387095 bytes
->Java cache emptied: 31735270 bytes
->FireFox cache emptied: 251958013 bytes
->Google Chrome cache emptied: 359675441 bytes
->Flash cache emptied: 16438 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1246421787 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3,864.00 mb


OTL by OldTimer - Version 3.2.55.0 log created on 07282012_215704

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2012/07/28 22:07:12 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5

Registry entries deleted on Reboot...



FSS:

Farbar Service Scanner Version: 26-07-2012
Ran by Steven (administrator) on 28-07-2012 at 22:13:13
Running from "C:\Users\Steven\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



MBMA log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.29.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Steven :: FLYNNPC [administrator]

7/29/2012 5:24:50 PM
mbam-log-2012-07-29 (17-24-50).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 294917
Time elapsed: 4 hour(s), 17 minute(s), 13 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\FRST\Quarantine\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000004.@ (Rootkit.Zaccess) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\trz20CF.tmp (Trojan.Sirefef) -> Quarantined and deleted successfully.

(end)

#15 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:32 PM

Posted 30 July 2012 - 11:18 AM

What problems, if any, are you still having with the computer? Please do this next:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
  • Go to Start > Control Panel > Programs > Uninstall a program, and remove all older versions of Java.
  • Click (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name and select "uninstall".
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Go to this page to download the latest version. Press the download button under JRE and follow the prompts. Accept the agreement and choose the Windows x86 offline option.
  • Run the insatller you just downloaded
Posted Image Go to thisLINK to run an online scannner from ESET.
  • Note: For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If you are using Internet Explorer, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users