Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I got a rootkit!


  • This topic is locked This topic is locked
37 replies to this topic

#1 noob123456

noob123456

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 01 August 2012 - 08:05 AM

Now certain things won't run (e.g. cmd.exe, sfc.exe, dds.exe, regnulldel.exe, etc...)


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-01 08:49:28
Windows 6.1.7601 Service Pack 1
Running: y6v6cfyp.exe


---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5D0A3B40-DBC0-A247-C68E-9EBCE793C772}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5D0A3B40-DBC0-A247-C68E-9EBCE793C772}@iadmgnjgegpnajoghp 0x69 0x61 0x64 0x64 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5D0A3B40-DBC0-A247-C68E-9EBCE793C772}@hajlafmhgjcmfjbb 0x69 0x61 0x64 0x64 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5D0A3B40-DBC0-A247-C68E-9EBCE793C772}@gaomfajljagbfk 0x61 0x63 0x6F 0x6A ...

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:02:43 AM

Posted 01 August 2012 - 02:15 PM

Hello and welcome to Bleeping Computer!

I am D-FRED-BROWN and I will be helping you. :)


Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.


----------Step 1----------------
I know you've already run TDSSKiller before, but please run it one more time so we have an up-to-date idea of what may be remaining on the computer.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Skip is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: Do not choose Cure or Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


----------Step 3----------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 4----------------
In your next reply, please include the following:
  • TDSSKiller's logfile
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt
After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#3 noob123456

noob123456
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 01 August 2012 - 02:37 PM

TDSS:

15:24:04.0658 5868 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
15:24:05.0509 5868 ============================================================
15:24:05.0509 5868 Current date / time: 2012/08/01 15:24:05.0509
15:24:05.0509 5868 SystemInfo:
15:24:05.0509 5868
15:24:05.0509 5868 OS Version: 6.1.7601 ServicePack: 1.0
15:24:05.0509 5868 Product type: Workstation
15:24:05.0510 5868 ComputerName: OWNER-HP
15:24:05.0510 5868 UserName: Owner
15:24:05.0510 5868 Windows directory: C:\Windows
15:24:05.0510 5868 System windows directory: C:\Windows
15:24:05.0510 5868 Running under WOW64
15:24:05.0510 5868 Processor architecture: Intel x64
15:24:05.0510 5868 Number of processors: 4
15:24:05.0510 5868 Page size: 0x1000
15:24:05.0510 5868 Boot type: Normal boot
15:24:05.0510 5868 ============================================================
15:24:06.0017 5868 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:24:06.0028 5868 ============================================================
15:24:06.0028 5868 \Device\Harddisk0\DR0:
15:24:06.0028 5868 MBR partitions:
15:24:06.0028 5868 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
15:24:06.0028 5868 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x3D1B4021
15:24:06.0028 5868 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x57512800, BlocksNum 0x33EF0
15:24:06.0073 5868 ============================================================
15:24:06.0107 5868 C: <-> \Device\Harddisk0\DR0\Partition1
15:24:06.0138 5868 D: <-> \Device\Harddisk0\DR0\Partition2
15:24:06.0138 5868 ============================================================
15:24:06.0138 5868 Initialize success
15:24:06.0138 5868 ============================================================
15:24:13.0322 0868 ============================================================
15:24:13.0322 0868 Scan started
15:24:13.0322 0868 Mode: Manual; SigCheck; TDLFS;
15:24:13.0322 0868 ============================================================
15:24:14.0771 0868 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:24:14.0879 0868 1394ohci - ok
15:24:14.0921 0868 Accelerometer (5aa055fe5ae506e19e9a8f537756ee10) C:\Windows\system32\DRIVERS\Accelerometer.sys
15:24:14.0941 0868 Accelerometer - ok
15:24:15.0006 0868 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:24:15.0038 0868 ACPI - ok
15:24:15.0082 0868 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:24:15.0168 0868 AcpiPmi - ok
15:24:15.0360 0868 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:24:15.0381 0868 AdobeFlashPlayerUpdateSvc - ok
15:24:15.0476 0868 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:24:15.0514 0868 adp94xx - ok
15:24:15.0567 0868 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:24:15.0585 0868 adpahci - ok
15:24:15.0616 0868 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:24:15.0632 0868 adpu320 - ok
15:24:15.0687 0868 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:24:15.0858 0868 AeLookupSvc - ok
15:24:15.0942 0868 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
15:24:16.0017 0868 AESTFilters - ok
15:24:16.0082 0868 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:24:16.0144 0868 AFD - ok
15:24:16.0187 0868 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:24:16.0205 0868 agp440 - ok
15:24:16.0250 0868 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:24:16.0309 0868 ALG - ok
15:24:16.0343 0868 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:24:16.0356 0868 aliide - ok
15:24:16.0402 0868 AMD External Events Utility (48619a29f9c9c3cfeb66718dd03d8057) C:\Windows\system32\atiesrxx.exe
15:24:16.0503 0868 AMD External Events Utility - ok
15:24:16.0534 0868 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:24:16.0552 0868 amdide - ok
15:24:16.0594 0868 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:24:16.0666 0868 AmdK8 - ok
15:24:17.0070 0868 amdkmdag (06bf0785de714637eba9bb1084b28626) C:\Windows\system32\DRIVERS\atikmdag.sys
15:24:17.0281 0868 amdkmdag - ok
15:24:17.0433 0868 amdkmdap (2dec3274589ff6889ab05adceeb0f642) C:\Windows\system32\DRIVERS\atikmpag.sys
15:24:17.0496 0868 amdkmdap - ok
15:24:17.0521 0868 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:24:17.0553 0868 AmdPPM - ok
15:24:17.0594 0868 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:24:17.0609 0868 amdsata - ok
15:24:17.0633 0868 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:24:17.0646 0868 amdsbs - ok
15:24:17.0663 0868 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:24:17.0673 0868 amdxata - ok
15:24:17.0886 0868 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:24:17.0918 0868 AntiVirSchedulerService - ok
15:24:17.0993 0868 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:24:18.0007 0868 AntiVirService - ok
15:24:18.0056 0868 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:24:18.0200 0868 AppID - ok
15:24:18.0237 0868 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:24:18.0313 0868 AppIDSvc - ok
15:24:18.0367 0868 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:24:18.0415 0868 Appinfo - ok
15:24:18.0512 0868 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:24:18.0528 0868 Apple Mobile Device - ok
15:24:18.0583 0868 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:24:18.0603 0868 arc - ok
15:24:18.0616 0868 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:24:18.0627 0868 arcsas - ok
15:24:18.0651 0868 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:24:18.0702 0868 AsyncMac - ok
15:24:18.0738 0868 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:24:18.0747 0868 atapi - ok
15:24:18.0815 0868 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
15:24:18.0834 0868 AtiHdmiService - ok
15:24:18.0898 0868 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:24:18.0974 0868 AudioEndpointBuilder - ok
15:24:18.0980 0868 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:24:19.0019 0868 AudioSrv - ok
15:24:19.0075 0868 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
15:24:19.0086 0868 avgntflt - ok
15:24:19.0135 0868 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
15:24:19.0154 0868 avipbb - ok
15:24:19.0194 0868 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
15:24:19.0207 0868 avkmgr - ok
15:24:19.0245 0868 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:24:19.0284 0868 AxInstSV - ok
15:24:19.0350 0868 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:24:19.0384 0868 b06bdrv - ok
15:24:19.0428 0868 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:24:19.0475 0868 b57nd60a - ok
15:24:19.0676 0868 BCM43XX (0e7a9264576b40638a3fbc804de1ff76) C:\Windows\system32\DRIVERS\bcmwl664.sys
15:24:19.0743 0868 BCM43XX - ok
15:24:19.0856 0868 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:24:19.0914 0868 BDESVC - ok
15:24:19.0981 0868 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:24:20.0060 0868 Beep - ok
15:24:20.0153 0868 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:24:20.0237 0868 BFE - ok
15:24:20.0280 0868 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
15:24:20.0355 0868 BITS - ok
15:24:20.0434 0868 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:24:20.0466 0868 blbdrive - ok
15:24:20.0576 0868 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:24:20.0601 0868 Bonjour Service - ok
15:24:20.0651 0868 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:24:20.0673 0868 bowser - ok
15:24:20.0708 0868 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:24:20.0786 0868 BrFiltLo - ok
15:24:20.0801 0868 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:24:20.0818 0868 BrFiltUp - ok
15:24:20.0833 0868 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:24:20.0878 0868 BridgeMP - ok
15:24:20.0919 0868 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:24:20.0976 0868 Browser - ok
15:24:21.0018 0868 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:24:21.0052 0868 Brserid - ok
15:24:21.0086 0868 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:24:21.0109 0868 BrSerWdm - ok
15:24:21.0122 0868 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:24:21.0159 0868 BrUsbMdm - ok
15:24:21.0163 0868 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:24:21.0206 0868 BrUsbSer - ok
15:24:21.0231 0868 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:24:21.0262 0868 BTHMODEM - ok
15:24:21.0309 0868 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:24:21.0361 0868 bthserv - ok
15:24:21.0397 0868 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:24:21.0449 0868 cdfs - ok
15:24:21.0508 0868 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:24:21.0543 0868 cdrom - ok
15:24:21.0582 0868 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:24:21.0647 0868 CertPropSvc - ok
15:24:21.0683 0868 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:24:21.0722 0868 circlass - ok
15:24:21.0774 0868 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:24:21.0805 0868 CLFS - ok
15:24:21.0885 0868 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:24:21.0902 0868 clr_optimization_v2.0.50727_32 - ok
15:24:21.0952 0868 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:24:21.0970 0868 clr_optimization_v2.0.50727_64 - ok
15:24:22.0040 0868 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:24:22.0073 0868 clr_optimization_v4.0.30319_32 - ok
15:24:22.0115 0868 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:24:22.0132 0868 clr_optimization_v4.0.30319_64 - ok
15:24:22.0157 0868 clwvd (d68d9f4d53010b7e84d4e80a2e485554) C:\Windows\system32\DRIVERS\clwvd.sys
15:24:22.0171 0868 clwvd - ok
15:24:22.0185 0868 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:24:22.0198 0868 CmBatt - ok
15:24:22.0229 0868 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:24:22.0240 0868 cmdide - ok
15:24:22.0293 0868 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
15:24:22.0353 0868 CNG - ok
15:24:22.0388 0868 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:24:22.0410 0868 Compbatt - ok
15:24:22.0449 0868 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:24:22.0487 0868 CompositeBus - ok
15:24:22.0498 0868 COMSysApp - ok
15:24:22.0522 0868 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:24:22.0535 0868 crcdisk - ok
15:24:22.0583 0868 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
15:24:22.0620 0868 CryptSvc - ok
15:24:22.0674 0868 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
15:24:22.0692 0868 dc3d - ok
15:24:22.0766 0868 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:24:22.0853 0868 DcomLaunch - ok
15:24:22.0903 0868 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:24:22.0978 0868 defragsvc - ok
15:24:23.0010 0868 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:24:23.0064 0868 DfsC - ok
15:24:23.0106 0868 dg_ssudbus (113212d25d0c9bb8901a9833774da97f) C:\Windows\system32\DRIVERS\ssudbus.sys
15:24:23.0118 0868 dg_ssudbus - ok
15:24:23.0170 0868 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:24:23.0235 0868 Dhcp - ok
15:24:23.0271 0868 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:24:23.0354 0868 discache - ok
15:24:23.0380 0868 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:24:23.0392 0868 Disk - ok
15:24:23.0438 0868 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:24:23.0501 0868 Dnscache - ok
15:24:23.0543 0868 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:24:23.0602 0868 dot3svc - ok
15:24:23.0623 0868 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:24:23.0672 0868 DPS - ok
15:24:23.0710 0868 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:24:23.0745 0868 drmkaud - ok
15:24:23.0819 0868 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:24:23.0860 0868 DXGKrnl - ok
15:24:23.0884 0868 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:24:23.0931 0868 EapHost - ok
15:24:24.0122 0868 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:24:24.0258 0868 ebdrv - ok
15:24:24.0356 0868 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:24:24.0399 0868 EFS - ok
15:24:24.0490 0868 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:24:24.0566 0868 ehRecvr - ok
15:24:24.0618 0868 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:24:24.0667 0868 ehSched - ok
15:24:24.0745 0868 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:24:24.0781 0868 elxstor - ok
15:24:24.0813 0868 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:24:24.0834 0868 ErrDev - ok
15:24:24.0884 0868 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:24:24.0949 0868 EventSystem - ok
15:24:25.0003 0868 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:24:25.0059 0868 exfat - ok
15:24:25.0085 0868 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:24:25.0136 0868 fastfat - ok
15:24:25.0217 0868 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:24:25.0285 0868 Fax - ok
15:24:25.0317 0868 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:24:25.0371 0868 fdc - ok
15:24:25.0426 0868 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:24:25.0506 0868 fdPHost - ok
15:24:25.0519 0868 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:24:25.0583 0868 FDResPub - ok
15:24:25.0600 0868 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:24:25.0611 0868 FileInfo - ok
15:24:25.0625 0868 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:24:25.0706 0868 Filetrace - ok
15:24:25.0731 0868 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:24:25.0742 0868 flpydisk - ok
15:24:25.0787 0868 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:24:25.0803 0868 FltMgr - ok
15:24:25.0880 0868 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:24:25.0927 0868 FontCache - ok
15:24:25.0985 0868 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:24:25.0993 0868 FontCache3.0.0.0 - ok
15:24:26.0057 0868 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:24:26.0068 0868 FsDepends - ok
15:24:26.0097 0868 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:24:26.0109 0868 Fs_Rec - ok
15:24:26.0143 0868 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:24:26.0162 0868 fvevol - ok
15:24:26.0207 0868 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:24:26.0229 0868 gagp30kx - ok
15:24:26.0268 0868 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:24:26.0278 0868 GEARAspiWDM - ok
15:24:26.0349 0868 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:24:26.0401 0868 gpsvc - ok
15:24:26.0425 0868 hcmon (adb4348da1345877b04e22203afc8993) C:\Windows\system32\drivers\hcmon.sys
15:24:26.0433 0868 hcmon - ok
15:24:26.0458 0868 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:24:26.0490 0868 hcw85cir - ok
15:24:26.0556 0868 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:24:26.0600 0868 HdAudAddService - ok
15:24:26.0634 0868 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:24:26.0667 0868 HDAudBus - ok
15:24:26.0710 0868 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
15:24:26.0727 0868 HECIx64 - ok
15:24:26.0757 0868 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:24:26.0779 0868 HidBatt - ok
15:24:26.0802 0868 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:24:26.0817 0868 HidBth - ok
15:24:26.0838 0868 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:24:26.0866 0868 HidIr - ok
15:24:26.0890 0868 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:24:26.0943 0868 hidserv - ok
15:24:26.0971 0868 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:24:26.0981 0868 HidUsb - ok
15:24:27.0015 0868 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:24:27.0064 0868 hkmsvc - ok
15:24:27.0101 0868 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:24:27.0147 0868 HomeGroupListener - ok
15:24:27.0187 0868 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:24:27.0217 0868 HomeGroupProvider - ok
15:24:27.0292 0868 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
15:24:27.0311 0868 HPClientSvc - ok
15:24:27.0332 0868 hpdskflt (0ac88fbe4bf315f5f8fd862426c11540) C:\Windows\system32\DRIVERS\hpdskflt.sys
15:24:27.0341 0868 hpdskflt - ok
15:24:27.0373 0868 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:24:27.0385 0868 HpSAMD - ok
15:24:27.0405 0868 hpsrv (778ce2c015dec896c5c9323342bd71d4) C:\Windows\system32\Hpservice.exe
15:24:27.0414 0868 hpsrv - ok
15:24:27.0470 0868 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:24:27.0546 0868 HTTP - ok
15:24:27.0569 0868 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:24:27.0578 0868 hwpolicy - ok
15:24:27.0619 0868 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:24:27.0632 0868 i8042prt - ok
15:24:27.0672 0868 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
15:24:27.0692 0868 iaStor - ok
15:24:27.0742 0868 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:24:27.0762 0868 iaStorV - ok
15:24:27.0866 0868 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:24:27.0905 0868 idsvc - ok
15:24:28.0439 0868 igfx (1be8d9ca4f2363b8e8015621878e0043) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:24:28.0710 0868 igfx - ok
15:24:28.0824 0868 IHA_MessageCenter (c135bff15563592b8ea070ea109967f7) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
15:24:28.0843 0868 IHA_MessageCenter - ok
15:24:28.0959 0868 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:24:28.0980 0868 iirsp - ok
15:24:29.0063 0868 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:24:29.0143 0868 IKEEXT - ok
15:24:29.0187 0868 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
15:24:29.0240 0868 Impcd - ok
15:24:29.0270 0868 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:24:29.0288 0868 intelide - ok
15:24:29.0834 0868 intelkmd (1be8d9ca4f2363b8e8015621878e0043) C:\Windows\system32\DRIVERS\igdpmd64.sys
15:24:30.0080 0868 intelkmd - ok
15:24:30.0213 0868 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:24:30.0249 0868 intelppm - ok
15:24:30.0275 0868 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:24:30.0337 0868 IPBusEnum - ok
15:24:30.0374 0868 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:24:30.0407 0868 IpFilterDriver - ok
15:24:30.0455 0868 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:24:30.0513 0868 iphlpsvc - ok
15:24:30.0540 0868 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:24:30.0554 0868 IPMIDRV - ok
15:24:30.0583 0868 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:24:30.0641 0868 IPNAT - ok
15:24:30.0753 0868 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
15:24:30.0792 0868 iPod Service - ok
15:24:30.0819 0868 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:24:30.0899 0868 IRENUM - ok
15:24:30.0943 0868 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:24:30.0954 0868 isapnp - ok
15:24:30.0992 0868 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:24:31.0006 0868 iScsiPrt - ok
15:24:31.0032 0868 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:24:31.0042 0868 kbdclass - ok
15:24:31.0072 0868 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:24:31.0096 0868 kbdhid - ok
15:24:31.0134 0868 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:24:31.0148 0868 KeyIso - ok
15:24:31.0177 0868 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
15:24:31.0192 0868 KSecDD - ok
15:24:31.0222 0868 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
15:24:31.0238 0868 KSecPkg - ok
15:24:31.0271 0868 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:24:31.0333 0868 ksthunk - ok
15:24:31.0387 0868 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:24:31.0450 0868 KtmRm - ok
15:24:31.0503 0868 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
15:24:31.0552 0868 LanmanServer - ok
15:24:31.0578 0868 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:24:31.0626 0868 LanmanWorkstation - ok
15:24:31.0734 0868 LightScribeService (fcbdcc6f1801e32244235608e1277752) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:24:31.0750 0868 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
15:24:31.0750 0868 LightScribeService - detected UnsignedFile.Multi.Generic (1)
15:24:31.0791 0868 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:24:31.0840 0868 lltdio - ok
15:24:31.0892 0868 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:24:31.0944 0868 lltdsvc - ok
15:24:31.0965 0868 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:24:31.0998 0868 lmhosts - ok
15:24:32.0086 0868 LMS (6d515466ab8bfe61184092b635ae6eb4) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
15:24:32.0109 0868 LMS - ok
15:24:32.0154 0868 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:24:32.0167 0868 LSI_FC - ok
15:24:32.0190 0868 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:24:32.0203 0868 LSI_SAS - ok
15:24:32.0217 0868 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:24:32.0230 0868 LSI_SAS2 - ok
15:24:32.0251 0868 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:24:32.0265 0868 LSI_SCSI - ok
15:24:32.0309 0868 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:24:32.0369 0868 luafv - ok
15:24:32.0403 0868 ManyCam (922cbac7b992b9614cab7122f4bf9406) C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
15:24:32.0438 0868 ManyCam - ok
15:24:32.0498 0868 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
15:24:32.0510 0868 MBAMProtector - ok
15:24:32.0578 0868 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:24:32.0596 0868 MBAMService - ok
15:24:32.0644 0868 mcaudrv_simple (34a42dd7cf525d0d2c5232916496e4b8) C:\Windows\system32\drivers\mcaudrv_x64.sys
15:24:32.0669 0868 mcaudrv_simple - ok
15:24:32.0707 0868 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:24:32.0725 0868 Mcx2Svc - ok
15:24:32.0743 0868 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:24:32.0754 0868 megasas - ok
15:24:32.0794 0868 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:24:32.0814 0868 MegaSR - ok
15:24:32.0888 0868 Microsoft SharePoint Workspace Audit Service - ok
15:24:32.0920 0868 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:24:32.0998 0868 MMCSS - ok
15:24:33.0016 0868 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:24:33.0063 0868 Modem - ok
15:24:33.0093 0868 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:24:33.0125 0868 monitor - ok
15:24:33.0174 0868 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:24:33.0194 0868 mouclass - ok
15:24:33.0232 0868 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:24:33.0249 0868 mouhid - ok
15:24:33.0283 0868 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:24:33.0299 0868 mountmgr - ok
15:24:33.0347 0868 MozillaMaintenance (5bafd39abd0ef8c2430e49da3b69087d) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:24:33.0363 0868 MozillaMaintenance - ok
15:24:33.0403 0868 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:24:33.0427 0868 mpio - ok
15:24:33.0499 0868 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:24:33.0563 0868 mpsdrv - ok
15:24:33.0653 0868 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:24:33.0720 0868 MpsSvc - ok
15:24:33.0754 0868 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:24:33.0787 0868 MRxDAV - ok
15:24:33.0814 0868 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:24:33.0858 0868 mrxsmb - ok
15:24:33.0892 0868 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:24:33.0905 0868 mrxsmb10 - ok
15:24:33.0932 0868 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:24:33.0952 0868 mrxsmb20 - ok
15:24:34.0001 0868 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:24:34.0022 0868 msahci - ok
15:24:34.0050 0868 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:24:34.0065 0868 msdsm - ok
15:24:34.0099 0868 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:24:34.0133 0868 MSDTC - ok
15:24:34.0165 0868 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:24:34.0210 0868 Msfs - ok
15:24:34.0237 0868 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:24:34.0289 0868 mshidkmdf - ok
15:24:34.0314 0868 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:24:34.0324 0868 msisadrv - ok
15:24:34.0357 0868 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:24:34.0403 0868 MSiSCSI - ok
15:24:34.0406 0868 msiserver - ok
15:24:34.0447 0868 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:24:34.0526 0868 MSKSSRV - ok
15:24:34.0542 0868 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:24:34.0598 0868 MSPCLOCK - ok
15:24:34.0615 0868 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:24:34.0672 0868 MSPQM - ok
15:24:34.0713 0868 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:24:34.0732 0868 MsRPC - ok
15:24:34.0758 0868 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:24:34.0769 0868 mssmbios - ok
15:24:34.0803 0868 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:24:34.0863 0868 MSTEE - ok
15:24:34.0882 0868 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:24:34.0910 0868 MTConfig - ok
15:24:34.0925 0868 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:24:34.0936 0868 Mup - ok
15:24:34.0983 0868 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:24:35.0050 0868 napagent - ok
15:24:35.0107 0868 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:24:35.0144 0868 NativeWifiP - ok
15:24:35.0246 0868 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:24:35.0295 0868 NDIS - ok
15:24:35.0319 0868 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:24:35.0374 0868 NdisCap - ok
15:24:35.0393 0868 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:24:35.0446 0868 NdisTapi - ok
15:24:35.0488 0868 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:24:35.0536 0868 Ndisuio - ok
15:24:35.0564 0868 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:24:35.0608 0868 NdisWan - ok
15:24:35.0643 0868 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:24:35.0681 0868 NDProxy - ok
15:24:35.0712 0868 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:24:35.0764 0868 NetBIOS - ok
15:24:35.0801 0868 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:24:35.0855 0868 NetBT - ok
15:24:35.0879 0868 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:24:35.0889 0868 Netlogon - ok
15:24:35.0932 0868 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:24:35.0977 0868 Netman - ok
15:24:36.0012 0868 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:24:36.0108 0868 netprofm - ok
15:24:36.0170 0868 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:24:36.0189 0868 NetTcpPortSharing - ok
15:24:36.0498 0868 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
15:24:36.0616 0868 netw5v64 - ok
15:24:36.0741 0868 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:24:36.0763 0868 nfrd960 - ok
15:24:36.0808 0868 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:24:36.0871 0868 NlaSvc - ok
15:24:36.0931 0868 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
15:24:36.0947 0868 NPF - ok
15:24:36.0976 0868 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:24:37.0024 0868 Npfs - ok
15:24:37.0058 0868 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:24:37.0137 0868 nsi - ok
15:24:37.0157 0868 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:24:37.0220 0868 nsiproxy - ok
15:24:37.0339 0868 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:24:37.0393 0868 Ntfs - ok
15:24:37.0511 0868 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:24:37.0583 0868 Null - ok
15:24:37.0632 0868 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:24:37.0645 0868 nvraid - ok
15:24:37.0664 0868 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:24:37.0675 0868 nvstor - ok
15:24:37.0693 0868 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:24:37.0703 0868 nv_agp - ok
15:24:37.0718 0868 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:24:37.0738 0868 ohci1394 - ok
15:24:37.0834 0868 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:24:37.0852 0868 ose - ok
15:24:38.0151 0868 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:24:38.0299 0868 osppsvc - ok
15:24:38.0423 0868 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:24:38.0469 0868 p2pimsvc - ok
15:24:38.0502 0868 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:24:38.0530 0868 p2psvc - ok
15:24:38.0597 0868 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:24:38.0613 0868 Parport - ok
15:24:38.0641 0868 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:24:38.0656 0868 partmgr - ok
15:24:38.0681 0868 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:24:38.0721 0868 PcaSvc - ok
15:24:38.0754 0868 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:24:38.0770 0868 pci - ok
15:24:38.0782 0868 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:24:38.0792 0868 pciide - ok
15:24:38.0821 0868 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:24:38.0835 0868 pcmcia - ok
15:24:38.0851 0868 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:24:38.0862 0868 pcw - ok
15:24:38.0895 0868 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:24:38.0953 0868 PEAUTH - ok
15:24:39.0056 0868 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:24:39.0097 0868 PerfHost - ok
15:24:39.0252 0868 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:24:39.0333 0868 pla - ok
15:24:39.0378 0868 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:24:39.0422 0868 PlugPlay - ok
15:24:39.0456 0868 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:24:39.0501 0868 PNRPAutoReg - ok
15:24:39.0537 0868 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:24:39.0564 0868 PNRPsvc - ok
15:24:39.0629 0868 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
15:24:39.0644 0868 Point64 - ok
15:24:39.0703 0868 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:24:39.0795 0868 PolicyAgent - ok
15:24:39.0832 0868 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:24:39.0901 0868 Power - ok
15:24:39.0940 0868 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:24:40.0001 0868 PptpMiniport - ok
15:24:40.0024 0868 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:24:40.0048 0868 Processor - ok
15:24:40.0082 0868 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
15:24:40.0126 0868 ProfSvc - ok
15:24:40.0146 0868 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:24:40.0162 0868 ProtectedStorage - ok
15:24:40.0200 0868 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:24:40.0250 0868 Psched - ok
15:24:40.0323 0868 PSI_SVC_2 (f036cfb275d0c55f4e45fbbf5f98b3c8) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
15:24:40.0342 0868 PSI_SVC_2 - ok
15:24:40.0372 0868 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
15:24:40.0383 0868 PxHlpa64 - ok
15:24:40.0483 0868 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:24:40.0538 0868 ql2300 - ok
15:24:40.0670 0868 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:24:40.0691 0868 ql40xx - ok
15:24:40.0730 0868 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:24:40.0776 0868 QWAVE - ok
15:24:40.0790 0868 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:24:40.0805 0868 QWAVEdrv - ok
15:24:40.0822 0868 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:24:40.0884 0868 RasAcd - ok
15:24:40.0922 0868 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:24:40.0955 0868 RasAgileVpn - ok
15:24:40.0984 0868 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:24:41.0058 0868 RasAuto - ok
15:24:41.0087 0868 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:24:41.0138 0868 Rasl2tp - ok
15:24:41.0199 0868 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:24:41.0253 0868 RasMan - ok
15:24:41.0290 0868 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:24:41.0340 0868 RasPppoe - ok
15:24:41.0362 0868 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:24:41.0413 0868 RasSstp - ok
15:24:41.0452 0868 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:24:41.0504 0868 rdbss - ok
15:24:41.0537 0868 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:24:41.0560 0868 rdpbus - ok
15:24:41.0582 0868 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:24:41.0634 0868 RDPCDD - ok
15:24:41.0660 0868 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:24:41.0716 0868 RDPENCDD - ok
15:24:41.0734 0868 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:24:41.0768 0868 RDPREFMP - ok
15:24:41.0793 0868 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
15:24:41.0818 0868 RDPWD - ok
15:24:41.0859 0868 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:24:41.0875 0868 rdyboost - ok
15:24:41.0912 0868 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:24:41.0960 0868 RemoteAccess - ok
15:24:41.0992 0868 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:24:42.0035 0868 RemoteRegistry - ok
15:24:42.0118 0868 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe
15:24:42.0127 0868 rpcapd - ok
15:24:42.0150 0868 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:24:42.0201 0868 RpcEptMapper - ok
15:24:42.0237 0868 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:24:42.0265 0868 RpcLocator - ok
15:24:42.0325 0868 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:24:42.0379 0868 RpcSs - ok
15:24:42.0414 0868 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:24:42.0451 0868 rspndr - ok
15:24:42.0476 0868 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:24:42.0492 0868 RTL8167 - ok
15:24:42.0537 0868 RTL8187 (333224d4d25f9bcca488e08345083e1c) C:\Windows\system32\DRIVERS\rtl8187.sys
15:24:42.0560 0868 RTL8187 ( UnsignedFile.Multi.Generic ) - warning
15:24:42.0560 0868 RTL8187 - detected UnsignedFile.Multi.Generic (1)
15:24:42.0590 0868 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:24:42.0600 0868 SamSs - ok
15:24:42.0631 0868 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:24:42.0642 0868 sbp2port - ok
15:24:42.0673 0868 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:24:42.0730 0868 SCardSvr - ok
15:24:42.0785 0868 SCDEmu (741b338d675fe20b779e7effa55032fe) C:\Windows\system32\drivers\SCDEmu.sys
15:24:42.0797 0868 SCDEmu - ok
15:24:42.0819 0868 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:24:42.0857 0868 scfilter - ok
15:24:42.0928 0868 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:24:43.0002 0868 Schedule - ok
15:24:43.0028 0868 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:24:43.0064 0868 SCPolicySvc - ok
15:24:43.0108 0868 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
15:24:43.0133 0868 sdbus - ok
15:24:43.0153 0868 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:24:43.0191 0868 SDRSVC - ok
15:24:43.0229 0868 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:24:43.0269 0868 secdrv - ok
15:24:43.0284 0868 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:24:43.0330 0868 seclogon - ok
15:24:43.0361 0868 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
15:24:43.0412 0868 SENS - ok
15:24:43.0441 0868 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:24:43.0480 0868 SensrSvc - ok
15:24:43.0503 0868 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:24:43.0523 0868 Serenum - ok
15:24:43.0546 0868 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:24:43.0557 0868 Serial - ok
15:24:43.0598 0868 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:24:43.0623 0868 sermouse - ok
15:24:43.0662 0868 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:24:43.0716 0868 SessionEnv - ok
15:24:43.0739 0868 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:24:43.0774 0868 sffdisk - ok
15:24:43.0792 0868 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:24:43.0820 0868 sffp_mmc - ok
15:24:43.0835 0868 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:24:43.0859 0868 sffp_sd - ok
15:24:43.0885 0868 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:24:43.0900 0868 sfloppy - ok
15:24:43.0945 0868 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:24:44.0007 0868 SharedAccess - ok
15:24:44.0050 0868 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:24:44.0111 0868 ShellHWDetection - ok
15:24:44.0125 0868 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:24:44.0136 0868 SiSRaid2 - ok
15:24:44.0160 0868 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:24:44.0171 0868 SiSRaid4 - ok
15:24:44.0247 0868 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Program Files (x86)\Skype\Updater\Updater.exe
15:24:44.0260 0868 SkypeUpdate - ok
15:24:44.0335 0868 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:24:44.0417 0868 Smb - ok
15:24:44.0467 0868 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:24:44.0480 0868 SNMPTRAP - ok
15:24:44.0604 0868 speedfan (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys
15:24:44.0625 0868 speedfan - ok
15:24:44.0658 0868 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:24:44.0676 0868 spldr - ok
15:24:44.0739 0868 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:24:44.0800 0868 Spooler - ok
15:24:44.0981 0868 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:24:45.0083 0868 sppsvc - ok
15:24:45.0201 0868 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:24:45.0267 0868 sppuinotify - ok
15:24:45.0318 0868 sprtsvc_verizondm - ok
15:24:45.0409 0868 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:24:45.0460 0868 srv - ok
15:24:45.0496 0868 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:24:45.0539 0868 srv2 - ok
15:24:45.0599 0868 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:24:45.0625 0868 SrvHsfHDA - ok
15:24:45.0714 0868 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:24:45.0779 0868 SrvHsfV92 - ok
15:24:46.0027 0868 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:24:46.0062 0868 SrvHsfWinac - ok
15:24:46.0096 0868 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:24:46.0129 0868 srvnet - ok
15:24:46.0172 0868 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:24:46.0215 0868 SSDPSRV - ok
15:24:46.0256 0868 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
15:24:46.0264 0868 SSPORT - ok
15:24:46.0279 0868 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:24:46.0312 0868 SstpSvc - ok
15:24:46.0355 0868 ssudmdm (78cd64791f8634cf7b582fd085e57c4b) C:\Windows\system32\DRIVERS\ssudmdm.sys
15:24:46.0368 0868 ssudmdm - ok
15:24:46.0449 0868 STacSV (b00068ba94f5f306911b14b425aaeb56) C:\Program Files\IDT\WDM\STacSV64.exe
15:24:46.0478 0868 STacSV - ok
15:24:46.0546 0868 Steam Client Service - ok
15:24:46.0582 0868 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:24:46.0601 0868 stexstor - ok
15:24:46.0669 0868 STHDA (da40d9c9ccb9836d6abd1706935a2277) C:\Windows\system32\DRIVERS\stwrt64.sys
15:24:46.0706 0868 STHDA - ok
15:24:46.0770 0868 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:24:46.0827 0868 stisvc - ok
15:24:46.0851 0868 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:24:46.0861 0868 swenum - ok
15:24:46.0947 0868 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:24:46.0989 0868 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
15:24:46.0989 0868 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
15:24:47.0042 0868 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:24:47.0119 0868 swprv - ok
15:24:47.0165 0868 SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys
15:24:47.0180 0868 SynTP - ok
15:24:47.0290 0868 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:24:47.0365 0868 SysMain - ok
15:24:47.0464 0868 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:24:47.0498 0868 TabletInputService - ok
15:24:47.0540 0868 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:24:47.0603 0868 TapiSrv - ok
15:24:47.0636 0868 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:24:47.0686 0868 TBS - ok
15:24:47.0854 0868 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:24:47.0912 0868 Tcpip - ok
15:24:48.0143 0868 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:24:48.0192 0868 TCPIP6 - ok
15:24:48.0325 0868 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:24:48.0386 0868 tcpipreg - ok
15:24:48.0413 0868 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:24:48.0454 0868 TDPIPE - ok
15:24:48.0486 0868 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:24:48.0523 0868 TDTCP - ok
15:24:48.0558 0868 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:24:48.0615 0868 tdx - ok
15:24:48.0935 0868 TeamViewer7 (2bbb318ea9f34fdc508cea4aab98d770) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
15:24:48.0985 0868 TeamViewer7 - ok
15:24:49.0108 0868 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:24:49.0130 0868 TermDD - ok
15:24:49.0189 0868 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:24:49.0257 0868 TermService - ok
15:24:49.0318 0868 tgsrvc_verizondm - ok
15:24:49.0340 0868 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:24:49.0379 0868 Themes - ok
15:24:49.0399 0868 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:24:49.0434 0868 THREADORDER - ok
15:24:49.0454 0868 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:24:49.0489 0868 TrkWks - ok
15:24:49.0552 0868 truecrypt (370a6907ddf79532a39319492b1fa38a) C:\Windows\system32\drivers\truecrypt.sys
15:24:49.0576 0868 truecrypt - ok
15:24:49.0625 0868 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:24:49.0694 0868 TrustedInstaller - ok
15:24:49.0724 0868 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:24:49.0774 0868 tssecsrv - ok
15:24:49.0805 0868 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:24:49.0852 0868 TsUsbFlt - ok
15:24:49.0896 0868 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:24:49.0964 0868 tunnel - ok
15:24:49.0996 0868 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:24:50.0009 0868 uagp35 - ok
15:24:50.0038 0868 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:24:50.0098 0868 udfs - ok
15:24:50.0130 0868 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:24:50.0144 0868 UI0Detect - ok
15:24:50.0172 0868 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:24:50.0185 0868 uliagpkx - ok
15:24:50.0227 0868 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:24:50.0258 0868 umbus - ok
15:24:50.0293 0868 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:24:50.0330 0868 UmPass - ok
15:24:50.0518 0868 UNS (0fadd949576a164b4e51e716f46b6c33) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
15:24:50.0572 0868 UNS - ok
15:24:50.0690 0868 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:24:50.0776 0868 upnphost - ok
15:24:50.0831 0868 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
15:24:50.0871 0868 USBAAPL64 - ok
15:24:50.0904 0868 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:24:50.0955 0868 usbccgp - ok
15:24:50.0992 0868 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:24:51.0015 0868 usbcir - ok
15:24:51.0029 0868 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:24:51.0042 0868 usbehci - ok
15:24:51.0091 0868 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:24:51.0123 0868 usbhub - ok
15:24:51.0137 0868 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:24:51.0159 0868 usbohci - ok
15:24:51.0184 0868 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:24:51.0217 0868 usbprint - ok
15:24:51.0258 0868 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:24:51.0281 0868 USBSTOR - ok
15:24:51.0301 0868 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:24:51.0330 0868 usbuhci - ok
15:24:51.0365 0868 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
15:24:51.0389 0868 usbvideo - ok
15:24:51.0430 0868 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
15:24:51.0473 0868 usb_rndisx - ok
15:24:51.0504 0868 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:24:51.0565 0868 UxSms - ok
15:24:51.0591 0868 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:24:51.0602 0868 VaultSvc - ok
15:24:51.0730 0868 vcsFPService (2662f24c7aee2a32cebdec907a5366f1) C:\Windows\system32\vcsFPService.exe
15:24:51.0792 0868 vcsFPService - ok
15:24:51.0932 0868 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:24:51.0952 0868 vdrvroot - ok
15:24:52.0000 0868 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:24:52.0060 0868 vds - ok
15:24:52.0080 0868 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:24:52.0092 0868 vga - ok
15:24:52.0111 0868 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:24:52.0160 0868 VgaSave - ok
15:24:52.0193 0868 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:24:52.0208 0868 vhdmp - ok
15:24:52.0224 0868 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:24:52.0235 0868 viaide - ok
15:24:52.0379 0868 Visual Studio Analyzer RPC bridge (b5ba71eadeed0773d2e0978f962e1bf3) C:\Program Files (x86)\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe
15:24:52.0397 0868 Visual Studio Analyzer RPC bridge ( UnsignedFile.Multi.Generic ) - warning
15:24:52.0397 0868 Visual Studio Analyzer RPC bridge - detected UnsignedFile.Multi.Generic (1)
15:24:52.0530 0868 VMAuthdService (3accf0c817a2bb34efbfb72b57b00252) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
15:24:52.0537 0868 VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
15:24:52.0537 0868 VMAuthdService - detected UnsignedFile.Multi.Generic (1)
15:24:52.0576 0868 vmci (87fc1dd880e8cac4faebb84af61a87c4) C:\Windows\system32\DRIVERS\vmci.sys
15:24:52.0591 0868 vmci - ok
15:24:52.0613 0868 VMnetAdapter (b259c31378bc855afd1b53f59311c251) C:\Windows\system32\DRIVERS\vmnetadapter.sys
15:24:52.0626 0868 VMnetAdapter - ok
15:24:52.0641 0868 VMnetBridge (dec4ce720ffeda939cf1ba315cfbd993) C:\Windows\system32\DRIVERS\vmnetbridge.sys
15:24:52.0655 0868 VMnetBridge - ok
15:24:52.0659 0868 VMnetDHCP - ok
15:24:52.0675 0868 VMnetuserif (1e74142ded099de7ada258042f891a8d) C:\Windows\system32\drivers\vmnetuserif.sys
15:24:52.0683 0868 VMnetuserif - ok
15:24:52.0814 0868 VMUSBArbService (18903ca7936912c337c9d28858880cf2) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
15:24:52.0844 0868 VMUSBArbService - ok
15:24:52.0862 0868 VMware NAT Service - ok
15:24:53.0427 0868 VMwareHostd (f95c4defcc06a1c9e3e1699c845980f1) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
15:24:53.0680 0868 VMwareHostd ( UnsignedFile.Multi.Generic ) - warning
15:24:53.0680 0868 VMwareHostd - detected UnsignedFile.Multi.Generic (1)
15:24:53.0813 0868 vmx86 (18a28eda522b6c0560e59d5be638d076) C:\Windows\system32\drivers\vmx86.sys
15:24:53.0829 0868 vmx86 - ok
15:24:53.0855 0868 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:24:53.0869 0868 volmgr - ok
15:24:53.0902 0868 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:24:53.0922 0868 volmgrx - ok
15:24:53.0968 0868 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:24:53.0989 0868 volsnap - ok
15:24:54.0021 0868 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:24:54.0039 0868 vsmraid - ok
15:24:54.0153 0868 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:24:54.0252 0868 VSS - ok
15:24:54.0400 0868 vstor2-mntapi10-shared (6107e33a30c0b923f31c872e1980d2d1) C:\Windows\syswow64\drivers\vstor2-mntapi10-shared.sys
15:24:54.0414 0868 vstor2-mntapi10-shared - ok
15:24:54.0514 0868 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:24:54.0549 0868 vwifibus - ok
15:24:54.0566 0868 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:24:54.0597 0868 vwififlt - ok
15:24:54.0638 0868 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:24:54.0685 0868 W32Time - ok
15:24:54.0719 0868 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:24:54.0748 0868 WacomPen - ok
15:24:54.0841 0868 wampapache (5cf6e9a685199445fee02fe8c191c9ba) c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
15:24:54.0865 0868 wampapache ( UnsignedFile.Multi.Generic ) - warning
15:24:54.0865 0868 wampapache - detected UnsignedFile.Multi.Generic (1)
15:24:54.0914 0868 wampmysqld - ok
15:24:54.0954 0868 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:24:55.0033 0868 WANARP - ok
15:24:55.0036 0868 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:24:55.0074 0868 Wanarpv6 - ok
15:24:55.0184 0868 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:24:55.0232 0868 WatAdminSvc - ok
15:24:55.0333 0868 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:24:55.0404 0868 wbengine - ok
15:24:55.0538 0868 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:24:55.0571 0868 WbioSrvc - ok
15:24:55.0610 0868 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:24:55.0631 0868 wcncsvc - ok
15:24:55.0644 0868 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:24:55.0664 0868 WcsPlugInService - ok
15:24:55.0724 0868 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:24:55.0745 0868 Wd - ok
15:24:55.0793 0868 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:24:55.0826 0868 Wdf01000 - ok
15:24:55.0854 0868 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:24:55.0923 0868 WdiServiceHost - ok
15:24:55.0928 0868 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:24:55.0949 0868 WdiSystemHost - ok
15:24:55.0993 0868 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:24:56.0049 0868 WebClient - ok
15:24:56.0091 0868 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:24:56.0173 0868 Wecsvc - ok
15:24:56.0195 0868 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:24:56.0249 0868 wercplsupport - ok
15:24:56.0277 0868 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:24:56.0327 0868 WerSvc - ok
15:24:56.0401 0868 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:24:56.0456 0868 WfpLwf - ok
15:24:56.0468 0868 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:24:56.0480 0868 WIMMount - ok
15:24:56.0532 0868 WinDefend - ok
15:24:56.0541 0868 WinHttpAutoProxySvc - ok
15:24:56.0763 0868 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:24:56.0843 0868 Winmgmt - ok
15:24:56.0998 0868 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:24:57.0102 0868 WinRM - ok
15:24:57.0254 0868 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
15:24:57.0280 0868 WinUSB - ok
15:24:57.0349 0868 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:24:57.0399 0868 Wlansvc - ok
15:24:57.0584 0868 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:24:57.0652 0868 wlidsvc - ok
15:24:57.0784 0868 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:24:57.0814 0868 WmiAcpi - ok
15:24:57.0883 0868 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:24:57.0924 0868 wmiApSrv - ok
15:24:57.0999 0868 WMPNetworkSvc - ok
15:24:58.0037 0868 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:24:58.0068 0868 WPCSvc - ok
15:24:58.0094 0868 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:24:58.0142 0868 WPDBusEnum - ok
15:24:58.0163 0868 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:24:58.0224 0868 ws2ifsl - ok
15:24:58.0249 0868 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
15:24:58.0276 0868 wscsvc - ok
15:24:58.0279 0868 WSearch - ok
15:24:58.0429 0868 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:24:58.0508 0868 wuauserv - ok
15:24:58.0643 0868 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:24:58.0724 0868 WudfPf - ok
15:24:58.0756 0868 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:24:58.0825 0868 WUDFRd - ok
15:24:58.0847 0868 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:24:58.0888 0868 wudfsvc - ok
15:24:58.0930 0868 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:24:58.0978 0868 WwanSvc - ok
15:24:59.0041 0868 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
15:24:59.0087 0868 yukonw7 - ok
15:24:59.0133 0868 MBR (0x1B8) (8e734bd7aa1d4f7e9af58df495f6cf9e) \Device\Harddisk0\DR0
15:24:59.0882 0868 \Device\Harddisk0\DR0 - ok
15:24:59.0908 0868 Boot (0x1200) (66b3203d930be96dd90c4d39c79b8161) \Device\Harddisk0\DR0\Partition0
15:24:59.0910 0868 \Device\Harddisk0\DR0\Partition0 - ok
15:24:59.0922 0868 Boot (0x1200) (4832f92d080a78e1eda21e392b787667) \Device\Harddisk0\DR0\Partition1
15:24:59.0924 0868 \Device\Harddisk0\DR0\Partition1 - ok
15:24:59.0954 0868 Boot (0x1200) (96aca76431546ed9b3e04ead3f90a81e) \Device\Harddisk0\DR0\Partition2
15:24:59.0955 0868 \Device\Harddisk0\DR0\Partition2 - ok
15:24:59.0955 0868 ============================================================
15:24:59.0956 0868 Scan finished
15:24:59.0956 0868 ============================================================
15:24:59.0975 1052 Detected object count: 7
15:24:59.0975 1052 Actual detected object count: 7
15:26:00.0570 1052 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:00.0570 1052 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:26:01.0094 1052 C:\Windows\system32\DRIVERS\rtl8187.sys - copied to quarantine
15:26:01.0094 1052 RTL8187 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
15:26:01.0095 1052 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:01.0096 1052 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:26:01.0097 1052 Visual Studio Analyzer RPC bridge ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:01.0097 1052 Visual Studio Analyzer RPC bridge ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:26:01.0099 1052 VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:01.0099 1052 VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:26:01.0101 1052 VMwareHostd ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:01.0101 1052 VMwareHostd ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:26:01.0102 1052 wampapache ( UnsignedFile.Multi.Generic ) - skipped by user
15:26:01.0102 1052 wampapache ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:26:46.0292 4244 ============================================================
15:26:46.0292 4244 Scan started
15:26:46.0292 4244 Mode: Manual; TDLFS;
15:26:46.0292 4244 ============================================================
15:26:46.0460 4244 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:26:46.0462 4244 1394ohci - ok
15:26:46.0489 4244 Accelerometer (5aa055fe5ae506e19e9a8f537756ee10) C:\Windows\system32\DRIVERS\Accelerometer.sys
15:26:46.0490 4244 Accelerometer - ok
15:26:46.0548 4244 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:26:46.0551 4244 ACPI - ok
15:26:46.0572 4244 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:26:46.0573 4244 AcpiPmi - ok
15:26:46.0712 4244 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:26:46.0715 4244 AdobeFlashPlayerUpdateSvc - ok
15:26:46.0781 4244 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:26:46.0786 4244 adp94xx - ok
15:26:46.0837 4244 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:26:46.0840 4244 adpahci - ok
15:26:46.0873 4244 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:26:46.0875 4244 adpu320 - ok
15:26:46.0910 4244 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:26:46.0911 4244 AeLookupSvc - ok
15:26:46.0977 4244 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
15:26:46.0978 4244 AESTFilters - ok
15:26:47.0024 4244 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:26:47.0029 4244 AFD - ok
15:26:47.0067 4244 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:26:47.0068 4244 agp440 - ok
15:26:47.0097 4244 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:26:47.0098 4244 ALG - ok
15:26:47.0112 4244 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:26:47.0112 4244 aliide - ok
15:26:47.0148 4244 AMD External Events Utility (48619a29f9c9c3cfeb66718dd03d8057) C:\Windows\system32\atiesrxx.exe
15:26:47.0150 4244 AMD External Events Utility - ok
15:26:47.0169 4244 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:26:47.0169 4244 amdide - ok
15:26:47.0207 4244 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:26:47.0208 4244 AmdK8 - ok
15:26:47.0602 4244 amdkmdag (06bf0785de714637eba9bb1084b28626) C:\Windows\system32\DRIVERS\atikmdag.sys
15:26:47.0638 4244 amdkmdag - ok
15:26:47.0777 4244 amdkmdap (2dec3274589ff6889ab05adceeb0f642) C:\Windows\system32\DRIVERS\atikmpag.sys
15:26:47.0781 4244 amdkmdap - ok
15:26:47.0811 4244 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:26:47.0813 4244 AmdPPM - ok
15:26:47.0840 4244 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:26:47.0842 4244 amdsata - ok
15:26:47.0868 4244 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:26:47.0871 4244 amdsbs - ok
15:26:47.0886 4244 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:26:47.0887 4244 amdxata - ok
15:26:48.0064 4244 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:26:48.0066 4244 AntiVirSchedulerService - ok
15:26:48.0104 4244 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:26:48.0106 4244 AntiVirService - ok
15:26:48.0134 4244 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:26:48.0136 4244 AppID - ok
15:26:48.0160 4244 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:26:48.0161 4244 AppIDSvc - ok
15:26:48.0190 4244 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:26:48.0191 4244 Appinfo - ok
15:26:48.0268 4244 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:26:48.0270 4244 Apple Mobile Device - ok
15:26:48.0306 4244 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:26:48.0308 4244 arc - ok
15:26:48.0327 4244 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:26:48.0329 4244 arcsas - ok
15:26:48.0341 4244 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:26:48.0342 4244 AsyncMac - ok
15:26:48.0362 4244 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:26:48.0363 4244 atapi - ok
15:26:48.0394 4244 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
15:26:48.0396 4244 AtiHdmiService - ok
15:26:48.0456 4244 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:26:48.0465 4244 AudioEndpointBuilder - ok
15:26:48.0475 4244 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:26:48.0481 4244 AudioSrv - ok
15:26:48.0521 4244 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
15:26:48.0523 4244 avgntflt - ok
15:26:48.0546 4244 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
15:26:48.0550 4244 avipbb - ok
15:26:48.0574 4244 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
15:26:48.0574 4244 avkmgr - ok
15:26:48.0612 4244 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:26:48.0615 4244 AxInstSV - ok
15:26:48.0675 4244 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:26:48.0682 4244 b06bdrv - ok
15:26:48.0707 4244 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:26:48.0711 4244 b57nd60a - ok
15:26:48.0897 4244 BCM43XX (0e7a9264576b40638a3fbc804de1ff76) C:\Windows\system32\DRIVERS\bcmwl664.sys
15:26:48.0939 4244 BCM43XX - ok
15:26:49.0045 4244 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:26:49.0047 4244 BDESVC - ok
15:26:49.0104 4244 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:26:49.0105 4244 Beep - ok
15:26:49.0164 4244 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:26:49.0174 4244 BFE - ok
15:26:49.0236 4244 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
15:26:49.0249 4244 BITS - ok
15:26:49.0313 4244 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:26:49.0314 4244 blbdrive - ok
15:26:49.0394 4244 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:26:49.0400 4244 Bonjour Service - ok
15:26:49.0439 4244 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:26:49.0441 4244 bowser - ok
15:26:49.0464 4244 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:26:49.0466 4244 BrFiltLo - ok
15:26:49.0479 4244 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:26:49.0480 4244 BrFiltUp - ok
15:26:49.0501 4244 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:26:49.0503 4244 BridgeMP - ok
15:26:49.0533 4244 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:26:49.0535 4244 Browser - ok
15:26:49.0563 4244 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:26:49.0567 4244 Brserid - ok
15:26:49.0587 4244 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:26:49.0588 4244 BrSerWdm - ok
15:26:49.0613 4244 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:26:49.0614 4244 BrUsbMdm - ok
15:26:49.0618 4244 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:26:49.0619 4244 BrUsbSer - ok
15:26:49.0644 4244 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:26:49.0645 4244 BTHMODEM - ok
15:26:49.0677 4244 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:26:49.0677 4244 bthserv - ok
15:26:49.0700 4244 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:26:49.0701 4244 cdfs - ok
15:26:49.0731 4244 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:26:49.0733 4244 cdrom - ok
15:26:49.0761 4244 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:26:49.0763 4244 CertPropSvc - ok
15:26:49.0795 4244 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:26:49.0796 4244 circlass - ok
15:26:49.0830 4244 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:26:49.0834 4244 CLFS - ok
15:26:49.0908 4244 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:26:49.0910 4244 clr_optimization_v2.0.50727_32 - ok
15:26:49.0953 4244 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:26:49.0955 4244 clr_optimization_v2.0.50727_64 - ok
15:26:49.0996 4244 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:26:49.0998 4244 clr_optimization_v4.0.30319_32 - ok
15:26:50.0027 4244 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:26:50.0030 4244 clr_optimization_v4.0.30319_64 - ok
15:26:50.0048 4244 clwvd (d68d9f4d53010b7e84d4e80a2e485554) C:\Windows\system32\DRIVERS\clwvd.sys
15:26:50.0049 4244 clwvd - ok
15:26:50.0064 4244 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:26:50.0066 4244 CmBatt - ok
15:26:50.0096 4244 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:26:50.0097 4244 cmdide - ok
15:26:50.0151 4244 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
15:26:50.0158 4244 CNG - ok
15:26:50.0178 4244 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:26:50.0179 4244 Compbatt - ok
15:26:50.0206 4244 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:26:50.0207 4244 CompositeBus - ok
15:26:50.0211 4244 COMSysApp - ok
15:26:50.0234 4244 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:26:50.0235 4244 crcdisk - ok
15:26:50.0273 4244 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
15:26:50.0276 4244 CryptSvc - ok
15:26:50.0296 4244 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
15:26:50.0297 4244 dc3d - ok
15:26:50.0347 4244 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:26:50.0350 4244 DcomLaunch - ok
15:26:50.0437 4244 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:26:50.0442 4244 defragsvc - ok
15:26:50.0479 4244 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:26:50.0481 4244 DfsC - ok
15:26:50.0507 4244 dg_ssudbus (113212d25d0c9bb8901a9833774da97f) C:\Windows\system32\DRIVERS\ssudbus.sys
15:26:50.0510 4244 dg_ssudbus - ok
15:26:50.0547 4244 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:26:50.0555 4244 Dhcp - ok
15:26:50.0595 4244 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:26:50.0595 4244 discache - ok
15:26:50.0614 4244 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:26:50.0615 4244 Disk - ok
15:26:50.0650 4244 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:26:50.0653 4244 Dnscache - ok
15:26:50.0689 4244 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:26:50.0693 4244 dot3svc - ok
15:26:50.0715 4244 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:26:50.0718 4244 DPS - ok
15:26:50.0744 4244 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:26:50.0745 4244 drmkaud - ok
15:26:50.0821 4244 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:26:50.0835 4244 DXGKrnl - ok
15:26:50.0862 4244 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:26:50.0864 4244 EapHost - ok
15:26:51.0057 4244 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:26:51.0079 4244 ebdrv - ok
15:26:51.0179 4244 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:26:51.0180 4244 EFS - ok
15:26:51.0260 4244 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:26:51.0270 4244 ehRecvr - ok
15:26:51.0308 4244 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:26:51.0310 4244 ehSched - ok
15:26:51.0391 4244 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:26:51.0399 4244 elxstor - ok
15:26:51.0425 4244 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:26:51.0426 4244 ErrDev - ok
15:26:51.0474 4244 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:26:51.0480 4244 EventSystem - ok
15:26:51.0502 4244 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:26:51.0505 4244 exfat - ok
15:26:51.0531 4244 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:26:51.0534 4244 fastfat - ok
15:26:51.0601 4244 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:26:51.0611 4244 Fax - ok
15:26:51.0640 4244 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:26:51.0641 4244 fdc - ok
15:26:51.0672 4244 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:26:51.0673 4244 fdPHost - ok
15:26:51.0686 4244 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:26:51.0688 4244 FDResPub - ok
15:26:51.0701 4244 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:26:51.0703 4244 FileInfo - ok
15:26:51.0714 4244 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:26:51.0715 4244 Filetrace - ok
15:26:51.0742 4244 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:26:51.0744 4244 flpydisk - ok
15:26:51.0787 4244 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:26:51.0791 4244 FltMgr - ok
15:26:51.0874 4244 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:26:51.0891 4244 FontCache - ok
15:26:51.0953 4244 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:26:51.0955 4244 FontCache3.0.0.0 - ok
15:26:52.0014 4244 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:26:52.0016 4244 FsDepends - ok
15:26:52.0042 4244 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:26:52.0044 4244 Fs_Rec - ok
15:26:52.0078 4244 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:26:52.0081 4244 fvevol - ok
15:26:52.0096 4244 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:26:52.0098 4244 gagp30kx - ok
15:26:52.0124 4244 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:26:52.0126 4244 GEARAspiWDM - ok
15:26:52.0197 4244 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:26:52.0207 4244 gpsvc - ok
15:26:52.0227 4244 hcmon (adb4348da1345877b04e22203afc8993) C:\Windows\system32\drivers\hcmon.sys
15:26:52.0228 4244 hcmon - ok
15:26:52.0259 4244 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:26:52.0260 4244 hcw85cir - ok
15:26:52.0311 4244 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:26:52.0316 4244 HdAudAddService - ok
15:26:52.0334 4244 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:26:52.0336 4244 HDAudBus - ok
15:26:52.0366 4244 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
15:26:52.0368 4244 HECIx64 - ok
15:26:52.0391 4244 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:26:52.0392 4244 HidBatt - ok
15:26:52.0414 4244 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:26:52.0416 4244 HidBth - ok
15:26:52.0428 4244 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:26:52.0429 4244 HidIr - ok
15:26:52.0457 4244 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:26:52.0459 4244 hidserv - ok
15:26:52.0483 4244 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:26:52.0483 4244 HidUsb - ok
15:26:52.0516 4244 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:26:52.0518 4244 hkmsvc - ok
15:26:52.0559 4244 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:26:52.0562 4244 HomeGroupListener - ok
15:26:52.0611 4244 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:26:52.0614 4244 HomeGroupProvider - ok
15:26:52.0685 4244 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
15:26:52.0688 4244 HPClientSvc - ok
15:26:52.0712 4244 hpdskflt (0ac88fbe4bf315f5f8fd862426c11540) C:\Windows\system32\DRIVERS\hpdskflt.sys
15:26:52.0713 4244 hpdskflt - ok
15:26:52.0741 4244 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:26:52.0743 4244 HpSAMD - ok
15:26:52.0761 4244 hpsrv (778ce2c015dec896c5c9323342bd71d4) C:\Windows\system32\Hpservice.exe
15:26:52.0763 4244 hpsrv - ok
15:26:52.0822 4244 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:26:52.0833 4244 HTTP - ok
15:26:52.0847 4244 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:26:52.0847 4244 hwpolicy - ok
15:26:52.0875 4244 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:26:52.0877 4244 i8042prt - ok
15:26:52.0928 4244 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
15:26:52.0936 4244 iaStor - ok
15:26:52.0975 4244 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:26:52.0981 4244 iaStorV - ok
15:26:53.0088 4244 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:26:53.0100 4244 idsvc - ok
15:26:53.0651 4244 igfx (1be8d9ca4f2363b8e8015621878e0043) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:26:53.0833 4244 igfx - ok
15:26:53.0936 4244 IHA_MessageCenter (c135bff15563592b8ea070ea109967f7) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
15:26:53.0941 4244 IHA_MessageCenter - ok
15:26:54.0059 4244 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:26:54.0061 4244 iirsp - ok
15:26:54.0129 4244 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:26:54.0141 4244 IKEEXT - ok
15:26:54.0167 4244 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
15:26:54.0169 4244 Impcd - ok
15:26:54.0193 4244 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:26:54.0194 4244 intelide - ok
15:26:54.0777 4244 intelkmd (1be8d9ca4f2363b8e8015621878e0043) C:\Windows\system32\DRIVERS\igdpmd64.sys
15:26:54.0965 4244 intelkmd - ok
15:26:55.0081 4244 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:26:55.0082 4244 intelppm - ok
15:26:55.0111 4244 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:26:55.0114 4244 IPBusEnum - ok
15:26:55.0143 4244 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:26:55.0145 4244 IpFilterDriver - ok
15:26:55.0197 4244 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:26:55.0204 4244 iphlpsvc - ok
15:26:55.0230 4244 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:26:55.0232 4244 IPMIDRV - ok
15:26:55.0261 4244 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:26:55.0263 4244 IPNAT - ok
15:26:55.0354 4244 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
15:26:55.0366 4244 iPod Service - ok
15:26:55.0387 4244 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:26:55.0388 4244 IRENUM - ok
15:26:55.0412 4244 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:26:55.0413 4244 isapnp - ok
15:26:55.0445 4244 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:26:55.0449 4244 iScsiPrt - ok
15:26:55.0468 4244 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:26:55.0469 4244 kbdclass - ok
15:26:55.0496 4244 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:26:55.0497 4244 kbdhid - ok
15:26:55.0524 4244 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:26:55.0526 4244 KeyIso - ok
15:26:55.0556 4244 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
15:26:55.0558 4244 KSecDD - ok
15:26:55.0591 4244 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
15:26:55.0593 4244 KSecPkg - ok
15:26:55.0617 4244 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:26:55.0618 4244 ksthunk - ok
15:26:55.0658 4244 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:26:55.0665 4244 KtmRm - ok
15:26:55.0696 4244 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
15:26:55.0701 4244 LanmanServer - ok
15:26:55.0725 4244 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:26:55.0728 4244 LanmanWorkstation - ok
15:26:55.0824 4244 LightScribeService (fcbdcc6f1801e32244235608e1277752) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:26:55.0826 4244 LightScribeService - ok
15:26:55.0849 4244 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:26:55.0850 4244 lltdio - ok
15:26:55.0890 4244 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:26:55.0895 4244 lltdsvc - ok
15:26:55.0912 4244 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:26:55.0914 4244 lmhosts - ok
15:26:55.0988 4244 LMS (6d515466ab8bfe61184092b635ae6eb4) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
15:26:55.0993 4244 LMS - ok
15:26:56.0034 4244 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:26:56.0036 4244 LSI_FC - ok
15:26:56.0061 4244 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:26:56.0063 4244 LSI_SAS - ok
15:26:56.0085 4244 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:26:56.0087 4244 LSI_SAS2 - ok
15:26:56.0108 4244 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:26:56.0111 4244 LSI_SCSI - ok
15:26:56.0134 4244 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:26:56.0136 4244 luafv - ok
15:26:56.0160 4244 ManyCam (922cbac7b992b9614cab7122f4bf9406) C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
15:26:56.0161 4244 ManyCam - ok
15:26:56.0189 4244 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
15:26:56.0190 4244 MBAMProtector - ok
15:26:56.0273 4244 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:26:56.0282 4244 MBAMService - ok
15:26:56.0314 4244 mcaudrv_simple (34a42dd7cf525d0d2c5232916496e4b8) C:\Windows\system32\drivers\mcaudrv_x64.sys
15:26:56.0314 4244 mcaudrv_simple - ok
15:26:56.0355 4244 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:26:56.0358 4244 Mcx2Svc - ok
15:26:56.0378 4244 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:26:56.0380 4244 megasas - ok
15:26:56.0420 4244 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:26:56.0424 4244 MegaSR - ok
15:26:56.0490 4244 Microsoft SharePoint Workspace Audit Service - ok
15:26:56.0522 4244 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:26:56.0524 4244 MMCSS - ok
15:26:56.0540 4244 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:26:56.0541 4244 Modem - ok
15:26:56.0574 4244 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:26:56.0575 4244 monitor - ok
15:26:56.0610 4244 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:26:56.0611 4244 mouclass - ok
15:26:56.0635 4244 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:26:56.0636 4244 mouhid - ok
15:26:56.0684 4244 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:26:56.0686 4244 mountmgr - ok
15:26:56.0727 4244 MozillaMaintenance (5bafd39abd0ef8c2430e49da3b69087d) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:26:56.0729 4244 MozillaMaintenance - ok
15:26:56.0759 4244 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:26:56.0762 4244 mpio - ok
15:26:56.0791 4244 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:26:56.0793 4244 mpsdrv - ok
15:26:56.0858 4244 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:26:56.0869 4244 MpsSvc - ok
15:26:56.0901 4244 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:26:56.0903 4244 MRxDAV - ok
15:26:56.0930 4244 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:26:56.0933 4244 mrxsmb - ok
15:26:56.0971 4244 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:26:56.0975 4244 mrxsmb10 - ok
15:26:57.0013 4244 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:26:57.0016 4244 mrxsmb20 - ok
15:26:57.0036 4244 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:26:57.0037 4244 msahci - ok
15:26:57.0062 4244 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:26:57.0064 4244 msdsm - ok
15:26:57.0099 4244 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:26:57.0103 4244 MSDTC - ok
15:26:57.0133 4244 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:26:57.0134 4244 Msfs - ok
15:26:57.0150 4244 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:26:57.0151 4244 mshidkmdf - ok
15:26:57.0159 4244 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:26:57.0161 4244 msisadrv - ok
15:26:57.0192 4244 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:26:57.0195 4244 MSiSCSI - ok
15:26:57.0200 4244 msiserver - ok
15:26:57.0215 4244 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:26:57.0217 4244 MSKSSRV - ok
15:26:57.0233 4244 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:26:57.0234 4244 MSPCLOCK - ok
15:26:57.0261 4244 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:26:57.0262 4244 MSPQM - ok
15:26:57.0309 4244 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:26:57.0315 4244 MsRPC - ok
15:26:57.0347 4244 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:26:57.0349 4244 mssmbios - ok
15:26:57.0359 4244 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:26:57.0360 4244 MSTEE - ok
15:26:57.0393 4244 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:26:57.0394 4244 MTConfig - ok
15:26:57.0415 4244 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:26:57.0417 4244 Mup - ok
15:26:57.0474 4244 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:26:57.0482 4244 napagent - ok
15:26:57.0508 4244 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:26:57.0511 4244 NativeWifiP - ok
15:26:57.0571 4244 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:26:57.0582 4244 NDIS - ok
15:26:57.0598 4244 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:26:57.0600 4244 NdisCap - ok
15:26:57.0616 4244 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:26:57.0617 4244 NdisTapi - ok
15:26:57.0645 4244 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:26:57.0647 4244 Ndisuio - ok
15:26:57.0677 4244 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:26:57.0680 4244 NdisWan - ok
15:26:57.0710 4244 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:26:57.0712 4244 NDProxy - ok
15:26:57.0735 4244 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:26:57.0737 4244 NetBIOS - ok
15:26:57.0779 4244 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:26:57.0782 4244 NetBT - ok
15:26:57.0802 4244 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:26:57.0804 4244 Netlogon - ok
15:26:57.0847 4244 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:26:57.0853 4244 Netman - ok
15:26:57.0895 4244 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:26:57.0901 4244 netprofm - ok
15:26:57.0960 4244 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:26:57.0962 4244 NetTcpPortSharing - ok
15:26:58.0270 4244 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
15:26:58.0352 4244 netw5v64 - ok
15:26:58.0475 4244 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:26:58.0477 4244 nfrd960 - ok
15:26:58.0510 4244 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:26:58.0515 4244 NlaSvc - ok
15:26:58.0543 4244 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
15:26:58.0544 4244 NPF - ok
15:26:58.0554 4244 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:26:58.0556 4244 Npfs - ok
15:26:58.0592 4244 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:26:58.0594 4244 nsi - ok
15:26:58.0603 4244 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:26:58.0603 4244 nsiproxy - ok
15:26:58.0741 4244 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:26:58.0763 4244 Ntfs - ok
15:26:58.0878 4244 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:26:58.0880 4244 Null - ok
15:26:58.0912 4244 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:26:58.0915 4244 nvraid - ok
15:26:58.0943 4244 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:26:58.0946 4244 nvstor - ok
15:26:58.0961 4244 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:26:58.0963 4244 nv_agp - ok
15:26:58.0986 4244 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:26:58.0988 4244 ohci1394 - ok
15:26:59.0079 4244 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:26:59.0082 4244 ose - ok
15:26:59.0393 4244 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:26:59.0464 4244 osppsvc - ok
15:26:59.0583 4244 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:26:59.0587 4244 p2pimsvc - ok
15:26:59.0625 4244 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:26:59.0632 4244 p2psvc - ok
15:26:59.0699 4244 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:26:59.0701 4244 Parport - ok
15:26:59.0731 4244 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:26:59.0733 4244 partmgr - ok
15:26:59.0760 4244 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:26:59.0763 4244 PcaSvc - ok
15:26:59.0788 4244 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:26:59.0792 4244 pci - ok
15:26:59.0816 4244 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:26:59.0817 4244 pciide - ok
15:26:59.0857 4244 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:26:59.0860 4244 pcmcia - ok
15:26:59.0885 4244 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:26:59.0887 4244 pcw - ok
15:26:59.0936 4244 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:26:59.0941 4244 PEAUTH - ok
15:27:00.0034 4244 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:27:00.0036 4244 PerfHost - ok
15:27:00.0187 4244 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:27:00.0206 4244 pla - ok
15:27:00.0248 4244 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:27:00.0255 4244 PlugPlay - ok
15:27:00.0278 4244 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:27:00.0281 4244 PNRPAutoReg - ok
15:27:00.0304 4244 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:27:00.0308 4244 PNRPsvc - ok
15:27:00.0374 4244 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
15:27:00.0375 4244 Point64 - ok
15:27:00.0416 4244 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:27:00.0422 4244 PolicyAgent - ok
15:27:00.0453 4244 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:27:00.0456 4244 Power - ok
15:27:00.0484 4244 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:27:00.0486 4244 PptpMiniport - ok
15:27:00.0514 4244 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:27:00.0515 4244 Processor - ok
15:27:00.0551 4244 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
15:27:00.0558 4244 ProfSvc - ok
15:27:00.0592 4244 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:27:00.0593 4244 ProtectedStorage - ok
15:27:00.0624 4244 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:27:00.0625 4244 Psched - ok
15:27:00.0715 4244 PSI_SVC_2 (f036cfb275d0c55f4e45fbbf5f98b3c8) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
15:27:00.0719 4244 PSI_SVC_2 - ok
15:27:00.0795 4244 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
15:27:00.0797 4244 PxHlpa64 - ok
15:27:00.0892 4244 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:27:00.0912 4244 ql2300 - ok
15:27:01.0048 4244 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:27:01.0050 4244 ql40xx - ok
15:27:01.0085 4244 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:27:01.0089 4244 QWAVE - ok
15:27:01.0103 4244 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:27:01.0105 4244 QWAVEdrv - ok
15:27:01.0123 4244 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:27:01.0124 4244 RasAcd - ok
15:27:01.0145 4244 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:27:01.0147 4244 RasAgileVpn - ok
15:27:01.0162 4244 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:27:01.0165 4244 RasAuto - ok
15:27:01.0200 4244 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:27:01.0202 4244 Rasl2tp - ok
15:27:01.0245 4244 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:27:01.0252 4244 RasMan - ok
15:27:01.0291 4244 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:27:01.0292 4244 RasPppoe - ok
15:27:01.0309 4244 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:27:01.0311 4244 RasSstp - ok
15:27:01.0360 4244 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:27:01.0365 4244 rdbss - ok
15:27:01.0383 4244 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:27:01.0384 4244 rdpbus - ok
15:27:01.0416 4244 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:27:01.0416 4244 RDPCDD - ok
15:27:01.0427 4244 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:27:01.0427 4244 RDPENCDD - ok
15:27:01.0445 4244 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:27:01.0445 4244 RDPREFMP - ok
15:27:01.0473 4244 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
15:27:01.0475 4244 RDPWD - ok
15:27:01.0506 4244 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:27:01.0508 4244 rdyboost - ok
15:27:01.0536 4244 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:27:01.0538 4244 RemoteAccess - ok
15:27:01.0571 4244 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:27:01.0574 4244 RemoteRegistry - ok
15:27:01.0640 4244 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe
15:27:01.0643 4244 rpcapd - ok
15:27:01.0662 4244 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:27:01.0665 4244 RpcEptMapper - ok
15:27:01.0693 4244 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:27:01.0695 4244 RpcLocator - ok
15:27:01.0746 4244 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:27:01.0751 4244 RpcSs - ok
15:27:01.0782 4244 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:27:01.0784 4244 rspndr - ok
15:27:01.0813 4244 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:27:01.0818 4244 RTL8167 - ok
15:27:01.0860 4244 RTL8187 (333224d4d25f9bcca488e08345083e1c) C:\Windows\system32\DRIVERS\rtl8187.sys
15:27:01.0864 4244 RTL8187 - ok
15:27:01.0891 4244 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:27:01.0893 4244 SamSs - ok
15:27:01.0922 4244 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:27:01.0924 4244 sbp2port - ok
15:27:01.0953 4244 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:27:01.0957 4244 SCardSvr - ok
15:27:01.0997 4244 SCDEmu (741b338d675fe20b779e7effa55032fe) C:\Windows\system32\drivers\SCDEmu.sys
15:27:02.0000 4244 SCDEmu - ok
15:27:02.0021 4244 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:27:02.0022 4244 scfilter - ok
15:27:02.0104 4244 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:27:02.0114 4244 Schedule - ok
15:27:02.0140 4244 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:27:02.0141 4244 SCPolicySvc - ok
15:27:02.0177 4244 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
15:27:02.0179 4244 sdbus - ok
15:27:02.0201 4244 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:27:02.0205 4244 SDRSVC - ok
15:27:02.0230 4244 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:27:02.0232 4244 secdrv - ok
15:27:02.0253 4244 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:27:02.0255 4244 seclogon - ok
15:27:02.0285 4244 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
15:27:02.0287 4244 SENS - ok
15:27:02.0297 4244 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:27:02.0299 4244 SensrSvc - ok
15:27:02.0326 4244 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:27:02.0327 4244 Serenum - ok
15:27:02.0348 4244 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:27:02.0350 4244 Serial - ok
15:27:02.0388 4244 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:27:02.0390 4244 sermouse - ok
15:27:02.0429 4244 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:27:02.0433 4244 SessionEnv - ok
15:27:02.0462 4244 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:27:02.0463 4244 sffdisk - ok
15:27:02.0482 4244 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:27:02.0483 4244 sffp_mmc - ok
15:27:02.0503 4244 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:27:02.0504 4244 sffp_sd - ok
15:27:02.0530 4244 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:27:02.0532 4244 sfloppy - ok
15:27:02.0590 4244 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:27:02.0596 4244 SharedAccess - ok
15:27:02.0649 4244 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:27:02.0656 4244 ShellHWDetection - ok
15:27:02.0671 4244 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:27:02.0673 4244 SiSRaid2 - ok
15:27:02.0707 4244 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:27:02.0709 4244 SiSRaid4 - ok
15:27:02.0775 4244 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Program Files (x86)\Skype\Updater\Updater.exe
15:27:02.0777 4244 SkypeUpdate - ok
15:27:02.0823 4244 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:27:02.0825 4244 Smb - ok
15:27:02.0857 4244 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:27:02.0859 4244 SNMPTRAP - ok
15:27:02.0960 4244 speedfan (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys
15:27:02.0964 4244 speedfan - ok
15:27:03.0003 4244 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:27:03.0004 4244 spldr - ok
15:27:03.0063 4244 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:27:03.0072 4244 Spooler - ok
15:27:03.0283 4244 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:27:03.0331 4244 sppsvc - ok
15:27:03.0435 4244 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:27:03.0438 4244 sppuinotify - ok
15:27:03.0485 4244 sprtsvc_verizondm - ok
15:27:03.0575 4244 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:27:03.0582 4244 srv - ok
15:27:03.0619 4244 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:27:03.0625 4244 srv2 - ok
15:27:03.0667 4244 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:27:03.0672 4244 SrvHsfHDA - ok
15:27:03.0759 4244 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:27:03.0778 4244 SrvHsfV92 - ok
15:27:03.0938 4244 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:27:03.0945 4244 SrvHsfWinac - ok
15:27:03.0972 4244 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:27:03.0975 4244 srvnet - ok
15:27:04.0008 4244 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:27:04.0012 4244 SSDPSRV - ok
15:27:04.0046 4244 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
15:27:04.0047 4244 SSPORT - ok
15:27:04.0069 4244 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:27:04.0072 4244 SstpSvc - ok
15:27:04.0101 4244 ssudmdm (78cd64791f8634cf7b582fd085e57c4b) C:\Windows\system32\DRIVERS\ssudmdm.sys
15:27:04.0104 4244 ssudmdm - ok
15:27:04.0173 4244 STacSV (b00068ba94f5f306911b14b425aaeb56) C:\Program Files\IDT\WDM\STacSV64.exe
15:27:04.0176 4244 STacSV - ok
15:27:04.0213 4244 Steam Client Service - ok
15:27:04.0238 4244 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:27:04.0240 4244 stexstor - ok
15:27:04.0292 4244 STHDA (da40d9c9ccb9836d6abd1706935a2277) C:\Windows\system32\DRIVERS\stwrt64.sys
15:27:04.0299 4244 STHDA - ok
15:27:04.0362 4244 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:27:04.0371 4244 stisvc - ok
15:27:04.0396 4244 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:27:04.0397 4244 swenum - ok
15:27:04.0470 4244 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:27:04.0478 4244 SwitchBoard - ok
15:27:04.0532 4244 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:27:04.0540 4244 swprv - ok
15:27:04.0583 4244 SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys
15:27:04.0588 4244 SynTP - ok
15:27:04.0701 4244 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:27:04.0726 4244 SysMain - ok
15:27:04.0841 4244 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:27:04.0844 4244 TabletInputService - ok
15:27:04.0874 4244 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:27:04.0880 4244 TapiSrv - ok
15:27:04.0914 4244 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:27:04.0917 4244 TBS - ok
15:27:05.0086 4244 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:27:05.0112 4244 Tcpip - ok
15:27:05.0332 4244 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:27:05.0349 4244 TCPIP6 - ok
15:27:05.0481 4244 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:27:05.0483 4244 tcpipreg - ok
15:27:05.0514 4244 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:27:05.0515 4244 TDPIPE - ok
15:27:05.0542 4244 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:27:05.0542 4244 TDTCP - ok
15:27:05.0578 4244 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:27:05.0580 4244 tdx - ok
15:27:05.0879 4244 TeamViewer7 (2bbb318ea9f34fdc508cea4aab98d770) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
15:27:05.0963 4244 TeamViewer7 - ok
15:27:06.0086 4244 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:27:06.0088 4244 TermDD - ok
15:27:06.0144 4244 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:27:06.0154 4244 TermService - ok
15:27:06.0196 4244 tgsrvc_verizondm - ok
15:27:06.0219 4244 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:27:06.0221 4244 Themes - ok
15:27:06.0244 4244 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:27:06.0246 4244 THREADORDER - ok
15:27:06.0266 4244 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:27:06.0269 4244 TrkWks - ok
15:27:06.0308 4244 truecrypt (370a6907ddf79532a39319492b1fa38a) C:\Windows\system32\drivers\truecrypt.sys
15:27:06.0312 4244 truecrypt - ok
15:27:06.0361 4244 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:27:06.0364 4244 TrustedInstaller - ok
15:27:06.0391 4244 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:27:06.0393 4244 tssecsrv - ok
15:27:06.0417 4244 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:27:06.0419 4244 TsUsbFlt - ok
15:27:06.0441 4244 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:27:06.0443 4244 tunnel - ok
15:27:06.0474 4244 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:27:06.0476 4244 uagp35 - ok
15:27:06.0508 4244 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:27:06.0513 4244 udfs - ok
15:27:06.0541 4244 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:27:06.0544 4244 UI0Detect - ok
15:27:06.0573 4244 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:27:06.0575 4244 uliagpkx - ok
15:27:06.0605 4244 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:27:06.0607 4244 umbus - ok
15:27:06.0649 4244 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:27:06.0650 4244 UmPass - ok
15:27:06.0869 4244 UNS (0fadd949576a164b4e51e716f46b6c33) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
15:27:06.0903 4244 UNS - ok
15:27:07.0025 4244 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:27:07.0031 4244 upnphost - ok
15:27:07.0087 4244 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
15:27:07.0089 4244 USBAAPL64 - ok
15:27:07.0115 4244 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:27:07.0117 4244 usbccgp - ok
15:27:07.0137 4244 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:27:07.0139 4244 usbcir - ok
15:27:07.0162 4244 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:27:07.0164 4244 usbehci - ok
15:27:07.0192 4244 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:27:07.0196 4244 usbhub - ok
15:27:07.0215 4244 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:27:07.0216 4244 usbohci - ok
15:27:07.0240 4244 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:27:07.0241 4244 usbprint - ok
15:27:07.0281 4244 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:27:07.0283 4244 USBSTOR - ok
15:27:07.0302 4244 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:27:07.0303 4244 usbuhci - ok
15:27:07.0330 4244 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
15:27:07.0333 4244 usbvideo - ok
15:27:07.0364 4244 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
15:27:07.0365 4244 usb_rndisx - ok
15:27:07.0393 4244 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:27:07.0395 4244 UxSms - ok
15:27:07.0425 4244 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:27:07.0426 4244 VaultSvc - ok
15:27:07.0553 4244 vcsFPService (2662f24c7aee2a32cebdec907a5366f1) C:\Windows\system32\vcsFPService.exe
15:27:07.0571 4244 vcsFPService - ok
15:27:07.0699 4244 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:27:07.0701 4244 vdrvroot - ok
15:27:07.0756 4244 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:27:07.0765 4244 vds - ok
15:27:07.0791 4244 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:27:07.0792 4244 vga - ok
15:27:07.0811 4244 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:27:07.0813 4244 VgaSave - ok
15:27:07.0851 4244 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:27:07.0854 4244 vhdmp - ok
15:27:07.0867 4244 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:27:07.0869 4244 viaide - ok
15:27:08.0000 4244 Visual Studio Analyzer RPC bridge (b5ba71eadeed0773d2e0978f962e1bf3) C:\Program Files (x86)\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe
15:27:08.0002 4244 Visual Studio Analyzer RPC bridge - ok
15:27:08.0117 4244 VMAuthdService (3accf0c817a2bb34efbfb72b57b00252) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
15:27:08.0119 4244 VMAuthdService - ok
15:27:08.0152 4244 vmci (87fc1dd880e8cac4faebb84af61a87c4) C:\Windows\system32\DRIVERS\vmci.sys
15:27:08.0154 4244 vmci - ok
15:27:08.0180 4244 VMnetAdapter (b259c31378bc855afd1b53f59311c251) C:\Windows\system32\DRIVERS\vmnetadapter.sys
15:27:08.0181 4244 VMnetAdapter - ok
15:27:08.0196 4244 VMnetBridge (dec4ce720ffeda939cf1ba315cfbd993) C:\Windows\system32\DRIVERS\vmnetbridge.sys
15:27:08.0198 4244 VMnetBridge - ok
15:27:08.0202 4244 VMnetDHCP - ok
15:27:08.0218 4244 VMnetuserif (1e74142ded099de7ada258042f891a8d) C:\Windows\system32\drivers\vmnetuserif.sys
15:27:08.0220 4244 VMnetuserif - ok
15:27:08.0336 4244 VMUSBArbService (18903ca7936912c337c9d28858880cf2) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
15:27:08.0347 4244 VMUSBArbService - ok
15:27:08.0353 4244 VMware NAT Service - ok
15:27:09.0001 4244 VMwareHostd (f95c4defcc06a1c9e3e1699c845980f1) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
15:27:09.0192 4244 VMwareHostd - ok
15:27:09.0313 4244 vmx86 (18a28eda522b6c0560e59d5be638d076) C:\Windows\system32\drivers\vmx86.sys
15:27:09.0315 4244 vmx86 - ok
15:27:09.0343 4244 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:27:09.0344 4244 volmgr - ok
15:27:09.0379 4244 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:27:09.0384 4244 volmgrx - ok
15:27:09.0423 4244 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:27:09.0428 4244 volsnap - ok
15:27:09.0453 4244 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:27:09.0456 4244 vsmraid - ok
15:27:09.0565 4244 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:27:09.0588 4244 VSS - ok
15:27:09.0711 4244 vstor2-mntapi10-shared (6107e33a30c0b923f31c872e1980d2d1) C:\Windows\syswow64\drivers\vstor2-mntapi10-shared.sys
15:27:09.0712 4244 vstor2-mntapi10-shared - ok
15:27:09.0803 4244 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:27:09.0803 4244 vwifibus - ok
15:27:09.0821 4244 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:27:09.0823 4244 vwififlt - ok
15:27:09.0863 4244 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:27:09.0869 4244 W32Time - ok
15:27:09.0896 4244 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:27:09.0897 4244 WacomPen - ok
15:27:09.0973 4244 wampapache (5cf6e9a685199445fee02fe8c191c9ba) c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
15:27:09.0974 4244 wampapache - ok
15:27:10.0013 4244 wampmysqld - ok
15:27:10.0054 4244 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:27:10.0056 4244 WANARP - ok
15:27:10.0060 4244 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:27:10.0062 4244 Wanarpv6 - ok
15:27:10.0152 4244 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:27:10.0163 4244 WatAdminSvc - ok
15:27:10.0262 4244 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:27:10.0282 4244 wbengine - ok
15:27:10.0404 4244 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:27:10.0407 4244 WbioSrvc - ok
15:27:10.0460 4244 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:27:10.0467 4244 wcncsvc - ok
15:27:10.0489 4244 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:27:10.0491 4244 WcsPlugInService - ok
15:27:10.0546 4244 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:27:10.0547 4244 Wd - ok
15:27:10.0600 4244 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:27:10.0609 4244 Wdf01000 - ok
15:27:10.0642 4244 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:27:10.0645 4244 WdiServiceHost - ok
15:27:10.0650 4244 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:27:10.0653 4244 WdiSystemHost - ok
15:27:10.0691 4244 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:27:10.0696 4244 WebClient - ok
15:27:10.0723 4244 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:27:10.0727 4244 Wecsvc - ok
15:27:10.0750 4244 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:27:10.0754 4244 wercplsupport - ok
15:27:10.0788 4244 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:27:10.0791 4244 WerSvc - ok
15:27:10.0845 4244 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:27:10.0846 4244 WfpLwf - ok
15:27:10.0868 4244 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:27:10.0869 4244 WIMMount - ok
15:27:10.0920 4244 WinDefend - ok
15:27:10.0929 4244 WinHttpAutoProxySvc - ok
15:27:10.0992 4244 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:27:10.0996 4244 Winmgmt - ok
15:27:11.0120 4244 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:27:11.0139 4244 WinRM - ok
15:27:11.0265 4244 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
15:27:11.0266 4244 WinUSB - ok
15:27:11.0337 4244 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:27:11.0350 4244 Wlansvc - ok
15:27:11.0516 4244 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:27:11.0532 4244 wlidsvc - ok
15:27:11.0651 4244 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:27:11.0651 4244 WmiAcpi - ok
15:27:11.0718 4244 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:27:11.0720 4244 wmiApSrv - ok
15:27:11.0776 4244 WMPNetworkSvc - ok
15:27:11.0803 4244 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:27:11.0805 4244 WPCSvc - ok
15:27:11.0827 4244 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:27:11.0830 4244 WPDBusEnum - ok
15:27:11.0862 4244 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:27:11.0863 4244 ws2ifsl - ok
15:27:11.0883 4244 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
15:27:11.0886 4244 wscsvc - ok
15:27:11.0890 4244 WSearch - ok
15:27:12.0050 4244 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:27:12.0084 4244 wuauserv - ok
15:27:12.0221 4244 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:27:12.0223 4244 WudfPf - ok
15:27:12.0246 4244 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:27:12.0250 4244 WUDFRd - ok
15:27:12.0270 4244 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:27:12.0273 4244 wudfsvc - ok
15:27:12.0319 4244 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:27:12.0323 4244 WwanSvc - ok
15:27:12.0374 4244 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
15:27:12.0377 4244 yukonw7 - ok
15:27:12.0411 4244 MBR (0x1B8) (8e734bd7aa1d4f7e9af58df495f6cf9e) \Device\Harddisk0\DR0
15:27:13.0227 4244 \Device\Harddisk0\DR0 - ok
15:27:13.0252 4244 Boot (0x1200) (66b3203d930be96dd90c4d39c79b8161) \Device\Harddisk0\DR0\Partition0
15:27:13.0254 4244 \Device\Harddisk0\DR0\Partition0 - ok
15:27:13.0267 4244 Boot (0x1200) (4832f92d080a78e1eda21e392b787667) \Device\Harddisk0\DR0\Partition1
15:27:13.0269 4244 \Device\Harddisk0\DR0\Partition1 - ok
15:27:13.0298 4244 Boot (0x1200) (96aca76431546ed9b3e04ead3f90a81e) \Device\Harddisk0\DR0\Partition2
15:27:13.0300 4244 \Device\Harddisk0\DR0\Partition2 - ok
15:27:13.0300 4244 ============================================================
15:27:13.0300 4244 Scan finished
15:27:13.0300 4244 ============================================================
15:27:13.0315 5612 Detected object count: 0
15:27:13.0315 5612 Actual detected object count: 0
15:27:21.0662 1964 Deinitialize success


COMBOFIX - FREEZES:

Output folder: C:\32788R22FWJFW
Delete file: C:\32788R22FWJFW\023.dat
Delete file: C:\32788R22FWJFW\023v.dat
Delete file: C:\32788R22FWJFW\023w7.dat
Delete file: C:\32788R22FWJFW\ActiveDrv.vbs
Delete file: C:\32788R22FWJFW\AppDataFile.cfx
Delete file: C:\32788R22FWJFW\AppDataFolder.cfx
Delete file: C:\32788R22FWJFW\appinit.bad
Delete file: C:\32788R22FWJFW\asp.str
Delete file: C:\32788R22FWJFW\Assoc.cmd
Delete file: C:\32788R22FWJFW\Auto-RC.cmd
Delete file: C:\32788R22FWJFW\av.cmd
Delete file: C:\32788R22FWJFW\av.vbs
Delete file: C:\32788R22FWJFW\AWF.cmd
Delete file: C:\32788R22FWJFW\badclsid.c
Delete file: C:\32788R22FWJFW\BFE.dat
Delete file: C:\32788R22FWJFW\Boot-Rk.cmd
Delete file: C:\32788R22FWJFW\Boot.bat
Delete file: C:\32788R22FWJFW\BootDrv.vbs
Delete file: C:\32788R22FWJFW\c.bat
Delete file: C:\32788R22FWJFW\Catch-sub.cmd
Delete file: C:\32788R22FWJFW\catchme.3XE
Delete file: C:\32788R22FWJFW\CF-Script.cmd
Delete file: C:\32788R22FWJFW\clsid.c
Delete file: C:\32788R22FWJFW\Combo-Fix.sys
Delete file: C:\32788R22FWJFW\Combobatch.bat
Delete file: C:\32788R22FWJFW\ComboFix-Download.3XE
Delete file: C:\32788R22FWJFW\Create.cmd
Delete file: C:\32788R22FWJFW\Creg.dat
Delete file: C:\32788R22FWJFW\CregC.cmd
Delete file: C:\32788R22FWJFW\CregC.dat
Delete file: C:\32788R22FWJFW\dd.3XE
Delete file: C:\32788R22FWJFW\ddsDo.sed
Delete file: C:\32788R22FWJFW\DelClsid.bat
Delete file: C:\32788R22FWJFW\DelClsid64.bat
Delete file: C:\32788R22FWJFW\desktop.ini
Delete file: C:\32788R22FWJFW\DesktopFile.cfx
Delete file: C:\32788R22FWJFW\Dnl.dat
Delete file: C:\32788R22FWJFW\DPF.str
Delete file: C:\32788R22FWJFW\DrvRun.vbs
Delete file: C:\32788R22FWJFW\dumphive.3XE
Delete file: C:\32788R22FWJFW\embedded.sed
Delete file: C:\32788R22FWJFW\EN-US\cmd.3XE.mui
Delete file: C:\32788R22FWJFW\EN-US\iexplore.exe
Remove folder: C:\32788R22FWJFW\EN-US\
Delete file: C:\32788R22FWJFW\ERDNT.e_e
Delete file: C:\32788R22FWJFW\ERDNTDOS.LOC
Delete file: C:\32788R22FWJFW\ERDNTWIN.LOC
Delete file: C:\32788R22FWJFW\ERUNT.3XE
Delete file: C:\32788R22FWJFW\ERUNT.LOC
Delete file: C:\32788R22FWJFW\Exe.reg
Delete file: C:\32788R22FWJFW\extract.3XE
Delete file: C:\32788R22FWJFW\FavoriteFolder.cfx
Delete file: C:\32788R22FWJFW\FavoritesFile.cfx
Delete file: C:\32788R22FWJFW\FD-SV.cmd
Delete file: C:\32788R22FWJFW\ffdefstr.dll
Delete file: C:\32788R22FWJFW\FileKill.3XE
Delete file: C:\32788R22FWJFW\files.pif
Delete file: C:\32788R22FWJFW\Fin.dat
Delete file: C:\32788R22FWJFW\FIND3M.bat
Delete file: C:\32788R22FWJFW\firefox.exe
Delete file: C:\32788R22FWJFW\FIXLSP.bat
Delete file: C:\32788R22FWJFW\FKMGen.cmd
Delete file: C:\32788R22FWJFW\fl0.bat
Delete file: C:\32788R22FWJFW\GetHive.cmd
Delete file: C:\32788R22FWJFW\grep.3XE
Delete file: C:\32788R22FWJFW\gsar.3XE
Delete file: C:\32788R22FWJFW\handle.3XE
Delete file: C:\32788R22FWJFW\hidec.3XE
Delete file: C:\32788R22FWJFW\history.bat
Delete file: C:\32788R22FWJFW\hwid.pif
Delete file: C:\32788R22FWJFW\iexplore.exe
Delete file: C:\32788R22FWJFW\image001.gif
Delete file: C:\32788R22FWJFW\Imefile.dat
Delete file: C:\32788R22FWJFW\Install-RC.cmd
Delete file: C:\32788R22FWJFW\katch.cmd
Delete file: C:\32788R22FWJFW\Kill-All.cmd
Delete file: C:\32788R22FWJFW\KNetSvcs.vbs
Delete file: C:\32788R22FWJFW\Ksvchost.vbs
Delete file: C:\32788R22FWJFW\Lang.bat
Delete file: C:\32788R22FWJFW\License\Curl - license.txt
Delete file: C:\32788R22FWJFW\License\dumphive-license.txt
Delete file: C:\32788R22FWJFW\License\EXTRACT.TXT
Delete file: C:\32788R22FWJFW\License\FI - license.txt
Delete file: C:\32788R22FWJFW\License\firefox.exe
Delete file: C:\32788R22FWJFW\License\iexplore.exe
Delete file: C:\32788R22FWJFW\License\mtee.txt
Delete file: C:\32788R22FWJFW\License\ncmd.cfxxe
Delete file: C:\32788R22FWJFW\License\pv_5_2_2.zip
Delete file: C:\32788R22FWJFW\License\streamtools.zip
Delete file: C:\32788R22FWJFW\License\UnxUtilsDist.com
Delete file: C:\32788R22FWJFW\License\UnxUtilsDist.html
Delete file: C:\32788R22FWJFW\License\UnxUtilsDist.pif
Delete file: C:\32788R22FWJFW\License\Zip - license.txt
Remove folder: C:\32788R22FWJFW\License\
Delete file: C:\32788R22FWJFW\List-B.bat
Delete file: C:\32788R22FWJFW\List-C.bat
Delete file: C:\32788R22FWJFW\List-D.bat
Delete file: C:\32788R22FWJFW\List.bat
Delete file: C:\32788R22FWJFW\lnkread.vbs
Delete file: C:\32788R22FWJFW\LocalAppDataFile.cfx
Delete file: C:\32788R22FWJFW\LocalAppDataFolder.cfx
Delete file: C:\32788R22FWJFW\LocalService.dat
Delete file: C:\32788R22FWJFW\LocalServiceNetworkRestricted.dat
Delete file: C:\32788R22FWJFW\LocalSettingsFile.cfx
Delete file: C:\32788R22FWJFW\LocalSystemNetworkRestricted.dat
Delete file: C:\32788R22FWJFW\mbr.3XE
Delete file: C:\32788R22FWJFW\mbr.chk
Delete file: C:\32788R22FWJFW\md5sum.pif
Delete file: C:\32788R22FWJFW\md5sum00.pif
Delete file: C:\32788R22FWJFW\MDWht.dat
Delete file: C:\32788R22FWJFW\MoveIt.bat
Delete file: C:\32788R22FWJFW\MpsSvc.dat
Delete file: C:\32788R22FWJFW\mtee.3XE
Delete file: C:\32788R22FWJFW\mynul.dat
Delete file: C:\32788R22FWJFW\n.pif
Delete file: C:\32788R22FWJFW\ncmd.com
Delete file: C:\32788R22FWJFW\ndis_combofix.dat
Delete file: C:\32788R22FWJFW\ND_.bat
Delete file: C:\32788R22FWJFW\ND_64.bat
Delete file: C:\32788R22FWJFW\netsvc.bad.dat
Delete file: C:\32788R22FWJFW\netsvc.dat
Delete file: C:\32788R22FWJFW\netsvc.vista.dat
Delete file: C:\32788R22FWJFW\netsvc.xp.dat
Delete file: C:\32788R22FWJFW\NetworkService.dat
Delete file: C:\32788R22FWJFW\NirCmd.3XE
Delete file: C:\32788R22FWJFW\NirCmd.chm
Delete file: C:\32788R22FWJFW\NirCmdC.3XE
Delete file: C:\32788R22FWJFW\NT-OS.cmd
Remove folder: C:\32788R22FWJFW\N_\
Delete file: C:\32788R22FWJFW\OSid.vbs
Delete file: C:\32788R22FWJFW\P.cmd
Delete file: C:\32788R22FWJFW\pausep.3XE
Delete file: C:\32788R22FWJFW\PersonalFile.cfx
Delete file: C:\32788R22FWJFW\PersonalFolder.cfx
Delete file: C:\32788R22FWJFW\pev.3XE
Delete file: C:\32788R22FWJFW\pevb.3XE
Delete file: C:\32788R22FWJFW\Policies.dat
Delete file: C:\32788R22FWJFW\powp.dat
Delete file: C:\32788R22FWJFW\Prep.inf
Delete file: C:\32788R22FWJFW\ProfilesFile.cfx
Delete file: C:\32788R22FWJFW\ProfilesFolder.cfx
Delete file: C:\32788R22FWJFW\ProgramsFile.cfx
Delete file: C:\32788R22FWJFW\ProgramsFolder.cfx
Delete file: C:\32788R22FWJFW\Purity.dat
Delete file: C:\32788R22FWJFW\PV.3XE
Delete file: C:\32788R22FWJFW\pv.com
Delete file: C:\32788R22FWJFW\rar_sfx.cmd
Delete file: C:\32788R22FWJFW\RCLink.dat
Delete file: C:\32788R22FWJFW\REGDACL.sed
Delete file: C:\32788R22FWJFW\RegDo.sed
Delete file: C:\32788R22FWJFW\region.dat
Delete file: C:\32788R22FWJFW\RegScan.cmd
Delete file: C:\32788R22FWJFW\RegScan64.cmd
Delete file: C:\32788R22FWJFW\restore_pt.vbs
Delete file: C:\32788R22FWJFW\Rkey.cmd
Delete file: C:\32788R22FWJFW\rmbr.3XE
Delete file: C:\32788R22FWJFW\rogues.dat
Delete file: C:\32788R22FWJFW\run2.sed
Delete file: C:\32788R22FWJFW\Rust.str
Delete file: C:\32788R22FWJFW\s0rt.3XE
Delete file: C:\32788R22FWJFW\safeboot.dat
Delete file: C:\32788R22FWJFW\safeboot.def.dat
Delete file: C:\32788R22FWJFW\safeboot.def.vista.dat
Delete file: C:\32788R22FWJFW\Safeboot.def.w7.dat
Delete file: C:\32788R22FWJFW\sed.3XE
Delete file: C:\32788R22FWJFW\SetEnvmt.bat
Delete file: C:\32788R22FWJFW\setpath.3XE
Delete file: C:\32788R22FWJFW\setpath_N.cmd
Delete file: C:\32788R22FWJFW\ShAccess.dat
Delete file: C:\32788R22FWJFW\SnapShot.cmd
Delete file: C:\32788R22FWJFW\SRestore.cmd
Delete file: C:\32788R22FWJFW\srizbi.md5
Delete file: C:\32788R22FWJFW\StartMenuFile.cfx
Delete file: C:\32788R22FWJFW\StartMenuFolder.cfx
Delete file: C:\32788R22FWJFW\StartUpFile.cfx
Delete file: C:\32788R22FWJFW\SuppScan.cmd
Delete file: C:\32788R22FWJFW\SvcDrv.vbs
Delete file: C:\32788R22FWJFW\svchost.dat
Delete file: C:\32788R22FWJFW\svchost.vista.dat
Delete file: C:\32788R22FWJFW\svchost.vista.x64.dat
Delete file: C:\32788R22FWJFW\svchost.w7.dat
Delete file: C:\32788R22FWJFW\svchost.w7.x64.dat
Delete file: C:\32788R22FWJFW\svc_wht.dat
Delete file: C:\32788R22FWJFW\swreg.3XE
Delete file: C:\32788R22FWJFW\swsc.3XE
Delete file: C:\32788R22FWJFW\swxcacls.3XE
Delete file: C:\32788R22FWJFW\system_ini.dat
Delete file: C:\32788R22FWJFW\tail.3XE
Delete file: C:\32788R22FWJFW\TemplatesFile.cfx
Delete file: C:\32788R22FWJFW\TemplatesFolder.cfx
Delete file: C:\32788R22FWJFW\toolbar.sed
Delete file: C:\32788R22FWJFW\UndoW7_XP.dat
Delete file: C:\32788R22FWJFW\Update-CF.cmd
Delete file: C:\32788R22FWJFW\VBR.pif
Delete file: C:\32788R22FWJFW\VInfo
Delete file: C:\32788R22FWJFW\VInfo2
Delete file: C:\32788R22FWJFW\VINFO3
Delete file: C:\32788R22FWJFW\Vipev.dat
Delete file: C:\32788R22FWJFW\Vista.krl
Delete file: C:\32788R22FWJFW\vistaMcode.dat
Delete file: C:\32788R22FWJFW\vistareg.dat
Delete file: C:\32788R22FWJFW\vun.dat
Delete file: C:\32788R22FWJFW\VwinTemp.dacl
Delete file: C:\32788R22FWJFW\W6432.dat
Delete file: C:\32788R22FWJFW\W7.mac
Delete file: C:\32788R22FWJFW\w7Mcode.dat
Delete file: C:\32788R22FWJFW\w7reg.dat
Delete file: C:\32788R22FWJFW\Wmi_rem.vbs
Delete file: C:\32788R22FWJFW\w_sock.dll
Delete file: C:\32788R22FWJFW\xpmcode.dat
Delete file: C:\32788R22FWJFW\xpreg.dat
Delete file: C:\32788R22FWJFW\XPSBoot.reg
Delete file: C:\32788R22FWJFW\zDomain.dat
Delete file: C:\32788R22FWJFW\zhsvc.dat
Delete file: C:\32788R22FWJFW\zip.3XE
Extract: 023.dat
Extract: 023v.dat
Extract: 023w7.dat
Extract: AWF.cmd
Extract: ActiveDrv.vbs
Extract: AppDataFile.cfx
Extract: AppDataFolder.cfx
Extract: Assoc.cmd
Extract: Auto-RC.cmd
Extract: BFE.dat
Extract: Boot-Rk.cmd
Extract: Boot.bat
Extract: BootDrv.vbs
Extract: CF-Script.cmd
Extract: Catch-sub.cmd
Extract: Combo-Fix.sys
Extract: ComboFix-Download.3XE
Extract: Combobatch.bat
Extract: Create.cmd
Extract: Creg.dat
Extract: CregC.cmd
Extract: CregC.dat
Extract: DPF.str
Extract: DelClsid.bat
Extract: DelClsid64.bat
Extract: DesktopFile.cfx
Extract: Dnl.dat
Extract: DrvRun.vbs
Extract: ERDNT.e_e
Extract: ERDNTDOS.LOC
Extract: ERDNTWIN.LOC
Extract: ERUNT.3XE
Extract: ERUNT.LOC
Extract: Exe.reg
Extract: FD-SV.cmd
Extract: FIND3M.bat
Extract: FIXLSP.bat
Extract: FKMGen.cmd
Extract: FavoriteFolder.cfx
Extract: FavoritesFile.cfx
Extract: FileKill.3XE
Extract: Fin.dat
Extract: GetHive.cmd
Extract: Imefile.dat
Extract: Install-RC.cmd
Extract: KNetSvcs.vbs
Extract: Kill-All.cmd
Extract: Ksvchost.vbs
Extract: Lang.bat
Extract: List-B.bat
Extract: List-C.bat
Extract: List-D.bat
Extract: List.bat
Extract: LocalAppDataFile.cfx
Extract: LocalAppDataFolder.cfx
Extract: LocalService.dat
Extract: LocalServiceNetworkRestricted.dat
Extract: LocalSettingsFile.cfx
Extract: LocalSystemNetworkRestricted.dat
Extract: MDWht.dat
Extract: MoveIt.bat
Extract: MpsSvc.dat
Extract: ND_.bat
Extract: ND_64.bat
Extract: NT-OS.cmd
Extract: NetworkService.dat
Extract: NirCmd.3XE
Extract: NirCmd.chm
Extract: NirCmdC.3XE
Extract: NirScript.dat
Extract: OSid.vbs
Extract: P.cmd
Extract: PV.3XE
Extract: PersonalFile.cfx
Extract: PersonalFolder.cfx
Extract: Policies.dat
Extract: Prep.inf
Extract: ProfilesFile.cfx
Extract: ProfilesFolder.cfx
Extract: ProgramsFile.cfx
Extract: ProgramsFolder.cfx
Extract: Purity.dat
Extract: RCLink.dat
Extract: REGDACL.sed
Extract: RegDo.sed
Extract: RegScan.cmd
Extract: RegScan64.cmd
Extract: Rkey.cmd
Extract: Rust.str
Extract: SRestore.cmd
Extract: Safeboot.def.w7.dat
Extract: SetEnvmt.bat
Extract: ShAccess.dat
Extract: SnapShot.cmd
Extract: StartMenuFile.cfx
Extract: StartMenuFolder.cfx
Extract: StartUpFile.cfx
Extract: SuppScan.cmd
Extract: SvcDrv.vbs
Extract: TemplatesFile.cfx
Extract: TemplatesFolder.cfx
Extract: UndoW7_XP.dat
Extract: Update-CF.cmd
Extract: VBR.pif
Extract: VINFO3
Extract: VInfo
Extract: VInfo2
Extract: Vipev.dat
Extract: VwinTemp.dacl
Extract: Wmi_rem.vbs
Extract: XPSBoot.reg
Extract: appinit.bad
Extract: asp.str
Extract: av.cmd
Extract: av.vbs
Extract: badclsid.c
Extract: c.bat
Extract: catchme.3XE
Extract: clsid.c
Extract: dd.3XE
Extract: ddsDo.sed
Extract: dumphive.3XE
Extract: embedded.sed
Extract: extract.3XE
Extract: ffdefstr.dll
Extract: files.pif
Extract: firefox.exe
Extract: fl0.bat
Extract: grep.3XE
Extract: gsar.3XE
Extract: handle.3XE
Extract: hidec.3XE
Extract: history.bat
Extract: hwid.pif
Extract: iexplore.exe
Extract: image001.gif
Extract: katch.cmd
Extract: lnkread.vbs
Extract: mbr.3XE
Extract: mbr.chk
Extract: md5sum.pif
Extract: md5sum00.pif
Extract: mtee.3XE
Extract: mynul.dat
Extract: n.pif
Extract: ncmd.com
Extract: ndis_combofix.dat
Extract: netsvc.bad.dat
Extract: netsvc.dat
Extract: netsvc.vista.dat
Extract: netsvc.xp.dat
Extract: pausep.3XE
Extract: pev.3XE
Extract: pevb.3XE
Extract: powp.dat
Extract: pv.com
Extract: region.dat
Extract: restore_pt.vbs
Extract: rmbr.3XE
Extract: rogues.dat
Extract: run2.sed
Extract: s0rt.3XE
Extract: safeboot.dat
Extract: safeboot.def.dat
Extract: safeboot.def.vista.dat
Extract: sed.3XE
Extract: setpath.3XE
Extract: srizbi.md5
Extract: svc_wht.dat
Extract: svchost.dat
Extract: svchost.vista.dat
Extract: svchost.vista.x64.dat
Extract: svchost.w7.dat
Extract: svchost.w7.x64.dat
Extract: swreg.3XE
Extract: swsc.3XE
Extract: swxcacls.3XE
Extract: system_ini.dat
Extract: tail.3XE
Extract: toolbar.sed
Extract: vistaMcode.dat
Extract: vistareg.dat
Extract: vun.dat
Extract: w7Mcode.dat
Extract: w7reg.dat
Extract: w_sock.dll
Extract: xpmcode.dat
Extract: xpreg.dat
Extract: zDomain.dat
Extract: zhsvc.dat
Extract: zip.3XE
Output folder: C:\32788R22FWJFW\EN-US
Extract: iexplore.exe
Output folder: C:\32788R22FWJFW\License
Extract: Curl - license.txt
Extract: EXTRACT.TXT
Extract: FI - license.txt
Extract: UnxUtilsDist.com
Extract: UnxUtilsDist.html
Extract: UnxUtilsDist.pif
Extract: Zip - license.txt
Extract: dumphive-license.txt
Extract: firefox.exe
Extract: iexplore.exe
Extract: mtee.txt
Extract: ncmd.cfxxe
Extract: pv_5_2_2.zip
Extract: streamtools.zip
Output folder: C:\32788R22FWJFW\N_
Output folder: C:\32788R22FWJFW

Edited by noob123456, 01 August 2012 - 02:53 PM.


#4 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:02:43 AM

Posted 01 August 2012 - 02:45 PM

If attaching the TDSSKiller repot doesn't work, just copy and paste it here instead.

Next,
Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Then, try running ComboFix again. Let me know how it goes.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#5 noob123456

noob123456
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 01 August 2012 - 03:00 PM

same thing happens with ComboFix in safe-mode it makes it to that step and just hangs...

#6 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:02:43 AM

Posted 01 August 2012 - 03:13 PM

Rename ComboFix.exe to Uninstall.exe. Then, run that.

Afterwards, please re-download ComboFix.exe from here, but name it Cheese.exe. Then, run that. Let me know how it goes.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#7 noob123456

noob123456
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 01 August 2012 - 03:31 PM

It still hangs...it did it when I renamed it:

Uninstall.exe

Output folder: C:\32788R22FWJFW
Delete file: C:\32788R22FWJFW\023.dat
Delete file: C:\32788R22FWJFW\023v.dat
Delete file: C:\32788R22FWJFW\023w7.dat
Delete file: C:\32788R22FWJFW\ActiveDrv.vbs
Delete file: C:\32788R22FWJFW\AppDataFile.cfx
Delete file: C:\32788R22FWJFW\AppDataFolder.cfx
Delete file: C:\32788R22FWJFW\appinit.bad
Delete file: C:\32788R22FWJFW\asp.str
Delete file: C:\32788R22FWJFW\Assoc.cmd
Delete file: C:\32788R22FWJFW\Auto-RC.cmd
Delete file: C:\32788R22FWJFW\av.cmd
Delete file: C:\32788R22FWJFW\av.vbs
Delete file: C:\32788R22FWJFW\AWF.cmd
Delete file: C:\32788R22FWJFW\badclsid.c
Delete file: C:\32788R22FWJFW\BFE.dat
Delete file: C:\32788R22FWJFW\Boot-Rk.cmd
Delete file: C:\32788R22FWJFW\Boot.bat
Delete file: C:\32788R22FWJFW\BootDrv.vbs
Delete file: C:\32788R22FWJFW\c.bat
Delete file: C:\32788R22FWJFW\Catch-sub.cmd
Delete file: C:\32788R22FWJFW\catchme.3XE
Delete file: C:\32788R22FWJFW\CF-Script.cmd
Delete file: C:\32788R22FWJFW\clsid.c
Delete file: C:\32788R22FWJFW\Combo-Fix.sys
Delete file: C:\32788R22FWJFW\Combobatch.bat
Delete file: C:\32788R22FWJFW\ComboFix-Download.3XE
Delete file: C:\32788R22FWJFW\Create.cmd
Delete file: C:\32788R22FWJFW\Creg.dat
Delete file: C:\32788R22FWJFW\CregC.cmd
Delete file: C:\32788R22FWJFW\CregC.dat
Delete file: C:\32788R22FWJFW\dd.3XE
Delete file: C:\32788R22FWJFW\ddsDo.sed
Delete file: C:\32788R22FWJFW\DelClsid.bat
Delete file: C:\32788R22FWJFW\DelClsid64.bat
Delete file: C:\32788R22FWJFW\desktop.ini
Delete file: C:\32788R22FWJFW\DesktopFile.cfx
Delete file: C:\32788R22FWJFW\Dnl.dat
Delete file: C:\32788R22FWJFW\DPF.str
Delete file: C:\32788R22FWJFW\DrvRun.vbs
Delete file: C:\32788R22FWJFW\dumphive.3XE
Delete file: C:\32788R22FWJFW\embedded.sed
Delete file: C:\32788R22FWJFW\EN-US\cmd.3XE.mui
Delete file: C:\32788R22FWJFW\EN-US\iexplore.exe
Remove folder: C:\32788R22FWJFW\EN-US\
Delete file: C:\32788R22FWJFW\ERDNT.e_e
Delete file: C:\32788R22FWJFW\ERDNTDOS.LOC
Delete file: C:\32788R22FWJFW\ERDNTWIN.LOC
Delete file: C:\32788R22FWJFW\ERUNT.3XE
Delete file: C:\32788R22FWJFW\ERUNT.LOC
Delete file: C:\32788R22FWJFW\Exe.reg
Delete file: C:\32788R22FWJFW\extract.3XE
Delete file: C:\32788R22FWJFW\FavoriteFolder.cfx
Delete file: C:\32788R22FWJFW\FavoritesFile.cfx
Delete file: C:\32788R22FWJFW\FD-SV.cmd
Delete file: C:\32788R22FWJFW\ffdefstr.dll
Delete file: C:\32788R22FWJFW\FileKill.3XE
Delete file: C:\32788R22FWJFW\files.pif
Delete file: C:\32788R22FWJFW\Fin.dat
Delete file: C:\32788R22FWJFW\FIND3M.bat
Delete file: C:\32788R22FWJFW\firefox.exe
Delete file: C:\32788R22FWJFW\FIXLSP.bat
Delete file: C:\32788R22FWJFW\FKMGen.cmd
Delete file: C:\32788R22FWJFW\fl0.bat
Delete file: C:\32788R22FWJFW\GetHive.cmd
Delete file: C:\32788R22FWJFW\grep.3XE
Delete file: C:\32788R22FWJFW\gsar.3XE
Delete file: C:\32788R22FWJFW\handle.3XE
Delete file: C:\32788R22FWJFW\hidec.3XE
Delete file: C:\32788R22FWJFW\history.bat
Delete file: C:\32788R22FWJFW\hwid.pif
Delete file: C:\32788R22FWJFW\iexplore.exe
Delete file: C:\32788R22FWJFW\image001.gif
Delete file: C:\32788R22FWJFW\Imefile.dat
Delete file: C:\32788R22FWJFW\Install-RC.cmd
Delete file: C:\32788R22FWJFW\katch.cmd
Delete file: C:\32788R22FWJFW\Kill-All.cmd
Delete file: C:\32788R22FWJFW\KNetSvcs.vbs
Delete file: C:\32788R22FWJFW\Ksvchost.vbs
Delete file: C:\32788R22FWJFW\Lang.bat
Delete file: C:\32788R22FWJFW\License\Curl - license.txt
Delete file: C:\32788R22FWJFW\License\dumphive-license.txt
Delete file: C:\32788R22FWJFW\License\EXTRACT.TXT
Delete file: C:\32788R22FWJFW\License\FI - license.txt
Delete file: C:\32788R22FWJFW\License\firefox.exe
Delete file: C:\32788R22FWJFW\License\iexplore.exe
Delete file: C:\32788R22FWJFW\License\mtee.txt
Delete file: C:\32788R22FWJFW\License\ncmd.cfxxe
Delete file: C:\32788R22FWJFW\License\pv_5_2_2.zip
Delete file: C:\32788R22FWJFW\License\streamtools.zip
Delete file: C:\32788R22FWJFW\License\UnxUtilsDist.com
Delete file: C:\32788R22FWJFW\License\UnxUtilsDist.html
Delete file: C:\32788R22FWJFW\License\UnxUtilsDist.pif
Delete file: C:\32788R22FWJFW\License\Zip - license.txt
Remove folder: C:\32788R22FWJFW\License\
Delete file: C:\32788R22FWJFW\List-B.bat
Delete file: C:\32788R22FWJFW\List-C.bat
Delete file: C:\32788R22FWJFW\List-D.bat
Delete file: C:\32788R22FWJFW\List.bat
Delete file: C:\32788R22FWJFW\lnkread.vbs
Delete file: C:\32788R22FWJFW\LocalAppDataFile.cfx
Delete file: C:\32788R22FWJFW\LocalAppDataFolder.cfx
Delete file: C:\32788R22FWJFW\LocalService.dat
Delete file: C:\32788R22FWJFW\LocalServiceNetworkRestricted.dat
Delete file: C:\32788R22FWJFW\LocalSettingsFile.cfx
Delete file: C:\32788R22FWJFW\LocalSystemNetworkRestricted.dat
Delete file: C:\32788R22FWJFW\mbr.3XE
Delete file: C:\32788R22FWJFW\mbr.chk
Delete file: C:\32788R22FWJFW\md5sum.pif
Delete file: C:\32788R22FWJFW\md5sum00.pif
Delete file: C:\32788R22FWJFW\MDWht.dat
Delete file: C:\32788R22FWJFW\MoveIt.bat
Delete file: C:\32788R22FWJFW\MpsSvc.dat
Delete file: C:\32788R22FWJFW\mtee.3XE
Delete file: C:\32788R22FWJFW\mynul.dat
Delete file: C:\32788R22FWJFW\n.pif
Delete file: C:\32788R22FWJFW\ncmd.com
Delete file: C:\32788R22FWJFW\ndis_combofix.dat
Delete file: C:\32788R22FWJFW\ND_.bat
Delete file: C:\32788R22FWJFW\ND_64.bat
Delete file: C:\32788R22FWJFW\netsvc.bad.dat
Delete file: C:\32788R22FWJFW\netsvc.dat
Delete file: C:\32788R22FWJFW\netsvc.vista.dat
Delete file: C:\32788R22FWJFW\netsvc.xp.dat
Delete file: C:\32788R22FWJFW\NetworkService.dat
Delete file: C:\32788R22FWJFW\NirCmd.3XE
Delete file: C:\32788R22FWJFW\NirCmd.chm
Delete file: C:\32788R22FWJFW\NirCmdC.3XE
Delete file: C:\32788R22FWJFW\NT-OS.cmd
Remove folder: C:\32788R22FWJFW\N_\
Delete file: C:\32788R22FWJFW\OSid.vbs
Delete file: C:\32788R22FWJFW\P.cmd
Delete file: C:\32788R22FWJFW\pausep.3XE
Delete file: C:\32788R22FWJFW\PersonalFile.cfx
Delete file: C:\32788R22FWJFW\PersonalFolder.cfx
Delete file: C:\32788R22FWJFW\pev.3XE
Delete file: C:\32788R22FWJFW\pevb.3XE
Delete file: C:\32788R22FWJFW\Policies.dat
Delete file: C:\32788R22FWJFW\powp.dat
Delete file: C:\32788R22FWJFW\Prep.inf
Delete file: C:\32788R22FWJFW\ProfilesFile.cfx
Delete file: C:\32788R22FWJFW\ProfilesFolder.cfx
Delete file: C:\32788R22FWJFW\ProgramsFile.cfx
Delete file: C:\32788R22FWJFW\ProgramsFolder.cfx
Delete file: C:\32788R22FWJFW\Purity.dat
Delete file: C:\32788R22FWJFW\PV.3XE
Delete file: C:\32788R22FWJFW\pv.com
Delete file: C:\32788R22FWJFW\rar_sfx.cmd
Delete file: C:\32788R22FWJFW\RCLink.dat
Delete file: C:\32788R22FWJFW\REGDACL.sed
Delete file: C:\32788R22FWJFW\RegDo.sed
Delete file: C:\32788R22FWJFW\region.dat
Delete file: C:\32788R22FWJFW\RegScan.cmd
Delete file: C:\32788R22FWJFW\RegScan64.cmd
Delete file: C:\32788R22FWJFW\restore_pt.vbs
Delete file: C:\32788R22FWJFW\Rkey.cmd
Delete file: C:\32788R22FWJFW\rmbr.3XE
Delete file: C:\32788R22FWJFW\rogues.dat
Delete file: C:\32788R22FWJFW\run2.sed
Delete file: C:\32788R22FWJFW\Rust.str
Delete file: C:\32788R22FWJFW\s0rt.3XE
Delete file: C:\32788R22FWJFW\safeboot.dat
Delete file: C:\32788R22FWJFW\safeboot.def.dat
Delete file: C:\32788R22FWJFW\safeboot.def.vista.dat
Delete file: C:\32788R22FWJFW\Safeboot.def.w7.dat
Delete file: C:\32788R22FWJFW\sed.3XE
Delete file: C:\32788R22FWJFW\SetEnvmt.bat
Delete file: C:\32788R22FWJFW\setpath.3XE
Delete file: C:\32788R22FWJFW\setpath_N.cmd
Delete file: C:\32788R22FWJFW\ShAccess.dat
Delete file: C:\32788R22FWJFW\SnapShot.cmd
Delete file: C:\32788R22FWJFW\SRestore.cmd
Delete file: C:\32788R22FWJFW\srizbi.md5
Delete file: C:\32788R22FWJFW\StartMenuFile.cfx
Delete file: C:\32788R22FWJFW\StartMenuFolder.cfx
Delete file: C:\32788R22FWJFW\StartUpFile.cfx
Delete file: C:\32788R22FWJFW\SuppScan.cmd
Delete file: C:\32788R22FWJFW\SvcDrv.vbs
Delete file: C:\32788R22FWJFW\svchost.dat
Delete file: C:\32788R22FWJFW\svchost.vista.dat
Delete file: C:\32788R22FWJFW\svchost.vista.x64.dat
Delete file: C:\32788R22FWJFW\svchost.w7.dat
Delete file: C:\32788R22FWJFW\svchost.w7.x64.dat
Delete file: C:\32788R22FWJFW\svc_wht.dat
Delete file: C:\32788R22FWJFW\swreg.3XE
Delete file: C:\32788R22FWJFW\swsc.3XE
Delete file: C:\32788R22FWJFW\swxcacls.3XE
Delete file: C:\32788R22FWJFW\system_ini.dat
Delete file: C:\32788R22FWJFW\tail.3XE
Delete file: C:\32788R22FWJFW\TemplatesFile.cfx
Delete file: C:\32788R22FWJFW\TemplatesFolder.cfx
Delete file: C:\32788R22FWJFW\toolbar.sed
Delete file: C:\32788R22FWJFW\UndoW7_XP.dat
Delete file: C:\32788R22FWJFW\Update-CF.cmd
Delete file: C:\32788R22FWJFW\VBR.pif
Delete file: C:\32788R22FWJFW\VInfo
Delete file: C:\32788R22FWJFW\VInfo2
Delete file: C:\32788R22FWJFW\VINFO3
Delete file: C:\32788R22FWJFW\Vipev.dat
Delete file: C:\32788R22FWJFW\Vista.krl
Delete file: C:\32788R22FWJFW\vistaMcode.dat
Delete file: C:\32788R22FWJFW\vistareg.dat
Delete file: C:\32788R22FWJFW\vun.dat
Delete file: C:\32788R22FWJFW\VwinTemp.dacl
Delete file: C:\32788R22FWJFW\W6432.dat
Delete file: C:\32788R22FWJFW\W7.mac
Delete file: C:\32788R22FWJFW\w7Mcode.dat
Delete file: C:\32788R22FWJFW\w7reg.dat
Delete file: C:\32788R22FWJFW\Wmi_rem.vbs
Delete file: C:\32788R22FWJFW\w_sock.dll
Delete file: C:\32788R22FWJFW\xpmcode.dat
Delete file: C:\32788R22FWJFW\xpreg.dat
Delete file: C:\32788R22FWJFW\XPSBoot.reg
Delete file: C:\32788R22FWJFW\zDomain.dat
Delete file: C:\32788R22FWJFW\zhsvc.dat
Delete file: C:\32788R22FWJFW\zip.3XE
Extract: 023.dat
Extract: 023v.dat
Extract: 023w7.dat
Extract: AWF.cmd
Extract: ActiveDrv.vbs
Extract: AppDataFile.cfx
Extract: AppDataFolder.cfx
Extract: Assoc.cmd
Extract: Auto-RC.cmd
Extract: BFE.dat
Extract: Boot-Rk.cmd
Extract: Boot.bat
Extract: BootDrv.vbs
Extract: CF-Script.cmd
Extract: Catch-sub.cmd
Extract: Combo-Fix.sys
Extract: ComboFix-Download.3XE
Extract: Combobatch.bat
Extract: Create.cmd
Extract: Creg.dat
Extract: CregC.cmd
Extract: CregC.dat
Extract: DPF.str
Extract: DelClsid.bat
Extract: DelClsid64.bat
Extract: DesktopFile.cfx
Extract: Dnl.dat
Extract: DrvRun.vbs
Extract: ERDNT.e_e
Extract: ERDNTDOS.LOC
Extract: ERDNTWIN.LOC
Extract: ERUNT.3XE
Extract: ERUNT.LOC
Extract: Exe.reg
Extract: FD-SV.cmd
Extract: FIND3M.bat
Extract: FIXLSP.bat
Extract: FKMGen.cmd
Extract: FavoriteFolder.cfx
Extract: FavoritesFile.cfx
Extract: FileKill.3XE
Extract: Fin.dat
Extract: GetHive.cmd
Extract: Imefile.dat
Extract: Install-RC.cmd
Extract: KNetSvcs.vbs
Extract: Kill-All.cmd
Extract: Ksvchost.vbs
Extract: Lang.bat
Extract: List-B.bat
Extract: List-C.bat
Extract: List-D.bat
Extract: List.bat
Extract: LocalAppDataFile.cfx
Extract: LocalAppDataFolder.cfx
Extract: LocalService.dat
Extract: LocalServiceNetworkRestricted.dat
Extract: LocalSettingsFile.cfx
Extract: LocalSystemNetworkRestricted.dat
Extract: MDWht.dat
Extract: MoveIt.bat
Extract: MpsSvc.dat
Extract: ND_.bat
Extract: ND_64.bat
Extract: NT-OS.cmd
Extract: NetworkService.dat
Extract: NirCmd.3XE
Extract: NirCmd.chm
Extract: NirCmdC.3XE
Extract: NirScript.dat
Extract: OSid.vbs
Extract: P.cmd
Extract: PV.3XE
Extract: PersonalFile.cfx
Extract: PersonalFolder.cfx
Extract: Policies.dat
Extract: Prep.inf
Extract: ProfilesFile.cfx
Extract: ProfilesFolder.cfx
Extract: ProgramsFile.cfx
Extract: ProgramsFolder.cfx
Extract: Purity.dat
Extract: RCLink.dat
Extract: REGDACL.sed
Extract: RegDo.sed
Extract: RegScan.cmd
Extract: RegScan64.cmd
Extract: Rkey.cmd
Extract: Rust.str
Extract: SRestore.cmd
Extract: Safeboot.def.w7.dat
Extract: SetEnvmt.bat
Extract: ShAccess.dat
Extract: SnapShot.cmd
Extract: StartMenuFile.cfx
Extract: StartMenuFolder.cfx
Extract: StartUpFile.cfx
Extract: SuppScan.cmd
Extract: SvcDrv.vbs
Extract: TemplatesFile.cfx
Extract: TemplatesFolder.cfx
Extract: UndoW7_XP.dat
Extract: Update-CF.cmd
Extract: VBR.pif
Extract: VINFO3
Extract: VInfo
Extract: VInfo2
Extract: Vipev.dat
Extract: VwinTemp.dacl
Extract: Wmi_rem.vbs
Extract: XPSBoot.reg
Extract: appinit.bad
Extract: asp.str
Extract: av.cmd
Extract: av.vbs
Extract: badclsid.c
Extract: c.bat
Extract: catchme.3XE
Extract: clsid.c
Extract: dd.3XE
Extract: ddsDo.sed
Extract: dumphive.3XE
Extract: embedded.sed
Extract: extract.3XE
Extract: ffdefstr.dll
Extract: files.pif
Extract: firefox.exe
Extract: fl0.bat
Extract: grep.3XE
Extract: gsar.3XE
Extract: handle.3XE
Extract: hidec.3XE
Extract: history.bat
Extract: hwid.pif
Extract: iexplore.exe
Extract: image001.gif
Extract: katch.cmd
Extract: lnkread.vbs
Extract: mbr.3XE
Extract: mbr.chk
Extract: md5sum.pif
Extract: md5sum00.pif
Extract: mtee.3XE
Extract: mynul.dat
Extract: n.pif
Extract: ncmd.com
Extract: ndis_combofix.dat
Extract: netsvc.bad.dat
Extract: netsvc.dat
Extract: netsvc.vista.dat
Extract: netsvc.xp.dat
Extract: pausep.3XE
Extract: pev.3XE
Extract: pevb.3XE
Extract: powp.dat
Extract: pv.com
Extract: region.dat
Extract: restore_pt.vbs
Extract: rmbr.3XE
Extract: rogues.dat
Extract: run2.sed
Extract: s0rt.3XE
Extract: safeboot.dat
Extract: safeboot.def.dat
Extract: safeboot.def.vista.dat
Extract: sed.3XE
Extract: setpath.3XE
Extract: srizbi.md5
Extract: svc_wht.dat
Extract: svchost.dat
Extract: svchost.vista.dat
Extract: svchost.vista.x64.dat
Extract: svchost.w7.dat
Extract: svchost.w7.x64.dat
Extract: swreg.3XE
Extract: swsc.3XE
Extract: swxcacls.3XE
Extract: system_ini.dat
Extract: tail.3XE
Extract: toolbar.sed
Extract: vistaMcode.dat
Extract: vistareg.dat
Extract: vun.dat
Extract: w7Mcode.dat
Extract: w7reg.dat
Extract: w_sock.dll
Extract: xpmcode.dat
Extract: xpreg.dat
Extract: zDomain.dat
Extract: zhsvc.dat
Extract: zip.3XE
Output folder: C:\32788R22FWJFW\EN-US
Extract: iexplore.exe
Output folder: C:\32788R22FWJFW\License
Extract: Curl - license.txt
Extract: EXTRACT.TXT
Extract: FI - license.txt
Extract: UnxUtilsDist.com
Extract: UnxUtilsDist.html
Extract: UnxUtilsDist.pif
Extract: Zip - license.txt
Extract: dumphive-license.txt
Extract: firefox.exe
Extract: iexplore.exe
Extract: mtee.txt
Extract: ncmd.cfxxe
Extract: pv_5_2_2.zip
Extract: streamtools.zip
Output folder: C:\32788R22FWJFW\N_
Output folder: C:\32788R22FWJFW

Cheese.exe

Output folder: C:\32788R22FWJFW
Delete file: C:\32788R22FWJFW\023.dat
Delete file: C:\32788R22FWJFW\023v.dat
Delete file: C:\32788R22FWJFW\023w7.dat
Delete file: C:\32788R22FWJFW\ActiveDrv.vbs
Delete file: C:\32788R22FWJFW\AppDataFile.cfx
Delete file: C:\32788R22FWJFW\AppDataFolder.cfx
Delete file: C:\32788R22FWJFW\appinit.bad
Delete file: C:\32788R22FWJFW\asp.str
Delete file: C:\32788R22FWJFW\Assoc.cmd
Delete file: C:\32788R22FWJFW\Auto-RC.cmd
Delete file: C:\32788R22FWJFW\av.cmd
Delete file: C:\32788R22FWJFW\av.vbs
Delete file: C:\32788R22FWJFW\AWF.cmd
Delete file: C:\32788R22FWJFW\badclsid.c
Delete file: C:\32788R22FWJFW\BFE.dat
Delete file: C:\32788R22FWJFW\Boot-Rk.cmd
Delete file: C:\32788R22FWJFW\Boot.bat
Delete file: C:\32788R22FWJFW\BootDrv.vbs
Delete file: C:\32788R22FWJFW\c.bat
Delete file: C:\32788R22FWJFW\Catch-sub.cmd
Delete file: C:\32788R22FWJFW\catchme.3XE
Delete file: C:\32788R22FWJFW\CF-Script.cmd
Delete file: C:\32788R22FWJFW\clsid.c
Delete file: C:\32788R22FWJFW\Combo-Fix.sys
Delete file: C:\32788R22FWJFW\Combobatch.bat
Delete file: C:\32788R22FWJFW\ComboFix-Download.3XE
Delete file: C:\32788R22FWJFW\Create.cmd
Delete file: C:\32788R22FWJFW\Creg.dat
Delete file: C:\32788R22FWJFW\CregC.cmd
Delete file: C:\32788R22FWJFW\CregC.dat
Delete file: C:\32788R22FWJFW\dd.3XE
Delete file: C:\32788R22FWJFW\ddsDo.sed
Delete file: C:\32788R22FWJFW\DelClsid.bat
Delete file: C:\32788R22FWJFW\DelClsid64.bat
Delete file: C:\32788R22FWJFW\desktop.ini
Delete file: C:\32788R22FWJFW\DesktopFile.cfx
Delete file: C:\32788R22FWJFW\Dnl.dat
Delete file: C:\32788R22FWJFW\DPF.str
Delete file: C:\32788R22FWJFW\DrvRun.vbs
Delete file: C:\32788R22FWJFW\dumphive.3XE
Delete file: C:\32788R22FWJFW\embedded.sed
Delete file: C:\32788R22FWJFW\EN-US\cmd.3XE.mui
Delete file: C:\32788R22FWJFW\EN-US\iexplore.exe
Remove folder: C:\32788R22FWJFW\EN-US\
Delete file: C:\32788R22FWJFW\ERDNT.e_e
Delete file: C:\32788R22FWJFW\ERDNTDOS.LOC
Delete file: C:\32788R22FWJFW\ERDNTWIN.LOC
Delete file: C:\32788R22FWJFW\ERUNT.3XE
Delete file: C:\32788R22FWJFW\ERUNT.LOC
Delete file: C:\32788R22FWJFW\Exe.reg
Delete file: C:\32788R22FWJFW\extract.3XE
Delete file: C:\32788R22FWJFW\FavoriteFolder.cfx
Delete file: C:\32788R22FWJFW\FavoritesFile.cfx
Delete file: C:\32788R22FWJFW\FD-SV.cmd
Delete file: C:\32788R22FWJFW\ffdefstr.dll
Delete file: C:\32788R22FWJFW\FileKill.3XE
Delete file: C:\32788R22FWJFW\files.pif
Delete file: C:\32788R22FWJFW\Fin.dat
Delete file: C:\32788R22FWJFW\FIND3M.bat
Delete file: C:\32788R22FWJFW\firefox.exe
Delete file: C:\32788R22FWJFW\FIXLSP.bat
Delete file: C:\32788R22FWJFW\FKMGen.cmd
Delete file: C:\32788R22FWJFW\fl0.bat
Delete file: C:\32788R22FWJFW\GetHive.cmd
Delete file: C:\32788R22FWJFW\grep.3XE
Delete file: C:\32788R22FWJFW\gsar.3XE
Delete file: C:\32788R22FWJFW\handle.3XE
Delete file: C:\32788R22FWJFW\hidec.3XE
Delete file: C:\32788R22FWJFW\history.bat
Delete file: C:\32788R22FWJFW\hwid.pif
Delete file: C:\32788R22FWJFW\iexplore.exe
Delete file: C:\32788R22FWJFW\image001.gif
Delete file: C:\32788R22FWJFW\Imefile.dat
Delete file: C:\32788R22FWJFW\Install-RC.cmd
Delete file: C:\32788R22FWJFW\katch.cmd
Delete file: C:\32788R22FWJFW\Kill-All.cmd
Delete file: C:\32788R22FWJFW\KNetSvcs.vbs
Delete file: C:\32788R22FWJFW\Ksvchost.vbs
Delete file: C:\32788R22FWJFW\Lang.bat
Delete file: C:\32788R22FWJFW\License\Curl - license.txt
Delete file: C:\32788R22FWJFW\License\dumphive-license.txt
Delete file: C:\32788R22FWJFW\License\EXTRACT.TXT
Delete file: C:\32788R22FWJFW\License\FI - license.txt
Delete file: C:\32788R22FWJFW\License\firefox.exe
Delete file: C:\32788R22FWJFW\License\iexplore.exe
Delete file: C:\32788R22FWJFW\License\mtee.txt
Delete file: C:\32788R22FWJFW\License\ncmd.cfxxe
Delete file: C:\32788R22FWJFW\License\pv_5_2_2.zip
Delete file: C:\32788R22FWJFW\License\streamtools.zip
Delete file: C:\32788R22FWJFW\License\UnxUtilsDist.com
Delete file: C:\32788R22FWJFW\License\UnxUtilsDist.html
Delete file: C:\32788R22FWJFW\License\UnxUtilsDist.pif
Delete file: C:\32788R22FWJFW\License\Zip - license.txt
Remove folder: C:\32788R22FWJFW\License\
Delete file: C:\32788R22FWJFW\List-B.bat
Delete file: C:\32788R22FWJFW\List-C.bat
Delete file: C:\32788R22FWJFW\List-D.bat
Delete file: C:\32788R22FWJFW\List.bat
Delete file: C:\32788R22FWJFW\lnkread.vbs
Delete file: C:\32788R22FWJFW\LocalAppDataFile.cfx
Delete file: C:\32788R22FWJFW\LocalAppDataFolder.cfx
Delete file: C:\32788R22FWJFW\LocalService.dat
Delete file: C:\32788R22FWJFW\LocalServiceNetworkRestricted.dat
Delete file: C:\32788R22FWJFW\LocalSettingsFile.cfx
Delete file: C:\32788R22FWJFW\LocalSystemNetworkRestricted.dat
Delete file: C:\32788R22FWJFW\mbr.3XE
Delete file: C:\32788R22FWJFW\mbr.chk
Delete file: C:\32788R22FWJFW\md5sum.pif
Delete file: C:\32788R22FWJFW\md5sum00.pif
Delete file: C:\32788R22FWJFW\MDWht.dat
Delete file: C:\32788R22FWJFW\MoveIt.bat
Delete file: C:\32788R22FWJFW\MpsSvc.dat
Delete file: C:\32788R22FWJFW\mtee.3XE
Delete file: C:\32788R22FWJFW\mynul.dat
Delete file: C:\32788R22FWJFW\n.pif
Delete file: C:\32788R22FWJFW\ncmd.com
Delete file: C:\32788R22FWJFW\ndis_combofix.dat
Delete file: C:\32788R22FWJFW\ND_.bat
Delete file: C:\32788R22FWJFW\ND_64.bat
Delete file: C:\32788R22FWJFW\netsvc.bad.dat
Delete file: C:\32788R22FWJFW\netsvc.dat
Delete file: C:\32788R22FWJFW\netsvc.vista.dat
Delete file: C:\32788R22FWJFW\netsvc.xp.dat
Delete file: C:\32788R22FWJFW\NetworkService.dat
Delete file: C:\32788R22FWJFW\NirCmd.3XE
Delete file: C:\32788R22FWJFW\NirCmd.chm
Delete file: C:\32788R22FWJFW\NirCmdC.3XE
Delete file: C:\32788R22FWJFW\NT-OS.cmd
Remove folder: C:\32788R22FWJFW\N_\
Delete file: C:\32788R22FWJFW\OSid.vbs
Delete file: C:\32788R22FWJFW\P.cmd
Delete file: C:\32788R22FWJFW\pausep.3XE
Delete file: C:\32788R22FWJFW\PersonalFile.cfx
Delete file: C:\32788R22FWJFW\PersonalFolder.cfx
Delete file: C:\32788R22FWJFW\pev.3XE
Delete file: C:\32788R22FWJFW\pevb.3XE
Delete file: C:\32788R22FWJFW\Policies.dat
Delete file: C:\32788R22FWJFW\powp.dat
Delete file: C:\32788R22FWJFW\Prep.inf
Delete file: C:\32788R22FWJFW\ProfilesFile.cfx
Delete file: C:\32788R22FWJFW\ProfilesFolder.cfx
Delete file: C:\32788R22FWJFW\ProgramsFile.cfx
Delete file: C:\32788R22FWJFW\ProgramsFolder.cfx
Delete file: C:\32788R22FWJFW\Purity.dat
Delete file: C:\32788R22FWJFW\PV.3XE
Delete file: C:\32788R22FWJFW\pv.com
Delete file: C:\32788R22FWJFW\rar_sfx.cmd
Delete file: C:\32788R22FWJFW\RCLink.dat
Delete file: C:\32788R22FWJFW\REGDACL.sed
Delete file: C:\32788R22FWJFW\RegDo.sed
Delete file: C:\32788R22FWJFW\region.dat
Delete file: C:\32788R22FWJFW\RegScan.cmd
Delete file: C:\32788R22FWJFW\RegScan64.cmd
Delete file: C:\32788R22FWJFW\restore_pt.vbs
Delete file: C:\32788R22FWJFW\Rkey.cmd
Delete file: C:\32788R22FWJFW\rmbr.3XE
Delete file: C:\32788R22FWJFW\rogues.dat
Delete file: C:\32788R22FWJFW\run2.sed
Delete file: C:\32788R22FWJFW\Rust.str
Delete file: C:\32788R22FWJFW\s0rt.3XE
Delete file: C:\32788R22FWJFW\safeboot.dat
Delete file: C:\32788R22FWJFW\safeboot.def.dat
Delete file: C:\32788R22FWJFW\safeboot.def.vista.dat
Delete file: C:\32788R22FWJFW\Safeboot.def.w7.dat
Delete file: C:\32788R22FWJFW\sed.3XE
Delete file: C:\32788R22FWJFW\SetEnvmt.bat
Delete file: C:\32788R22FWJFW\setpath.3XE
Delete file: C:\32788R22FWJFW\setpath_N.cmd
Delete file: C:\32788R22FWJFW\ShAccess.dat
Delete file: C:\32788R22FWJFW\SnapShot.cmd
Delete file: C:\32788R22FWJFW\SRestore.cmd
Delete file: C:\32788R22FWJFW\srizbi.md5
Delete file: C:\32788R22FWJFW\StartMenuFile.cfx
Delete file: C:\32788R22FWJFW\StartMenuFolder.cfx
Delete file: C:\32788R22FWJFW\StartUpFile.cfx
Delete file: C:\32788R22FWJFW\SuppScan.cmd
Delete file: C:\32788R22FWJFW\SvcDrv.vbs
Delete file: C:\32788R22FWJFW\svchost.dat
Delete file: C:\32788R22FWJFW\svchost.vista.dat
Delete file: C:\32788R22FWJFW\svchost.vista.x64.dat
Delete file: C:\32788R22FWJFW\svchost.w7.dat
Delete file: C:\32788R22FWJFW\svchost.w7.x64.dat
Delete file: C:\32788R22FWJFW\svc_wht.dat
Delete file: C:\32788R22FWJFW\swreg.3XE
Delete file: C:\32788R22FWJFW\swsc.3XE
Delete file: C:\32788R22FWJFW\swxcacls.3XE
Delete file: C:\32788R22FWJFW\system_ini.dat
Delete file: C:\32788R22FWJFW\tail.3XE
Delete file: C:\32788R22FWJFW\TemplatesFile.cfx
Delete file: C:\32788R22FWJFW\TemplatesFolder.cfx
Delete file: C:\32788R22FWJFW\toolbar.sed
Delete file: C:\32788R22FWJFW\UndoW7_XP.dat
Delete file: C:\32788R22FWJFW\Update-CF.cmd
Delete file: C:\32788R22FWJFW\VBR.pif
Delete file: C:\32788R22FWJFW\VInfo
Delete file: C:\32788R22FWJFW\VInfo2
Delete file: C:\32788R22FWJFW\VINFO3
Delete file: C:\32788R22FWJFW\Vipev.dat
Delete file: C:\32788R22FWJFW\Vista.krl
Delete file: C:\32788R22FWJFW\vistaMcode.dat
Delete file: C:\32788R22FWJFW\vistareg.dat
Delete file: C:\32788R22FWJFW\vun.dat
Delete file: C:\32788R22FWJFW\VwinTemp.dacl
Delete file: C:\32788R22FWJFW\W6432.dat
Delete file: C:\32788R22FWJFW\W7.mac
Delete file: C:\32788R22FWJFW\w7Mcode.dat
Delete file: C:\32788R22FWJFW\w7reg.dat
Delete file: C:\32788R22FWJFW\Wmi_rem.vbs
Delete file: C:\32788R22FWJFW\w_sock.dll
Delete file: C:\32788R22FWJFW\xpmcode.dat
Delete file: C:\32788R22FWJFW\xpreg.dat
Delete file: C:\32788R22FWJFW\XPSBoot.reg
Delete file: C:\32788R22FWJFW\zDomain.dat
Delete file: C:\32788R22FWJFW\zhsvc.dat
Delete file: C:\32788R22FWJFW\zip.3XE
Extract: 023.dat
Extract: 023v.dat
Extract: 023w7.dat
Extract: AWF.cmd
Extract: ActiveDrv.vbs
Extract: AppDataFile.cfx
Extract: AppDataFolder.cfx
Extract: Assoc.cmd
Extract: Auto-RC.cmd
Extract: BFE.dat
Extract: Boot-Rk.cmd
Extract: Boot.bat
Extract: BootDrv.vbs
Extract: CF-Script.cmd
Extract: Catch-sub.cmd
Extract: Combo-Fix.sys
Extract: ComboFix-Download.3XE
Extract: Combobatch.bat
Extract: Create.cmd
Extract: Creg.dat
Extract: CregC.cmd
Extract: CregC.dat
Extract: DPF.str
Extract: DelClsid.bat
Extract: DelClsid64.bat
Extract: DesktopFile.cfx
Extract: Dnl.dat
Extract: DrvRun.vbs
Extract: ERDNT.e_e
Extract: ERDNTDOS.LOC
Extract: ERDNTWIN.LOC
Extract: ERUNT.3XE
Extract: ERUNT.LOC
Extract: Exe.reg
Extract: FD-SV.cmd
Extract: FIND3M.bat
Extract: FIXLSP.bat
Extract: FKMGen.cmd
Extract: FavoriteFolder.cfx
Extract: FavoritesFile.cfx
Extract: FileKill.3XE
Extract: Fin.dat
Extract: GetHive.cmd
Extract: Imefile.dat
Extract: Install-RC.cmd
Extract: KNetSvcs.vbs
Extract: Kill-All.cmd
Extract: Ksvchost.vbs
Extract: Lang.bat
Extract: List-B.bat
Extract: List-C.bat
Extract: List-D.bat
Extract: List.bat
Extract: LocalAppDataFile.cfx
Extract: LocalAppDataFolder.cfx
Extract: LocalService.dat
Extract: LocalServiceNetworkRestricted.dat
Extract: LocalSettingsFile.cfx
Extract: LocalSystemNetworkRestricted.dat
Extract: MDWht.dat
Extract: MoveIt.bat
Extract: MpsSvc.dat
Extract: ND_.bat
Extract: ND_64.bat
Extract: NT-OS.cmd
Extract: NetworkService.dat
Extract: NirCmd.3XE
Extract: NirCmd.chm
Extract: NirCmdC.3XE
Extract: NirScript.dat
Extract: OSid.vbs
Extract: P.cmd
Extract: PV.3XE
Extract: PersonalFile.cfx
Extract: PersonalFolder.cfx
Extract: Policies.dat
Extract: Prep.inf
Extract: ProfilesFile.cfx
Extract: ProfilesFolder.cfx
Extract: ProgramsFile.cfx
Extract: ProgramsFolder.cfx
Extract: Purity.dat
Extract: RCLink.dat
Extract: REGDACL.sed
Extract: RegDo.sed
Extract: RegScan.cmd
Extract: RegScan64.cmd
Extract: Rkey.cmd
Extract: Rust.str
Extract: SRestore.cmd
Extract: Safeboot.def.w7.dat
Extract: SetEnvmt.bat
Extract: ShAccess.dat
Extract: SnapShot.cmd
Extract: StartMenuFile.cfx
Extract: StartMenuFolder.cfx
Extract: StartUpFile.cfx
Extract: SuppScan.cmd
Extract: SvcDrv.vbs
Extract: TemplatesFile.cfx
Extract: TemplatesFolder.cfx
Extract: UndoW7_XP.dat
Extract: Update-CF.cmd
Extract: VBR.pif
Extract: VINFO3
Extract: VInfo
Extract: VInfo2
Extract: Vipev.dat
Extract: VwinTemp.dacl
Extract: Wmi_rem.vbs
Extract: XPSBoot.reg
Extract: appinit.bad
Extract: asp.str
Extract: av.cmd
Extract: av.vbs
Extract: badclsid.c
Extract: c.bat
Extract: catchme.3XE
Extract: clsid.c
Extract: dd.3XE
Extract: ddsDo.sed
Extract: dumphive.3XE
Extract: embedded.sed
Extract: extract.3XE
Extract: ffdefstr.dll
Extract: files.pif
Extract: firefox.exe
Extract: fl0.bat
Extract: grep.3XE
Extract: gsar.3XE
Extract: handle.3XE
Extract: hidec.3XE
Extract: history.bat
Extract: hwid.pif
Extract: iexplore.exe
Extract: image001.gif
Extract: katch.cmd
Extract: lnkread.vbs
Extract: mbr.3XE
Extract: mbr.chk
Extract: md5sum.pif
Extract: md5sum00.pif
Extract: mtee.3XE
Extract: mynul.dat
Extract: n.pif
Extract: ncmd.com
Extract: ndis_combofix.dat
Extract: netsvc.bad.dat
Extract: netsvc.dat
Extract: netsvc.vista.dat
Extract: netsvc.xp.dat
Extract: pausep.3XE
Extract: pev.3XE
Extract: pevb.3XE
Extract: powp.dat
Extract: pv.com
Extract: region.dat
Extract: restore_pt.vbs
Extract: rmbr.3XE
Extract: rogues.dat
Extract: run2.sed
Extract: s0rt.3XE
Extract: safeboot.dat
Extract: safeboot.def.dat
Extract: safeboot.def.vista.dat
Extract: sed.3XE
Extract: setpath.3XE
Extract: srizbi.md5
Extract: svc_wht.dat
Extract: svchost.dat
Extract: svchost.vista.dat
Extract: svchost.vista.x64.dat
Extract: svchost.w7.dat
Extract: svchost.w7.x64.dat
Extract: swreg.3XE
Extract: swsc.3XE
Extract: swxcacls.3XE
Extract: system_ini.dat
Extract: tail.3XE
Extract: toolbar.sed
Extract: vistaMcode.dat
Extract: vistareg.dat
Extract: vun.dat
Extract: w7Mcode.dat
Extract: w7reg.dat
Extract: w_sock.dll
Extract: xpmcode.dat
Extract: xpreg.dat
Extract: zDomain.dat
Extract: zhsvc.dat
Extract: zip.3XE
Output folder: C:\32788R22FWJFW\EN-US
Extract: iexplore.exe
Output folder: C:\32788R22FWJFW\License
Extract: Curl - license.txt
Extract: EXTRACT.TXT
Extract: FI - license.txt
Extract: UnxUtilsDist.com
Extract: UnxUtilsDist.html
Extract: UnxUtilsDist.pif
Extract: Zip - license.txt
Extract: dumphive-license.txt
Extract: firefox.exe
Extract: iexplore.exe
Extract: mtee.txt
Extract: ncmd.cfxxe
Extract: pv_5_2_2.zip
Extract: streamtools.zip
Output folder: C:\32788R22FWJFW\N_
Output folder: C:\32788R22FWJFW

Edited by noob123456, 01 August 2012 - 03:33 PM.


#8 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:02:43 AM

Posted 01 August 2012 - 08:12 PM

Let's try a different route instead of ComboFix:

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#9 noob123456

noob123456
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 01 August 2012 - 11:46 PM

OTL:

OTL logfile created on: 8/2/2012 12:02:49 AM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 53.13% Memory free
7.60 Gb Paging File | 5.44 Gb Available in Paging File | 71.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 488.85 Gb Total Space | 356.14 Gb Free Space | 72.85% Space Free | Partition Type: NTFS
Drive D: | 98.87 Mb Total Space | 88.77 Mb Free Space | 89.78% Space Free | Partition Type: FAT32
Drive F: | 4.22 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: OWNER-HP | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/01 23:53:39 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2012/07/18 18:05:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/07/18 18:04:50 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/07/18 18:04:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/07/16 10:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/05/24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/04/18 23:57:44 | 000,336,952 | ---- | M] (Power Software Ltd) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2012/01/18 15:47:28 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2012/01/18 15:47:20 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2012/01/18 15:47:10 | 000,103,536 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
PRC - [2012/01/18 13:27:20 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
PRC - [2011/07/06 03:10:39 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2010/09/03 17:13:30 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
PRC - [2010/08/23 09:11:28 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2010/05/01 13:21:14 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/05/01 13:21:14 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/11 17:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/31 01:36:14 | 000,442,392 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppgooglenaclpluginchrome.dll
MOD - [2012/07/31 01:36:13 | 012,235,288 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
MOD - [2012/07/31 01:36:12 | 003,997,720 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll
MOD - [2012/07/31 01:34:57 | 000,526,872 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\21.0.1180.60\libglesv2.dll
MOD - [2012/07/31 01:34:55 | 000,104,984 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\21.0.1180.60\libegl.dll
MOD - [2012/07/31 01:34:45 | 000,144,424 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\21.0.1180.60\avutil-51.dll
MOD - [2012/07/31 01:34:43 | 000,266,792 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\21.0.1180.60\avformat-54.dll
MOD - [2012/07/31 01:34:42 | 002,480,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\21.0.1180.60\avcodec-54.dll
MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011/07/06 03:10:39 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/09 18:26:44 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/08/05 22:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/07/22 22:19:24 | 000,263,168 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/06/15 14:53:52 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/02/23 10:38:54 | 002,192,176 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 22:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/07/28 03:02:41 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 16:42:33 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/18 18:05:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/07/18 18:04:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/07/16 10:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/25 09:56:30 | 009,690,112 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe -- (wampmysqld)
SRV - [2012/01/18 15:47:28 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012/01/18 15:47:20 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012/01/18 15:04:52 | 011,839,488 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2012/01/18 13:27:20 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm)
SRV - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm)
SRV - [2011/09/26 10:06:54 | 000,021,504 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe -- (wampapache)
SRV - [2011/08/29 22:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/05/01 13:21:14 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/05/01 13:21:14 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/11 17:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/23 10:19:02 | 001,799,472 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [1998/06/06 00:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/29 08:13:26 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012/07/18 18:05:10 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/07/18 18:05:10 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/07/18 18:05:10 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/04/18 23:57:38 | 000,126,912 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 06:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/02/16 00:24:40 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/02/16 00:24:38 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/18 15:47:44 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012/01/18 15:46:18 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012/01/18 13:06:00 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012/01/18 13:06:00 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2012/01/11 02:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/08/29 22:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011/08/08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 18:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/09 18:45:34 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/09 17:52:50 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/09/03 17:13:32 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/09/02 00:52:50 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/07/28 18:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010/07/28 18:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/22 22:19:24 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/06/24 13:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/06/15 14:53:58 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/06/15 14:53:42 | 000,041,272 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010/05/06 09:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/05/01 13:21:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2010/04/13 12:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/01/06 23:20:22 | 000,448,512 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8187.sys -- (RTL8187)
DRV:64bit: - [2009/10/27 08:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/08/27 01:30:17 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [1998/05/07 00:00:00 | 000,000,111 | ---- | M] () [Adapter | On_Demand | Unknown] -- C:\Windows\SysWow64\WINSOCK.SRG -- (Winsock)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Notebooks
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Notebooks
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2760484521-1919682237-4135313777-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2760484521-1919682237-4135313777-1001\..\SearchScopes,DefaultScope = {58845D3D-6765-4B71-B9AA-6503F807C866}
IE - HKU\S-1-5-21-2760484521-1919682237-4135313777-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-2760484521-1919682237-4135313777-1001\..\SearchScopes\{47F46711-9250-4F78-8E40-D7FA8EEE0686}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=kw&q={searchTerms}&locale=&apn_ptnrs=FV&apn_dtid=YYYYYYUFUS&apn_uid=a1761ab8-9109-40a0-a9b2-7a182d486ccd&apn_sauid=A119E961-53D8-4305-A85E-A1DF8E5E6DDD
IE - HKU\S-1-5-21-2760484521-1919682237-4135313777-1001\..\SearchScopes\{58845D3D-6765-4B71-B9AA-6503F807C866}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-2760484521-1919682237-4135313777-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={5AB03E0D-D04C-47AB-9018-2CFCFE0ACA80}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2760484521-1919682237-4135313777-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-2760484521-1919682237-4135313777-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-2760484521-1919682237-4135313777-1001\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Notebooks
IE - HKU\S-1-5-21-2760484521-1919682237-4135313777-1001\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2760484521-1919682237-4135313777-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2760484521-1919682237-4135313777-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer;version=0.8: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Owner\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\pokki.com/PokkiDownloadHelper: C:\Users\Owner\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.1.1.76.dll (Pokki)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012/04/29 10:11:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/05/02 19:33:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files (x86)\Fiddler2\FiddlerHook [2012/07/03 15:21:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/16 17:40:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/28 03:02:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/07/23 11:04:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2012/07/28 10:32:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\w9x5yahi.default\extensions
[2012/07/28 03:02:43 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\w9x5yahi.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2012/07/28 03:02:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/28 03:02:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2012/07/28 10:21:48 | 000,025,332 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W9X5YAHI.DEFAULT\EXTENSIONS\{8F6A6FD9-0619-459F-B9D0-81DE065D4E21}.XPI
[2012/07/23 11:05:10 | 000,080,872 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W9X5YAHI.DEFAULT\EXTENSIONS\{9C51BD27-6ED8-4000-A2BF-36CB95C0C947}.XPI
[2012/07/27 01:16:38 | 000,008,689 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W9X5YAHI.DEFAULT\EXTENSIONS\{BB65E674-B194-4B6E-8033-5FA0AFE3A198}.XPI
[2012/07/28 10:32:04 | 000,041,372 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W9X5YAHI.DEFAULT\EXTENSIONS\{EA2B95C2-9BE8-48ED-BDD1-5FCD2AD0FF99}.XPI
[2012/07/27 10:14:32 | 000,047,609 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W9X5YAHI.DEFAULT\EXTENSIONS\{F5DDF39C-9293-4D5E-9AA8-E04E6DD5E9B4}.XPI
[2012/07/23 11:28:41 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W9X5YAHI.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2012/07/28 03:02:42 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/17 17:15:30 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/17 17:15:30 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Owner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pokki Download Helper (Enabled) = C:\Users\Owner\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.1.1.76.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Entanglement = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Firebug Lite for Google Chrome\u2122 = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: AdBlock+ = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\chmimgmjdabgiilljdjfbonifbhiglao\1.1.9.18_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Calendar = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Grooveshark Remote Chrome = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbpifhknilaflibiifjhhofddbbchmhh\1.5.3_0\
CHR - Extension: Edit This Cookie = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg\0.31_0\
CHR - Extension: LastPass = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.10_0\
CHR - Extension: Request Maker = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajfghlhfkcocafkcjlajldicbikpgnp\0.1.2.8_0\
CHR - Extension: Cookie Manager = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbnfbcpkiaganjpcanopcgeoehkleeck\1.0_0\
CHR - Extension: Poppit = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Tab Manager and Organizer = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\memamffhfcodpkacigemlanlbfpmmnbb\0.1_0\
CHR - Extension: HP Product Detection Plugin = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.16.0_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.5.1_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/31 16:12:58 | 000,601,777 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.axandra.com
O1 - Hosts: 127.0.0.1 www.keywordindex.com
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-5.adobe.com
O1 - Hosts: 16166 more lines...
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (QuickNet BHO) - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - C:\Program Files (x86)\Lotoshare Registry Cleaner\Register.dll (QuickNet)
O2 - BHO: (HttpWatch Professional) - {F1F69322-008F-4895-B2BF-AD194219825A} - C:\Program Files (x86)\HttpWatch\httpwatchscpro.dll (Simtec Limited)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKU\S-1-5-21-2760484521-1919682237-4135313777-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ClipX] C:\Program Files\ClipX\clipx.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk = C:\Program Files\ShareX\ShareX.exe (ShareX Developers)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2760484521-1919682237-4135313777-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2760484521-1919682237-4135313777-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2760484521-1919682237-4135313777-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2760484521-1919682237-4135313777-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-21-2760484521-1919682237-4135313777-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: HttpWatch Professional - C:\Program Files (x86)\HttpWatch\httpwatchpro.dll (Simtec Limited)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: HttpWatch Professional - C:\Program Files (x86)\HttpWatch\httpwatchpro.dll (Simtec Limited)
O9:64bit: - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9:64bit: - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files (x86)\Samsung AnyWeb Print\W2PBrowser.dll ()
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: UA Button - {7CD59A63-0815-46D0-B474-2E5BCFCADD7C} - C:\Program Files (x86)\UAPick\UABtn.dll (Bayden Systems)
O9 - Extra 'Tools' menuitem : Set UA St&ring - {7CD59A63-0815-46D0-B474-2E5BCFCADD7C} - C:\Program Files (x86)\UAPick\UABtn.dll (Bayden Systems)
O9 - Extra Button: WinToFlash Suggestor - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : WinToFlash Suggestor options - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - Reg Error: Key error. File not found
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra Button: HttpWatch Professional - {D103E85B-5D67-42c1-8C83-F01079DBAB26} - C:\Program Files (x86)\HttpWatch\httpwatchpro.dll (Simtec Limited)
O9 - Extra 'Tools' menuitem : HttpWatch Professional - {D103E85B-5D67-42c1-8C83-F01079DBAB26} - Reg Error: Value error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O15 - HKU\S-1-5-21-2760484521-1919682237-4135313777-1001\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {3A52566B-6018-485B-B713-8B9FF660D8E8} http://dvrlink.net/webdvr/webdvr2.13.1.10_68.0.0.0.cab (ilhtrapp Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B9BDC1E-804C-4E2B-A63A-C805249B28EC}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B03A4F8E-B4EA-4A29-A142-BFA1AE50654C}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/20 22:17:00 | 000,000,100 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/01 23:53:38 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/08/01 15:38:56 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/08/01 15:26:00 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/01 09:07:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2012/08/01 09:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/01 09:07:12 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/01 09:07:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/01 09:07:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/31 20:14:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Avira
[2012/07/31 20:11:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/07/31 20:11:26 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/07/31 20:11:26 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/07/31 20:11:26 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012/07/31 20:11:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/07/31 18:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lotoshare Registry Cleaner
[2012/07/31 18:02:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lotoshare Registry Cleaner
[2012/07/31 16:03:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\DoctorWeb
[2012/07/31 15:44:51 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/07/31 10:45:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/07/31 10:44:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/07/31 10:44:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012/07/31 10:35:43 | 057,442,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/07/31 09:30:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/07/31 09:30:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/07/31 09:18:28 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Documents\MSDCSC
[2012/07/30 13:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ITSecTeam
[2012/07/30 13:30:38 | 001,018,880 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll
[2012/07/30 13:30:38 | 000,208,384 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\ssleay32.dll
[2012/07/30 13:30:37 | 020,170,240 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\SysWow64\QtWebKit4.dll
[2012/07/30 13:30:37 | 010,137,600 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\SysWow64\QtGui4.dll
[2012/07/30 13:30:37 | 002,847,232 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\SysWow64\QtCore4.dll
[2012/07/30 13:30:37 | 002,179,584 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\SysWow64\QtScript4.dll
[2012/07/30 13:30:37 | 001,290,752 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\SysWow64\QtNetwork4.dll
[2012/07/30 13:30:37 | 000,347,136 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\SysWow64\phonon4.dll
[2012/07/30 13:30:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ITSecTeam
[2012/07/30 10:08:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Exploit Scanner
[2012/07/29 08:26:39 | 000,000,000 | ---D | C] -- C:\p
[2012/07/29 08:13:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TrueCrypt
[2012/07/29 08:13:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2012/07/29 08:13:26 | 000,231,376 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2012/07/29 08:13:01 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2012/07/28 15:25:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Google Dorker
[2012/07/28 15:23:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\gtk-2.0
[2012/07/28 03:02:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/07/27 14:27:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\mRemoteNG
[2012/07/27 14:27:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\mRemoteNG
[2012/07/27 14:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mRemoteNG
[2012/07/27 14:27:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mRemoteNG
[2012/07/27 03:18:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012/07/27 01:27:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/26 16:30:11 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Virtual Machines
[2012/07/26 16:28:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\VMware
[2012/07/26 16:28:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\VMware
[2012/07/26 16:25:34 | 000,063,088 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2012/07/26 16:24:02 | 000,354,416 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2012/07/26 16:24:01 | 000,433,264 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2012/07/26 16:24:01 | 000,030,320 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2012/07/26 16:23:50 | 000,942,192 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2012/07/26 16:23:47 | 000,039,024 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2012/07/26 16:23:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2012/07/26 16:22:45 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2012/07/26 16:22:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware
[2012/07/26 16:22:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2012/07/26 16:22:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Shared Virtual Machines
[2012/07/26 16:22:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2012/07/25 12:50:08 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/07/25 12:50:08 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/07/25 12:25:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\0x90.org
[2012/07/25 12:25:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\0x90.org
[2012/07/25 12:25:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\0x90.org
[2012/07/24 17:59:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\temp
[2012/07/24 12:17:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\CULT_OF_THE_DEAD_COW
[2012/07/23 14:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/07/23 11:34:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Macromedia
[2012/07/23 11:04:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Mozilla
[2012/07/23 11:02:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/07/23 11:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/07/20 19:39:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IP Camera
[2012/07/20 19:38:59 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2012/07/18 20:38:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinToFlash Suggestor
[2012/07/18 20:38:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\WinToFlash
[2012/07/18 01:40:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Disk Imager
[2012/07/11 21:26:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\XCode Exploit
[2012/07/11 21:26:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Tor Browser
[2012/07/11 21:26:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Havij 1.15 - Advanced SQL Injection
[2012/07/11 21:26:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\admin finder
[2012/07/10 22:55:57 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/10 22:55:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/10 22:55:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/10 22:55:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/10 22:55:56 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/10 22:55:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/10 22:55:56 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/10 22:55:56 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/10 22:55:54 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/10 22:55:54 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/10 22:55:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/10 22:55:54 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/10 22:55:54 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/10 20:05:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/10 20:05:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/10 20:05:23 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/10 20:04:56 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/10 20:04:55 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/10 20:02:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\imo.im
[2012/07/09 16:11:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Charles
[2012/07/09 16:10:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Charles
[2012/07/09 16:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Charles
[2012/07/08 13:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2012/07/08 10:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
[2012/07/08 10:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2012/07/06 18:25:12 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/06 18:25:12 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/06 18:25:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/07/06 15:12:03 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/07/06 15:11:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/07/06 15:10:48 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/07/06 15:10:24 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/07/06 15:10:24 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/07/06 15:09:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/07/06 14:44:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012/07/06 14:32:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012/07/06 14:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/07/06 14:32:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012/07/06 09:09:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Network Utilities
[2012/07/06 09:09:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2012/07/06 09:09:16 | 000,303,104 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNC640L.dll
[2012/07/06 09:09:16 | 000,106,496 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNC640U.dll
[2012/07/06 09:09:16 | 000,015,872 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNHMCA.dll
[2012/07/06 09:08:59 | 000,353,792 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNMNPPM.DLL
[2012/07/06 09:08:59 | 000,336,896 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMN6PPM.DLL
[2012/07/06 09:08:59 | 000,144,384 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMN6UI.DLL
[2012/07/06 09:08:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\STRING
[2012/07/06 09:08:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\CHM
[2012/07/06 09:08:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012/07/06 09:08:52 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2012/07/06 09:08:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP640 series
[2012/07/06 09:08:41 | 000,336,896 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLMA2.DLL
[2012/07/06 09:08:37 | 000,244,736 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMIUA2.DLL
[2012/07/06 09:08:33 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2012/07/04 01:59:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\DivX
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/01 23:53:39 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/08/01 23:41:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/01 23:18:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2760484521-1919682237-4135313777-1001UA.job
[2012/08/01 21:24:16 | 000,026,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/01 21:24:16 | 000,026,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/01 21:21:11 | 000,734,596 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/01 21:21:11 | 000,629,866 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/01 21:21:11 | 000,108,676 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/01 21:16:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/01 21:16:08 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/01 15:16:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2760484521-1919682237-4135313777-1001UA.job
[2012/08/01 10:18:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2760484521-1919682237-4135313777-1001Core.job
[2012/08/01 05:05:12 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/08/01 05:05:12 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/07/31 21:16:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2760484521-1919682237-4135313777-1001Core.job
[2012/07/31 18:02:17 | 000,001,177 | ---- | M] () -- C:\Users\Public\Desktop\Lotoshare Registry Cleaner.lnk
[2012/07/31 16:20:04 | 000,002,453 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2012/07/31 16:12:58 | 000,601,777 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/31 16:12:58 | 000,601,777 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts - Copy
[2012/07/31 16:07:24 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2012/07/31 10:44:51 | 000,003,205 | ---- | M] () -- C:\Users\Owner\Desktop\Sophos Virus Removal Tool.lnk
[2012/07/31 09:30:34 | 000,002,975 | ---- | M] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2012/07/30 13:30:39 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\WAppEx.lnk
[2012/07/29 15:08:45 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/29 08:13:26 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2012/07/29 08:00:29 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOWNER-HP$.job
[2012/07/28 20:44:47 | 000,000,218 | ---- | M] () -- C:\Users\Owner\.recently-used.xbel
[2012/07/28 03:09:33 | 000,000,535 | ---- | M] () -- C:\Users\Owner\Desktop\SocketSniff.cfg
[2012/07/27 16:42:33 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/27 16:42:33 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/27 11:34:06 | 000,000,132 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/07/26 16:25:38 | 000,000,988 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Workstation.lnk
[2012/07/26 16:23:40 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/07/26 16:23:35 | 000,750,974 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/26 16:23:31 | 000,002,095 | ---- | M] () -- C:\Users\Public\Desktop\VMware Workstation.lnk
[2012/07/26 09:49:02 | 000,066,048 | ---- | M] () -- C:\Windows\SysWow64\ieframe.oca
[2012/07/25 12:52:02 | 001,049,314 | ---- | M] () -- C:\Windows\SysNative\oem25.inf
[2012/07/24 13:01:25 | 000,000,600 | ---- | M] () -- C:\Users\Owner\PUTTY.RND
[2012/07/23 17:56:09 | 469,189,675 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/23 11:02:30 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/22 00:50:01 | 000,001,780 | ---- | M] () -- C:\Users\Owner\Desktop\PeerBlock.lnk
[2012/07/22 00:50:01 | 000,001,575 | ---- | M] () -- C:\Users\Public\Desktop\Wireshark.lnk
[2012/07/22 00:50:01 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/22 00:50:01 | 000,000,828 | ---- | M] () -- C:\Users\Owner\Desktop\ShareX.lnk
[2012/07/20 19:39:44 | 000,000,845 | ---- | M] () -- C:\Users\Public\Desktop\IP Camera Tool.lnk
[2012/07/18 18:05:10 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/07/18 18:05:10 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/07/18 18:05:10 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012/07/16 15:12:47 | 000,000,836 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk
[2012/07/15 09:48:01 | 000,002,132 | -H-- | M] () -- C:\Windows\EPMBatch.ept
[2012/07/11 09:28:04 | 005,005,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/06 14:44:29 | 000,000,219 | ---- | M] () -- C:\Users\Owner\Desktop\Team Fortress 2.url
[2012/07/06 14:32:36 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/03 03:13:34 | 057,442,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/31 18:40:01 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012/07/31 18:40:01 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2012/07/31 18:02:17 | 000,001,177 | ---- | C] () -- C:\Users\Public\Desktop\Lotoshare Registry Cleaner.lnk
[2012/07/31 10:44:51 | 000,003,205 | ---- | C] () -- C:\Users\Owner\Desktop\Sophos Virus Removal Tool.lnk
[2012/07/31 09:30:34 | 000,002,975 | ---- | C] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2012/07/30 13:30:39 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\WAppEx.lnk
[2012/07/30 13:30:37 | 000,043,008 | ---- | C] () -- C:\Windows\SysWow64\libgcc_s_dw2-1.dll
[2012/07/30 13:30:37 | 000,011,362 | ---- | C] () -- C:\Windows\SysWow64\mingwm10.dll
[2012/07/29 08:13:28 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2012/07/28 20:44:47 | 000,000,218 | ---- | C] () -- C:\Users\Owner\.recently-used.xbel
[2012/07/27 14:39:59 | 000,107,016 | ---- | C] () -- C:\Users\Owner\Documents\dos32.bas
[2012/07/27 09:41:24 | 000,000,132 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/07/26 16:25:38 | 000,000,988 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Workstation.lnk
[2012/07/26 16:23:40 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012/07/26 16:23:31 | 000,002,095 | ---- | C] () -- C:\Users\Public\Desktop\VMware Workstation.lnk
[2012/07/26 09:49:02 | 000,066,048 | ---- | C] () -- C:\Windows\SysWow64\ieframe.oca
[2012/07/25 12:53:28 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/07/25 12:52:08 | 001,049,314 | ---- | C] () -- C:\Windows\SysNative\oem25.inf
[2012/07/24 13:01:25 | 000,000,600 | ---- | C] () -- C:\Users\Owner\PUTTY.RND
[2012/07/23 11:02:30 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/23 11:02:30 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/20 19:38:59 | 000,000,845 | ---- | C] () -- C:\Users\Public\Desktop\IP Camera Tool.lnk
[2012/07/11 10:12:42 | 000,002,032 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fiddler2 ScriptEditor.lnk
[2012/07/08 10:00:51 | 000,001,780 | ---- | C] () -- C:\Users\Owner\Desktop\PeerBlock.lnk
[2012/07/06 18:25:12 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/06 14:44:29 | 000,000,219 | ---- | C] () -- C:\Users\Owner\Desktop\Team Fortress 2.url
[2012/07/06 14:32:36 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/07/06 09:09:16 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\CNC173FD.TBL
[2012/05/31 11:52:48 | 005,445,617 | ---- | C] () -- C:\Windows\aapt.exe
[2012/05/12 14:01:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/12 14:01:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/12 14:01:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/12 14:01:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/12 14:01:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/05 11:14:09 | 000,000,001 | ---- | C] () -- C:\Users\Owner\AppData\Local\llftool.4.25.agreement
[2012/05/03 12:59:01 | 000,216,636 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/05/03 08:42:32 | 001,047,456 | ---- | C] () -- C:\Windows\SysWow64\wodCertificate64.dll
[2012/05/03 08:42:29 | 000,853,896 | ---- | C] () -- C:\Windows\SysWow64\wodCertificate.dll
[2012/05/02 11:15:37 | 000,493,432 | ---- | C] () -- C:\Windows\ssndii.exe
[2012/05/02 09:58:02 | 000,000,126 | ---- | C] () -- C:\Windows\mdm.ini
[2012/05/02 09:57:47 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/05/02 09:57:47 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/05/01 11:07:55 | 000,750,974 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/29 19:37:12 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2012/04/29 19:37:12 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2012/04/29 19:37:12 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2012/04/29 19:37:12 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2012/04/29 19:37:11 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2012/04/29 01:39:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/04/29 01:30:04 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2012/04/29 01:28:38 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2012/04/29 01:28:38 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2012/04/28 23:47:52 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012/04/28 23:46:15 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe

< End of report >

EXTRAS:

OTL Extras logfile created on: 8/2/2012 12:02:49 AM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 53.13% Memory free
7.60 Gb Paging File | 5.44 Gb Available in Paging File | 71.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 488.85 Gb Total Space | 356.14 Gb Free Space | 72.85% Space Free | Partition Type: NTFS
Drive D: | 98.87 Mb Total Space | 88.77 Mb Free Space | 89.78% Space Free | Partition Type: FAT32
Drive F: | 4.22 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: OWNER-HP | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with Corel PaintShop Photo Pro X3] -- "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F236B67-5E28-4487-BB91-304B442A6C85}" = lport=445 | protocol=6 | dir=in | app=system |
"{1B0BEC2E-5C7A-4A75-961F-EEFE2831A048}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1F4CBAFA-3407-420F-8577-4BD6C4C9C530}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2986CCB1-A404-4038-9E4C-19247FDA60A6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{301602A1-D924-47F3-A5AC-02DD7B93E317}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{30DB6CC1-6EA5-4C33-AFDA-C09398E2CD0E}" = lport=139 | protocol=6 | dir=in | app=system |
"{366B0C0D-D690-42C8-B52F-EF01FBC334F0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{373780B4-FA9A-4D76-965C-7BC2F24C8F00}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{4ED7F5EE-8D05-4FD3-9AF2-A635DD210E04}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4FA6A3DD-2BC7-4973-B412-4CBD0DF1D0C7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{52BC8D68-865E-43E5-83E3-EDE17D82EF62}" = rport=139 | protocol=6 | dir=out | app=system |
"{68F80780-195A-44CA-AA7D-CCE590A3D486}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6E2B8D1C-9711-4882-B82E-3471DDEDE6FD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7597F4E1-D35F-440C-BFFD-0DAC59ED6282}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{83B41B6D-B487-4E31-99BE-6EF2290C2138}" = rport=138 | protocol=17 | dir=out | app=system |
"{85D941E4-60D8-4512-8BFE-C7E6D00FF5D6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8ED9BA4B-2AAB-4275-92C3-7957949BBCB3}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{95DE6D5E-3425-495E-8F07-3BF216F6EFF3}" = rport=137 | protocol=17 | dir=out | app=system |
"{9F1A3A21-63F7-4D9E-B076-9A4BB665AE9E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A096B260-4D16-4483-B2E5-F11C7E81F265}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.5 |
"{A409217D-B68B-4E45-8642-33C93F7A6636}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{B1C9F412-2B87-4B05-8529-BB08E8899DC4}" = lport=137 | protocol=17 | dir=in | app=system |
"{B4A65DA0-1AD7-4727-8909-939BE634A347}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B7169C63-955F-4827-893E-8EE5B2555CD0}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{B764E494-3332-4930-BBD2-4579B9098A76}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BFD5EEE9-1463-4117-AAE9-FE14E85AD122}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C7B583B7-C147-4248-A4CF-289770CAA49C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C7FC0DF8-7047-42F9-ADEA-909B91D80F90}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D1079B5D-B41C-4868-B3CB-00F93C65F9AF}" = lport=138 | protocol=17 | dir=in | app=system |
"{DC925C10-3AE6-4CE5-A05A-76FA81544504}" = rport=445 | protocol=6 | dir=out | app=system |
"{EA6AE98E-D1F1-46F6-A8CC-61D75AC3A568}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{ED7F1F83-E293-4AC5-B6CC-4B197F728564}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03EC5FA7-6400-4D03-B68E-EFB9A9798C8F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0BBC26D0-37AC-44DA-82F6-5194A52D1CF2}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe |
"{0F9D2E49-FBE3-40B8-B317-E6B9AAC4BAF8}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe |
"{0FF8E8DA-BE96-47DD-9055-C1F0EB84F4C2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{15525001-4D1B-4A67-99F9-EBF5B040805C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1806FB30-1339-4884-ACF6-9366836ABAD8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{1CDFB70E-EEC4-4479-B7FD-0BD7B9C0F490}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{1F002731-DFBA-471B-AAB2-41C16FE85F19}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2A90AE38-4273-407E-A1DB-BC798A529E21}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{2B366F46-29D7-4A59-B463-35592DBAD5BE}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{2C8F73D4-BBBD-4CE1-BEF3-B74C386AB132}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2CD7845F-76E6-45B5-A1D2-21B441123B21}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2E96BD0B-CA71-4A9E-AD7A-45C2F6793941}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{33A3760E-8B4F-4EDF-BAA1-61986E35228D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{38593BA6-42EC-49E2-BD2C-C016332C77D1}" = protocol=6 | dir=out | app=system |
"{3A583703-8E44-469F-99E8-73518D6763FC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{3BC859F4-0AE8-4EB4-80D4-6646165742AF}" = dir=in | app=c:\users\owner\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{3C5DF2BA-E4ED-4E1C-8194-57A6431B91DE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{41B9B30E-80DF-4631-B4CC-35F0AB1F5C88}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{43970D11-194A-4EC0-8E30-3D86F89B97DB}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{49FF55C1-A2DA-4872-AC6E-FF5ED5549C70}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.5\flashbuilder.exe |
"{534E2B53-2FBD-46E1-92F7-2D64A737280C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5BBCCF98-5C39-4C9F-907E-BB8FF36476AF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{6E0F85E1-E81D-41F5-89FE-49D94D313B00}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{722EDC37-5392-4169-A174-ABD63676AA17}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{7BDAA962-4CA2-4817-B405-5F4757EF9A22}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7DD52FB0-FDA5-44D8-A81B-3D4CAA6313FC}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.5\flashbuilder.exe |
"{7F656B63-0E33-47F6-B0A6-8887EE9F540A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{8002D32F-B86D-427B-B5B6-6F4878FB98D6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{834E214C-9FDD-4F33-B611-08D3BD9C316D}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe |
"{84E0DDB7-7646-44D7-8174-EECB11E71DF6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9727820F-9340-44BC-8F56-3C83C49ED0C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9B008C30-580E-4D8C-B43D-A34A589D9482}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9D5FC80C-4D10-4068-BC13-F1CC7E035416}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A4325CA9-4E44-4FC2-B8DE-F77B009810B8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A8B305E3-73A9-47D2-A146-32AE626E7B67}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{BC04BD51-F935-4909-BAF0-525899A0F724}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BFF68551-7063-40A2-A54A-57E3B34F2612}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C251BFAC-759C-4F6A-8307-CEB01E15F119}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C52F97B6-3115-409D-B282-13F6D26733D1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CD5E9738-B8BF-4669-ADB3-7D68A0852AF5}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{D182D6D8-8259-4166-AD29-6DBC866B8E06}" = protocol=6 | dir=in | app=c:\program files (x86)\fiddler2\fiddler.exe |
"{E24AFD57-EAC1-411F-A38C-32ECC1F1313D}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe |
"{E3EF39B1-A2A5-48A1-B5D4-293646836A04}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E8A85741-E381-4989-929B-6830E18ACEF6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E8D6C080-68A8-4656-B4E9-C751F12DBAFF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EBA7246B-94E7-421E-89F6-D96C6DF58357}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EE9B638A-B455-4E6B-9B00-4DC763AD16F6}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{F025F885-1CF1-4AEF-B00D-042DD83A01C6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F864997A-8D1F-4341-B91E-ECCCDB680722}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{72221926-5802-40A2-B6A8-34863D00213E}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{E872BF4B-16DA-426A-865B-82C26178F41B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java™ 6 Update 21 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{426FAE9F-7373-496E-A215-9DB7EF4398CF}" = Validity Sensors DDK
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FF5C7C9-86CC-41ED-B93B-0B51AB4FED24}" = VmciSockets
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{61163088-76A7-4A20-8228-7058848CD37F}" = Charles 3.6.5
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6246243-CF06-4E40-8A37-C3B537695C36}" = Share64
"{FB07515A-48AC-9996-16EE-3A3DC8CF8D8E}" = ATI Catalyst Install Manager
"{FED4086D-51A8-E88C-1CF9-BA21A50470EE}" = ccc-utility64
"4B98AB24-5FC2-49a9-97B3-5B370FF22EC7_is1" = WeOnlyDo! Http DELUXE
"82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1" = ShareX 6.2.0.195
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.11 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{00FB9AA8-5FFF-DDCE-DA2E-530994B59217}" = CCC Help Finnish
"{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}" = HttpWatch Professional 7.1.37
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1991D8C3-8354-2228-401C-D3D105CA2AC4}" = CCC Help Chinese Traditional
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E6E990A-728D-4700-9B0A-2CA541C93A12}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 5
"{2D8539EE-3F50-94DB-2605-047B33558C70}" = CCC Help Thai
"{2FF2BBBA-341C-4F36-AB55-7398184733CE}" = CCC Help Italian
"{318DBE01-1E6B-4243-84B0-210391FE789A}" = Samsung AnyWeb Print
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
"{3C22981C-5C14-4176-B0E8-C2BE71174C41}" = HP Product Detection
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}" = IHA_MessageCenter
"{5410C77F-B22F-61FE-7D93-0BEDBC959FF3}" = PX Profile Update
"{5719D840-C30E-7DD3-C746-00B3A5C9BD6B}" = CCC Help Korean
"{5EDE7E1A-E386-BB8B-CD77-3B5AF9A8D80B}" = CCC Help Greek
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{670E7FFC-95FF-C425-BD00-91C120352C4B}" = CCC Help Turkish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A396792-1CA6-E9E5-9844-512238F70C95}" = CCC Help Swedish
"{6C016AC4-0282-4C82-B12F-3D5910DA7319}" = Samsung AnyWeb Print
"{6DC6392C-4D8C-D21E-A0DD-750BD76627F6}" = CCC Help Chinese Standard
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{705B639E-FAAF-40D7-AD58-C445321C7C3F}" = LightScribe System Software
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74796D37-75F9-C430-CC1D-FCE8371D5EB3}" = CCC Help English
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BB5E925-A3DD-48C2-9A82-017AF5982FFE}" = Facebook Messenger 2.1.4590.0
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7FBDEEDA-ECDB-A348-0FBC-41AD5D852B36}" = Catalyst Control Center Localization All
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AC3E7BB-F819-379B-3F81-255904B67A8A}" = CCC Help Czech
"{8C696008-029B-BBA7-9CD3-45596A069D96}" = CCC Help Polish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91892B48-4503-D842-59A0-842F70503843}" = CCC Help Portuguese
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{946B0558-3E7B-D27B-2E95-3A2E99BCB826}" = Catalyst Control Center Graphics Previews Common
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{966BAC40-9175-F3A4-2ADF-D3874CF896D0}" = Grooveshark
"{9902DD1A-58CD-EE2D-1401-EF1D07D3D353}" = CCC Help Japanese
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAD4E5A4-68CD-7957-81EF-8B50DBA5E939}" = CCC Help Danish
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.3 MUI
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AE8289AB-E18C-36E6-BF9B-99557D9F7517}" = Catalyst Control Center Graphics Previews Vista
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B719C82F-A3AC-ED37-3E2A-947E5A7BA214}" = CCC Help Hungarian
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7AAB32A-AA73-ECFD-4F43-F41CFA2CD540}" = ccc-core-static
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{D1F80EFD-A032-4E8E-A367-70C44AD4DCE0}" = ISCOM
"{D3538C4C-8DAF-88CD-55B0-CBF12DECF5A6}" = CCC Help Spanish
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D57588F6-2D35-42B5-5C96-4FC3EB3EF7CE}" = CCC Help Russian
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel® Turbo Boost Technology Driver
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
"{DBE31207-21B1-5688-450E-9B958643FD2C}" = CCC Help Norwegian
"{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro
"{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE311B9A-4C1D-C746-264E-DB2A5C6DD2ED}" = CCC Help French
"{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{DFC63A26-1EF4-A666-BE94-1DF7351DA7BE}" = CCC Help Dutch
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup
"{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro
"{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO
"{F5DAFD10-6E61-49BF-B3C5-5AA9AF3A0863}" = Verizon Download Manager
"{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents
"{F8423392-2296-4748-9B66-344432459632}" = PureHD
"{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share
"{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO
"{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic
"{FBBCD35F-930F-9B68-7A80-A668A68FE86A}" = CCC Help German
"{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE661711-E392-4B3F-A4A7-02C747C09134}" = ISCOM
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"010 Editor v3_is1" = 010 Editor 3.2.2
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aleesoft Free iPad Video Converter_is1" = Aleesoft Free iPad Video Converter 2.5.71
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"ClipX" = ClipX
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"DivX Setup" = DivX Setup
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.1 Home Edition
"Fiddler2" = Fiddler2
"FiddlerSyntaxAddons" = Fiddler Syntax-Highlighting Addons
"FileZilla Client" = FileZilla Client 3.5.3
"FormatFactory" = FormatFactory 2.95
"GroovesharkDesktop.7F9BF17D6D9CB2159C78A6A6AB076EA0B1E0497C.1" = Grooveshark
"HandBrake" = HandBrake 0.9.6
"IBP11_is1" = IBP 11.9.1
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"IP Camera" = IP Camera
"Lotoshare Registry Cleaner_is1" = Lotoshare Registry Cleaner version 2011.01.01
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mRemoteNG" = mRemoteNG
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PalTalk8.2" = Paltalk Messenger
"Pidgin" = Pidgin
"pidgin-guifications" = Guifications Plugin (remove only)
"pidgin-otr" = pidgin-otr 3.2.1-1
"PowerISO" = PowerISO
"Proxy Finder Enterprise Edition" = Proxy Finder Enterprise Edition
"Samsung ML-2525W Series" = Maintenance Samsung ML-2525W Series
"Slice" = Slice Audio File Splitter
"SpeedFan" = SpeedFan (remove only)
"Steam App 440" = Team Fortress 2
"TeamViewer 7" = TeamViewer 7
"Trillian" = Trillian
"TrueCrypt" = TrueCrypt
"UAPick" = Bayden UAPick
"uTorrent" = µTorrent
"VideoPad" = VideoPad Video Editor
"Visual MP3 Splitter & Joiner_is1" = Visual MP3 Splitter & Joiner 6.1
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"VLC media player" = VLC media player 2.0.1
"VMware_Workstation" = VMware Workstation
"WampServer 2_is1" = WampServer 2.2
"WAppEx_is1" = WAppEx 1.0
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinToFlash Suggestor" = WinToFlash Suggestor
"Wireshark" = Wireshark 1.6.7 (64-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2760484521-1919682237-4135313777-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Pokki" = Pokki
"PokkiDownloadHelper" = Pokki Download Helper

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/29/2012 12:20:06 PM | Computer Name = Owner-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3198

Error - 7/29/2012 12:20:07 PM | Computer Name = Owner-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/29/2012 12:20:07 PM | Computer Name = Owner-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4244

Error - 7/29/2012 12:20:07 PM | Computer Name = Owner-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4244

Error - 7/29/2012 1:00:43 PM | Computer Name = Owner-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/29/2012 1:00:43 PM | Computer Name = Owner-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1092

Error - 7/29/2012 1:00:43 PM | Computer Name = Owner-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1092

Error - 7/30/2012 10:07:50 AM | Computer Name = Owner-HP | Source = RasClient | ID = 20227
Description =

Error - 7/30/2012 1:55:01 PM | Computer Name = Owner-HP | Source = Application Error | ID = 1000
Description = Faulting application name: WAppEx.exe, version: 0.0.0.0, time stamp:
0x5007da44 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process id:
0x5ac Faulting application start time: 0x01cd6e790c7a3ba4 Faulting application path:
C:\Program Files (x86)\ITSecTeam\WAppEx\WAppEx.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: ae7abfd7-da6f-11e1-9420-005056c00008

Error - 7/30/2012 1:57:48 PM | Computer Name = Owner-HP | Source = Application Error | ID = 1000
Description = Faulting application name: WAppEx.exe, version: 0.0.0.0, time stamp:
0x5007da44 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x000343d0 Faulting process id:
0x9a4 Faulting application start time: 0x01cd6e7ca78bf337 Faulting application path:
C:\Program Files (x86)\ITSecTeam\WAppEx\WAppEx.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 1283f78b-da70-11e1-9420-005056c00008

[ HP Wireless Assistant Events ]
Error - 4/28/2012 11:38:55 PM | Computer Name = Owner-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/28/2012 11:40:01 PM | Computer Name = Owner-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/28/2012 11:41:06 PM | Computer Name = Owner-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/28/2012 11:42:11 PM | Computer Name = Owner-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/28/2012 11:43:17 PM | Computer Name = Owner-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/28/2012 11:44:22 PM | Computer Name = Owner-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/28/2012 11:45:39 PM | Computer Name = Owner-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/28/2012 11:46:51 PM | Computer Name = Owner-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/28/2012 11:47:55 PM | Computer Name = Owner-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/28/2012 11:48:56 PM | Computer Name = Owner-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

[ System Events ]
Error - 6/11/2012 8:51:26 AM | Computer Name = Owner-HP | Source = Service Control Manager | ID = 7000
Description = The HP Health Check Service service failed to start due to the following
error: %%2

Error - 6/11/2012 9:04:23 AM | Computer Name = Owner-HP | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 6/11/2012 9:10:27 AM | Computer Name = Owner-HP | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 6/11/2012 10:02:53 AM | Computer Name = Owner-HP | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 6/11/2012 1:41:04 PM | Computer Name = Owner-HP | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 6/11/2012 1:42:07 PM | Computer Name = Owner-HP | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 6/11/2012 6:37:33 PM | Computer Name = Owner-HP | Source = Service Control Manager | ID = 7000
Description = The HP Health Check Service service failed to start due to the following
error: %%2

Error - 6/11/2012 9:00:06 PM | Computer Name = Owner-HP | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 6/11/2012 9:02:55 PM | Computer Name = Owner-HP | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 6/12/2012 12:44:29 AM | Computer Name = Owner-HP | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.


< End of report >

#10 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:02:43 AM

Posted 02 August 2012 - 12:17 PM

May I ask what you're doing with these programs?
  • Google Dorker
  • XCode Exploit
  • Havij 1.15 - Advanced SQL Injection
  • admin finder

I'll be waiting for you to get back to me.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#11 noob123456

noob123456
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 02 August 2012 - 12:25 PM

Well, when I was told by my boss to have some PenTesting done our site I said "ok" so I then went to get some quotes. It was REALLY expensive lolol so I signed up on a couple of forums and said to myself "pshhh I can PenTest this site myself!" and I am not that great at it lol...

did you want to see my company website as well?

It's not illegal as long as i'm not doing it on other sites right?

Edited by noob123456, 02 August 2012 - 01:10 PM.


#12 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:02:43 AM

Posted 02 August 2012 - 01:32 PM

If you can send me a private message with the site link, that'd be fine.

And yeah, as long as you're not using it on other websites, it isn't illegal.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#13 noob123456

noob123456
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 02 August 2012 - 01:45 PM

done

#14 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:02:43 AM

Posted 02 August 2012 - 02:26 PM

I've replied to your message. I appreciate your cooperation. :)

Let's see if we can get ComboFix running...

----------Step 1----------------
Please download Malwarebytes' Anti-Malware to your Desktop
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a location you will remember.
  • Copy and Paste that log into your next reply.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK for either of the prompts and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


----------Step 2----------------
Delete your existing copy of ComboFix, and download a new copy from here. Save it to your Desktop for now, but don't run it yet.

Next, move ComboFix.exe to the Malwarebytes Chameleon folder for now.
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\

----------Step 3----------------
Press the R key on your keyboard while holding the Windows button.

The Run prompt should open.

Copy and paste the following command:

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" /o

Then, press Enter.

A black DOS prompt will appear. Press any key to continue.


----------Step 4----------------
Navigate back to the Chameleon folder, and double-click ComboFix.exe.
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\ComboFix.exe* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.

Edited by D-FRED-BROWN, 02 August 2012 - 02:27 PM.

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#15 noob123456

noob123456
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 02 August 2012 - 04:32 PM

---------------------------
mbam-chameleon.exe - Application Error
---------------------------
The application was unable to start correctly (0xc0000142). Click OK to close the application.
---------------------------
OK
---------------------------

^ it does this EVERYTIME i try to run cmd.exe, sfc.exe as well

----------------------

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.01.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-HP [administrator]

Protection: Disabled

8/2/2012 4:15:20 PM
mbam-log-2012-08-02 (16-15-20).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 489611
Time elapsed: 1 hour(s), 4 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


------------

i had removed the rootkit sometime ago yet the registry entries remain my main thing is that my sfc.exe, cmd.exe are not working as well as some programs :(




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users