Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i was reading DONT USE COMBOFIX,IS THIS COMPATABLE WINDOW 7 ?


  • This topic is locked This topic is locked
86 replies to this topic

#1 kathmandu64

kathmandu64

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:chicago
  • Local time:08:40 PM

Posted 29 August 2012 - 02:33 AM

i was reading this old notes here , i wonder can we use this COMBOFIX in window 7 ? i tried didnt go through i waited few hours, so i was not shure if this is window 7 compatable, i understand the risk, if some one reply plz,, i have toshiba laptop, seems infected virus, spyware. malware, i cant update virus software it will not let me . time to time my comp just turned off it self, its getting headache,, is there any help i can get from here thank you for ur suggestions ??

BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,374 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:40 PM

Posted 01 September 2012 - 08:07 AM

Greetings kathmandu64 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary. :thumbup2: If you prefer I call you something other than your screen name I would be pleased to do so.


===================================================


Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps are a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.

===================================================


Helping me Help You

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.


===================================================


Additional Information

  • If you have since resolved the original problem you were having, I would appreciate you letting me know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and I will guide you.
    • Explain as best you can what happens with your computer, i.e. it beeps three times, the the black screen starts then goes blank, etc
  • Please tell me if you have your original Windows CD/DVD available.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.

BleepingComputer does not support the independent running of Combofix. In fact we strongly caution against it as improper usage could result in further damage to your computer or worse yet, making your computer unfixable.

If you would like assistance in evaluating and cleaning your computer please do the following for me.


===================================================


Create DDS.txt and Attach.txt

I need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

    DDS.com
    DDS.pif

  • Double click on the Posted Image icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Please copy and paste the contents of both results in your post.
  • Close the program window, and delete the program from your desktop.
You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


===================================================


Create GMER log

I also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • DDS.txt
  • Attach.txt
  • GMER log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,374 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:40 PM

Posted 04 September 2012 - 09:28 AM

Greetings kathmandu64,


===================================================


3 Day Bump

It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#4 kathmandu64

kathmandu64
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:chicago
  • Local time:08:40 PM

Posted 04 September 2012 - 04:03 PM

hello Gary, thankyou sir, i have been looking this , i have cleaned comp from AVAST it took me 28 hours so i could not do any thing sorry for delay, here is my infos, i have win 7 home preium ,64 bit, i have few antivires in my comp, i coud not open any one except AVAST finally so i was able to clean up it found 36 crap some i deleted some i put in vires chest. here is please what you looking for my result , iam novice so iam not shure if i did correctly sending you this infos. time to time computer gets turned off it self hope you get this messege before this happens, appreciated your time and help .
kathmandu

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by kathmandu at 14:45:07 on 2012-09-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3891.1614 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Emsisoft Anti-Malware *Enabled/Outdated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Emsisoft Anti-Malware *Enabled/Outdated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program files (x86)\Kingsoft\PCDoctor\KSafeSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\windows\system32\inetsrv\inetinfo.exe
C:\windows\System32\svchost.exe -k LPDService
C:\windows\system32\mqsvc.exe
C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\windows\SysWow64\perfhost.exe
C:\windows\system32\locator.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ThreatFire\TFService.exe
C:\windows\system32\svchost.exe -k iissvcs
C:\Program Files (x86)\WeFi\WefiEngSvc.exe
C:\windows\system32\SearchIndexer.exe
c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\Macromed\Flash\FlashUtil64_11_4_402_265_ActiveX.exe
C:\windows\system32\taskmgr.exe
C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\windows\system32\SearchProtocolHost.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\windows\SysWOW64\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://search.autocompletepro.com/?si=10191&bi=400
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://search.autocompletepro.com/?si=10191&bi=400
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre1.dll
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll
mURLSearchHooks: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre1.dll
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO: {53707962-6F74-2D53-2644-206D7942484F} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: DownloadHelper Class: {ff2573ae-e1ed-40e1-83ba-f544cb2ee135} - C:\Program Files (x86)\Common Files\Download Helper\DownloadHelper.dll
BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\grabber.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {37483B40-C254-4A72-BDA4-22EE90182C1E} - No File
TB: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll
TB: Burn4Free DB Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - C:\Program Files (x86)\Burn4Free DB Toolbar\tbcore3.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} -
TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} -
TB: FreeOnlineRadioPlayerRecorder Toolbar: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre1.dll
uRun: [Firefox] "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
uRun: [1D26B803D5A3D0838DCEC271F7368F5556F9CC40._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\Users\kathmandu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\~DISAB~1\PHONER~1.LNK - C:\Program Files (x86)\Phone Remote Control\PhoneRemoteControl.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP
IE: &Download with DAM
IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200
IE: Block frame with Ad Muncher
IE: Block image with Ad Muncher
IE: Block link with Ad Muncher
IE: Don't filter page with Ad Muncher
IE: Download &All with DAM
IE: Download &all with DAP
IE: Download FLV &Video with DAM
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\kathmandu\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - C:\Users\kathmandu\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
IE: Report page to the Ad Muncher developers
IE: Run DAM Media&Grabber
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {E3CB497B-E230-4445-8B34-13476822F867}\lang0419
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6}
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
IE: {E3CB497B-E230-4445-8B34-13476822F867} - {5AAF9669-C519-4AFF-BB6D-CCEE38D21C90} - C:\PROGRA~2\COMMON~1\TIDYFA~1\OpenFav.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {8D8972A9-FFFA-11D4-9CC7-00902761BD36} - hxxp://mailjol.com/dev/cab/jscntrl.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.15.1
TCP: Interfaces\{5578E4DC-1E85-49AA-AD5C-6BB5B4B7C2F1}\4444858585 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5578E4DC-1E85-49AA-AD5C-6BB5B4B7C2F1}\4454F4E45647 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5578E4DC-1E85-49AA-AD5C-6BB5B4B7C2F1}\4554D4056594359445F425 : DhcpNameServer = 216.165.129.158 216.170.153.146
TCP: Interfaces\{5578E4DC-1E85-49AA-AD5C-6BB5B4B7C2F1}\D6164636964797D296E666F6 : DhcpNameServer = 216.10.92.50 216.10.92.10
TCP: Interfaces\{5578E4DC-1E85-49AA-AD5C-6BB5B4B7C2F1}\D6562727E236F6D6 : DhcpNameServer = 216.10.92.10 216.10.92.50
TCP: Interfaces\{C374535D-1F6F-42D3-A02A-7E2B530E3FD0} : DhcpNameServer = 192.168.0.1 216.165.129.158
TCP: Interfaces\{E5AAA30D-AB93-4404-AACF-52F5C2A1207E} : DhcpNameServer = 192.168.15.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\PROGRA~2\DVDXST~1\DVDXUT~1.0\DVDGhost\DVDGHO~1.DLL
SEH: ExecuteHooker Class: {569dac0f-2791-46ab-8efc-a54b77c04c20} - C:\Program Files (x86)\DVD X Studios\DVD X Utilities 3.0\DVDGhost\ExecuteHooker.dll
SecurityProviders:
BHO-X64: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO-X64: {53707962-6F74-2D53-2644-206D7942484F} - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO-X64: LastPass Browser Helper Object - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: DownloadHelper Class: {FF2573AE-E1ED-40e1-83BA-F544CB2EE135} - C:\Program Files (x86)\Common Files\Download Helper\DownloadHelper.dll
BHO-X64: GrabberObj Class: {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\grabber.dll
BHO-X64: GrabberObj Class - No File
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {37483B40-C254-4A72-BDA4-22EE90182C1E} - No File
TB-X64: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
TB-X64: BitTorrentBar Toolbar: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll
TB-X64: Burn4Free DB Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Burn4Free DB Toolbar\tbcore3.dll
TB-X64: Winamp Toolbar: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} -
TB-X64: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} -
TB-X64: FreeOnlineRadioPlayerRecorder Toolbar: {F999A48B-1950-4D81-9971-79018F807B4B} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre1.dll
mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
IE-X64: {E3CB497B-E230-4445-8B34-13476822F867}\lang0419
IE-X64: {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe
AppInit_DLLs-X64: c:\PROGRA~2\DVDXST~1\DVDXUT~1.0\DVDGhost\DVDGHO~1.DLL
SEH-X64: ExecuteHooker Class: {569DAC0F-2791-46ab-8EFC-A54B77C04C20} - C:\Program Files (x86)\DVD X Studios\DVD X Utilities 3.0\DVDGhost\ExecuteHooker.dll
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hc3ServiceName;C:\windows\system32\DRIVERS\hotcore3.sys --> C:\windows\system32\DRIVERS\hotcore3.sys [?]
R0 Lbd;Lbd;C:\windows\system32\DRIVERS\Lbd.sys --> C:\windows\system32\DRIVERS\Lbd.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;C:\windows\system32\Drivers\SmartDefragDriver.sys --> C:\windows\system32\Drivers\SmartDefragDriver.sys [?]
R0 TfFsMon;TfFsMon;C:\windows\system32\drivers\TfFsMon.sys --> C:\windows\system32\drivers\TfFsMon.sys [?]
R0 TfSysMon;TfSysMon;C:\windows\system32\drivers\TfSysMon.sys --> C:\windows\system32\drivers\TfSysMon.sys [?]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2012-8-30 23208]
R1 aswSnx;aswSnx;C:\windows\system32\drivers\aswSnx.sys --> C:\windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\windows\system32\drivers\aswSP.sys --> C:\windows\system32\drivers\aswSP.sys [?]
R1 cnnctfy2;Connectify LightWeight Filter;C:\windows\system32\DRIVERS\cnnctfy2.sys --> C:\windows\system32\DRIVERS\cnnctfy2.sys [?]
R1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;C:\windows\system32\Drivers\CSN5PDTS82x64.sys --> C:\windows\system32\Drivers\CSN5PDTS82x64.sys [?]
R1 kmodurl;kmodurl;C:\Program Files (x86)\Kingsoft\PCDoctor\kmodurl64.sys [2011-12-19 133096]
R1 SafDskNT;SafeHouse;\??\C:\windows\system32\drivers\SAFDSKNT.SYS --> C:\windows\system32\drivers\SAFDSKNT.SYS [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 StarPortLite;StarPort Storage Controller (Lite);C:\windows\system32\DRIVERS\StarPortLite.sys --> C:\windows\system32\DRIVERS\StarPortLite.sys [?]
R1 Uim_VIM;UIM Virtual Image Plugin;C:\windows\system32\Drivers\uim_vimx64.sys --> C:\windows\system32\Drivers\uim_vimx64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/05/01 17:26:08];C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-5-1 148976]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-8-30 3069752]
R2 aswFsBlk;aswFsBlk;C:\windows\system32\drivers\aswFsBlk.sys --> C:\windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\windows\system32\drivers\aswMonFlt.sys --> C:\windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-9-1 44808]
R2 AVWEBCAM;AV WebCam, WDM Video Capture;C:\windows\system32\DRIVERS\avwebcam.sys --> C:\windows\system32\DRIVERS\avwebcam.sys [?]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-3-30 151656]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2012-8-9 1852104]
R2 KSafeSvc;KSafe service;C:\Program Files (x86)\Kingsoft\PCDoctor\KSafeSvc.exe [2012-4-10 290720]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\windows\system32\drivers\LMIRfsDriver.sys --> C:\windows\system32\drivers\LMIRfsDriver.sys [?]
R2 ntk_PowerDVD;ntk_PowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-5-1 75248]
R2 PfFilter;PfFilter;C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys [2011-4-28 36792]
R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2007-4-17 11032]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 ThreatFire;ThreatFire;C:\Program Files (x86)\ThreatFire\TFService.exe service --> C:\Program Files (x86)\ThreatFire\TFService.exe service [?]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 WefiEngSvc;WeFi Engine Service;C:\Program Files (x86)\WeFi\WefiEngSvc.exe [2011-3-30 118104]
R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2012-8-30 66320]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;C:\windows\system32\drivers\Apowersoft_AudioDevice.sys --> C:\windows\system32\drivers\Apowersoft_AudioDevice.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\windows\system32\DRIVERS\ManyCam_x64.sys --> C:\windows\system32\DRIVERS\ManyCam_x64.sys [?]
R3 Nbdrv;NetBalancer;C:\windows\system32\DRIVERS\nbdrv.sys --> C:\windows\system32\DRIVERS\nbdrv.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TfNetMon;TfNetMon;\??\C:\windows\system32\drivers\TfNetMon.sys --> C:\windows\system32\drivers\TfNetMon.sys [?]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-10 113120]
S2 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S2 PCCUJobMgr;Common Client Job Manager Service; [x]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-6-17 431456]
S2 WebCamHelper;WebCamHelper;C:\PROGRA~2\AVWEBC~1\WebCamHelper.sys [2011-9-10 2688]
S3 DfSdkS;Defragmentation-Service;C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control\DfSdkS.exe [2011-8-19 544768]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\system32\DRIVERS\ssudbus.sys --> C:\windows\system32\DRIVERS\ssudbus.sys [?]
S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;C:\windows\system32\drivers\DigiartyVirtualCDBus.sys --> C:\windows\system32\drivers\DigiartyVirtualCDBus.sys [?]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-8-17 14216]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-8-17 8456]
S3 FarMntIo;FarMntIo;\??\c:\windows\system32\drivers\farmntio.sys --> c:\windows\system32\drivers\farmntio.sys [?]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 ftpsvc;Microsoft FTP Service;C:\windows\system32\svchost.exe -k ftpsvc [2009-7-13 20992]
S3 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe [2010-4-22 25824]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?]
S3 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-2-4 63304]
S3 NANMp50;NANMp50 NDIS Protocol Driver;C:\windows\system32\Drivers\NANMp50.sys --> C:\windows\system32\Drivers\NANMp50.sys [?]
S3 NANSp50;NANSp50 NDIS Protocol Driver;C:\windows\system32\Drivers\NANSp50.sys --> C:\windows\system32\Drivers\NANSp50.sys [?]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\windows\system32\DRIVERS\netr28ux.sys --> C:\windows\system32\DRIVERS\netr28ux.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-2-16 624856]
S3 PSMounter;Macrium Reflect Image Explorer Service;\??\C:\windows\system32\drivers\psmounter.sys --> C:\windows\system32\drivers\psmounter.sys [?]
S3 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Tenda\Common\RaRegistry.exe [2012-3-25 193888]
S3 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\Tenda\Common\RaRegistry64.exe [2012-3-25 211808]
S3 RDPDISPM;RDPDISPM;C:\windows\system32\DRIVERS\rdpdispm.sys --> C:\windows\system32\DRIVERS\rdpdispm.sys [?]
S3 ReflectService;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2011-7-1 301720]
S3 Revoflt;Revoflt;C:\windows\system32\DRIVERS\revoflt.sys --> C:\windows\system32\DRIVERS\revoflt.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);C:\windows\system32\DRIVERS\s0017bus.sys --> C:\windows\system32\DRIVERS\s0017bus.sys [?]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;C:\windows\system32\DRIVERS\s0017mdfl.sys --> C:\windows\system32\DRIVERS\s0017mdfl.sys [?]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;C:\windows\system32\DRIVERS\s0017mdm.sys --> C:\windows\system32\DRIVERS\s0017mdm.sys [?]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);C:\windows\system32\DRIVERS\s0017mgmt.sys --> C:\windows\system32\DRIVERS\s0017mgmt.sys [?]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);C:\windows\system32\DRIVERS\s0017nd5.sys --> C:\windows\system32\DRIVERS\s0017nd5.sys [?]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;C:\windows\system32\DRIVERS\s0017obex.sys --> C:\windows\system32\DRIVERS\s0017obex.sys [?]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);C:\windows\system32\DRIVERS\s0017unic.sys --> C:\windows\system32\DRIVERS\s0017unic.sys [?]
S3 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
S3 spiceworks;spiceworks;C:\Program Files (x86)\Spiceworks\bin\spiceworks.exe [2011-9-8 47672]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\system32\DRIVERS\ssudmdm.sys --> C:\windows\system32\DRIVERS\ssudmdm.sys [?]
S3 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-8-29 2735528]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-23 54136]
S3 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\BatteryCare\WinRing0x64.sys [2008-7-26 14544]
S3 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]
S4 acthelper;Ashampoo CoreTuner Helper Service;C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner\ACTHelperService.exe [2012-5-1 902488]
S4 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2011-10-26 37280]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-7 250568]
S4 AxonService;Axon Virtual PBX;C:\Program Files (x86)\NCH Swift Sound\Axon\axon.exe [2011-2-11 1257476]
S4 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-5-1 83240]
S4 Connectify;Connectify;C:\Program Files (x86)\Connectify\ConnectifyService.exe [2011-8-20 13312]
S4 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
S4 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-5-1 70952]
S4 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-5-1 312616]
S4 DelegateService;Express Delegate;C:\Program Files (x86)\NCH Software\Delegate\delegate.exe [2011-2-11 2538500]
S4 DialDictateService;Dial Dictate;C:\Program Files (x86)\NCH Swift Sound\DialDictate\dialdictate.exe [2011-2-11 1171460]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-11 136176]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-11 136176]
S4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-19 13336]
S4 IMSService;IMS Telephone On-Hold Player;C:\Program Files (x86)\NCH Swift Sound\IMS\ims.exe [2011-2-11 888836]
S4 JIT Scheduler;JIT Scheduler;C:\Program Files (x86)\GiPo@Utilities\JIT Scheduler\schednt.exe [2011-10-7 176128]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" --> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [?]
S4 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-1-31 375176]
S4 MSRSService;MSRS Recording System;C:\Program Files (x86)\NCH Swift Sound\MSRS\msrs.exe [2011-2-11 745476]
S4 NetBalancer Windows Service;NetBalancer Windows Service;C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe [2011-8-26 10240]
S4 nnCron;nnCron;C:\Program Files (x86)\nnCron\nncron.exe [2006-3-21 408576]
S4 ocster_backup;Ocster Backup;C:\Program Files\Ocster Backup\bin\backupService-ox.exe [2011-6-29 21272]
S4 OMSI download service;Sony Ericsson OMSI download service;C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2011-2-17 90112]
S4 RCP-Host;RCP-Host;C:\Program Files (x86)\Remote Control PC\apc_host.exe [2011-6-4 577024]
S4 RsFx0151;RsFx0151 Driver;C:\windows\system32\DRIVERS\RsFx0151.sys --> C:\windows\system32\DRIVERS\RsFx0151.sys [?]
S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S4 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-23 2320920]
S4 VeriWave FLEXnet License Manager;VeriWave FLEXnet License Manager;C:\Program Files (x86)\VeriWave\WaveDeploy\lmgrd.exe [2011-8-31 1122568]
S4 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~2\SPEEDB~2\VideoAcceleratorService.exe -start -scm --> C:\PROGRA~2\SPEEDB~2\VideoAcceleratorService.exe -start -scm [?]
S4 VRSService;VRS Recording System;C:\Program Files (x86)\NCH Swift Sound\VRS\vrs.exe [2011-2-11 1155076]
S4 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 ZentimoService;Zentimo Assistant;C:\Program Files (x86)\Zentimo\ZentimoService.exe [2011-12-14 555844]
.
=============== File Associations ===============
.
.txt=NoteProTXT
.
=============== Created Last 30 ================
.
2012-09-04 19:23:46 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{73A06F1C-08A3-4CAB-A79D-31E3F92D5F95}\offreg.dll
2012-09-03 19:27:38 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{73A06F1C-08A3-4CAB-A79D-31E3F92D5F95}\mpengine.dll
2012-09-02 22:10:50 2106216 ----a-w- C:\windows\SysWow64\D3DCompiler_43.dll
2012-09-02 22:10:49 1998168 ----a-w- C:\windows\SysWow64\D3DX9_43.dll
2012-09-02 22:09:49 -------- d-----w- C:\Program Files (x86)\DVDFab Media Player
2012-09-02 18:22:56 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-01 08:08:49 54072 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2012-09-01 08:08:36 969200 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2012-09-01 08:08:31 71600 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2012-09-01 08:03:52 41224 ----a-w- C:\windows\avastSS.scr
2012-08-31 20:45:34 -------- d-----w- C:\Program Files (x86)\AutorunCleanUpTool
2012-08-31 06:09:52 8299589 ----a-w- C:\windows\SysWow64\BkavAuto.vxd
2012-08-31 06:09:52 57862935 ----a-w- C:\windows\SysWow64\drivers\SysLib.sys
2012-08-31 06:09:52 33766 ----a-w- C:\windows\SysWow64\drivers\BkavAuto.sys
2012-08-31 06:09:52 -------- d-----w- C:\Program Files\Bkav2006
2012-08-31 03:02:06 -------- d-----w- C:\Program Files (x86)\GFI Software
2012-08-31 00:24:01 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
2012-08-30 23:36:47 -------- d-----w- C:\ProgramData\2F380
2012-08-29 18:47:14 -------- d-----w- C:\Program Files (x86)\SoftCAT
2012-08-29 18:18:05 -------- d-----w- C:\Program Files (x86)\eLibPro
2012-08-28 07:12:17 98816 ----a-w- C:\windows\sed.exe
2012-08-28 07:12:17 518144 ----a-w- C:\windows\SWREG.exe
2012-08-28 07:12:17 256000 ----a-w- C:\windows\PEV.exe
2012-08-28 07:12:17 208896 ----a-w- C:\windows\MBR.exe
2012-08-28 02:51:52 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-28 02:51:52 -------- d-----w- \TDSSKiller_Quarantine
2012-08-28 02:45:07 208216 ----a-w- C:\windows\System32\drivers\23511542.sys
2012-08-28 00:15:33 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4AE7B5DE-2DD4-4267-BE67-78E7200FC3C4}\gapaengine.dll
2012-08-25 04:39:53 -------- d-----w- C:\Users\kathmandu\AppData\Local\virtualmoon
2012-08-24 19:05:00 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1F096A7D-5091-4135-88D1-2A3D132E314A}\offreg.dll
2012-08-24 18:51:41 9309624 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1F096A7D-5091-4135-88D1-2A3D132E314A}\mpengine.dll
2012-08-23 00:40:54 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-08-23 00:40:09 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-08-22 23:45:27 -------- d-----w- C:\Users\kathmandu\AppData\Local\toolbarcleaner
2012-08-17 05:56:35 -------- d-----w- C:\Program Files (x86)\Ciel
2012-08-17 05:51:49 -------- d-----w- C:\Program Files (x86)\VirtualMoon
2012-08-17 05:31:55 -------- d-----w- C:\Program Files (x86)\Celestia
2012-08-17 04:40:38 -------- d-----w- C:\Program Files (x86)\NetSetMan
2012-08-17 04:29:18 56496 ----a-w- C:\windows\SysWow64\wbhelp2.dll
2012-08-17 04:29:18 544768 ----a-w- C:\windows\SysWow64\wbocx.ocx
2012-08-17 04:29:18 258352 ----a-w- C:\windows\SysWow64\unicows.dll
2012-08-17 04:29:17 33968 ----a-w- C:\windows\SysWow64\anim.dll
2012-08-17 04:29:16 -------- d-----w- C:\Program Files (x86)\WinUtilities
2012-08-16 20:33:57 503808 ----a-w- C:\windows\System32\srcore.dll
2012-08-16 20:33:56 43008 ----a-w- C:\windows\SysWow64\srclient.dll
2012-08-16 20:33:07 751104 ----a-w- C:\windows\System32\win32spl.dll
2012-08-16 20:33:06 559104 ----a-w- C:\windows\System32\spoolsv.exe
2012-08-16 20:33:03 67072 ----a-w- C:\windows\splwow64.exe
2012-08-16 20:33:03 492032 ----a-w- C:\windows\SysWow64\win32spl.dll
2012-08-16 20:29:08 59392 ----a-w- C:\windows\System32\browcli.dll
2012-08-16 20:29:08 136704 ----a-w- C:\windows\System32\browser.dll
2012-08-16 20:29:07 41984 ----a-w- C:\windows\SysWow64\browcli.dll
2012-08-16 20:28:59 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-08-16 20:28:51 956928 ----a-w- C:\windows\System32\localspl.dll
2012-08-14 18:29:27 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-08-14 18:18:15 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-08-14 18:13:13 -------- d-----w- C:\Users\kathmandu\AppData\Local\Microsoft Help
2012-08-14 17:10:55 -------- d-----w- C:\Program Files (x86)\FDRLab
2012-08-13 21:36:42 -------- d-----w- C:\Users\kathmandu\AppData\Local\Pinnacle
2012-08-13 21:31:19 -------- d-sh--w- C:\windows\%APPDATA%
2012-08-13 21:26:30 -------- d-----w- C:\Program Files (x86)\Common Files\Pinnacle
2012-08-13 21:23:51 -------- d-----w- C:\ProgramData\Pinnacle Studio Ultimate Collection
2012-08-13 20:58:59 -------- d-----w- C:\Program Files (x86)\Common Files\Pegasus Imaging
2012-08-13 20:58:48 -------- d-----w- C:\ProgramData\Studio 15
2012-08-13 20:58:48 -------- d-----w- C:\ProgramData\Pinnacle Studio Plus
2012-08-13 20:51:14 -------- d-----w- C:\Program Files (x86)\Pinnacle
2012-08-11 22:23:56 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-08-11 04:33:46 -------- d-----w- C:\Program Files (x86)\UltraVNC
2012-08-11 04:09:47 -------- d-----w- C:\Users\kathmandu\AppData\Local\Comodo
2012-08-11 04:09:46 54024 ----a-w- C:\windows\System32\certsentry.dll
2012-08-11 04:09:46 45320 ----a-w- C:\windows\SysWow64\certsentry.dll
2012-08-11 04:09:07 -------- d-----w- C:\Program Files (x86)\Comodo
2012-08-11 04:03:01 -------- d-----w- C:\Program Files (x86)\foobar2000
2012-08-11 02:38:03 51496 ----a-w- C:\windows\System32\drivers\stflt.sys
2012-08-11 02:13:09 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-08-11 01:26:02 -------- d-----w- C:\ProgramData\Grisoft
2012-08-11 01:12:14 -------- d-----w- C:\Program Files (x86)\MaskMyIP
2012-08-11 01:05:26 -------- d-----w- C:\Program Files (x86)\YourFileDownloader
2012-08-10 22:57:10 -------- d-----w- C:\Program Files (x86)\Hideman
2012-08-09 17:09:24 99384 ----a-w- C:\windows\System32\drivers\ssudbus.sys
2012-08-09 17:09:24 203320 ----a-w- C:\windows\System32\drivers\ssudmdm.sys
2012-08-09 16:39:55 -------- d-----w- C:\Program Files\SAMSUNG
2012-08-09 16:39:02 -------- d-----w- C:\ProgramData\Samsung
2012-08-09 15:40:41 -------- d-----w- \Qoobox
2012-08-07 20:04:46 -------- d-----w- C:\ProgramData\MFAData
2012-08-07 03:42:33 -------- d-----w- C:\ProgramData\MaskMyIP
2012-08-06 18:19:14 -------- d-----w- C:\ProgramData\Simply Super Software
2012-08-06 15:27:31 75264 ----a-w- C:\windows\SysWow64\unacev2.dll
2012-08-06 15:27:30 153088 ----a-w- C:\windows\SysWow64\UNRAR3.dll
.
==================== Find3M ====================
.
2012-08-27 19:32:29 696520 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-08-27 19:32:28 73416 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-14 06:47:21 276256 ----a-w- C:\windows\System32\drivers\DigiartyVirtualCDBus.sys
2012-07-03 18:46:44 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-06-30 20:36:23 476936 ----a-w- C:\windows\SysWow64\npdeployJava1.dll
2012-06-30 20:36:23 472840 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-06-29 05:40:06 711240 ----a-w- C:\windows\is-8U6KA.exe
2012-06-29 03:56:34 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-06-25 21:04:24 1394248 ----a-w- C:\windows\SysWow64\msxml4.dll
2012-06-08 00:35:04 50456 ----a-w- C:\windows\System32\drivers\BTOWSVF.sys
2011-09-02 17:03:28 730192 ----a-w- C:\Program Files (x86)\Common Files\ZugoInstaller.exe
2011-02-05 17:16:25 12067528 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
.
============= FINISH: 14:46:39.96 ===============

#5 kathmandu64

kathmandu64
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:chicago
  • Local time:08:40 PM

Posted 04 September 2012 - 04:30 PM

hi again what is this for ???•Attach.txt ???? no idea sorry.

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,374 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:40 PM

Posted 04 September 2012 - 07:06 PM

Greetings kathmandu64,

You log indicates you ran TDSSKiller prior to posting on this site. I would like to take a look at that log please. We are also going to try to run Combofix again. Finally, you have too many antivirus programs installed so I will need you to delete all but one.

Please do this.


===================================================


Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove two of these three programs avast! Antivirus or Emsisoft Anti-Malware ,or Microsoft Security Essentials


===================================================


Posting Previous TDSSKiller log

--------------------

  • Using Windows Explorer navigate to the root directory (normally c:\)
  • Locate the TDSSKiller log which will be named similar to:

    TDSSKiller_version_date_time_log.txt
  • Copy and paste the contents of that document in your reply

===================================================


Re-installing and Running ComboFix

--------------------

I would like you to delete Combofix and then re-install it. We will then run the program again with the new copy.

  • Right click on the ComboFix Icon Posted Image on your desktop and select Delete.
  • Please download ComboFix from one of these locations:

    BleepingComputer

    ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.

    Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.

    • Check your computer clock. If it is still running then so is ComboFix
    • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
    • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
    Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Which antivirus program remains?
  • TDSSKiller log
  • Combofix.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#7 kathmandu64

kathmandu64
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:chicago
  • Local time:08:40 PM

Posted 05 September 2012 - 02:43 PM

hello gary thank you, ive 1 anti vires AVAST,other out, time to time the computer turned off it self, is it hard drive dying ??plz let me know what u think . if it is then i ve to do different things.


ComboFix 12-09-04.03 - kathmandu d 09/05/12 2:45.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3891.1975 [GMT -5:00]
Running from: c:\users\kathmandu\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AutocompletePro
c:\program files (x86)\AutocompletePro\64\AutocompletePro64.dll
c:\program files (x86)\AutocompletePro\AutocompletePro.dll
c:\program files (x86)\AutocompletePro\chrome\autocompleteprochrome.crx
c:\program files (x86)\AutocompletePro\ChromeSetSearchInBrowser.exe
c:\program files (x86)\AutocompletePro\FireFoxExtension.exe
c:\program files (x86)\AutocompletePro\InstTracker.exe
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files (x86)\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files (x86)\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files (x86)\AutocompletePro\support@predictad.com\install.rdf
c:\program files (x86)\AutocompletePro\unins000.dat
c:\program files (x86)\AutocompletePro\unins000.exe
c:\program files (x86)\Burn4Free DB Toolbar\tbCOre3.dll
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\SpeedBit Video Downloader\Toolbar\tbhelper.dll
c:\program files (x86)\WebEnhancements
c:\program files (x86)\WebEnhancements\uninst000.dat
c:\program files (x86)\WebEnhancements\we_uninstall.exe
c:\program files (x86)\WebEnhancements\WebEnhancements.crx
c:\program files (x86)\WebEnhancements\WebEnhancements.xpi
c:\programdata\hpeDA32.dll
c:\users\kathmandu\%appda~1
c:\users\kathmandu\%appda~1\Microsoft\Windows\IETldCache\index.dat
c:\users\kathmandu\AppData\Roaming\3383130714d37bd0a5e1c67.49796809
c:\users\kathmandu\AppData\Roaming\ImgBurn.exe
c:\users\kathmandu\AppData\Roaming\inst.exe
c:\users\kathmandu\AppData\Roaming\Microsoft\~DFK2d6bcd.tmp
c:\users\kathmandu\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\kathmandu\AppData\Roaming\Microsoft\bass.dll
c:\users\kathmandu\AppData\Roaming\Microsoft\engine_vx.dll
c:\users\kathmandu\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\kathmandu\AppData\Roaming\Microsoft\peaadje.dll
c:\users\kathmandu\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\kathmandu\AppData\Roaming\Microsoft\rsaadjd.dll
c:\users\kathmandu\AppData\Roaming\Mozilla\Firefox\Profiles\t9j0a99v.default\Extensions\{A5DCA3F5-ED5A-4ed3-9671-DBB0C68FA469}
c:\users\kathmandu\AppData\Roaming\Mozilla\Firefox\Profiles\t9j0a99v.default\Extensions\{A5DCA3F5-ED5A-4ed3-9671-DBB0C68FA469}\chrome.manifest
c:\users\kathmandu\AppData\Roaming\Mozilla\Firefox\Profiles\t9j0a99v.default\Extensions\{A5DCA3F5-ED5A-4ed3-9671-DBB0C68FA469}\content\ff-overlay.xul
c:\users\kathmandu\AppData\Roaming\Mozilla\Firefox\Profiles\t9j0a99v.default\Extensions\{A5DCA3F5-ED5A-4ed3-9671-DBB0C68FA469}\content\overlay.js
c:\users\kathmandu\AppData\Roaming\Mozilla\Firefox\Profiles\t9j0a99v.default\Extensions\{A5DCA3F5-ED5A-4ed3-9671-DBB0C68FA469}\install.rdf
c:\users\kathmandu\AppData\Roaming\vso_ts_preview.xml
c:\users\kathmandu\Documents\Downloads\CT2776682_BrotherSoft_Extreme.exe
c:\users\kathmandu\FaceControl.8bf
c:\users\kathmandu\videos\OSS64.exe
c:\windows\Fonts\Vn.Fon
c:\windows\iun6002.exe
c:\windows\struct~.ini
c:\windows\SysWow64\BkavAuto.vxd
c:\windows\SysWow64\drivers\BkavAuto.sys
c:\windows\SysWow64\drivers\SysLib.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BkavAuto
-------\Service_SysLib
.
.
((((((((((((((((((((((((( Files Created from 2012-08-05 to 2012-09-05 )))))))))))))))))))))))))))))))
.
.
2012-09-05 08:32 . 2012-09-05 08:32 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-09-05 08:32 . 2012-09-05 08:32 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-09-05 08:32 . 2012-09-05 08:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-05 08:32 . 2012-09-05 08:32 -------- d-----w- c:\users\_ocster_backup_\AppData\Local\temp
2012-09-05 08:32 . 2012-09-05 08:32 -------- d-----w- c:\users\ANYONE\AppData\Local\temp
2012-09-02 22:10 . 2010-05-26 16:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-09-02 22:10 . 2010-05-26 16:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-09-02 22:09 . 2012-09-02 22:10 -------- d-----w- c:\program files (x86)\DVDFab Media Player
2012-09-01 08:09 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-01 08:09 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-01 08:08 . 2012-08-21 09:13 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-09-01 08:08 . 2012-08-21 09:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-01 08:08 . 2012-08-21 09:13 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-01 08:08 . 2012-08-21 09:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-09-01 08:08 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-01 08:03 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-01 08:03 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-31 20:45 . 2012-08-31 20:45 -------- d-----w- c:\program files (x86)\AutorunCleanUpTool
2012-08-31 06:09 . 2012-08-31 20:40 -------- d-----w- c:\program files\Bkav2006
2012-08-31 03:02 . 2012-08-31 03:02 -------- d-----w- c:\program files (x86)\GFI Software
2012-08-31 03:01 . 2012-08-31 03:01 -------- d-----w- c:\users\kathmandu\AppData\Roaming\GFI Software
2012-08-31 00:24 . 2012-09-05 05:46 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-08-30 23:36 . 2012-08-30 23:36 -------- d-----w- c:\programdata\2F380
2012-08-29 18:18 . 2012-08-29 18:18 -------- d-----w- c:\program files (x86)\eLibPro
2012-08-28 02:51 . 2012-08-28 02:51 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-28 02:45 . 2012-08-28 02:45 208216 ----a-w- c:\windows\system32\drivers\23511542.sys
2012-08-25 04:39 . 2012-08-25 04:43 -------- d-----w- c:\users\kathmandu\AppData\Local\virtualmoon
2012-08-23 00:40 . 2012-09-05 06:12 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-22 23:45 . 2012-08-22 23:45 -------- d-----w- c:\users\kathmandu\AppData\Local\toolbarcleaner
2012-08-17 05:57 . 2012-08-17 05:57 -------- d-----w- c:\users\kathmandu\AppData\Roaming\skychart
2012-08-17 05:56 . 2012-08-17 05:57 -------- d-----w- c:\program files (x86)\Ciel
2012-08-17 05:31 . 2012-08-17 05:32 -------- d-----w- c:\program files (x86)\Celestia
2012-08-17 04:29 . 2010-07-26 03:23 258352 ----a-w- c:\windows\SysWow64\unicows.dll
2012-08-17 04:29 . 2010-07-26 03:23 33968 ----a-w- c:\windows\SysWow64\anim.dll
2012-08-16 20:33 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-16 20:33 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-16 20:33 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-16 20:33 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-16 20:33 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-16 20:29 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-16 20:29 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-16 20:29 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-16 20:29 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-16 20:28 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-16 20:28 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 18:13 . 2012-08-14 18:13 -------- d-----w- c:\users\kathmandu\AppData\Local\Microsoft Help
2012-08-14 17:10 . 2012-08-14 17:48 -------- d-----w- c:\program files (x86)\FDRLab
2012-08-14 15:14 . 2012-08-14 15:14 -------- d-----w- c:\users\kathmandu\AppData\Roaming\FDRLab
2012-08-13 21:36 . 2012-08-13 21:37 -------- d-----w- c:\users\kathmandu\AppData\Local\Pinnacle
2012-08-13 21:31 . 2012-08-13 21:31 -------- d-sh--w- c:\windows\%APPDATA%
2012-08-13 21:26 . 2012-08-13 21:26 -------- d-----w- c:\program files (x86)\Common Files\Pinnacle
2012-08-13 21:23 . 2012-08-13 21:23 -------- d-----w- c:\programdata\Pinnacle Studio Ultimate Collection
2012-08-13 20:58 . 2012-08-13 20:58 -------- d-----w- c:\program files (x86)\Common Files\Pegasus Imaging
2012-08-13 20:58 . 2012-08-13 20:58 -------- d-----w- c:\program files (x86)\Common Files\Yahoo!
2012-08-13 20:58 . 2012-08-13 20:58 -------- d-----w- c:\programdata\Pinnacle Studio Plus
2012-08-13 20:50 . 2012-08-13 21:21 -------- d-----w- c:\programdata\Pinnacle
2012-08-11 22:23 . 2012-08-11 22:23 -------- d-----w- c:\programdata\Kaspersky Lab
2012-08-11 04:35 . 2012-08-11 04:35 -------- d-----w- c:\users\kathmandu\AppData\Roaming\UltraVNC
2012-08-11 04:09 . 2012-08-11 04:09 -------- d-----w- c:\users\kathmandu\AppData\Local\Comodo
2012-08-11 04:09 . 2012-08-17 19:37 54024 ----a-w- c:\windows\system32\certsentry.dll
2012-08-11 04:09 . 2012-08-17 19:37 45320 ----a-w- c:\windows\SysWow64\certsentry.dll
2012-08-11 04:09 . 2012-08-11 04:09 -------- d-----w- c:\program files (x86)\Comodo
2012-08-11 04:04 . 2012-08-14 15:52 -------- d-----w- c:\users\kathmandu\AppData\Roaming\foobar2000
2012-08-11 04:03 . 2012-08-11 04:03 -------- d-----w- c:\program files (x86)\foobar2000
2012-08-11 02:38 . 2012-08-11 02:38 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2012-08-11 01:26 . 2012-08-11 01:26 -------- d-----w- c:\programdata\Grisoft
2012-08-10 22:57 . 2012-08-10 22:57 -------- d-----w- c:\program files (x86)\Hideman
2012-08-09 17:09 . 2012-02-24 09:14 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-08-09 17:09 . 2012-02-24 09:14 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-08-09 16:39 . 2012-08-09 16:39 -------- d-----w- c:\program files\SAMSUNG
2012-08-09 16:39 . 2012-08-09 16:39 -------- d-----w- c:\programdata\Samsung
2012-08-08 03:32 . 2012-08-08 03:32 -------- d-----w- c:\users\kathmandu\AppData\Roaming\Avira
2012-08-07 20:04 . 2012-08-07 20:05 -------- d-----w- c:\programdata\MFAData
2012-08-07 03:42 . 2012-08-07 03:42 -------- d-----w- c:\programdata\MaskMyIP
2012-08-07 03:42 . 2012-08-07 03:42 -------- d-----w- c:\users\kathmandu\AppData\Roaming\MaskMyIP
2012-08-06 18:19 . 2012-08-06 18:19 -------- d-----w- c:\users\kathmandu\AppData\Roaming\Simply Super Software
2012-08-06 18:19 . 2012-08-06 18:19 -------- d-----w- c:\programdata\Simply Super Software
2012-08-06 17:52 . 2012-08-06 17:52 -------- d-----w- c:\users\kathmandu\AppData\Roaming\TestApp
2012-08-06 15:27 . 2002-03-06 05:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll
2012-08-06 15:27 . 2003-02-03 00:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-05 08:47 . 2011-01-15 18:24 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-08-27 19:32 . 2012-06-08 01:13 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-27 19:32 . 2011-06-15 18:01 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-16 20:51 . 2011-01-07 21:26 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-14 06:47 . 2011-10-28 16:25 276256 ----a-w- c:\windows\system32\drivers\DigiartyVirtualCDBus.sys
2012-07-03 18:46 . 2011-01-07 08:26 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-30 20:36 . 2012-06-30 20:36 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-06-30 20:36 . 2011-01-13 07:54 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-29 05:40 . 2012-06-29 05:40 711240 ----a-w- c:\windows\is-8U6KA.exe
2012-06-29 00:09 . 2012-08-16 21:30 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-09 05:43 . 2012-07-17 01:36 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-08 00:35 . 2012-06-08 00:35 50456 ----a-w- c:\windows\system32\drivers\BTOWSVF.sys
2011-09-02 17:03 . 2011-09-11 01:01 730192 ----a-w- c:\program files (x86)\Common Files\ZugoInstaller.exe
2011-02-05 17:16 . 2011-02-05 17:16 12067528 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
.
[7] 2009-07-14 . 769765CE2CC62867468CEA93969B2242 . 23040 . . [6.1.7600.16385] .. c:\windows\system32\drivers\asyncmac.sys
.
.
.
.
[7] 2009-07-13 . 9899284589F75FA8724FF3D16AED75C1 . 6144 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-null_31bf3856ad364e35_6.1.7600.16385_none_055adf2434ae116e\null.sys
[7] 2009-07-13 . 9899284589F75FA8724FF3D16AED75C1 . 6144 . . [6.1.7600.16385] .. c:\windows\system32\drivers\null.sys
.
.
[7] 2010-11-20 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys
[7] 2009-07-13 . 079125C4B17B01FCAEEBCE0BCB290C0F . 99840 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_4632b9f2f5c6af5e\tdx.sys
[7] 2010-11-20 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\system32\drivers\tdx.sys
.
[7] 2012-07-04 . 00A7A2067E9822E4626DE846574ADA80 . 136704 . . [6.1.7600.21256] .. c:\windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7600.21256_none_d5890aa5d0b400b5\browser.dll
[7] 2012-07-04 . 05F5A0D14A2EE1D8255C2AA0E9E8E694 . 136704 . . [6.1.7601.17887] .. c:\windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17887_none_d6c68344b4d406bf\browser.dll
[7] 2012-07-04 . 156768ABAE1DAF29BA0B0C05C21FEF09 . 136704 . . [6.1.7601.22044] .. c:\windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.22044_none_d7783703cdd41e02\browser.dll
[7] 2012-07-04 . 6B054C67AAA87843504E8E3C09102009 . 136704 . . [6.1.7600.17056] .. c:\windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7600.17056_none_d4ff6bf4b79663c4\browser.dll
[7] 2010-11-20 . 8EF0D5C41EC907751B8429162B1239ED . 136192 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17514_none_d70f2c28b49dffae\browser.dll
[7] 2009-07-14 . 94FBC06F294D58D02361918418F996E3 . 136192 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7600.16385_none_d4de1860b7af7c14\browser.dll
[7] 2012-07-04 . 05F5A0D14A2EE1D8255C2AA0E9E8E694 . 136704 . . [6.1.7600.16385] .. c:\windows\system32\browser.dll
.
[7] 2012-06-04 . 79C908CAA6F43021EB05F4C733A927D1 . 31232 . . [6.1.7601.22010] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279c\lsass.exe
[7] 2012-06-02 . BF63CE11A25F3509129888710D5111FC . 31232 . . [6.1.7600.21225] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21225_none_0309de288f695654\lsass.exe
[7] 2011-11-17 . 156F6159457D0AA7E59B62681B56EB90 . 31232 . . [6.1.7600.16915] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_028b374176436a30\lsass.exe
[7] 2011-11-17 . 156F6159457D0AA7E59B62681B56EB90 . 31232 . . [6.1.7600.16915] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.17035_none_02756f8b7653d554\lsass.exe
[7] 2011-11-17 . D21BD47E528CD62E79311FB5DF0150E6 . 31232 . . [6.1.7600.21092] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_02bb2a0a8fa4d398\lsass.exe
[7] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[7] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e\lsass.exe
[7] 2011-11-17 . 0A10B74FBB437FF9A23F1D5DE4446A83 . 31232 . . [6.1.7601.21861] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[7] 2009-07-14 . 0793F40B9B8A1BDD266296409DBD91EA . 31232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[7] 2009-07-14 . 0793F40B9B8A1BDD266296409DBD91EA . 31232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[7] 2009-07-14 . 0793F40B9B8A1BDD266296409DBD91EA . 31232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe
[7] 2009-07-14 . 0793F40B9B8A1BDD266296409DBD91EA . 31232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[7] 2011-11-17 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\system32\lsass.exe
.
[7] 2009-07-14 . 847D3AE376C0817161A14A82C8922A9E . 360448 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll
[7] 2009-07-14 . 847D3AE376C0817161A14A82C8922A9E . 360448 . . [6.1.7600.16385] .. c:\windows\system32\netman.dll
.
[7] 2010-11-20 . 1EA7969E3271CBC59E1730697DC74682 . 849920 . . [7.5.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[7] 2009-07-14 . 7F0C323FE3DA28AA4AA1BDA3F575707F . 848384 . . [7.5.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll
[7] 2010-11-20 . 1EA7969E3271CBC59E1730697DC74682 . 849920 . . [7.5.7600.16385] .. c:\windows\system32\qmgr.dll
.
[7] 2010-11-20 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[7] 2009-07-14 . 7266972E86890E2B30C0C322E906B027 . 509440 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[7] 2010-11-20 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\system32\rpcss.dll
.
[7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\system32\services.exe
.
[7] 2012-02-11 . 85DAA09A98C9286D4EA2BA8D0E644377 . 559104 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17777_none_3433cdb2d8563d50\spoolsv.exe
[7] 2012-02-11 . 567977DC43CC13C4C35ED7084C0B84D5 . 559104 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16962_none_32533f26db2c36c0\spoolsv.exe
[7] 2012-02-11 . 807B5B0E287027F72AC37B0CDA9512DA . 559104 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.21149_none_32f955f1f433834b\spoolsv.exe
[7] 2012-02-11 . B9D7A4858CF32A6A15D2763F1DE47E0E . 559616 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.21921_none_34ed7a43f150b682\spoolsv.exe
[7] 2010-11-20 . B96C17B5DC1424D56EEA3A99E97428CD . 559104 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_3471a890d8284f57\spoolsv.exe
[7] 2010-08-21 . F8E1FA03CB70D54A9892AC88B91D1E7B . 558592 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_3252392adb2d25f4\spoolsv.exe
[7] 2010-08-20 . 8547491BE7086EE317163365D83A37D2 . 559104 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_32ca3745f45762fc\spoolsv.exe
[7] 2009-07-14 . 89E8550C5862999FCF482EA562B0E98E . 558080 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_324094c8db39cbbd\spoolsv.exe
[7] 2012-02-11 . 85DAA09A98C9286D4EA2BA8D0E644377 . 559104 . . [6.1.7600.16385] .. c:\windows\system32\spoolsv.exe
.
[7] 2010-11-20 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[7] 2009-10-28 . A93D41A4D4B0D91C072D11DD8AF266DE . 389632 . . [6.1.7600.20560] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[7] 2009-10-28 . DA3E2A6FA9660CC75B471530CE88453A . 389632 . . [6.1.7600.16447] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
[7] 2009-07-14 . 132328DF455B0028F13BF0ABEE51A63A . 389120 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[7] 2010-11-20 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe
.
.
[7] 2010-11-20 . 14DFDEAF4E589ED3F1FF187A86B9408C . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_97c2246fee970dbb\comctl32.dll
[7] 2010-11-20 . 14DFDEAF4E589ED3F1FF187A86B9408C . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
[7] 2010-11-20 . 7FA8FDC2C2A27817FD0F624E78D3B50C . 2030080 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
[7] 2010-08-24 . B0CB1D2D5FFA6335DD94B1B531756412 . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.20787_none_961cb3b90ac4540e\comctl32.dll
[7] 2010-08-24 . B0CB1D2D5FFA6335DD94B1B531756412 . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.20787_none_a6357652551c0c2c\comctl32.dll
[7] 2010-08-24 . 882C1C473BE598DF08730DA11C5B2B27 . 2030080 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.20787_none_e3967e4730ab1731\comctl32.dll
[7] 2010-08-21 . BC052EFAD10ACA1AD69545B629F50D99 . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.16661_none_95a2b509f19be458\comctl32.dll
[7] 2010-08-21 . BC052EFAD10ACA1AD69545B629F50D99 . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\comctl32.dll
[7] 2010-08-21 . 113921FC4A80A3DDF646852998B836D0 . 2030080 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll
[7] 2009-07-14 . 7E8AB50AB7F2F81F30DCC8A98025B73A . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.16385_none_959110a7f1a88a21\comctl32.dll
[7] 2009-07-14 . 7E8AB50AB7F2F81F30DCC8A98025B73A . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16385_none_a44af8ec57f961cf\comctl32.dll
[7] 2009-07-14 . C093E7835C1372D6D70A6675EDAA97B5 . 2030080 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6\comctl32.dll
[7] 2010-11-20 . 14DFDEAF4E589ED3F1FF187A86B9408C . 633856 . . [5.82] .. c:\windows\system32\comctl32.dll
.
[7] 2009-07-14 . 1A47D52E303B7543E4E6026595B95422 . 1297408 . . [2001.12.8530.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_88a5cc7effe2dfca\comres.dll
[7] 2009-07-14 . 1A47D52E303B7543E4E6026595B95422 . 1297408 . . [2001.12.8530.16385] .. c:\windows\system32\comres.dll
.
[7] 2012-04-24 . F02786B66375292E58C8777082D4396D . 182272 . . [6.1.7600.17008] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_d24deecfb43ce339\cryptsvc.dll
[7] 2012-04-24 . 4F5414602E2544A4554D95517948B705 . 184320 . . [6.1.7601.17827] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll
[7] 2012-04-24 . CE8BF1423AEE47DA5275FBC8AD3BD642 . 183808 . . [6.1.7600.21199] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_d2773c98cda297d3\cryptsvc.dll
[7] 2012-04-24 . B7337E9C9E5936355BB700AA33E0936E . 186880 . . [6.1.7601.21979] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll
[7] 2010-11-20 . 15597883FBE9B056F276ADA3AD87D9AF . 177152 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[7] 2009-07-14 . 8C57411B66282C01533CB776F98AD384 . 175104 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[7] 2012-04-24 . 4F5414602E2544A4554D95517948B705 . 184320 . . [6.1.7600.16385] .. c:\windows\system32\cryptsvc.dll
.
[7] 2009-07-14 . 4166F82BE4D24938977DD1746BE9B8A0 . 402944 . . [2001.12.8530.16385] .. c:\windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll
[7] 2009-07-14 . 4166F82BE4D24938977DD1746BE9B8A0 . 402944 . . [2001.12.8530.16385] .. c:\windows\system32\es.dll
.
[7] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_b84b0fbd941c03a9\imm32.dll
[7] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\system32\imm32.dll
.
[7] 2010-11-20 . 2F8B1E3EE3545D3B5A8D56FA1AE07B65 . 800256 . . [1.0626.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.17514_none_0b207e7d6f1bea6f\usp10.dll
[7] 2009-07-14 . 5F2BDCA5FA0F20A6F452CF0EE2A2B18C . 801280 . . [1.0626.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-usp_31bf3856ad364e35_6.1.7600.16385_none_08ef6ab5722d66d5\usp10.dll
[7] 2010-11-20 . 2F8B1E3EE3545D3B5A8D56FA1AE07B65 . 800256 . . [1.0626.7601.17514] .. c:\windows\system32\usp10.dll
.
[7] 2011-07-16 . B9B42A302325537D7B9DC52D47F33A73 . 1162752 . . [6.1.7601.17651] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_f1b5ac086d0e33d5\kernel32.dll
[7] 2011-07-16 . 27AC02D8EE4C02E7648C41CB880151DA . 1163264 . . [6.1.7601.21772] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_f22aa945863b24d8\kernel32.dll
[7] 2011-07-16 . DDBD24DC04DA5FD0EDF45CF72B7C01E2 . 1162240 . . [6.1.7600.16850] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16850_none_efce4eb86fe8ae92\kernel32.dll
[7] 2011-07-16 . 06835B46D9676BEDD80AF25ACF6845FD . 1162240 . . [6.1.7600.21010] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21010_none_f083035588e611da\kernel32.dll
[7] 2011-06-03 . 8225958BAC83EAFCDB6BAB6EE5EDF6E6 . 1162240 . . [6.1.7600.20978] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20978_none_f04a4dfb890f50f6\kernel32.dll
[7] 2011-05-14 . 98DA1B7572DAD6BA10296E0DF0950B37 . 1162240 . . [6.1.7600.16816] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_efff90246fc2d6d8\kernel32.dll
[7] 2011-05-14 . 0E1B2E16235AA7F89F064EE75DFC905E . 1162752 . . [6.1.7601.17617] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_f1e6ed746ce85c1b\kernel32.dll
[7] 2011-05-14 . 6743E8705A96FCBF71279B5AE2CCFDBC . 1163264 . . [6.1.7601.21728] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_f266ba9d860d312d\kernel32.dll
[7] 2010-11-20 . 7A6326D96D53048FDEC542DF23D875A0 . 1161216 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_f1e3eab06ceb12ef\kernel32.dll
[7] 2009-07-14 . 5B4B379AD10DEDA4EDA01B8C6961B193 . 1162240 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_efb2d6e86ffc8f55\kernel32.dll
[7] 2011-07-16 . B9B42A302325537D7B9DC52D47F33A73 . 1162752 . . [6.1.7600.16385] .. c:\windows\system32\kernel32.dll
.
[7] 2009-07-14 . A0A65D306A5490D2EB8E7DE66898ECFD . 29696 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_945a23c3bf051859\linkinfo.dll
[7] 2009-07-14 . A0A65D306A5490D2EB8E7DE66898ECFD . 29696 . . [6.1.7600.16385] .. c:\windows\system32\linkinfo.dll
.
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16385_none_05c80a1f743763f3\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16402_none_061b8a8773f9358d\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16444_none_05f24b6b7417d7ff\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16600_none_06198dbf73fafd2d\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16691_none_05b93ebd744311fd\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16734_none_05fd2109740fb383\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16763_none_05dbb0fb7428edff\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20498_none_0649d7dc8d5a6bb3\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20553_none_067018008d3e7a63\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20720_none_068d8ab28d28d4d9\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20821_none_068e8ce28d27eb57\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20875_none_065c7e6e8d4cdc68\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20905_none_06a82fc88d1415f8\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_07f91de77125e78d\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17537_none_07e67eed71336b74\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_07c20e01714f59eb\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21636_none_086f1b6e8a51f1e7\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_084cab168a6c130c\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\system32\lpk.dll
.
[7] 2009-07-14 . 3B367397320C26DBA890B260F80D1B1B . 424448 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.1.7600.16385_none_0c2b375bae4a8d38\hnetcfg.dll
[7] 2009-07-14 . 3B367397320C26DBA890B260F80D1B1B . 424448 . . [6.1.7600.16385] .. c:\windows\system32\hnetcfg.dll
.
[7] 2012-06-29 . 8415F4792D7BC07BE328DF56FE32045A . 17809920 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16448_none_87d2b30bf4d7270a\mshtml.dll
[7] 2012-06-29 . C4DE0E2B31F60ACB15E6B4154E26298A . 17809920 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20554_none_884d7ec30e007d69\mshtml.dll
[7] 2012-06-02 . 89C4B3BF66D3C2F3D83F9DEDF1B218D6 . 17807360 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16447_none_87d1b2c1f4d80db3\mshtml.dll
[7] 2012-06-02 . 0C26F50D6C347CE294C84347E6FAEAA8 . 17807360 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20553_none_884c7e790e016412\mshtml.dll
[7] 2012-06-29 . 8415F4792D7BC07BE328DF56FE32045A . 17809920 . . [9.00.8112.16421] .. c:\windows\system32\mshtml.dll
.
[7] 2011-12-16 . C391FC68282A000CDF953F8B6B55D2EF . 634880 . . [7.0.7601.17744] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.17744_none_2f5acf97b59df60f\msvcrt.dll
[7] 2011-12-16 . 579F6AFC6A6561951FA2202EFC3FE485 . 634368 . . [7.0.7600.16930] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16930_none_2d7b4155b87308d6\msvcrt.dll
[7] 2011-12-16 . F9A4C695C86CC32048FE2C987A0BD387 . 634880 . . [7.0.7601.21878] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.21878_none_2fc7fdc6ced04f08\msvcrt.dll
[7] 2011-12-16 . 7D8B505E35AB89D3C3E9AE54A2C95DD2 . 634880 . . [7.0.7600.21108] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.21108_none_2e2d2856d17152c7\msvcrt.dll
[7] 2009-07-14 . 7319BB10FA1F86E49E3DCF4136F6C957 . 634880 . . [7.0.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_2d4a27c7b8972454\msvcrt.dll
[7] 2011-12-16 . C391FC68282A000CDF953F8B6B55D2EF . 634880 . . [7.0.7601.17744] .. c:\windows\system32\msvcrt.dll
.
[7] 2010-11-20 . 1D5185A4C7E6695431AE4B55C3D7D333 . 326144 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[7] 2009-07-14 . FC76FE3C1E1FDB761244D4F74EF560FD . 320000 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_144848ad46fcc535\mswsock.dll
[7] 2010-11-20 . 1D5185A4C7E6695431AE4B55C3D7D333 . 326144 . . [6.1.7600.16385] .. c:\windows\system32\mswsock.dll
.
[7] 2010-11-20 . AA339DD8BB128EF66660DFBBB59043D3 . 695808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[7] 2009-07-14 . 956D030D375F207B22FB111E06EF9C35 . 692736 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[7] 2010-11-20 . AA339DD8BB128EF66660DFBBB59043D3 . 695808 . . [6.1.7600.16385] .. c:\windows\system32\netlogon.dll
.
[7] 2009-07-14 . 716175021BDA290504CE434273F666BC . 167424 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_ff0e900816896618\powrprof.dll
[7] 2009-07-14 . 716175021BDA290504CE434273F666BC . 167424 . . [6.1.7600.16385] .. c:\windows\system32\powrprof.dll
.
[7] 2010-11-20 . ED78427259134C63ED69804D2132B86C . 232960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
[7] 2009-07-14 . 398712DDDAEFB85EDF61DF6A07B65C79 . 232448 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[7] 2010-11-20 . ED78427259134C63ED69804D2132B86C . 232960 . . [6.1.7600.16385] .. c:\windows\system32\scecli.dll
.
[7] 2009-07-14 . C6DCD1D11ED6827F05C00773C3E7053C . 3072 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_032ab4f375e2ac1f\sfc.dll
[7] 2009-07-14 . C6DCD1D11ED6827F05C00773C3E7053C . 3072 . . [6.1.7600.16385] .. c:\windows\system32\sfc.dll
.
[7] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[7] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\system32\svchost.exe
.
[7] 2010-11-20 . 40F0849F65D13EE87B9A9AE3C1DD6823 . 316928 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7601.17514_none_4162de4afb9222c0\tapisrv.dll
[7] 2009-07-14 . 884264AC597B690C5707C89723BB8E7B . 316416 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7600.16385_none_3f31ca82fea39f26\tapisrv.dll
[7] 2010-11-20 . 40F0849F65D13EE87B9A9AE3C1DD6823 . 316928 . . [6.1.7600.16385] .. c:\windows\system32\tapisrv.dll
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[7] 2010-11-20 . BAFE84E637BF7388C96EF48D4D3FDD53 . 30720 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
[7] 2009-07-14 . 6F8F1376A13114CC10C0E69274F5A4DE . 30208 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[7] 2010-11-20 . BAFE84E637BF7388C96EF48D4D3FDD53 . 30720 . . [6.1.7600.16385] .. c:\windows\system32\userinit.exe
.
[7] 2012-06-29 . 8EA68FD3780DDDD5072F8CB830B3CB3D . 1392128 . . [9.00.8112.16448] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16448_none_767893ed7480bdd4\wininet.dll
[7] 2012-06-29 . 8BA7EDA2656ED7FBC93BDD5CB02B8D4E . 1392128 . . [9.00.8112.20554] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20554_none_76f35fa48daa1433\wininet.dll
[7] 2012-06-02 . 5A45FA344F4AD99D903F4B20E43B89EC . 1392128 . . [9.00.8112.16447] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16447_none_767793a37481a47d\wininet.dll
[7] 2012-06-02 . 571E809181EBF0A04FEFAA9BC9961F5B . 1392128 . . [9.00.8112.20553] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20553_none_76f25f5a8daafadc\wininet.dll
[7] 2012-05-18 . 870ECFEBD41C7B8F9C6777748368D51F . 1392128 . . [9.00.8112.16446] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16446_none_7676935974828b26\wininet.dll
[7] 2012-05-18 . BDC16D105BF011D4B1C3F09CF7A64314 . 1392128 . . [9.00.8112.20551] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20551_none_76f05ec68dacc82e\wininet.dll
[7] 2012-02-28 . 228443FF3A1FB0B974D278F7C6403FAD . 1390080 . . [9.00.8112.16443] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16443_none_7673927b74853f21\wininet.dll
[7] 2012-02-28 . B70CDC073F70E6D082A62AB5880D6B07 . 1390080 . . [9.00.8112.20548] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20548_none_770230b88d9e5d9e\wininet.dll
[7] 2011-12-14 . B1AC85B6ADC005CF3F9EB4E28DFDCCE6 . 1390080 . . [9.00.8112.16441] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16441_none_767191e774870c73\wininet.dll
[7] 2011-12-14 . C2FA4DBD6BB91D1AFD7D155120654AB9 . 1390080 . . [9.00.8112.20546] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20546_none_770030248da02af0\wininet.dll
[7] 2011-11-04 . 244D45F786E33C169A93F70BA63BABF8 . 1390080 . . [9.00.8112.20544] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20544_none_76fe2f908da1f842\wininet.dll
[7] 2011-11-04 . 69151E566295E5A977FE71FFAFD3B3F8 . 1390080 . . [9.00.8112.16440] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16440_none_7670919d7487f31c\wininet.dll
[7] 2011-09-01 . 271E8FB1354AA205A214F280A6766E30 . 1389056 . . [9.00.8112.16437] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16437_none_7682638f7479888c\wininet.dll
[7] 2011-09-01 . 1B2D2D8E611DE70CEB13F104D39814BA . 1389056 . . [9.00.8112.20537] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20537_none_770c005a8d972856\wininet.dll
[7] 2011-07-22 . 0732B49B250E306F7A6591029AF9885B . 1389056 . . [9.00.8112.16434] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16434_none_767f62b1747c3c87\wininet.dll
[7] 2011-07-22 . 1A5A6898E90546B476D4E8A56626FC96 . 1389056 . . [9.00.8112.20534] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20534_none_7708ff7c8d99dc51\wininet.dll
[7] 2011-04-13 . 1BF2BCC7E3C26FD4C8EF0C9EFB0CC25D . 1389056 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16421_none_768731bf7476d491\wininet.dll
[7] 2011-03-07 . AB026A724960570803E90DC370893BD0 . 1188864 . . [8.00.7601.17573] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17573_none_7a8760522fa622f3\wininet.dll
[7] 2011-03-07 . 93679DC9407BFC602D7E6BFC027455E0 . 1189376 . . [8.00.7601.21676] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21676_none_7b13fdfb48c10ec2\wininet.dll
[7] 2011-02-24 . 4DAEEEE0248F5D85751B05D9C6DA28CC . 1197056 . . [8.00.7600.16766] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16766_none_78aed4163274e71b\wininet.dll
[7] 2011-02-24 . 5A33324B358D9B7E39424505EE242377 . 1198592 . . [8.00.7600.20908] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20908_none_797b52e34b600f14\wininet.dll
[7] 2010-12-21 . E71DB117DBDA6B33646F37936C17D226 . 1197056 . . [8.00.7600.16723] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16723_none_78d712e832572b52\wininet.dll
[7] 2010-12-21 . 1D3466E7E9D63F8B2B84A8AD5E833C29 . 1198080 . . [8.00.7600.20862] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20862_none_79346fb94b962189\wininet.dll
[7] 2010-12-18 . 8178D4C37F236BF810B2178415FE4949 . 1197056 . . [8.00.7600.16722] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16722_none_78d6129e325811fb\wininet.dll
[7] 2010-12-18 . 7EC667385C0D726C9D91D966886B7CFD . 1198080 . . [8.00.7600.20861] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20861_none_79336f6f4b970832\wininet.dll
[7] 2010-11-20 . F6C5302E1F4813D552F41A0AC82455E5 . 1188864 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_7ac940242f7494a4\wininet.dll
[7] 2010-11-04 . 480E62DF24AD9019824344612CD7CF16 . 1197056 . . [8.00.7600.20831] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20831_none_7953df334b7eb45f\wininet.dll
[7] 2010-11-04 . E521F850ADDCEBDBF755819FA608D1FF . 1194496 . . [8.00.7600.16700] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16700_none_78e9b1e23249a76b\wininet.dll
[7] 2010-05-21 . 40643F8400F5C05770EE8F1373BBE3EA . 1196032 . . [8.00.7600.20716] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20716_none_796e7e974b69fe09\wininet.dll
[7] 2010-05-21 . CE40A889CB71A292E2947DBC630F47DF . 1192960 . . [8.00.7600.16596] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16596_none_788e6086328d40a0\wininet.dll
[7] 2010-02-23 . 096698014315B32C84A7AFD4EA61FB6F . 1192960 . . [8.00.7600.16535] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16535_none_78ce3fc4325d7fa3\wininet.dll
[7] 2010-02-23 . DD9CA58E7DB6E64BAD127C7AD6FE1D08 . 1196032 . . [8.00.7600.20651] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20651_none_793e3b8f4b8ef1f3\wininet.dll
[7] 2009-12-19 . 46C47A10DB10E3055ADE41C4EB4FF7CA . 1192960 . . [8.00.7600.20600] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20600_none_79734ae14b674ce7\wininet.dll
[7] 2009-12-19 . 9C0E12FB8BD14397EC9CCA99EC0ED5A3 . 1192960 . . [8.00.7600.16490] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16490_none_78885ce43292ab6f\wininet.dll
[7] 2009-07-14 . B1037F0131C9A010D611F6914E03CD92 . 1193472 . . [8.00.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16385_none_78982c5c3286110a\wininet.dll
[7] 2012-06-29 . 8EA68FD3780DDDD5072F8CB830B3CB3D . 1392128 . . [9.00.8112.16421] .. c:\windows\system32\wininet.dll
.
[7] 2010-11-20 . 4BBFA57F594F7E8A8EDC8F377184C3F0 . 297984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll
[7] 2009-07-14 . 7083F463788CB34FCC42F565D56F89E8 . 296448 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[7] 2010-11-20 . 4BBFA57F594F7E8A8EDC8F377184C3F0 . 297984 . . [6.1.7600.16385] .. c:\windows\system32\ws2_32.dll
.
[7] 2009-07-14 . 8396C6C26AADDFE4590CCEF0F419B6B7 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\ws2help.dll
[7] 2009-07-14 . 8396C6C26AADDFE4590CCEF0F419B6B7 . 4608 . . [6.1.7600.16385] .. c:\windows\system32\ws2help.dll
.
[7] 2010-11-20 . 6C60B5ACA7442EFB794082CDACFC001C . 2086912 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_0a43accb08f0eac5\ole32.dll
[7] 2010-06-29 . AC8F79017C5C1FB316930EDEAD0AF517 . 2085376 . . [6.1.7600.16624] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.16624_none_08527df30bd29da3\ole32.dll
[7] 2010-06-29 . 49401892E8305914A9E7F64C7000D6A6 . 2085376 . . [6.1.7600.20744] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.20744_none_08c67ae62500754f\ole32.dll
[7] 2009-07-14 . 4B25DDE615AC2CABAB73169CA7DA96E6 . 2084352 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.16385_none_081299030c02672b\ole32.dll
[7] 2010-11-20 . 6C60B5ACA7442EFB794082CDACFC001C . 2086912 . . [6.1.7600.16385] .. c:\windows\system32\ole32.dll
.
[7] 2009-07-14 . 86FE1B1F8FD42CD0DB641AB1CDB13093 . 18944 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
[7] 2009-07-14 . 86FE1B1F8FD42CD0DB641AB1CDB13093 . 18944 . . [6.1.7600.16385] .. c:\windows\system32\cngaudit.dll
.
[7] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[7] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\system32\wininit.exe
.
[7] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe
[7] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\system32\ctfmon.exe
.
[7] 2010-11-20 . AAF932B4011D14052955D4B212A4DA8D . 370688 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7601.17514_none_2b566299338d2123\shsvcs.dll
[7] 2009-07-14 . 0298AC45D0EFFFB2DB4BAA7DD186E7BF . 369664 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7600.16385_none_29254ed1369e9d89\shsvcs.dll
[7] 2010-11-20 . AAF932B4011D14052955D4B212A4DA8D . 370688 . . [6.1.7600.16385] .. c:\windows\system32\shsvcs.dll
.
[7] 2009-07-14 . E4D94F24081440B5FC5AA556C7C62702 . 159232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.1.7600.16385_none_e55af7609d2857a8\regsvc.dll
[7] 2009-07-14 . E4D94F24081440B5FC5AA556C7C62702 . 159232 . . [6.1.7600.16385] .. c:\windows\system32\regsvc.dll
.
[7] 2010-11-20 . 262F6592C3299C005FD6BEC90FC4463A . 1110016 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7601.17514_none_8d272400ada202f9\schedsvc.dll
[7] 2010-11-02 . 5269A787C24D968D291B22F7ED4955B1 . 1114624 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7600.20830_none_8bb0c2c5c9ad095d\schedsvc.dll
[7] 2010-11-02 . 624D0F5FF99428BB90A5B8A4123E918E . 1114624 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7600.16699_none_8aef4726b0b7f821\schedsvc.dll
[7] 2009-07-14 . EC56B171F85C7E855E7B0588AC503EEA . 1104384 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7600.16385_none_8af61038b0b37f5f\schedsvc.dll
[7] 2010-11-20 . 262F6592C3299C005FD6BEC90FC4463A . 1110016 . . [6.1.7600.16385] .. c:\windows\system32\schedsvc.dll
.
[7] 2009-07-14 . 51B52FBD583CDE8AA9BA62B8B4298F33 . 193024 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-upnpssdp_31bf3856ad364e35_6.1.7600.16385_none_dbbe6492eae9505c\ssdpsrv.dll
[7] 2009-07-14 . 51B52FBD583CDE8AA9BA62B8B4298F33 . 193024 . . [6.1.7600.16385] .. c:\windows\system32\ssdpsrv.dll
.
[7] 2010-11-20 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
[7] 2009-07-14 . 0F05EC2887BFE197AD82A13287D2F404 . 706560 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_ea94336f6df51e09\termsrv.dll
[7] 2010-11-20 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\system32\termsrv.dll
.
.
[7] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7600.16385_none_43f68e03b0fd4b38\ksuser.dll
[7] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_4627a1cbadebced2\ksuser.dll
[7] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\system32\ksuser.dll
.
[7] 2010-11-20 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] .. c:\windows\SysWOW64\comctl32.dll
[7] 2010-11-20 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_3ba388ec36399c85\comctl32.dll
[7] 2010-11-20 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
[7] 2010-11-20 . 352B3DC62A0D259A82A052238425C872 . 1680896 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
[7] 2010-08-21 . BF5D71B4A40687A90C8B47F776758A6F . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.20787_none_39fe18355266e2d8\comctl32.dll
[7] 2010-08-21 . BF5D71B4A40687A90C8B47F776758A6F . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.20787_none_ede2ad2969983532\comctl32.dll
[7] 2010-08-21 . 70EF5DFEF7069164EACF7140C2CC6344 . 1680896 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.20787_none_2b43b51e45274037\comctl32.dll
[7] 2010-08-21 . D3EAD1CF16BA729A7F7C9A5D94AA7C05 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.16661_none_39841986393e7322\comctl32.dll
[7] 2010-08-21 . D3EAD1CF16BA729A7F7C9A5D94AA7C05 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\comctl32.dll
[7] 2010-08-21 . 4B8DD8541C0E26602005DD0137333615 . 1680896 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
[7] 2009-07-14 . B62AA1BB1F63839051441D2C6DD7B775 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7600.16385_none_39727524394b18eb\comctl32.dll
[7] 2009-07-14 . B62AA1BB1F63839051441D2C6DD7B775 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16385_none_ebf82fc36c758ad5\comctl32.dll
[7] 2009-07-14 . 0FA436A553408CBEBA070E3182658DE3 . 1680896 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
.
[7] 2012-04-24 . 520A108A2657F4BCA7FCED9CA7D885DE . 139264 . . [6.1.7600.17008] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll
[7] 2012-04-24 . 06E771AA596B8761107AB57E99F128D7 . 140288 . . [6.1.7600.16385] .. c:\windows\SysWOW64\cryptsvc.dll
[7] 2012-04-24 . 06E771AA596B8761107AB57E99F128D7 . 140288 . . [6.1.7601.17827] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[7] 2012-04-24 . F522279B4717E2BFF269C771FAC2B78E . 141312 . . [6.1.7600.21199] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll
[7] 2012-04-24 . 21993009E0CCB9B4FA195F14D3408626 . 142336 . . [6.1.7601.21979] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[7] 2010-11-20 . A585BEBF7D054BD9618EDA0922D5484A . 136192 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[7] 2009-07-14 . 9C231178CE4FB385F4B54B0A9080B8A4 . 135680 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
.
[7] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] .. c:\windows\SysWOW64\es.dll
[7] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] .. c:\windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll
.
[7] 2010-11-20 . A6F09E5669D9A19035F6D942CAA15882 . 119808 . . [6.1.7601.17514] .. c:\windows\SysWOW64\imm32.dll
[7] 2010-11-20 . A6F09E5669D9A19035F6D942CAA15882 . 119808 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7601.17514_none_c4d0cdd7c56b493e\imm32.dll
[7] 2009-07-14 . 0DE3069D6E09BA262856EF31C941BEFE . 119808 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_c29fba0fc87cc5a4\imm32.dll
.
[7] 2011-07-16 . D3CB12854171DF61D117D7C2BF22C675 . 1114112 . . [6.1.7601.21772] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_fc7f5397ba9be6d3\kernel32.dll
[7] 2011-07-16 . 4EA99F1644627B1EBAD99D0B93CDEE1C . 1048576 . . [6.1.7600.16850] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16850_none_fa22f90aa449708d\kernel32.dll
[7] 2011-07-16 . 99C3F8E9CC59D95666EB8D8A8B4C2BEB . 1114112 . . [6.1.7600.16385] .. c:\windows\SysWOW64\kernel32.dll
[7] 2011-07-16 . 99C3F8E9CC59D95666EB8D8A8B4C2BEB . 1114112 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_fc0a565aa16ef5d0\kernel32.dll
[7] 2011-07-16 . 2113248DB2D1AF9CA790B09F3E6C6E85 . 1114112 . . [6.1.7600.21010] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21010_none_fad7ada7bd46d3d5\kernel32.dll
[7] 2011-06-03 . 6EB2AEE15C20681E323E9A3E334FE6CF . 1114112 . . [6.1.7600.20978] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20978_none_fa9ef84dbd7012f1\kernel32.dll
[7] 2011-05-14 . CC5CBC069944E7EA70D8674478A70A37 . 837632 . . [6.1.7601.21728] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_fcbb64efba6df328\kernel32.dll
[7] 2011-05-14 . 40EACEE0B6432CBE2459A11B298E9D88 . 837120 . . [6.1.7600.16816] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_fa543a76a42398d3\kernel32.dll
[7] 2011-05-14 . 166116134C58DC36400DE59ACD64FB39 . 837632 . . [6.1.7601.17617] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_fc3b97c6a1491e16\kernel32.dll
[7] 2010-11-20 . E80758CF485DB142FCA1EE03A34EAD05 . 837632 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_fc389502a14bd4ea\kernel32.dll
[7] 2009-07-14 . 606ECB76A424CC535407E7A24E2A34BC . 836608 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_fa07813aa45d5150\kernel32.dll
.
[7] 2009-07-14 . 5987EA8A82C53359BCD2C29D6588583E . 22016 . . [6.1.7600.16385] .. c:\windows\SysWOW64\linkinfo.dll
[7] 2009-07-14 . 5987EA8A82C53359BCD2C29D6588583E . 22016 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_9eaece15f365da54\linkinfo.dll
.
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\SysWOW64\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16385_none_101cb471a89825ee\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16402_none_107034d9a859f788\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16444_none_1046f5bda87899fa\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16600_none_106e3811a85bbf28\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16691_none_100de90fa8a3d3f8\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16734_none_1051cb5ba870757e\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.16763_none_10305b4da889affa\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20498_none_109e822ec1bb2dae\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20553_none_10c4c252c19f3c5e\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20720_none_10e23504c18996d4\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20821_none_10e33734c188ad52\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20875_none_10b128c0c1ad9e63\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7600.20905_none_10fcda1ac174d7f3\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_124dc839a586a988\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17537_none_123b293fa5942d6f\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_1216b853a5b01be6\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21636_none_12c3c5c0beb2b3e2\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_12a15568beccd507\lpk.dll
.
[7] 2012-06-29 . 5E8E869E1342308752A37A2C90CCA79D . 12317184 . . [9.00.8112.16421] .. c:\windows\SysWOW64\mshtml.dll
[7] 2012-06-29 . 5E8E869E1342308752A37A2C90CCA79D . 12317184 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16448_none_92275d5e2937e905\mshtml.dll
[7] 2012-06-28 . AEC51857AEC2F5CE4520366240AFC671 . 12317184 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20554_none_92a2291542613f64\mshtml.dll
[7] 2012-06-02 . 6820A9E91AFF7CB3A510360D8CCD9BDD . 12314624 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16447_none_92265d142938cfae\mshtml.dll
[7] 2012-06-02 . 1ABF770552EA9D4FE90F654468FAF4CE . 12314624 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20553_none_92a128cb4262260d\mshtml.dll
.
[7] 2011-12-16 . 2F740C4B458331357E825E94AFB0953A . 690688 . . [7.0.7601.21878] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.21878_none_d3a962431672ddd2\msvcrt.dll
[7] 2011-12-16 . F8A61B2E713309B4616D107919BDAB6E . 690688 . . [7.0.7600.16930] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16930_none_d15ca5d2001597a0\msvcrt.dll
[7] 2011-12-16 . 9DC80A8AAAAAC397BDAB3C67165A824E . 690688 . . [7.0.7601.17744] .. c:\windows\SysWOW64\msvcrt.dll
[7] 2011-12-16 . 9DC80A8AAAAAC397BDAB3C67165A824E . 690688 . . [7.0.7601.17744] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.17744_none_d33c3413fd4084d9\msvcrt.dll
[7] 2011-12-16 . 10142C1975202A767C0EDB3BC066FD88 . 690688 . . [7.0.7600.21108] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.21108_none_d20e8cd31913e191\msvcrt.dll
[7] 2009-07-14 . E46D48A7FE961401F1CBF85531CDF05D . 690688 . . [7.0.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_d12b8c440039b31e\msvcrt.dll
.
[7] 2010-11-20 . 8999B8631C7FD9F7F9EC3CAFD953BA24 . 232448 . . [6.1.7600.16385] .. c:\windows\SysWOW64\mswsock.dll
[7] 2010-11-20 . 8999B8631C7FD9F7F9EC3CAFD953BA24 . 232448 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[7] 2009-07-14 . 11A41F17527ED75D6B758FDD7F4FD00D . 232448 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
.
[7] 2010-11-20 . C1809B9907ADEDAF16F50C894100883B . 563712 . . [6.1.7600.16385] .. c:\windows\SysWOW64\netlogon.dll
[7] 2010-11-20 . C1809B9907ADEDAF16F50C894100883B . 563712 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[7] 2009-07-14 . EAA75D9000B71F10EEC04D2AE6C60E81 . 563712 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
.
[7] 2009-07-14 . 08DFDBD2FD4EA951DC46B1C7661ED35A . 145408 . . [6.1.7600.16385] .. c:\windows\SysWOW64\powrprof.dll
[7] 2009-07-14 . 08DFDBD2FD4EA951DC46B1C7661ED35A . 145408 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_a2eff4845e2bf4e2\powrprof.dll
.
[7] 2010-11-20 . 8124944EC89D6A1815E4E53F5B96AAF4 . 175616 . . [6.1.7600.16385] .. c:\windows\SysWOW64\scecli.dll
[7] 2010-11-20 . 8124944EC89D6A1815E4E53F5B96AAF4 . 175616 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[7] 2009-07-14 . 26073302DAEA83CC5B944C546D6B47D2 . 175616 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
.
[7] 2009-07-14 . 40CAEEE0EAF1B8569F7C8DF6420F2CB9 . 2560 . . [6.1.7600.16385] .. c:\windows\SysWOW64\sfc.dll
[7] 2009-07-14 . 40CAEEE0EAF1B8569F7C8DF6420F2CB9 . 2560 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_a70c196fbd853ae9\sfc.dll
.
[7] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] .. c:\windows\SysWOW64\svchost.exe
[7] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
.
[7] 2010-11-20 . 613BF4820361543956909043A265C6AC . 242176 . . [6.1.7600.16385] .. c:\windows\SysWOW64\tapisrv.dll
[7] 2010-11-20 . 613BF4820361543956909043A265C6AC . 242176 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7601.17514_none_e54442c74334b18a\tapisrv.dll
[7] 2009-07-14 . 2F46B0C70A4ADC8C90CF825DA3B4FEAF . 241664 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7600.16385_none_e3132eff46462df0\tapisrv.dll
.
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
[7] 2010-11-20 . 61AC3EFDFACFDD3F0F11DD4FD4044223 . 26624 . . [6.1.7600.16385] .. c:\windows\SysWOW64\userinit.exe
[7] 2010-11-20 . 61AC3EFDFACFDD3F0F11DD4FD4044223 . 26624 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[7] 2009-07-14 . 6DE80F60D7DE9CE6B8C2DDFDF79EF175 . 26112 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
.
[7] 2012-06-29 . 75A97A2C060E72AB49E071E08C7DD2BA . 1129472 . . [9.00.8112.16421] .. c:\windows\SysWOW64\wininet.dll
[7] 2012-06-29 . 75A97A2C060E72AB49E071E08C7DD2BA . 1129472 . . [9.00.8112.16448] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16448_none_1a59f869bc234c9e\wininet.dll
[7] 2012-06-28 . 54C30A4066A28F9A017E095E283B2762 . 1129472 . . [9.00.8112.20554] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20554_none_1ad4c420d54ca2fd\wininet.dll
[7] 2012-06-02 . 8E87270C4704CF2951E1E7820D6C8A2B . 1129472 . . [9.00.8112.16447] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16447_none_1a58f81fbc243347\wininet.dll
[7] 2012-06-02 . E430161A632F9A8FE512DE0CA5685559 . 1129472 . . [9.00.8112.20553] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20553_none_1ad3c3d6d54d89a6\wininet.dll
[7] 2012-05-17 . 1C191A4F0960F21B5D58C8A65BAF5427 . 1129472 . . [9.00.8112.16446] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16446_none_1a57f7d5bc2519f0\wininet.dll
[7] 2012-05-17 . 43BAC67996D8765A5F1B3A4EA6231E21 . 1129472 . . [9.00.8112.20551] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20551_none_1ad1c342d54f56f8\wininet.dll
[7] 2012-02-28 . 44465367256D1C72B58F5ABAA19E7016 . 1127424 . . [9.00.8112.16443] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16443_none_1a54f6f7bc27cdeb\wininet.dll
[7] 2012-02-28 . 11A34DCA08EB2A586246F2D6C2A81D58 . 1127424 . . [9.00.8112.20548] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20548_none_1ae39534d540ec68\wininet.dll
[7] 2011-12-14 . 1D94FA7C81D2FFE494AF094619BA706F . 1127424 . . [9.00.8112.16441] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16441_none_1a52f663bc299b3d\wininet.dll
[7] 2011-12-14 . 022A78194E2C7106F5AF9F2BC6AC8774 . 1127424 . . [9.00.8112.20546] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20546_none_1ae194a0d542b9ba\wininet.dll
[7] 2011-11-03 . 32569DF2F9BEF05DD7D56E30590EDFD9 . 1127424 . . [9.00.8112.20544] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20544_none_1adf940cd544870c\wininet.dll
[7] 2011-11-03 . 02F98B5C0E397AD06124D84428CF8F1A . 1127424 . . [9.00.8112.16440] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16440_none_1a51f619bc2a81e6\wininet.dll
[7] 2011-09-01 . D3788D91530CFA005BD516189A4C676E . 1126912 . . [9.00.8112.16437] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16437_none_1a63c80bbc1c1756\wininet.dll
[7] 2011-09-01 . C0FCEE8D760C70DB6EF858BB2262288E . 1126912 . . [9.00.8112.20537] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20537_none_1aed64d6d539b720\wininet.dll
[7] 2011-07-22 . 2C7332C222D1FE1FC57D622699A8C001 . 1126912 . . [9.00.8112.16434] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16434_none_1a60c72dbc1ecb51\wininet.dll
[7] 2011-07-22 . AA75F065975FCE762FC9BBF5A3C08368 . 1126912 . . [9.00.8112.20534] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20534_none_1aea63f8d53c6b1b\wininet.dll
[7] 2011-04-13 . A1236375B74EA63C75657D564890C436 . 1126912 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16421_none_1a68963bbc19635b\wininet.dll
[7] 2011-03-07 . A5B19B240901CAB0C8E7767D2873613E . 981504 . . [8.00.7601.17573] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17573_none_1e68c4ce7748b1bd\wininet.dll
[7] 2011-03-07 . EDEB2904636B657782F824D8FF97D0B8 . 981504 . . [8.00.7601.21676] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21676_none_1ef5627790639d8c\wininet.dll
[7] 2011-02-24 . DA2950BAD7306006EBA77DD93CC42690 . 982016 . . [8.00.7600.20908] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20908_none_1d5cb75f93029dde\wininet.dll
[7] 2011-02-24 . 214605C48AE416BC067C39D227CFCC57 . 981504 . . [8.00.7600.16766] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16766_none_1c9038927a1775e5\wininet.dll
[7] 2010-12-21 . 78B9ADA2BC8946AF7B17678E0D07A773 . 981504 . . [8.00.7600.16723] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16723_none_1cb8776479f9ba1c\wininet.dll
[7] 2010-12-21 . 1B3DD46BC6396143A205EAAF05F38039 . 981504 . . [8.00.7600.20862] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20862_none_1d15d4359338b053\wininet.dll
[7] 2010-12-18 . F019FCA21F609E34B79AE130681D08F7 . 981504 . . [8.00.7600.16722] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16722_none_1cb7771a79faa0c5\wininet.dll
[7] 2010-12-18 . 025031C16D3A486F6AFE1C9B2FB1ADE0 . 981504 . . [8.00.7600.20861] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20861_none_1d14d3eb933996fc\wininet.dll
[7] 2010-11-20 . 44214C94911C7CFB1D52CB64D5E8368D . 980992 . . [8.00.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll
[7] 2010-11-04 . 749A4DDB8915066566E2BB38C2618048 . 981504 . . [8.00.7600.20831] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20831_none_1d3543af93214329\wininet.dll
[7] 2010-11-04 . A7360A3B20B38F1D6A09402FB6E9E2C3 . 978944 . . [8.00.7600.16700] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16700_none_1ccb165e79ec3635\wininet.dll
[7] 2010-05-21 . ABE73A2F762A74B6AD2C9BE636915595 . 977920 . . [8.00.7600.16596] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16596_none_1c6fc5027a2fcf6a\wininet.dll
[7] 2010-05-21 . 5FF3118C688D43ED77DEADC6F4895EF9 . 980480 . . [8.00.7600.20716] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20716_none_1d4fe313930c8cd3\wininet.dll
[7] 2010-02-23 . 99A6F1253A886C4A9C1F8E1822B10A80 . 977920 . . [8.00.7600.16535] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16535_none_1cafa4407a000e6d\wininet.dll
[7] 2010-02-23 . 0962CB2A9E6B4363C74249A4A5CCDBBF . 980480 . . [8.00.7600.20651] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20651_none_1d1fa00b933180bd\wininet.dll
[7] 2009-12-19 . 23587164011EC849E58E229ABC49E239 . 977920 . . [8.00.7600.20600] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20600_none_1d54af5d9309dbb1\wininet.dll
[7] 2009-12-19 . F1C359CE656BD76F90E0E6C4BC04A4BE . 977920 . . [8.00.7600.16490] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16490_none_1c69c1607a353a39\wininet.dll
[7] 2009-07-14 . 0D874F3BC751CC2198AF2E6783FB8B35 . 977920 . . [8.00.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16385_none_1c7990d87a289fd4\wininet.dll
.
[7] 2010-11-20 . 7FF15A4F092CD4A96055BA69F903E3E9 . 206848 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ws2_32.dll
[7] 2010-11-20 . 7FF15A4F092CD4A96055BA69F903E3E9 . 206848 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
[7] 2009-07-14 . DAAE8A9B8C0ACC7F858454132553C30D . 206336 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll
.
[7] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ws2help.dll
[7] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\ws2help.dll
.
[7] 2011-02-26 . E38899074D4951D31B4040E994DD7C8D . 2870784 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[7] 2011-02-26 . 0862495E0C825893DB75EF44FAEA8E93 . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[7] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[7] 2009-10-31 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[7] 2009-10-31 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[7] 2009-08-03 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[7] 2009-08-03 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
.
[7] 2009-07-14 . 2E2C937846A0B8789E5E91739284D17A . 427008 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[7] 2009-07-14 . 2E2C937846A0B8789E5E91739284D17A . 398336 . . [6.1.7600.16385] .. c:\windows\regedit.exe
.
[7] 2010-11-20 . 928CF7268086631F54C3D8E17238C6DD . 1414144 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ole32.dll
[7] 2010-11-20 . 928CF7268086631F54C3D8E17238C6DD . 1414144 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_ae2511475093798f\ole32.dll
[7] 2010-06-29 . E2C2D8C982316C8ABF800C6CE3F28FAB . 1413632 . . [6.1.7600.16624] .. c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.16624_none_ac33e26f53752c6d\ole32.dll
[7] 2010-06-29 . 40E6BF57F6A923038B94C07387118089 . 1414144 . . [6.1.7600.20744] .. c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.20744_none_aca7df626ca30419\ole32.dll
[7] 2009-07-14 . 4ACB903AD1693858A918907358CBD9E4 . 1412608 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7600.16385_none_abf3fd7f53a4f5f5\ole32.dll
.
[7] 2010-11-20 . 804AAAFEBB3AD5F49334DD906BCB1DE5 . 626176 . . [1.0626.7601.17514] .. c:\windows\SysWOW64\usp10.dll
[7] 2010-11-20 . 804AAAFEBB3AD5F49334DD906BCB1DE5 . 626176 . . [1.0626.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.17514_none_af01e2f9b6be7939\usp10.dll
[7] 2009-07-14 . 0BA19F3198C40AC4E8CC66EE02EDA6C6 . 627200 . . [1.0626.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7600.16385_none_acd0cf31b9cff59f\usp10.dll
.
[7] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ksuser.dll
[7] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7600.16385_none_e7d7f27ff89fda02\ksuser.dll
[7] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_ea090647f58e5d9c\ksuser.dll
.
[7] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ctfmon.exe
[7] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe
.
[7] 2010-11-20 . 414DA952A35BF5D50192E28263B40577 . 328192 . . [6.1.7600.16385] .. c:\windows\SysWOW64\shsvcs.dll
[7] 2010-11-20 . 414DA952A35BF5D50192E28263B40577 . 328192 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7601.17514_none_35ab0ceb67ede31e\shsvcs.dll
[7] 2009-07-14 . CD2E48FA5B29EE2B3B5858056D246EF2 . 328192 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7600.16385_none_3379f9236aff5f84\shsvcs.dll
.
[7] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] .. c:\windows\SysWOW64\cngaudit.dll
[7] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
.
[7] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] .. c:\windows\SysWOW64\wininit.exe
[7] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
.
[7] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ias.dll
[7] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7600.16385_none_f8d730c7a3d9d889\ias.dll
[7] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7601.17514_none_fb08448fa0c85c23\ias.dll
.
[7] 2010-11-20 12:19 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6140] .. c:\windows\SysWOW64\mfc40u.dll
[7] 2010-11-20 12:19 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6151] .. c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7601.17514_none_f51a7bf0b3d25294\mfc40u.dll
[7] 2010-08-31 04:32 . 1B3A500340AC40F08D03A2C45213A17D . 954288 . . [4.1.6151] .. c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.16666_none_f3000dfcb6d2a7e4\mfc40u.dll
[7] 2010-08-31 04:25 . A716981A8BB41F4149203687EE2D1BE4 . 954288 . . [4.1.6151] .. c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.20791_none_f3643991d00d1cce\mfc40u.dll
[7] 2009-07-14 01:15 . F8742FC618ECBDA92A406725197E93AE . 924944 . . [4.1.6140] .. c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7600.16385_none_f2e96828b6e3cefa\mfc40u.dll
.
.
[7] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] .. c:\windows\SysWOW64\upnphost.dll
[7] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.1.7600.16385_none_2831d06e8295c671\upnphost.dll
.
[7] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] .. c:\windows\SysWOW64\dsound.dll
[7] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.1.7600.16385_none_5872147ba3367471\dsound.dll
.
[7] 2010-11-20 . 6EF5F3F18413C367195F06E503AB86A6 . 1828352 . . [6.1.7601.17514] .. c:\windows\SysWOW64\d3d9.dll
[7] 2010-11-20 . 6EF5F3F18413C367195F06E503AB86A6 . 1828352 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7601.17514_none_c454d690bf084f04\d3d9.dll
[7] 2009-07-14 . 7459301D21C2E21468823F73042D9F87 . 1826816 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7600.16385_none_c223c2c8c219cb6a\d3d9.dll
.
[7] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ddraw.dll
[7] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.1.7600.16385_none_04dbf9102154d42e\ddraw.dll
.
[7] 2010-11-20 12:20 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] .. c:\windows\SysWOW64\olepro32.dll
[7] 2010-11-20 12:20 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7601.17514_none_3c1b247e5ff65f89\olepro32.dll
[7] 2009-07-14 01:16 . C10459DBDC2099C5A8428CB7D87DB85F . 90112 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7600.16385_none_39ea10b66307dbef\olepro32.dll
.
[7] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] .. c:\windows\SysWOW64\perfctrs.dll
[7] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.1.7600.16385_none_97bcd9bcab2b9b3a\perfctrs.dll
.
[7] 2009-07-14 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385] .. c:\windows\SysWOW64\version.dll
[7] 2009-07-14 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.1.7600.16385_none_14d4a552b2395165\version.dll
.
.
.
.
[7] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] .. c:\windows\SysWOW64\midimap.dll
[7] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.1.7600.16385_none_8cd41e2771e37717\midimap.dll
.
[7] 2009-07-14 . ED6EE83D61EBC683C2CD8E899EA6FEBE . 11776 . . [6.1.7600.16385] .. c:\windows\SysWOW64\rasadhlp.dll
[7] 2009-07-14 . ED6EE83D61EBC683C2CD8E899EA6FEBE . 11776 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_76239aafb364e805\rasadhlp.dll
.
[7] 2009-07-14 . EE5C8E27C37B79CB54A2FCEEED2DC262 . 9216 . . [6.1.7600.16385] .. c:\windows\SysWOW64\WSHTCPIP.DLL
[7] 2009-07-14 . EE5C8E27C37B79CB54A2FCEEED2DC262 . 9216 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.1.7600.16385_none_cb895be592db1acb\WSHTCPIP.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f999a48b-1950-4d81-9971-79018f807b4b}"= "c:\program files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre1.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{f999a48b-1950-4d81-9971-79018f807b4b}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_MiMediaFiles_MonitoredFolder]
@="{C00213B1-77A8-4F0E-B740-0B36FBF7FAE7}"
[HKEY_CLASSES_ROOT\CLSID\{C00213B1-77A8-4F0E-B740-0B36FBF7FAE7}]
2011-07-21 19:36 792456 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_MiMediaFiles_SynchronizationPending]
@="{FAD5EA38-2D1D-485D-9B07-D35EB72B922E}"
[HKEY_CLASSES_ROOT\CLSID\{FAD5EA38-2D1D-485D-9B07-D35EB72B922E}]
2011-07-21 19:36 792456 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_MiMediaFiles_Synchronized]
@="{69DE75F6-60E6-4E55-B416-171941A5C73E}"
[HKEY_CLASSES_ROOT\CLSID\{69DE75F6-60E6-4E55-B416-171941A5C73E}]
2011-07-21 19:36 792456 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"1D26B803D5A3D0838DCEC271F7368F5556F9CC40._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2012-06-28 1250328]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-11 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-07-06 217736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-06-04 296056]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\users\kathmandu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\%APPDATA%\Microsoft\Windows\IETldCache
index.dat [2011-12-15 16384]
.
c:\users\kathmandu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled
CX.lnk - c:\program files (x86)\CX\Launcher.exe [2011-3-2 480768]
quanp slideshow 2.lnk - c:\program files (x86)\quanp widget\quanp slideshow 2\quanp slideshow 2.exe [2011-2-4 142336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled
Phone Remote Control.lnk - c:\program files (x86)\Phone Remote Control\PhoneRemoteControl.exe [2009-6-6 565064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{569DAC0F-2791-46ab-8EFC-A54B77C04C20}"= "c:\program files (x86)\DVD X Studios\DVD X Utilities 3.0\DVDGhost\ExecuteHooker.dll" [2005-11-14 90112]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\DVDXST~1\DVDXUT~1.0\DVDGhost\DVDGhostAppInit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"BingDesktop"=c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [x]
R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 136176]
R2 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R2 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R2 PCCUJobMgr;Common Client Job Manager Service; [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-06-18 431456]
R2 WebCamHelper;WebCamHelper;c:\progra~2\AVWEBC~1\WebCamHelper.sys [2008-08-18 2688]
R3 AAMWRegFilter;AAMWRegFilter;c:\program files (x86)\Ashampoo\Ashampoo Anti-Malware\AAMW_Regfilter64.sys [x]
R3 ASW3Scan;ASW3Scan;c:\program files (x86)\Ashampoo\Ashampoo Anti-Malware\AAMW_IFS64.sys [x]
R3 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo HDD Control\Dfsdks.exe [2009-08-25 544768]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-24 99384]
R3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [2012-07-14 276256]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 FarMntIo;FarMntIo;c:\windows\system32\drivers\farmntio.sys [2010-06-17 0]
R3 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe [2010-04-23 25824]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
R3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-02-04 63304]
R3 NANMp50;NANMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NANMp50.sys [2010-03-25 46776]
R3 NANSp50;NANSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NANSp50.sys [2010-03-25 45752]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2010-11-09 1534304]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-04-08 624856]
R3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [2011-07-01 40600]
R3 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Tenda\Common\RaRegistry64.exe [2010-06-28 211808]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [2010-08-31 10752]
R3 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2011-07-01 301720]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-07 232992]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 113704]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 19496]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 152616]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 133160]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 34856]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 128552]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 145960]
R3 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
R3 spiceworks;spiceworks;c:\program files (x86)\Spiceworks\bin\spiceworks.exe service [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-24 203320]
R3 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-24 2735528]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\BatteryCare\WinRing0x64.sys [2008-07-27 14544]
R3 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-19 140672]
R4 acthelper;Ashampoo CoreTuner Helper Service;c:\program files (x86)\Ashampoo\Ashampoo Core Tuner\ACTHelperService.exe [2010-02-15 902488]
R4 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2011-10-26 37280]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-27 250568]
R4 AxonService;Axon Virtual PBX;c:\program files (x86)\NCH Swift Sound\Axon\axon.exe [2011-02-11 1257476]
R4 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-04-20 83240]
R4 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe [2011-08-20 13312]
R4 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R4 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-03-31 70952]
R4 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-03-31 312616]
R4 DelegateService;Express Delegate;c:\program files (x86)\NCH Software\Delegate\delegate.exe [2011-02-11 2538500]
R4 DialDictateService;Dial Dictate;c:\program files (x86)\NCH Swift Sound\DialDictate\dialdictate.exe [2011-02-11 1171460]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 136176]
R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
R4 IMSService;IMS Telephone On-Hold Player;c:\program files (x86)\NCH Swift Sound\IMS\ims.exe [2011-02-11 888836]
R4 JIT Scheduler;JIT Scheduler;c:\program files (x86)\GiPo@Utilities\JIT Scheduler\schednt.exe [2008-03-24 176128]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [x]
R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-02-01 375176]
R4 MSRSService;MSRS Recording System;c:\program files (x86)\NCH Swift Sound\MSRS\msrs.exe [2011-02-11 745476]
R4 NetBalancer Windows Service;NetBalancer Windows Service;c:\program files\NetBalancer\SeriousBit.NetBalancer.Service.exe [2011-08-24 10240]
R4 nnCron;nnCron;c:\program files (x86)\nnCron\nncron.exe [2006-03-21 408576]
R4 ocster_backup;Ocster Backup;c:\program files\Ocster Backup\bin\backupService-ox.exe [2011-06-29 21272]
R4 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R4 RCP-Host;RCP-Host;c:\program files (x86)\Remote Control PC\apc_host.exe [2011-06-04 577024]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-18 313696]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
R4 VeriWave FLEXnet License Manager;VeriWave FLEXnet License Manager;c:\program files (x86)\VeriWave\WaveDeploy\lmgrd.exe [2010-12-16 1122568]
R4 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~2\VideoAcceleratorService.exe [2011-11-24 265928]
R4 VRSService;VRS Recording System;c:\program files (x86)\NCH Swift Sound\VRS\vrs.exe [2011-02-11 1155076]
R4 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-07 1255736]
R4 ZentimoService;Zentimo Assistant;c:\program files (x86)\Zentimo\ZentimoService.exe [2011-12-10 555844]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2011-11-14 39728]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-03-02 69376]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 18232]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-08-28 834544]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy2.sys [2011-08-28 31344]
S1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82x64.sys [2010-05-20 34840]
S1 SafDskNT;SafeHouse;c:\windows\system32\drivers\SAFDSKNT.SYS [2009-12-07 76112]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys [2011-06-29 118888]
S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys [2011-11-14 352816]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/05/01 17:26];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-04-12 09:16 148976]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 AVWEBCAM;AV WebCam, WDM Video Capture;c:\windows\system32\DRIVERS\avwebcam.sys [2010-12-02 17152]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [2012-08-09 1852104]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-04-20 75248]
S2 PfFilter;PfFilter;c:\program files (x86)\IObit\Protected Folder\pffilter.sys [2011-03-16 36792]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S2 WefiEngSvc;WeFi Engine Service;c:\program files (x86)\WeFi\WefiEngSvc.exe [2011-03-30 118104]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2010-12-24 29288]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-04 271872]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
S3 Nbdrv;NetBalancer;c:\windows\system32\DRIVERS\nbdrv.sys [2011-05-18 41256]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-04-02 82816]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-01-12 325152]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-04-28 932384]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-08 19:32]
.
2012-03-17 c:\windows\Tasks\FinalTorrent Update Checker.job
- c:\program files (x86)\FinalTorrent\FTCheckForUpdates.exe [2011-08-04 19:24]
.
2012-03-17 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-08-04 19:24]
.
2012-03-17 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-03-27 21:24]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc28a74623a14f.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 09:34]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 09:34]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-980790821-3120828224-4190103299-1000Core.job
- c:\users\kathmandu\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-30 00:04]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-980790821-3120828224-4190103299-1000UA.job
- c:\users\kathmandu\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-30 00:04]
.
2012-07-17 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-07-16 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-11-25 02:25]
.
2012-03-17 c:\windows\Tasks\PC Fresh.job
- c:\program files (x86)\PC Fresh\PC Fresh.exe [2011-12-23 19:37]
.
2012-08-11 c:\windows\Tasks\WefiStartup.job
- c:\program files (x86)\WeFi\WefiStartup.exe [2011-03-30 15:43]
.
2011-05-27 c:\windows\Tasks\{32604E3E-64AE-4D11-833D-146F28BDA602}.job
- c:\program files (x86)\mozilla firefox\firefox.exe [2011-01-07 00:17]
.
2011-05-27 c:\windows\Tasks\{45452BA8-CCC6-4F08-BE5F-F2CDE6653309}.job
- c:\program files (x86)\mozilla firefox\firefox.exe [2011-01-07 00:17]
.
2011-05-28 c:\windows\Tasks\{B966A444-AD45-405F-BBCC-99AD0029B58B}.job
- c:\program files (x86)\Skype\Phone\Skype.exe [2012-07-13 18:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_MiMediaFiles_MonitoredFolder]
@="{C00213B1-77A8-4F0E-B740-0B36FBF7FAE7}"
[HKEY_CLASSES_ROOT\CLSID\{C00213B1-77A8-4F0E-B740-0B36FBF7FAE7}]
2011-07-21 19:36 826248 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions-x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_MiMediaFiles_SynchronizationPending]
@="{FAD5EA38-2D1D-485D-9B07-D35EB72B922E}"
[HKEY_CLASSES_ROOT\CLSID\{FAD5EA38-2D1D-485D-9B07-D35EB72B922E}]
2011-07-21 19:36 826248 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions-x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_MiMediaFiles_Synchronized]
@="{69DE75F6-60E6-4E55-B416-171941A5C73E}"
[HKEY_CLASSES_ROOT\CLSID\{69DE75F6-60E6-4E55-B416-171941A5C73E}]
2011-07-21 19:36 826248 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions-x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"combofix"="c:\combofix\CF27898.3XE" [2010-11-20 345088]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP
IE: &Download with DAM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Block frame with Ad Muncher
IE: Block image with Ad Muncher
IE: Block link with Ad Muncher
IE: Don't filter page with Ad Muncher
IE: Download &All with DAM
IE: Download &all with DAP
IE: Download FLV &Video with DAM
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\kathmandu\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\kathmandu\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms
IE: Report page to the Ad Muncher developers
IE: Run DAM Media&Grabber
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0419
IE: {{E3CB497B-E230-4445-8B34-13476822F867} - {5AAF9669-C519-4AFF-BB6D-CCEE38D21C90} - c:\progra~2\COMMON~1\TIDYFA~1\OpenFav.dll
DPF: {8D8972A9-FFFA-11D4-9CC7-00902761BD36} - hxxp://mailjol.com/dev/cab/jscntrl.cab
FF - ProfilePath - c:\users\kathmandu\AppData\Roaming\Mozilla\Firefox\Profiles\t9j0a99v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=HIP&o=&locale=&apn_uid=63D93A27-7C96-4E88-8B4A-B3B601BD699E&apn_ptnrs=&apn_sauid=5CE839D7-667A-49A5-8430-EEF0A0A0C1DF&apn_dtid=&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: extentions.y2layers.installId - 0c588051-3aa1-4c89-90a2-c6140903e427
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,TopRelatedTopics,BestVideoDownloader,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
.
------- File Associations -------
.
.txt=NoteProTXT
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{F999A48B-1950-4D81-9971-79018F807B4B} - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
AddRemove-1ClickDownload - c:\program files (x86)\1ClickDownload\uninst.exe
AddRemove-Adobe Flash Player - c:\windows\system32\Macromed\Flash\uninstall_flash_player.exe
AddRemove-BlueVoda_Website_Builder_1.0 - c:\windows\iun6002.exe
AddRemove-Incomedia WebSite X5 v8 - Smart - c:\windows\system32\iwpsetup.exe
AddRemove-WebEnhancements_is1 - c:\program files (x86)\WebEnhancements\we_uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\{057C7771-F320-4C2A-A2EA-747945FA82F2}*]
@=hex:09,c1,63,fb,04,8d,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]
@=hex:78,95,a5,fe,d5,89,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*]
@=hex:c1,0d,57,ff,d5,89,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]
@=hex:e6,72,f3,e4,d5,89,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*]
@=hex:cd,50,2b,00,d6,89,cc,01
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
c:\windows\SysWow64\perfhost.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
.
**************************************************************************
.
Completion time: 2012-09-05 05:08:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-05 10:08
.
Pre-Run: 10,530,172,928 bytes free
Post-Run: 9,888,055,296 bytes free
.
- - End Of File - - FAAA5B6631DAB3626D72CE408A915439

#8 kathmandu64

kathmandu64
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:chicago
  • Local time:08:40 PM

Posted 05 September 2012 - 03:07 PM

hello iam wondwering we can send only 1 post a day?? i cant send u other log for some reason...it say too long but i make short still cant send u , sorry

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,374 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:40 PM

Posted 05 September 2012 - 03:13 PM

Greetings kathmandu64,

You should be able to post. Try to zip the file and then send it as an attachment. Here is how to zip if you don't know how.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,374 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:40 PM

Posted 05 September 2012 - 04:50 PM

Greetings kathmandu64,

Please don't miss my previous post about sending the information you were unable to post before.

What exactly happens when your computer shuts off? Does it completely stop and turn off as if you unplugged it, or does it restart on its own?

Please do the following for me.


===================================================


Running Combofix Script

-------------------

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text below into the Notepad document

    C:\Program Files\Bkav2006
    

  • Save this on your desktop as CFScript.txt.


    Posted Image

  • Referring to the picture above, drag CFScript.txt into ComboFix.exe
  • When finished, it will create a log for you at C:\ComboFix.txt. Please copy/paste the information in your next reply.

===================================================


Virustotal Online Virus Scanner

--------------------

  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file, double click on it so the file name is populated, then click Scan it!

    C:\windows\is-8U6KA.exe
  • Once completed, highlight the information in the address bar and copy then paste the link in your reply


    Posted Image

===================================================


AdwCleaner by Xplode - Search for Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Search
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Combofix.txt
  • Virustotal link
  • AdwCleaner.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#11 kathmandu64

kathmandu64
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:chicago
  • Local time:08:40 PM

Posted 05 September 2012 - 05:41 PM

hi i have 2 result, i included here, ihope it will go throught, it will say ihave too much iam trying again send you . thankyou Attached File  TDSSKiller.2.8.8.0_27.08.2012_21.45.07_log.zip   70.71KB   2 downloads





03:35:53.0000 3044 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
03:35:53.0316 3044 ============================================================
03:35:53.0316 3044 Current date / time: 2012/08/29 03:35:53.0316
03:35:53.0316 3044 SystemInfo:
03:35:53.0316 3044
03:35:53.0316 3044 OS Version: 6.1.7601 ServicePack: 1.0
03:35:53.0316 3044 Product type: Workstation
03:35:53.0316 3044 ComputerName: CHICAGO
03:35:53.0317 3044 UserName: kathmandu
03:35:53.0317 3044 Windows directory: C:\windows
03:35:53.0317 3044 System windows directory: C:\windows
03:35:53.0317 3044 Running under WOW64
03:35:53.0317 3044 Processor architecture: Intel x64
03:35:53.0317 3044 Number of processors: 4
03:35:53.0317 3044 Page size: 0x1000
03:35:53.0317 3044 Boot type: Safe boot with network
03:35:53.0317 3044 ============================================================
03:35:55.0691 3044 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
03:35:55.0698 3044 ============================================================
03:35:55.0698 3044 \Device\Harddisk0\DR0:
03:35:55.0698 3044 MBR partitions:
03:35:55.0698 3044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38A60800
03:35:55.0698 3044 ============================================================
03:35:55.0727 3044 C: <-> \Device\Harddisk0\DR0\Partition1
03:35:55.0727 3044 ============================================================
03:35:55.0727 3044 Initialize success
03:35:55.0727 3044 ============================================================
03:36:09.0014 2372 ============================================================
03:36:09.0014 2372 Scan started
03:36:09.0014 2372 Mode: Manual;
03:36:09.0014 2372 ============================================================
03:36:11.0869 2372 ================ Scan system memory ========================
03:36:11.0869 2372 System memory - ok
03:36:11.0869 2372 ================ Scan services =============================
03:36:12.0196 2372 [ 7D9D615201A483D6FA99491C2E655A5A ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
03:36:12.0196 2372 !SASCORE - ok
03:36:12.0383 2372 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
03:36:12.0383 2372 1394ohci - ok
03:36:12.0477 2372 [ 0B8ED3DE81EC30AD50873F033B34B39E ] a2acc C:\PROGRAM FILES (X86)\MAMUTU\a2accx64.sys
03:36:12.0477 2372 a2acc - ok
03:36:12.0664 2372 [ F75DDC4047AA1AC85164445CBA7601EF ] a2injectiondriver C:\Program Files (x86)\Mamutu\a2dix64.sys
03:36:12.0664 2372 a2injectiondriver - ok
03:36:12.0680 2372 [ E41D79682A209F72F4F578CFD4A53952 ] a2util C:\Program Files (x86)\Mamutu\a2util64.sys
03:36:12.0680 2372 a2util - ok
03:36:12.0773 2372 AAMWRegFilter - ok
03:36:12.0820 2372 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
03:36:12.0820 2372 ACPI - ok
03:36:12.0883 2372 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
03:36:12.0883 2372 AcpiPmi - ok
03:36:13.0023 2372 [ 125DC7C85E34A8B0483404E8024FE769 ] acthelper C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner\ACTHelperService.exe
03:36:13.0023 2372 acthelper - ok
03:36:13.0085 2372 [ 99721E1DAC2C89E8202F70B773FB14F4 ] ADExchange C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
03:36:13.0085 2372 ADExchange - ok
03:36:13.0179 2372 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
03:36:13.0179 2372 AdobeARMservice - ok
03:36:13.0273 2372 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
03:36:13.0273 2372 AdobeFlashPlayerUpdateSvc - ok
03:36:13.0335 2372 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
03:36:13.0335 2372 adp94xx - ok
03:36:13.0366 2372 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
03:36:13.0366 2372 adpahci - ok
03:36:13.0413 2372 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
03:36:13.0413 2372 adpu320 - ok
03:36:13.0553 2372 [ AC7E481DB75F1EDAEE81F68F41786955 ] AdvancedSystemCareService C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
03:36:13.0569 2372 AdvancedSystemCareService - ok
03:36:13.0600 2372 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
03:36:13.0600 2372 AeLookupSvc - ok
03:36:13.0678 2372 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
03:36:13.0694 2372 AFD - ok
03:36:13.0772 2372 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\windows\system32\DRIVERS\agrsm64.sys
03:36:13.0787 2372 AgereSoftModem - ok
03:36:13.0819 2372 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
03:36:13.0819 2372 agp440 - ok
03:36:13.0897 2372 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
03:36:13.0897 2372 ALG - ok
03:36:13.0943 2372 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
03:36:13.0943 2372 aliide - ok
03:36:13.0959 2372 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
03:36:13.0959 2372 amdide - ok
03:36:13.0990 2372 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
03:36:13.0990 2372 AmdK8 - ok
03:36:14.0006 2372 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
03:36:14.0006 2372 AmdPPM - ok
03:36:14.0037 2372 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
03:36:14.0053 2372 amdsata - ok
03:36:14.0053 2372 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
03:36:14.0053 2372 amdsbs - ok
03:36:14.0084 2372 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
03:36:14.0084 2372 amdxata - ok
03:36:14.0131 2372 [ 821E7E501226EE344FDB0F40EE46109D ] AnyDVD C:\windows\system32\Drivers\AnyDVD.sys
03:36:14.0131 2372 AnyDVD - ok
03:36:14.0177 2372 [ AD12F5C7251BB8D575D560894E73CBBA ] Apowersoft_AudioDevice C:\windows\system32\drivers\Apowersoft_AudioDevice.sys
03:36:14.0177 2372 Apowersoft_AudioDevice - ok
03:36:14.0240 2372 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\windows\system32\inetsrv\apphostsvc.dll
03:36:14.0240 2372 AppHostSvc - ok
03:36:14.0271 2372 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
03:36:14.0271 2372 AppID - ok
03:36:14.0318 2372 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
03:36:14.0318 2372 AppIDSvc - ok
03:36:14.0349 2372 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
03:36:14.0349 2372 Appinfo - ok
03:36:14.0458 2372 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
03:36:14.0458 2372 Apple Mobile Device - ok
03:36:14.0645 2372 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
03:36:14.0645 2372 arc - ok
03:36:14.0661 2372 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
03:36:14.0661 2372 arcsas - ok
03:36:14.0770 2372 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
03:36:14.0833 2372 aspnet_state - ok
03:36:14.0895 2372 ASW3Scan - ok
03:36:14.0942 2372 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
03:36:14.0942 2372 AsyncMac - ok
03:36:15.0004 2372 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
03:36:15.0020 2372 atapi - ok
03:36:15.0176 2372 [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag C:\windows\system32\drivers\atikmdag.sys
03:36:15.0301 2372 atikmdag - ok
03:36:15.0332 2372 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
03:36:15.0347 2372 AudioEndpointBuilder - ok
03:36:15.0363 2372 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
03:36:15.0363 2372 AudioSrv - ok
03:36:15.0441 2372 [ 9BDF898574A559BDCFE6F4562417BB1C ] AVG Anti-Spyware Driver C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard64.sys
03:36:15.0441 2372 AVG Anti-Spyware Driver - ok
03:36:15.0488 2372 [ 5DCD235C061022BCDA9AA48670B64211 ] AVG Anti-Spyware Guard C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe
03:36:15.0488 2372 AVG Anti-Spyware Guard - ok
03:36:15.0550 2372 [ B1D20447EE6C1A1FF4009DA17B60CC04 ] AvgAsC64 C:\windows\system32\DRIVERS\AvgAsC64.sys
03:36:15.0550 2372 AvgAsC64 - ok
03:36:15.0597 2372 [ 769FB483C253E9EE5AFD3002D986B284 ] AVWEBCAM C:\windows\system32\DRIVERS\avwebcam.sys
03:36:15.0597 2372 AVWEBCAM - ok
03:36:15.0628 2372 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
03:36:15.0628 2372 AxInstSV - ok
03:36:15.0722 2372 [ 030947713788A7B6415E66D2EBD24B13 ] AxonService C:\Program Files (x86)\NCH Swift Sound\Axon\axon.exe
03:36:15.0737 2372 AxonService - ok
03:36:15.0784 2372 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
03:36:15.0784 2372 b06bdrv - ok
03:36:15.0800 2372 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
03:36:15.0800 2372 b57nd60a - ok
03:36:15.0878 2372 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
03:36:15.0878 2372 BDESVC - ok
03:36:15.0909 2372 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
03:36:15.0909 2372 Beep - ok
03:36:15.0971 2372 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
03:36:15.0971 2372 BFE - ok
03:36:16.0096 2372 [ 1B63F2B7CA6B5290CC124CDD07520BC9 ] BingDesktopUpdate C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
03:36:16.0096 2372 BingDesktopUpdate - ok
03:36:16.0174 2372 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
03:36:16.0252 2372 BITS - ok
03:36:16.0283 2372 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
03:36:16.0283 2372 blbdrive - ok
03:36:16.0393 2372 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
03:36:16.0393 2372 Bonjour Service - ok
03:36:16.0439 2372 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
03:36:16.0439 2372 bowser - ok
03:36:16.0471 2372 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
03:36:16.0471 2372 BrFiltLo - ok
03:36:16.0486 2372 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
03:36:16.0486 2372 BrFiltUp - ok
03:36:16.0627 2372 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
03:36:16.0642 2372 BridgeMP - ok
03:36:16.0705 2372 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
03:36:16.0705 2372 Browser - ok
03:36:16.0736 2372 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
03:36:16.0736 2372 Brserid - ok
03:36:16.0923 2372 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
03:36:16.0939 2372 BrSerWdm - ok
03:36:16.0939 2372 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
03:36:16.0939 2372 BrUsbMdm - ok
03:36:16.0954 2372 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
03:36:16.0954 2372 BrUsbSer - ok
03:36:16.0954 2372 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
03:36:16.0970 2372 BTHMODEM - ok
03:36:17.0001 2372 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
03:36:17.0001 2372 bthserv - ok
03:36:17.0063 2372 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
03:36:17.0079 2372 cdfs - ok
03:36:17.0141 2372 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
03:36:17.0141 2372 cdrom - ok
03:36:17.0188 2372 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
03:36:17.0188 2372 CertPropSvc - ok
03:36:17.0235 2372 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
03:36:17.0235 2372 circlass - ok
03:36:17.0282 2372 [ FF60401F1C659CA2ED4BAE85D3FD14DA ] CISVC C:\windows\system32\CISVC.EXE
03:36:17.0282 2372 CISVC - ok
03:36:17.0329 2372 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
03:36:17.0344 2372 CLFS - ok
03:36:17.0438 2372 [ 4AA6694FB767BBFF6A8EF080806447BD ] CLHNServiceForPowerDVD C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
03:36:17.0438 2372 CLHNServiceForPowerDVD - ok
03:36:17.0500 2372 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:36:17.0500 2372 clr_optimization_v2.0.50727_32 - ok
03:36:17.0563 2372 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
03:36:17.0563 2372 clr_optimization_v2.0.50727_64 - ok
03:36:17.0609 2372 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:36:17.0734 2372 clr_optimization_v4.0.30319_32 - ok
03:36:17.0750 2372 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
03:36:17.0843 2372 clr_optimization_v4.0.30319_64 - ok
03:36:17.0875 2372 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
03:36:17.0875 2372 CmBatt - ok
03:36:17.0906 2372 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
03:36:17.0906 2372 cmdide - ok
03:36:17.0984 2372 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
03:36:17.0984 2372 CNG - ok
03:36:18.0015 2372 [ 040FF3B09F26926A3792E047DB0F47DD ] cnnctfy2 C:\windows\system32\DRIVERS\cnnctfy2.sys
03:36:18.0015 2372 cnnctfy2 - ok
03:36:18.0046 2372 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
03:36:18.0046 2372 Compbatt - ok
03:36:18.0093 2372 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
03:36:18.0093 2372 CompositeBus - ok
03:36:18.0093 2372 COMSysApp - ok
03:36:18.0171 2372 [ 839BF3E10311FBA5D0DF632623D5ED2B ] Connectify C:\Program Files (x86)\Connectify\ConnectifyService.exe
03:36:18.0171 2372 Connectify - ok
03:36:18.0265 2372 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
03:36:18.0265 2372 crcdisk - ok
03:36:18.0343 2372 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll
03:36:18.0358 2372 CryptSvc - ok
03:36:18.0358 2372 CSN5PDTS82 - ok
03:36:18.0421 2372 [ E7956DB62954ECA3FFD2AC88F6B83BB4 ] CSN5PDTS82x64 C:\windows\system32\Drivers\CSN5PDTS82x64.sys
03:36:18.0436 2372 CSN5PDTS82x64 - ok
03:36:18.0623 2372 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
03:36:18.0639 2372 cvhsvc - ok
03:36:18.0717 2372 [ D3484412EAE43685E3AD304C9979F30E ] CyberLink PowerDVD 11.0 Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
03:36:18.0717 2372 CyberLink PowerDVD 11.0 Monitor Service - ok
03:36:18.0748 2372 [ 4B0F03AF88FF89441EF57175849C3961 ] CyberLink PowerDVD 11.0 Service C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
03:36:18.0748 2372 CyberLink PowerDVD 11.0 Service - ok
03:36:18.0795 2372 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
03:36:18.0811 2372 DcomLaunch - ok
03:36:18.0842 2372 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
03:36:18.0857 2372 defragsvc - ok
03:36:18.0982 2372 [ EBC38B4DCF30FA00020B9F3205B11D21 ] DelegateService C:\Program Files (x86)\NCH Software\Delegate\delegate.exe
03:36:19.0013 2372 DelegateService - ok
03:36:19.0060 2372 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
03:36:19.0060 2372 DfsC - ok
03:36:19.0138 2372 [ D51B32BA3897F630D99713B74B40D6A2 ] DfSdkS C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control\Dfsdks.exe
03:36:19.0138 2372 DfSdkS - ok
03:36:19.0185 2372 [ 113212D25D0C9BB8901A9833774DA97F ] dg_ssudbus C:\windows\system32\DRIVERS\ssudbus.sys
03:36:19.0185 2372 dg_ssudbus - ok
03:36:19.0247 2372 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
03:36:19.0247 2372 Dhcp - ok
03:36:19.0325 2372 [ 46B0FC52CD0E3486B3C55B1FA5F7BA2F ] DialDictateService C:\Program Files (x86)\NCH Swift Sound\DialDictate\dialdictate.exe
03:36:19.0341 2372 DialDictateService - ok
03:36:19.0388 2372 [ 79B9D7643C9E3AD10B89DF8EF0A9D2FE ] DigiartyVirtualCDBus C:\windows\system32\drivers\DigiartyVirtualCDBus.sys
03:36:19.0388 2372 DigiartyVirtualCDBus - ok
03:36:19.0419 2372 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
03:36:19.0419 2372 discache - ok
03:36:19.0435 2372 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
03:36:19.0450 2372 Disk - ok
03:36:19.0481 2372 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
03:36:19.0481 2372 Dnscache - ok
03:36:19.0528 2372 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
03:36:19.0528 2372 dot3svc - ok
03:36:19.0559 2372 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
03:36:19.0559 2372 DPS - ok
03:36:19.0653 2372 [ 0BCFA67BBA938BE9024462AF8B9F0A99 ] DragonUpdater C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
03:36:19.0715 2372 DragonUpdater - ok
03:36:19.0747 2372 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
03:36:19.0747 2372 drmkaud - ok
03:36:19.0809 2372 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
03:36:19.0809 2372 DXGKrnl - ok
03:36:19.0856 2372 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
03:36:19.0856 2372 EapHost - ok
03:36:19.0965 2372 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
03:36:20.0074 2372 ebdrv - ok
03:36:20.0090 2372 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
03:36:20.0105 2372 EFS - ok
03:36:20.0168 2372 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
03:36:20.0183 2372 ehRecvr - ok
03:36:20.0215 2372 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
03:36:20.0215 2372 ehSched - ok
03:36:20.0261 2372 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\windows\system32\Drivers\ElbyCDIO.sys
03:36:20.0261 2372 ElbyCDIO - ok
03:36:20.0293 2372 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
03:36:20.0308 2372 elxstor - ok
03:36:20.0324 2372 [ 9EAFB3B3B60B8AD958985152A9309ACA ] epmntdrv C:\windows\system32\epmntdrv.sys
03:36:20.0339 2372 epmntdrv - ok
03:36:20.0355 2372 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
03:36:20.0355 2372 ErrDev - ok
03:36:20.0386 2372 [ FB949ED2C93C878A189039F3D7730942 ] EuGdiDrv C:\windows\system32\EuGdiDrv.sys
03:36:20.0402 2372 EuGdiDrv - ok
03:36:20.0464 2372 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
03:36:20.0464 2372 EventSystem - ok
03:36:20.0605 2372 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
03:36:20.0605 2372 exfat - ok
03:36:20.0636 2372 FarMntIo - ok
03:36:20.0636 2372 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
03:36:20.0636 2372 fastfat - ok
03:36:20.0729 2372 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
03:36:20.0729 2372 Fax - ok
03:36:20.0761 2372 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
03:36:20.0761 2372 fdc - ok
03:36:20.0792 2372 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
03:36:20.0792 2372 fdPHost - ok
03:36:20.0807 2372 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
03:36:20.0807 2372 FDResPub - ok
03:36:20.0839 2372 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
03:36:20.0839 2372 FileInfo - ok
03:36:20.0870 2372 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
03:36:20.0870 2372 Filetrace - ok
03:36:20.0932 2372 [ 8669BE94F63944E4F899C3950B520241 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
03:36:20.0948 2372 FLEXnet Licensing Service - ok
03:36:20.0979 2372 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
03:36:20.0979 2372 flpydisk - ok
03:36:21.0026 2372 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
03:36:21.0026 2372 FltMgr - ok
03:36:21.0088 2372 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
03:36:21.0104 2372 FontCache - ok
03:36:21.0151 2372 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
03:36:21.0151 2372 FontCache3.0.0.0 - ok
03:36:21.0182 2372 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
03:36:21.0197 2372 FsDepends - ok
03:36:21.0229 2372 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
03:36:21.0229 2372 fssfltr - ok
03:36:21.0307 2372 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
03:36:21.0338 2372 fsssvc - ok
03:36:21.0385 2372 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
03:36:21.0385 2372 Fs_Rec - ok
03:36:21.0447 2372 [ 79179C6F8A3784CC3A20CDE998D5BD2C ] ftpsvc C:\windows\system32\inetsrv\ftpsvc.dll
03:36:21.0463 2372 ftpsvc - ok
03:36:21.0494 2372 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
03:36:21.0494 2372 fvevol - ok
03:36:21.0525 2372 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
03:36:21.0525 2372 gagp30kx - ok
03:36:21.0587 2372 [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
03:36:21.0587 2372 GameConsoleService - ok
03:36:21.0650 2372 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
03:36:21.0650 2372 GEARAspiWDM - ok
03:36:21.0697 2372 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
03:36:21.0712 2372 gpsvc - ok
03:36:21.0775 2372 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
03:36:21.0775 2372 gupdate - ok
03:36:21.0775 2372 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
03:36:21.0775 2372 gupdatem - ok
03:36:21.0806 2372 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
03:36:21.0806 2372 gusvc - ok
03:36:21.0837 2372 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
03:36:21.0837 2372 hcw85cir - ok
03:36:21.0884 2372 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
03:36:21.0899 2372 HdAudAddService - ok
03:36:21.0915 2372 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
03:36:21.0915 2372 HDAudBus - ok
03:36:21.0962 2372 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\windows\system32\DRIVERS\HECIx64.sys
03:36:21.0977 2372 HECIx64 - ok
03:36:21.0993 2372 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
03:36:22.0102 2372 HidBatt - ok
03:36:22.0102 2372 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
03:36:22.0102 2372 HidBth - ok
03:36:22.0133 2372 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
03:36:22.0133 2372 HidIr - ok
03:36:22.0180 2372 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
03:36:22.0180 2372 hidserv - ok
03:36:22.0196 2372 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
03:36:22.0196 2372 HidUsb - ok
03:36:22.0258 2372 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
03:36:22.0258 2372 hkmsvc - ok
03:36:22.0289 2372 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
03:36:22.0305 2372 HomeGroupListener - ok
03:36:22.0336 2372 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
03:36:22.0336 2372 HomeGroupProvider - ok
03:36:22.0367 2372 [ 389BBD74638000072D40E74B7B9C7F8D ] hotcore3 C:\windows\system32\DRIVERS\hotcore3.sys
03:36:22.0367 2372 hotcore3 - ok
03:36:22.0399 2372 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
03:36:22.0414 2372 HpSAMD - ok
03:36:22.0617 2372 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
03:36:22.0633 2372 HTTP - ok
03:36:22.0664 2372 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
03:36:22.0664 2372 hwpolicy - ok
03:36:22.0695 2372 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
03:36:22.0695 2372 i8042prt - ok
03:36:22.0757 2372 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
03:36:22.0757 2372 iaStor - ok
03:36:22.0820 2372 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
03:36:22.0820 2372 IAStorDataMgrSvc - ok
03:36:22.0867 2372 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
03:36:22.0867 2372 iaStorV - ok
03:36:22.0945 2372 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
03:36:22.0960 2372 idsvc - ok
03:36:23.0241 2372 [ 31569A2E836C12014148BF7342716946 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
03:36:23.0522 2372 igfx - ok
03:36:23.0553 2372 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
03:36:23.0553 2372 iirsp - ok
03:36:23.0600 2372 [ AB55B8A9B13130F638546881CE4425F8 ] IISADMIN C:\windows\system32\inetsrv\inetinfo.exe
03:36:23.0600 2372 IISADMIN - ok
03:36:23.0678 2372 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
03:36:23.0693 2372 IKEEXT - ok
03:36:23.0865 2372 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
03:36:23.0881 2372 Impcd - ok
03:36:23.0927 2372 [ 14BC3D9177C0CC7E69E0817554A298DE ] IMSService C:\Program Files (x86)\NCH Swift Sound\IMS\ims.exe
03:36:23.0943 2372 IMSService - ok
03:36:24.0598 2372 [ 490947A9AFF7CA31EF2E08F5776105EB ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
03:36:24.0645 2372 IntcAzAudAddService - ok
03:36:24.0692 2372 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
03:36:24.0692 2372 IntcDAud - ok
03:36:24.0739 2372 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
03:36:24.0739 2372 intelide - ok
03:36:24.0785 2372 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
03:36:24.0785 2372 intelppm - ok
03:36:24.0801 2372 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
03:36:24.0817 2372 IPBusEnum - ok
03:36:24.0863 2372 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
03:36:24.0863 2372 IpFilterDriver - ok
03:36:24.0895 2372 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
03:36:24.0910 2372 iphlpsvc - ok
03:36:24.0941 2372 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
03:36:24.0941 2372 IPMIDRV - ok
03:36:24.0988 2372 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
03:36:24.0988 2372 IPNAT - ok
03:36:25.0097 2372 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
03:36:25.0113 2372 iPod Service - ok
03:36:25.0144 2372 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
03:36:25.0144 2372 IRENUM - ok
03:36:25.0191 2372 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
03:36:25.0191 2372 isapnp - ok
03:36:25.0222 2372 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
03:36:25.0222 2372 iScsiPrt - ok
03:36:25.0238 2372 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
03:36:25.0238 2372 IviRegMgr - ok
03:36:25.0316 2372 [ 147817D1D27AD291E494836B96708E15 ] JIT Scheduler C:\Program Files (x86)\GiPo@Utilities\JIT Scheduler\schednt.exe
03:36:25.0316 2372 JIT Scheduler - ok
03:36:25.0331 2372 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
03:36:25.0331 2372 kbdclass - ok
03:36:25.0363 2372 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
03:36:25.0363 2372 kbdhid - ok
03:36:25.0394 2372 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
03:36:25.0394 2372 KeyIso - ok
03:36:25.0472 2372 [ 5D5017ACEBE26E166EA64D143F3EE3B8 ] kmodurl C:\Program files (x86)\Kingsoft\PCDoctor\kmodurl64.sys
03:36:25.0472 2372 kmodurl - ok
03:36:25.0487 2372 [ C32D068757D4AD6E4781A78CFFD883E5 ] KSafeSvc C:\Program files (x86)\Kingsoft\PCDoctor\KSafeSvc.exe
03:36:25.0503 2372 KSafeSvc - ok
03:36:25.0581 2372 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
03:36:25.0581 2372 KSecDD - ok
03:36:25.0597 2372 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
03:36:25.0612 2372 KSecPkg - ok
03:36:25.0643 2372 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
03:36:25.0643 2372 ksthunk - ok
03:36:25.0690 2372 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
03:36:25.0706 2372 KtmRm - ok
03:36:25.0971 2372 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
03:36:26.0018 2372 LanmanServer - ok
03:36:26.0065 2372 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
03:36:26.0065 2372 LanmanWorkstation - ok
03:36:26.0096 2372 Lavasoft Ad-Aware Service - ok
03:36:26.0096 2372 Lavasoft Kernexplorer - ok
03:36:26.0127 2372 [ C8B3131857931AE76798A741CC52B021 ] Lbd C:\windows\system32\DRIVERS\Lbd.sys
03:36:26.0143 2372 Lbd - ok
03:36:26.0158 2372 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
03:36:26.0158 2372 lltdio - ok
03:36:26.0205 2372 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
03:36:26.0205 2372 lltdsvc - ok
03:36:26.0221 2372 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
03:36:26.0236 2372 lmhosts - ok
03:36:26.0299 2372 [ AD988709675D9E35A60B2616BEF108E9 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
03:36:26.0314 2372 LMIGuardianSvc - ok
03:36:26.0361 2372 [ 0317335B15FF3BDA8E10197E3434CFC0 ] LMIInfo C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
03:36:26.0361 2372 LMIInfo - ok
03:36:26.0392 2372 [ BD043199FC0BF5F2810F54C8B374590B ] LMIMaint C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
03:36:26.0392 2372 LMIMaint - ok
03:36:26.0423 2372 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\windows\system32\DRIVERS\lmimirr.sys
03:36:26.0455 2372 lmimirr - ok
03:36:26.0455 2372 LMIRfsClientNP - ok
03:36:26.0611 2372 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\windows\system32\drivers\LMIRfsDriver.sys
03:36:26.0642 2372 LMIRfsDriver - ok
03:36:26.0704 2372 [ 23DE5B62B0445A6F874BE633C95B483E ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
03:36:26.0720 2372 LMS - ok
03:36:26.0735 2372 [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
03:36:26.0751 2372 LogMeIn - ok
03:36:26.0782 2372 [ 41E122F6D1448C94CC05196BC41D6BFB ] LPCFilter C:\windows\system32\DRIVERS\LPCFilter.sys
03:36:26.0782 2372 LPCFilter - ok
03:36:26.0829 2372 [ 5DCD36FC4A6ECBF6E7F9B3BF7E0D0F55 ] LPDSVC C:\windows\system32\lpdsvc.dll
03:36:26.0829 2372 LPDSVC - ok
03:36:26.0860 2372 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
03:36:26.0860 2372 LSI_FC - ok
03:36:26.0860 2372 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
03:36:26.0876 2372 LSI_SAS - ok
03:36:26.0891 2372 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
03:36:26.0891 2372 LSI_SAS2 - ok
03:36:26.0907 2372 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
03:36:26.0907 2372 LSI_SCSI - ok
03:36:26.0923 2372 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
03:36:26.0938 2372 luafv - ok
03:36:27.0063 2372 [ 96662A24455D228353FE610DDE386D33 ] Mamutu C:\Program Files (x86)\Mamutu\a2service.exe
03:36:27.0141 2372 Mamutu - ok
03:36:27.0157 2372 [ D33E2B74CF8B3A652BF0A9FBD068E87A ] ManyCam C:\windows\system32\DRIVERS\ManyCam_x64.sys
03:36:27.0157 2372 ManyCam - ok
03:36:27.0235 2372 [ 024DA28053D57E9E32BEE52600576BBB ] MarvinBus C:\windows\system32\DRIVERS\MarvinBus64.sys
03:36:27.0235 2372 MarvinBus - ok
03:36:27.0453 2372 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
03:36:27.0547 2372 Mcx2Svc - ok
03:36:27.0562 2372 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
03:36:27.0562 2372 megasas - ok
03:36:27.0609 2372 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
03:36:27.0609 2372 MegaSR - ok
03:36:27.0718 2372 [ 5193B6FD81FF5A6D3542A3A1759AD26B ] MemeoBackgroundService C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe
03:36:27.0718 2372 MemeoBackgroundService - ok
03:36:27.0812 2372 Microsoft SharePoint Workspace Audit Service - ok
03:36:27.0859 2372 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
03:36:27.0859 2372 MMCSS - ok
03:36:27.0905 2372 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
03:36:27.0905 2372 Modem - ok
03:36:27.0937 2372 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
03:36:27.0937 2372 monitor - ok
03:36:27.0983 2372 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\drivers\mouclass.sys
03:36:27.0983 2372 mouclass - ok
03:36:27.0999 2372 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
03:36:27.0999 2372 mouhid - ok
03:36:28.0061 2372 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
03:36:28.0061 2372 mountmgr - ok
03:36:28.0124 2372 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
03:36:28.0124 2372 MozillaMaintenance - ok
03:36:28.0171 2372 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
03:36:28.0171 2372 MpFilter - ok
03:36:28.0202 2372 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
03:36:28.0202 2372 mpio - ok
03:36:28.0249 2372 [ 8FBF6B31FE8AF1833D93C5913D5B4D55 ] MpNWMon C:\windows\system32\DRIVERS\MpNWMon.sys
03:36:28.0249 2372 MpNWMon - ok
03:36:28.0280 2372 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
03:36:28.0280 2372 mpsdrv - ok
03:36:28.0327 2372 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
03:36:28.0342 2372 MpsSvc - ok
03:36:28.0389 2372 [ CD22D2563039DDA6793F7624719363A7 ] MQAC C:\windows\system32\drivers\mqac.sys
03:36:28.0389 2372 MQAC - ok
03:36:28.0420 2372 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
03:36:28.0436 2372 MRxDAV - ok
03:36:28.0467 2372 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
03:36:28.0467 2372 mrxsmb - ok
03:36:28.0498 2372 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
03:36:28.0514 2372 mrxsmb10 - ok
03:36:28.0639 2372 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
03:36:28.0639 2372 mrxsmb20 - ok
03:36:28.0686 2372 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
03:36:28.0686 2372 msahci - ok
03:36:28.0764 2372 [ 43E89194371EB3709685A62421369001 ] MsDepSvc C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
03:36:28.0764 2372 MsDepSvc - ok
03:36:28.0795 2372 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
03:36:28.0795 2372 msdsm - ok
03:36:28.0810 2372 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
03:36:28.0810 2372 MSDTC - ok
03:36:28.0857 2372 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
03:36:28.0857 2372 Msfs - ok
03:36:28.0904 2372 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
03:36:28.0904 2372 mshidkmdf - ok
03:36:28.0904 2372 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
03:36:28.0904 2372 msisadrv - ok
03:36:28.0951 2372 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
03:36:28.0951 2372 MSiSCSI - ok
03:36:28.0951 2372 msiserver - ok
03:36:28.0982 2372 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
03:36:28.0982 2372 MSKSSRV - ok
03:36:29.0044 2372 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
03:36:29.0044 2372 MsMpSvc - ok
03:36:29.0122 2372 [ FAAEAEF99E53561BEEE58F946CA56F0D ] MSMQ C:\windows\system32\mqsvc.exe
03:36:29.0122 2372 MSMQ - ok
03:36:29.0154 2372 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
03:36:29.0154 2372 MSPCLOCK - ok
03:36:29.0169 2372 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
03:36:29.0169 2372 MSPQM - ok
03:36:29.0200 2372 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
03:36:29.0200 2372 MsRPC - ok
03:36:29.0263 2372 [ 5C56BE1A9BFBF622E8EE95DD16259CF8 ] MSRSService C:\Program Files (x86)\NCH Swift Sound\MSRS\msrs.exe
03:36:29.0263 2372 MSRSService - ok
03:36:29.0310 2372 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
03:36:29.0310 2372 mssmbios - ok
03:36:29.0434 2372 MSSQL$SQLEXPRESS - ok
03:36:29.0512 2372 [ 04EF36EAF5C4DBCE424D81B76F1E9231 ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
03:36:29.0544 2372 MSSQLServerADHelper100 - ok
03:36:29.0575 2372 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
03:36:29.0575 2372 MSTEE - ok
03:36:29.0590 2372 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
03:36:29.0590 2372 MTConfig - ok
03:36:29.0606 2372 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
03:36:29.0606 2372 Mup - ok
03:36:29.0653 2372 [ A3A3D22BD8C7FF85C490D6B82A406E2F ] NANMp50 C:\windows\system32\Drivers\NANMp50.sys
03:36:29.0653 2372 NANMp50 - ok
03:36:29.0668 2372 [ F32C2E0DAC1A5BBE9011346EC338F421 ] NANSp50 C:\windows\system32\Drivers\NANSp50.sys
03:36:29.0668 2372 NANSp50 - ok
03:36:29.0715 2372 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
03:36:29.0731 2372 napagent - ok
03:36:29.0778 2372 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
03:36:29.0778 2372 NativeWifiP - ok
03:36:29.0824 2372 [ 37BFE7CE56133F2E8E90EF68157D73C8 ] Nbdrv C:\windows\system32\DRIVERS\nbdrv.sys
03:36:29.0824 2372 Nbdrv - ok
03:36:29.0871 2372 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\windows\system32\drivers\ndis.sys
03:36:29.0887 2372 NDIS - ok
03:36:29.0902 2372 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
03:36:29.0902 2372 NdisCap - ok
03:36:29.0934 2372 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
03:36:29.0934 2372 NdisTapi - ok
03:36:29.0980 2372 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
03:36:29.0996 2372 Ndisuio - ok
03:36:30.0043 2372 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
03:36:30.0058 2372 NdisWan - ok
03:36:30.0121 2372 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
03:36:30.0121 2372 NDProxy - ok
03:36:30.0214 2372 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
03:36:30.0230 2372 Nero BackItUp Scheduler 4.0 - ok
03:36:30.0277 2372 [ BD78F329957C2361F21B52B7AF2D1A22 ] NetBalancer Windows Service C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe
03:36:30.0277 2372 NetBalancer Windows Service - ok
03:36:30.0308 2372 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
03:36:30.0308 2372 NetBIOS - ok
03:36:30.0355 2372 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
03:36:30.0355 2372 NetBT - ok
03:36:30.0402 2372 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
03:36:30.0402 2372 Netlogon - ok
03:36:30.0433 2372 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
03:36:30.0448 2372 Netman - ok
03:36:30.0526 2372 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:36:30.0698 2372 NetMsmqActivator - ok
03:36:30.0698 2372 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:36:30.0698 2372 NetPipeActivator - ok
03:36:30.0729 2372 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
03:36:30.0745 2372 netprofm - ok
03:36:30.0823 2372 [ C32CBA363C0308AC69DA5AFB62C96FDB ] netr28ux C:\windows\system32\DRIVERS\netr28ux.sys
03:36:30.0838 2372 netr28ux - ok
03:36:30.0870 2372 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:36:30.0870 2372 NetTcpActivator - ok
03:36:30.0885 2372 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:36:30.0885 2372 NetTcpPortSharing - ok
03:36:30.0932 2372 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
03:36:30.0932 2372 nfrd960 - ok
03:36:30.0979 2372 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
03:36:30.0979 2372 NisDrv - ok
03:36:31.0010 2372 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
03:36:31.0010 2372 NisSrv - ok
03:36:31.0041 2372 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
03:36:31.0057 2372 NlaSvc - ok
03:36:31.0135 2372 [ 64A25B8441992FE4A3023083FCBE8BA4 ] nnCron C:\Program Files (x86)\nnCron\nncron.exe
03:36:31.0135 2372 nnCron - ok
03:36:31.0166 2372 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\windows\system32\drivers\npf.sys
03:36:31.0166 2372 NPF - ok
03:36:31.0213 2372 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
03:36:31.0213 2372 Npfs - ok
03:36:31.0244 2372 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
03:36:31.0244 2372 nsi - ok
03:36:31.0275 2372 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
03:36:31.0275 2372 nsiproxy - ok
03:36:31.0384 2372 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
03:36:31.0400 2372 Ntfs - ok
03:36:31.0494 2372 [ 7420B2E1F65642129B6E23BD42F752AA ] ntk_PowerDVD C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys
03:36:31.0494 2372 ntk_PowerDVD - ok
03:36:31.0525 2372 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
03:36:31.0525 2372 Null - ok
03:36:31.0556 2372 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
03:36:31.0556 2372 nvraid - ok
03:36:31.0603 2372 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
03:36:31.0603 2372 nvstor - ok
03:36:31.0634 2372 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
03:36:31.0634 2372 nv_agp - ok
03:36:31.0743 2372 [ 696920221E3DBEDCFF60C21FC60C4DBC ] ocster_backup c:\Program Files\Ocster Backup\bin\backupService-ox.exe
03:36:31.0759 2372 ocster_backup - ok
03:36:31.0774 2372 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
03:36:31.0774 2372 ohci1394 - ok
03:36:31.0852 2372 [ DA345DE3B450E9E1691E7B9956D8FFC3 ] OMSI download service C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
03:36:31.0852 2372 OMSI download service - ok
03:36:31.0915 2372 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
03:36:31.0915 2372 ose - ok
03:36:32.0055 2372 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
03:36:32.0180 2372 osppsvc - ok
03:36:32.0211 2372 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
03:36:32.0227 2372 p2pimsvc - ok
03:36:32.0242 2372 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
03:36:32.0258 2372 p2psvc - ok
03:36:32.0367 2372 [ 77CDC6C43D8C3E05D0E21B36EAABEBAE ] PanService C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
03:36:32.0367 2372 PanService - ok
03:36:32.0414 2372 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
03:36:32.0414 2372 Parport - ok
03:36:32.0476 2372 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
03:36:32.0476 2372 partmgr - ok
03:36:32.0508 2372 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
03:36:32.0742 2372 PcaSvc - ok
03:36:32.0788 2372 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
03:36:32.0788 2372 pci - ok
03:36:32.0804 2372 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
03:36:32.0804 2372 pciide - ok
03:36:32.0851 2372 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
03:36:32.0851 2372 pcmcia - ok
03:36:32.0913 2372 [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin C:\windows\system32\Drivers\pcouffin.sys
03:36:32.0913 2372 pcouffin - ok
03:36:32.0929 2372 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
03:36:32.0929 2372 pcw - ok
03:36:32.0991 2372 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
03:36:33.0007 2372 PEAUTH - ok
03:36:33.0085 2372 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
03:36:33.0085 2372 PerfHost - ok
03:36:33.0163 2372 [ 4DDD6ECD65E4A4B3C3E0A0D9643B5DCA ] PfFilter C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys
03:36:33.0163 2372 PfFilter - ok
03:36:33.0194 2372 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
03:36:33.0194 2372 PGEffect - ok
03:36:33.0256 2372 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
03:36:33.0288 2372 pla - ok
03:36:37.0390 2372 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
03:36:37.0406 2372 PlugPlay - ok
03:36:37.0453 2372 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
03:36:37.0531 2372 PNRPAutoReg - ok
03:36:37.0687 2372 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
03:36:37.0702 2372 PNRPsvc - ok
03:36:37.0921 2372 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
03:36:37.0936 2372 PolicyAgent - ok
03:36:37.0968 2372 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
03:36:37.0968 2372 Power - ok
03:36:38.0014 2372 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
03:36:38.0014 2372 PptpMiniport - ok
03:36:38.0046 2372 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
03:36:38.0046 2372 Processor - ok
03:36:38.0108 2372 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
03:36:38.0124 2372 ProfSvc - ok
03:36:38.0155 2372 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
03:36:38.0155 2372 ProtectedStorage - ok
03:36:38.0202 2372 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
03:36:38.0202 2372 Psched - ok
03:36:38.0233 2372 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
03:36:38.0233 2372 PSI_SVC_2 - ok
03:36:38.0280 2372 [ 838E03C9DA764467EDD9B99D1EFB809C ] PSMounter C:\windows\system32\drivers\psmounter.sys
03:36:38.0280 2372 PSMounter - ok
03:36:38.0326 2372 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
03:36:38.0342 2372 ql2300 - ok
03:36:38.0358 2372 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
03:36:38.0358 2372 ql40xx - ok
03:36:38.0404 2372 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
03:36:38.0404 2372 QWAVE - ok
03:36:38.0420 2372 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
03:36:38.0420 2372 QWAVEdrv - ok
03:36:38.0498 2372 [ E5F568414F32873E6EC9FD97F9EE980C ] RalinkRegistryWriter C:\Program Files (x86)\Tenda\Common\RaRegistry.exe
03:36:38.0607 2372 RalinkRegistryWriter - ok
03:36:38.0638 2372 [ FFB6C1E16FF8772F62693A3DCA731F8F ] RalinkRegistryWriter64 C:\Program Files (x86)\Tenda\Common\RaRegistry64.exe
03:36:38.0638 2372 RalinkRegistryWriter64 - ok
03:36:38.0654 2372 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
03:36:38.0654 2372 RasAcd - ok
03:36:38.0701 2372 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
03:36:38.0716 2372 RasAgileVpn - ok
03:36:38.0732 2372 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
03:36:38.0732 2372 RasAuto - ok
03:36:38.0794 2372 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
03:36:38.0794 2372 Rasl2tp - ok
03:36:38.0857 2372 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
03:36:38.0872 2372 RasMan - ok
03:36:38.0888 2372 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
03:36:38.0888 2372 RasPppoe - ok
03:36:38.0904 2372 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
03:36:38.0904 2372 RasSstp - ok
03:36:38.0966 2372 RCP-Host - ok
03:36:39.0013 2372 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
03:36:39.0013 2372 rdbss - ok
03:36:39.0044 2372 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
03:36:39.0044 2372 rdpbus - ok
03:36:39.0075 2372 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
03:36:39.0075 2372 RDPCDD - ok
03:36:39.0106 2372 [ BDF2DB2F19945AFAF102A2C03062EFB1 ] RDPDISPM C:\windows\system32\DRIVERS\rdpdispm.sys
03:36:39.0106 2372 RDPDISPM - ok
03:36:39.0138 2372 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
03:36:39.0138 2372 RDPENCDD - ok
03:36:39.0153 2372 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
03:36:39.0153 2372 RDPREFMP - ok
03:36:39.0231 2372 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
03:36:39.0247 2372 RDPWD - ok
03:36:39.0278 2372 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
03:36:39.0294 2372 rdyboost - ok
03:36:39.0356 2372 [ BE9861E1A18E01C38338FEACD75C5EAD ] ReflectService C:\Program Files\Macrium\Reflect\ReflectService.exe
03:36:39.0356 2372 ReflectService - ok
03:36:39.0403 2372 [ 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6 ] regi C:\windows\system32\drivers\regi.sys
03:36:39.0403 2372 regi - ok
03:36:39.0434 2372 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
03:36:39.0434 2372 RemoteAccess - ok
03:36:39.0481 2372 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
03:36:39.0481 2372 RemoteRegistry - ok
03:36:39.0528 2372 [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt C:\windows\system32\DRIVERS\revoflt.sys
03:36:39.0528 2372 Revoflt - ok
03:36:39.0559 2372 [ CAF88D6573D21CD2AA27001DDBFDC74D ] RMCAST C:\windows\system32\DRIVERS\RMCAST.sys
03:36:39.0559 2372 RMCAST - ok
03:36:39.0606 2372 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
03:36:39.0606 2372 rpcapd - ok
03:36:39.0652 2372 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
03:36:39.0652 2372 RpcEptMapper - ok
03:36:39.0684 2372 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
03:36:39.0684 2372 RpcLocator - ok
03:36:39.0730 2372 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
03:36:39.0730 2372 RpcSs - ok
03:36:39.0777 2372 [ C606C5F712A3761896CEFFA4AF6B1268 ] RsFx0151 C:\windows\system32\DRIVERS\RsFx0151.sys
03:36:39.0777 2372 RsFx0151 - ok
03:36:39.0824 2372 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
03:36:39.0824 2372 rspndr - ok
03:36:39.0855 2372 [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
03:36:39.0871 2372 RSUSBSTOR - ok
03:36:39.0902 2372 [ FD978B2BF8A9B2390DCBEF435E9C1F9F ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
03:36:39.0902 2372 RTL8167 - ok
03:36:39.0949 2372 [ FFC748D848740D1BC8F330A8879C2674 ] RTL8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys
03:36:39.0964 2372 RTL8192Ce - ok
03:36:39.0996 2372 [ 032F537623A7B2FB81AAA184C30B70C3 ] s0017bus C:\windows\system32\DRIVERS\s0017bus.sys
03:36:39.0996 2372 s0017bus - ok
03:36:40.0011 2372 [ 9964A28E569B4FF105B446EF8978FD5C ] s0017mdfl C:\windows\system32\DRIVERS\s0017mdfl.sys
03:36:40.0027 2372 s0017mdfl - ok
03:36:40.0042 2372 [ 06347087D274C23DCFA8C4AB5C4314DB ] s0017mdm C:\windows\system32\DRIVERS\s0017mdm.sys
03:36:40.0042 2372 s0017mdm - ok
03:36:40.0105 2372 [ F0F0747B3FA50272DE6B1BF575FA4700 ] s0017mgmt C:\windows\system32\DRIVERS\s0017mgmt.sys
03:36:40.0105 2372 s0017mgmt - ok
03:36:40.0136 2372 [ 7224412CEA2FF2DF7D4842C1B0E71045 ] s0017nd5 C:\windows\system32\DRIVERS\s0017nd5.sys
03:36:40.0136 2372 s0017nd5 - ok
03:36:40.0167 2372 [ 3FEADBC7F09B8B596CBFB82F12ABA87F ] s0017obex C:\windows\system32\DRIVERS\s0017obex.sys
03:36:40.0167 2372 s0017obex - ok
03:36:40.0198 2372 [ 2B63BEA31D939888B2A8F3F14D89B5C1 ] s0017unic C:\windows\system32\DRIVERS\s0017unic.sys
03:36:40.0214 2372 s0017unic - ok
03:36:40.0261 2372 [ 593F9D5CE0CC58BC863AC01FBD8A186D ] SafDskNT C:\windows\system32\drivers\SAFDSKNT.SYS
03:36:40.0276 2372 SafDskNT - ok
03:36:40.0292 2372 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
03:36:40.0292 2372 SamSs - ok
03:36:40.0339 2372 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
03:36:40.0339 2372 SASDIFSV - ok
03:36:40.0386 2372 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
03:36:40.0386 2372 SASKUTIL - ok
03:36:40.0417 2372 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
03:36:40.0417 2372 sbp2port - ok
03:36:40.0432 2372 SBSDWSCService - ok
03:36:40.0479 2372 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
03:36:40.0479 2372 SCardSvr - ok
03:36:40.0542 2372 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
03:36:40.0666 2372 scfilter - ok
03:36:40.0744 2372 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
03:36:40.0760 2372 Schedule - ok
03:36:40.0807 2372 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
03:36:40.0807 2372 SCPolicySvc - ok
03:36:40.0822 2372 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
03:36:40.0838 2372 SDRSVC - ok
03:36:40.0916 2372 [ 16B44D246835EAC156F8DAF0AA4F530C ] SeagateDashboardService C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
03:36:40.0916 2372 SeagateDashboardService - ok
03:36:40.0978 2372 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
03:36:40.0978 2372 secdrv - ok
03:36:41.0025 2372 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
03:36:41.0025 2372 seclogon - ok
03:36:41.0088 2372 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
03:36:41.0088 2372 SENS - ok
03:36:41.0134 2372 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
03:36:41.0134 2372 SensrSvc - ok
03:36:41.0150 2372 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
03:36:41.0150 2372 Serenum - ok
03:36:41.0166 2372 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
03:36:41.0166 2372 Serial - ok
03:36:41.0197 2372 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
03:36:41.0212 2372 sermouse - ok
03:36:41.0290 2372 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
03:36:41.0290 2372 SessionEnv - ok
03:36:41.0337 2372 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
03:36:41.0337 2372 sffdisk - ok
03:36:41.0400 2372 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
03:36:41.0400 2372 sffp_mmc - ok
03:36:41.0415 2372 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
03:36:41.0415 2372 sffp_sd - ok
03:36:41.0462 2372 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
03:36:41.0462 2372 sfloppy - ok
03:36:41.0556 2372 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
03:36:41.0571 2372 Sftfs - ok
03:36:41.0649 2372 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
03:36:41.0649 2372 sftlist - ok
03:36:41.0680 2372 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
03:36:41.0680 2372 Sftplay - ok
03:36:41.0758 2372 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
03:36:41.0758 2372 Sftredir - ok
03:36:41.0821 2372 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
03:36:41.0821 2372 Sftvol - ok
03:36:41.0836 2372 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
03:36:41.0836 2372 sftvsa - ok
03:36:41.0899 2372 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
03:36:41.0899 2372 SharedAccess - ok
03:36:41.0946 2372 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
03:36:41.0946 2372 ShellHWDetection - ok
03:36:42.0024 2372 [ E9E830D540EDEDED650F906628468548 ] simptcp C:\windows\System32\tcpsvcs.exe
03:36:42.0024 2372 simptcp - ok
03:36:42.0055 2372 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
03:36:42.0055 2372 SiSRaid2 - ok
03:36:42.0070 2372 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
03:36:42.0070 2372 SiSRaid4 - ok
03:36:42.0148 2372 [ DB0405D9AAD62F0762E0876AC142B7E1 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
03:36:42.0148 2372 SkypeUpdate - ok
03:36:42.0211 2372 [ 94CE7845AF6A2065B829E0126CD56236 ] SmartDefragDriver C:\windows\system32\Drivers\SmartDefragDriver.sys
03:36:42.0211 2372 SmartDefragDriver - ok
03:36:42.0289 2372 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
03:36:42.0289 2372 Smb - ok
03:36:42.0336 2372 [ CA62AE004E98374BF7F082CD765EEA02 ] SNMP C:\windows\System32\snmp.exe
03:36:42.0351 2372 SNMP - ok
03:36:42.0398 2372 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
03:36:42.0398 2372 SNMPTRAP - ok
03:36:42.0445 2372 [ 5218C5C99C9FFCBBE42C253645A03455 ] spiceworks C:\Program Files (x86)\Spiceworks\bin\spiceworks.exe
03:36:42.0460 2372 spiceworks - ok
03:36:42.0476 2372 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
03:36:42.0492 2372 spldr - ok
03:36:42.0944 2372 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
03:36:42.0960 2372 Spooler - ok
03:36:43.0084 2372 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
03:36:43.0162 2372 sppsvc - ok
03:36:43.0209 2372 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
03:36:43.0209 2372 sppuinotify - ok
03:36:43.0272 2372 [ 602884696850C86434530790B110E8EB ] sptd C:\windows\system32\Drivers\sptd.sys
03:36:43.0272 2372 sptd - ok
03:36:43.0334 2372 [ B9657A0AFF28C1CB114ACC0CB93EE4BB ] sp_rsdrv2 C:\windows\system32\DRIVERS\stflt.sys
03:36:43.0334 2372 sp_rsdrv2 - ok
03:36:43.0459 2372 [ 3420E0482AD95120B471B7328A8D7D08 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
03:36:43.0599 2372 SQLAgent$SQLEXPRESS - ok
03:36:43.0771 2372 [ 7D67C07C63796775CC5492BCFEAFF125 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
03:36:43.0786 2372 SQLBrowser - ok
03:36:43.0864 2372 [ F98DDFBFE0EE66D4C4B00693512B9527 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
03:36:43.0864 2372 SQLWriter - ok
03:36:43.0911 2372 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
03:36:43.0911 2372 srv - ok
03:36:43.0974 2372 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
03:36:43.0974 2372 srv2 - ok
03:36:44.0005 2372 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
03:36:44.0005 2372 srvnet - ok
03:36:44.0036 2372 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
03:36:44.0036 2372 SSDPSRV - ok
03:36:44.0067 2372 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
03:36:44.0067 2372 SstpSvc - ok
03:36:44.0130 2372 [ 78CD64791F8634CF7B582FD085E57C4B ] ssudmdm C:\windows\system32\DRIVERS\ssudmdm.sys
03:36:44.0130 2372 ssudmdm - ok
03:36:44.0208 2372 [ 197B557D20834DB68964F69F6387BC3B ] ST2012_Svc C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
03:36:44.0223 2372 ST2012_Svc - ok
03:36:44.0223 2372 StarOpen - ok
03:36:44.0270 2372 [ 415205B445C60B09E779F78D6DF25667 ] StarPortLite C:\windows\system32\DRIVERS\StarPortLite.sys
03:36:44.0270 2372 StarPortLite - ok
03:36:44.0317 2372 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
03:36:44.0317 2372 stexstor - ok
03:36:44.0364 2372 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
03:36:44.0364 2372 stisvc - ok
03:36:44.0395 2372 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
03:36:44.0395 2372 swenum - ok
03:36:44.0613 2372 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
03:36:44.0613 2372 SwitchBoard - ok
03:36:44.0660 2372 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
03:36:44.0676 2372 swprv - ok
03:36:44.0707 2372 [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
03:36:44.0722 2372 SynTP - ok
03:36:44.0816 2372 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
03:36:44.0832 2372 SysMain - ok
03:36:44.0894 2372 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
03:36:44.0894 2372 TabletInputService - ok
03:36:44.0956 2372 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
03:36:44.0972 2372 TapiSrv - ok
03:36:45.0003 2372 [ 93F0F5EF8A4CA261372DF98B31B2BD05 ] tbhsd C:\windows\system32\drivers\tbhsd.sys
03:36:45.0019 2372 tbhsd - ok
03:36:45.0050 2372 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
03:36:45.0050 2372 TBS - ok
03:36:45.0144 2372 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\windows\system32\drivers\tcpip.sys
03:36:45.0159 2372 Tcpip - ok
03:36:45.0237 2372 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
03:36:45.0253 2372 TCPIP6 - ok
03:36:45.0331 2372 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
03:36:45.0331 2372 tcpipreg - ok
03:36:45.0362 2372 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
03:36:45.0362 2372 tdcmdpst - ok
03:36:45.0393 2372 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
03:36:45.0393 2372 TDPIPE - ok
03:36:45.0487 2372 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
03:36:45.0487 2372 TDTCP - ok
03:36:45.0518 2372 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
03:36:45.0518 2372 tdx - ok
03:36:45.0674 2372 [ 8A9828975A857E477EFEF5A61BA45AC0 ] TeamViewer6 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
03:36:45.0752 2372 TeamViewer6 - ok
03:36:45.0783 2372 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
03:36:45.0799 2372 TermDD - ok
03:36:45.0846 2372 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
03:36:45.0861 2372 TermService - ok
03:36:45.0892 2372 [ FA5BFB71E561D279EDAE7E118435C1C9 ] TfFsMon C:\windows\system32\drivers\TfFsMon.sys
03:36:45.0892 2372 TfFsMon - ok
03:36:45.0908 2372 [ FA8400D74345EC4BF10E476CA0AAA2DF ] TfNetMon C:\windows\system32\drivers\TfNetMon.sys
03:36:45.0908 2372 TfNetMon - ok
03:36:45.0939 2372 [ F11AA1A704A4C027E5E8E0F355523834 ] TfSysMon C:\windows\system32\drivers\TfSysMon.sys
03:36:45.0955 2372 TfSysMon - ok
03:36:45.0986 2372 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
03:36:45.0986 2372 Themes - ok
03:36:46.0017 2372 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
03:36:46.0017 2372 THREADORDER - ok
03:36:46.0080 2372 ThreatFire - ok
03:36:46.0111 2372 [ 519CB7D7F697F4BA47DE05845C20F158 ] TlntSvr C:\windows\System32\tlntsvr.exe
03:36:46.0111 2372 TlntSvr - ok
03:36:46.0173 2372 [ F120967184A27E927052E8DDBB727851 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
03:36:46.0189 2372 TMachInfo - ok
03:36:46.0204 2372 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe
03:36:46.0204 2372 TODDSrv - ok
03:36:46.0298 2372 [ 98C864481D62F86EC8AF65BE3419A95B ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
03:36:46.0298 2372 TosCoSrv - ok
03:36:46.0345 2372 [ 2AB7A4697462EDB0C9DFAFC529746BA9 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
03:36:46.0345 2372 TOSHIBA eco Utility Service - ok
03:36:46.0438 2372 [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
03:36:46.0438 2372 TOSHIBA HDD SSD Alert Service - ok
03:36:46.0485 2372 [ 97687D094AA597DA366E1194B218CC6C ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
03:36:46.0594 2372 TPCHSrv - ok
03:36:46.0657 2372 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
03:36:46.0657 2372 TrkWks - ok
03:36:46.0719 2372 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
03:36:46.0735 2372 TrustedInstaller - ok
03:36:46.0766 2372 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
03:36:46.0766 2372 tssecsrv - ok
03:36:46.0797 2372 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
03:36:46.0797 2372 TsUsbFlt - ok
03:36:46.0828 2372 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
03:36:46.0844 2372 tunnel - ok
03:36:46.0906 2372 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
03:36:46.0906 2372 TVALZ - ok
03:36:46.0953 2372 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
03:36:46.0953 2372 TVALZFL - ok
03:36:46.0984 2372 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
03:36:46.0984 2372 uagp35 - ok
03:36:47.0031 2372 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
03:36:47.0031 2372 udfs - ok
03:36:47.0078 2372 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
03:36:47.0078 2372 UI0Detect - ok
03:36:47.0109 2372 [ BD955C54F7759F4833E8DF6BEE20849E ] UimBus C:\windows\system32\DRIVERS\uimx64.sys
03:36:47.0109 2372 UimBus - ok
03:36:47.0140 2372 [ FF50AC44B6FCD61FEE4D5F3A5CED6E27 ] Uim_IM C:\windows\system32\Drivers\Uim_IMx64.sys
03:36:47.0156 2372 Uim_IM - ok
03:36:47.0203 2372 [ F0430333EC10A151DE633D2362960BDE ] Uim_VIM C:\windows\system32\Drivers\uim_vimx64.sys
03:36:47.0218 2372 Uim_VIM - ok
03:36:47.0265 2372 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
03:36:47.0265 2372 uliagpkx - ok
03:36:47.0312 2372 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
03:36:47.0312 2372 umbus - ok
03:36:47.0343 2372 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
03:36:47.0343 2372 UmPass - ok
03:36:47.0499 2372 [ CC3775100ABA633984F73DFAE1F55CAE ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
03:36:47.0562 2372 UNS - ok
03:36:47.0640 2372 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
03:36:47.0655 2372 upnphost - ok
03:36:47.0702 2372 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys
03:36:47.0702 2372 usbaudio - ok
03:36:47.0733 2372 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
03:36:47.0733 2372 usbccgp - ok
03:36:47.0780 2372 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
03:36:47.0796 2372 usbcir - ok
03:36:47.0827 2372 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
03:36:47.0827 2372 usbehci - ok
03:36:47.0874 2372 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
03:36:47.0874 2372 usbhub - ok
03:36:47.0920 2372 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
03:36:47.0920 2372 usbohci - ok
03:36:47.0952 2372 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
03:36:47.0967 2372 usbprint - ok
03:36:48.0014 2372 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
03:36:48.0108 2372 USBSTOR - ok
03:36:48.0154 2372 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
03:36:48.0154 2372 usbuhci - ok
03:36:48.0201 2372 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
03:36:48.0232 2372 usbvideo - ok
03:36:48.0264 2372 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
03:36:48.0264 2372 UxSms - ok
03:36:48.0279 2372 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
03:36:48.0279 2372 VaultSvc - ok
03:36:48.0342 2372 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\windows\system32\DRIVERS\VClone.sys
03:36:48.0342 2372 VClone - ok
03:36:48.0357 2372 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
03:36:48.0357 2372 vdrvroot - ok
03:36:48.0420 2372 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
03:36:48.0435 2372 vds - ok
03:36:48.0513 2372 [ E449211A88BBF6B734DE39140BAF3389 ] VeriWave FLEXnet License Manager C:\Program Files (x86)\VeriWave\WaveDeploy\lmgrd.exe
03:36:48.0622 2372 VeriWave FLEXnet License Manager - ok
03:36:48.0654 2372 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
03:36:48.0669 2372 vga - ok
03:36:48.0700 2372 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
03:36:48.0700 2372 VgaSave - ok
03:36:48.0732 2372 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
03:36:48.0732 2372 vhdmp - ok
03:36:48.0763 2372 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
03:36:48.0763 2372 viaide - ok
03:36:48.0794 2372 VideoAcceleratorService - ok
03:36:48.0825 2372 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
03:36:48.0825 2372 volmgr - ok
03:36:48.0872 2372 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
03:36:48.0872 2372 volmgrx - ok
03:36:48.0919 2372 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
03:36:48.0919 2372 volsnap - ok
03:36:49.0044 2372 [ 1338E2C8EF12FACE454F1D1E8644D504 ] VRSService C:\Program Files (x86)\NCH Swift Sound\VRS\vrs.exe
03:36:49.0059 2372 VRSService - ok
03:36:49.0106 2372 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
03:36:49.0106 2372 vsmraid - ok
03:36:49.0184 2372 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
03:36:49.0215 2372 VSS - ok
03:36:49.0278 2372 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
03:36:49.0278 2372 vwifibus - ok
03:36:49.0293 2372 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
03:36:49.0293 2372 vwififlt - ok
03:36:49.0340 2372 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
03:36:49.0340 2372 vwifimp - ok
03:36:49.0387 2372 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
03:36:49.0402 2372 W32Time - ok
03:36:49.0480 2372 [ B32009DB1972E7F2C227499289C4384A ] W3SVC C:\windows\system32\inetsrv\iisw3adm.dll
03:36:49.0480 2372 W3SVC - ok
03:36:49.0512 2372 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
03:36:49.0512 2372 WacomPen - ok
03:36:49.0543 2372 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
03:36:49.0543 2372 WANARP - ok
03:36:49.0558 2372 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
03:36:49.0558 2372 Wanarpv6 - ok
03:36:49.0590 2372 [ B32009DB1972E7F2C227499289C4384A ] WAS C:\windows\system32\inetsrv\iisw3adm.dll
03:36:49.0590 2372 WAS - ok
03:36:49.0668 2372 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
03:36:49.0683 2372 WatAdminSvc - ok
03:36:49.0746 2372 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
03:36:49.0761 2372 wbengine - ok
03:36:49.0808 2372 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
03:36:49.0808 2372 WbioSrvc - ok
03:36:49.0855 2372 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
03:36:49.0870 2372 wcncsvc - ok
03:36:49.0886 2372 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
03:36:49.0886 2372 WcsPlugInService - ok
03:36:49.0902 2372 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
03:36:49.0902 2372 Wd - ok
03:36:49.0964 2372 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
03:36:49.0980 2372 Wdf01000 - ok
03:36:50.0026 2372 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
03:36:50.0026 2372 WdiServiceHost - ok
03:36:50.0073 2372 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
03:36:50.0073 2372 WdiSystemHost - ok
03:36:50.0136 2372 [ 5124AC756D3585A3C080690EA98C6C11 ] WebCamHelper C:\PROGRA~2\AVWEBC~1\WebCamHelper.sys
03:36:50.0136 2372 WebCamHelper - ok
03:36:50.0167 2372 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
03:36:50.0167 2372 WebClient - ok
03:36:50.0214 2372 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
03:36:50.0214 2372 Wecsvc - ok
03:36:50.0292 2372 [ BFCF672F15853A78FAC00E18807060E3 ] WefiEngSvc C:\Program Files (x86)\WeFi\WefiEngSvc.exe
03:36:50.0307 2372 WefiEngSvc - ok
03:36:50.0307 2372 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
03:36:50.0323 2372 wercplsupport - ok
03:36:50.0338 2372 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
03:36:50.0338 2372 WerSvc - ok
03:36:50.0354 2372 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
03:36:50.0370 2372 WfpLwf - ok
03:36:50.0385 2372 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
03:36:50.0385 2372 WIMMount - ok
03:36:50.0416 2372 WinDefend - ok
03:36:50.0463 2372 WinHttpAutoProxySvc - ok
03:36:50.0650 2372 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
03:36:50.0666 2372 Winmgmt - ok
03:36:50.0713 2372 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 C:\Program Files (x86)\BatteryCare\WinRing0x64.sys
03:36:50.0713 2372 WinRing0_1_2_0 - ok
03:36:50.0822 2372 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
03:36:50.0838 2372 WinRM - ok
03:36:50.0900 2372 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
03:36:50.0900 2372 WinUsb - ok
03:36:50.0947 2372 [ F3EDC9909A02E6BCA863EB702D37B505 ] WinVNC4 C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe
03:36:50.0962 2372 WinVNC4 - ok
03:36:51.0009 2372 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
03:36:51.0025 2372 Wlansvc - ok
03:36:51.0072 2372 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
03:36:51.0072 2372 wlcrasvc - ok
03:36:51.0165 2372 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
03:36:51.0228 2372 wlidsvc - ok
03:36:51.0259 2372 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
03:36:51.0259 2372 WmiAcpi - ok
03:36:51.0290 2372 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
03:36:51.0306 2372 wmiApSrv - ok
03:36:51.0321 2372 WMPNetworkSvc - ok
03:36:51.0368 2372 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
03:36:51.0384 2372 WPCSvc - ok
03:36:51.0415 2372 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
03:36:51.0415 2372 WPDBusEnum - ok
03:36:51.0462 2372 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
03:36:51.0462 2372 ws2ifsl - ok
03:36:51.0493 2372 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
03:36:51.0493 2372 wscsvc - ok
03:36:51.0508 2372 WSearch - ok
03:36:51.0633 2372 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
03:36:51.0664 2372 wuauserv - ok
03:36:51.0711 2372 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
03:36:51.0711 2372 WudfPf - ok
03:36:51.0758 2372 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
03:36:51.0774 2372 WUDFRd - ok
03:36:51.0805 2372 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
03:36:51.0805 2372 wudfsvc - ok
03:36:51.0852 2372 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
03:36:51.0867 2372 WwanSvc - ok
03:36:51.0945 2372 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
03:36:51.0961 2372 YahooAUService - ok
03:36:52.0023 2372 [ 81036237EDA4A4F5B3ABDAE1F7C9AA60 ] ZentimoService C:\Program Files (x86)\Zentimo\ZentimoService.exe
03:36:52.0039 2372 ZentimoService - ok
03:36:52.0101 2372 [ 1870A74EE2901CA09FFBFE79A5EE0E94 ] {329F96B6-DF1E-4328-BFDA-39EA953C1312} C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl
03:36:52.0101 2372 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
03:36:52.0148 2372 ================ Scan global ===============================
03:36:52.0195 2372 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
03:36:52.0226 2372 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
03:36:52.0242 2372 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
03:36:52.0273 2372 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
03:36:52.0335 2372 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
03:36:52.0335 2372 [Global] - ok
03:36:52.0335 2372 ================ Scan MBR ==================================
03:36:52.0351 2372 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
03:36:52.0614 2372 \Device\Harddisk0\DR0 - ok
03:36:52.0615 2372 ================ Scan VBR ==================================
03:36:52.0643 2372 [ 0F8BDE68A12CEE06CB7F64103B421608 ] \Device\Harddisk0\DR0\Partition1
03:36:52.0645 2372 \Device\Harddisk0\DR0\Partition1 - ok
03:36:52.0645 2372 ============================================================
03:36:52.0645 2372 Scan finished
03:36:52.0645 2372 ============================================================
03:36:52.0680 2684 Detected object count: 0
03:36:52.0680 2684 Actual detected object count: 0
03:37:45.0017 2604 Deinitialize success

#12 kathmandu64

kathmandu64
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:chicago
  • Local time:08:40 PM

Posted 06 September 2012 - 01:41 AM

hello Gary ,, greeting to you , what i mean the computer just shutt off when iam online, its stops it dosent restart i ve to press button, so iam not shure when it turned off .this happend when i was cleaning computer vires / malware so i thought may be its vires. i can only use internet explorer browser, no other browser usaubale, up to now ican go online.


i have only ADWCleaner report, VIRUSTOTAL i have found in C- is-8U6KA.EXE Iam wating for report but it says please wait, ive been waiting almost 50 mins. mean time iam afraid my computer might go turned off, other thing i am not able clean this program files \BKAV 2006 this is antivires i downloaded from VIETNAM SITES, i thought deleted from computer but some part still exist, is it OK TO UNSTALL IT ?? or not plz adviced , when iam done i will send ASAp report

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
# AdwCleaner v2.000 - Logfile created 09/05/2012 at 23:09:04
# Updated 30/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : kathmandu - CHICAGO
# Boot Mode : Normal
# Running from : C:\Users\kathmandu\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Found : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\windows\SysWOW64\conduitEngine.tmp
Folder Found : C:\Program Files (x86)\Bandoo
Folder Found : C:\Program Files (x86)\BitTorrentBar
Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\ConduitEngine
Folder Found : C:\Program Files (x86)\Freecorder
Folder Found : C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder
Folder Found : C:\Program Files (x86)\NCH_EN
Folder Found : C:\Program Files (x86)\vGrabber
Folder Found : C:\Program Files (x86)\Winamp Toolbar
Folder Found : C:\Program Files (x86)\Yontoo Layers Runtime
Folder Found : C:\Program Files (x86)\YouTube Downloader Toolbar
Folder Found : C:\ProgramData\Anti-phishing Domain Advisor
Folder Found : C:\ProgramData\Bandoo
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\WeCareReminder
Folder Found : C:\ProgramData\Winamp Toolbar
Folder Found : C:\Users\kathmandu\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\kathmandu\AppData\LocalLow\BitTorrentBar
Folder Found : C:\Users\kathmandu\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\kathmandu\AppData\LocalLow\Conduit
Folder Found : C:\Users\kathmandu\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\kathmandu\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\kathmandu\AppData\LocalLow\Freecorder
Folder Found : C:\Users\kathmandu\AppData\LocalLow\FreeOnlineRadioPlayerRecorder
Folder Found : C:\Users\kathmandu\AppData\LocalLow\NCH_EN
Folder Found : C:\Users\kathmandu\AppData\LocalLow\PriceGong
Folder Found : C:\Users\kathmandu\AppData\LocalLow\Search Settings
Folder Found : C:\Users\kathmandu\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\kathmandu\AppData\Roaming\Bandoo
Folder Found : C:\Users\kathmandu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freecorder
Folder Found : C:\Users\kathmandu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vGrabber
Folder Found : C:\Users\kathmandu\AppData\Roaming\OpenCandy
Folder Found : C:\windows\Freecorder
Folder Found : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\BitTorrentBar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Dealio
Key Found : HKCU\Software\AppDataLow\Software\Freecorder
Key Found : HKCU\Software\AppDataLow\Software\FreeOnlineRadioPlayerRecorder
Key Found : HKCU\Software\AppDataLow\Software\NCH_EN
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask&Record
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\BitTorrentBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\conduitEngine
Key Found : HKCU\Software\conduitEngine
Key Found : HKCU\Software\Freecorder
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F999A48B-1950-4D81-9971-79018F807B4B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36794797-7CF7-4B1D-8BB6-6DDA649F7705}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Found : HKCU\Software\NCH_EN
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\wecarereminder
Key Found : HKCU\Software\Winamp Toolbar
Key Found : HKCU\Toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\Software\BitTorrentBar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Found : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Found : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Key Found : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Found : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2737658
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2801948
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\Freecorder
Key Found : HKLM\Software\FreeOnlineRadioPlayerRecorder
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{36794797-7CF7-4B1D-8BB6-6DDA649F7705}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{440A7C69-9713-4AE4-83F1-2494557D91A6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A40A5504-7C3E-41E4-AA23-23CCABF3B91E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2DDB081-10D0-4804-AB95-73C70CBA3805}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\Software\NCH_EN
Key Found : HKLM\Software\Search Settings
Key Found : HKLM\Software\Winamp Toolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2656B92B-0207-4afb-BEBF-F5FD231ECD39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{36794797-7CF7-4B1D-8BB6-6DDA649F7705}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{440A7C69-9713-4AE4-83F1-2494557D91A6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{59570C1F-B692-48c9-91B4-7809E6945287}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{63A0F7FA-2C95-4d7e-AF25-EFCC303D20A1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6559E502-6EE1-46b8-A83C-F3A45BDA23EE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40A5504-7C3E-41E4-AA23-23CCABF3B91E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B2DDB081-10D0-4804-AB95-73C70CBA3805}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C63CA8A4-AB4E-49e5-A6C0-33FC86D80205}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C6A7847E-8931-4a9a-B4EF-72A91E3CCF4D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD0F1D24-E250-4e93-966C-65615720AEFB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EC1277BB-1C71-4c0d-BA6D-BFEA16E773A6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F999A48B-1950-4D81-9971-79018F807B4B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0B7A5CC4-B866-4EC8-8965-61DCA157B91F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ECA87C5-8141-42A6-AF0C-9BF782173443}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D2DA6D8-CCFF-4936-86F6-A15645F85828}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83765B76-5527-45A8-9918-43BFA2E4BC7D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AB1D02E0-9CEA-49BD-A5AD-774C65BF2EFB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC288F9A-A573-417A-96FD-6ACD5FB3FDFB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0A70317-F15D-4CB6-AEE7-764389DAB8D1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F1ECF065-0979-497A-99A4-683537ACA032}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentBar Toolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FreeOnlineRadioPlayerRecorder Toolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NCH_EN Toolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Found : HKLM\SOFTWARE\Software
Key Found : HKU\S-1-5-21-980790821-3120828224-4190103299-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-980790821-3120828224-4190103299-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKU\S-1-5-21-980790821-3120828224-4190103299-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKU\S-1-5-21-980790821-3120828224-4190103299-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{37483B40-C254-4A72-BDA4-22EE90182C1E}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F999A48B-1950-4D81-9971-79018F807B4B}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F999A48B-1950-4D81-9971-79018F807B4B}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{37483B40-C254-4A72-BDA4-22EE90182C1E}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F999A48B-1950-4D81-9971-79018F807B4B}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.autocompletepro.com/?si=10191&bi=400
[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://search.autocompletepro.com/?si=10191&bi=400
[HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.autocompletepro.com/?si=10191&bi=400

*************************

AdwCleaner[R1].txt - [32121 octets] - [05/09/2012 23:09:04]

########## EOF - C:\AdwCleaner[R1].txt - [32182 octets] ##########

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,374 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:40 PM

Posted 06 September 2012 - 09:19 AM

Greetings kathmandu64,

There are several things we are going to address in this post.

Clean the adware on your computer
In reviewing your second TDSSKiller log I noticed you quarantined legitimate files so we need to address that. I will have you run a program to provide me with some information I need to be able to put them back.
I will have you run a powerful program to remove the folder we are having trouble with.
Finally, we will readdress the file we need to upload/check.

There is a lot to do so take your time and simply go step by step. :thumbup2:


===================================================


adwCleaner by Xplode - Delete Adware

-------------------

  • Close all open programs and internet browser
  • Double click on adwcleaner.exe
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt

===================================================


TDSS Qlook

--------------------

  • Please download TDSSQlook to your desktop
  • Double click theTDSSQlook icon
  • Select Run
  • Select A, then press Enter
  • A TDSSQ - Notepad document will open (or you can find it at C:\TDSSQ)
  • Please copy and paste the contents in your reply

===================================================


The Avenger By Swandog46

--------------------

  • Download The Avenger by Swandog46 and save it to your desktop
  • Right click on the zip folder and select Extract All...
    Select Next, then Next, then Finish
  • Double click on avenger.exe to run The Avenger
  • Click OK
  • Make sure that the box next to Scan for rootkits is checked and that the box next to Automatically disable any rootkits found is not checked
  • Copy and paste the following into the code box

    Folders to delete:
    C:\Program Files\Bkav2006
    
  • Click the Execute button
  • You will be asked Are you sure you want to execute the current script?
  • Click Yes
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?
  • Click Yes.
  • Your PC will now be rebooted

    Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.

  • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt)


===================================================


Please attempt to upload the file to VirusTotal again. If you are still unable to do it click here to go to a web page where you can upload the file directly to me.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • AdwWareCleaner.txt
  • TDSSQ information
  • avenger.txt
  • Upoad file information to VirusTotal or me

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#14 kathmandu64

kathmandu64
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:chicago
  • Local time:08:40 PM

Posted 07 September 2012 - 01:41 AM

hello gary, here is ADWcleaner result ;;;;;;;

# AdwCleaner v2.000 - Logfile created 09/07/2012 at 00:02:57
# Updated 30/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : kathmandu - CHICAGO
# Boot Mode : Normal
# Running from : C:\Users\kathmandu\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\windows\SysWOW64\conduitEngine.tmp
Folder Deleted : C:\Program Files (x86)\Bandoo
Folder Deleted : C:\Program Files (x86)\BitTorrentBar
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\Freecorder
Folder Deleted : C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder
Folder Deleted : C:\Program Files (x86)\NCH_EN
Folder Deleted : C:\Program Files (x86)\vGrabber
Folder Deleted : C:\Program Files (x86)\Winamp Toolbar
Folder Deleted : C:\Program Files (x86)\Yontoo Layers Runtime
Folder Deleted : C:\Program Files (x86)\YouTube Downloader Toolbar
Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor
Folder Deleted : C:\ProgramData\Bandoo
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\ProgramData\Winamp Toolbar
Folder Deleted : C:\Users\kathmandu\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\kathmandu\AppData\LocalLow\BitTorrentBar
Folder Deleted : C:\Users\kathmandu\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\kathmandu\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\kathmandu\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\kathmandu\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\kathmandu\AppData\LocalLow\Freecorder
Folder Deleted : C:\Users\kathmandu\AppData\LocalLow\FreeOnlineRadioPlayerRecorder
Folder Deleted : C:\Users\kathmandu\AppData\LocalLow\NCH_EN
Folder Deleted : C:\Users\kathmandu\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\kathmandu\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\kathmandu\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\kathmandu\AppData\Roaming\Bandoo
Folder Deleted : C:\Users\kathmandu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freecorder
Folder Deleted : C:\Users\kathmandu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vGrabber
Folder Deleted : C:\Users\kathmandu\AppData\Roaming\OpenCandy
Folder Deleted : C:\windows\Freecorder
Folder Deleted : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BitTorrentBar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Dealio
Key Deleted : HKCU\Software\AppDataLow\Software\Freecorder
Key Deleted : HKCU\Software\AppDataLow\Software\FreeOnlineRadioPlayerRecorder
Key Deleted : HKCU\Software\AppDataLow\Software\NCH_EN
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\BitTorrentBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\conduitEngine
Key Deleted : HKCU\Software\Freecorder
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F999A48B-1950-4D81-9971-79018F807B4B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36794797-7CF7-4B1D-8BB6-6DDA649F7705}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Deleted : HKCU\Software\NCH_EN
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\Winamp Toolbar
Key Deleted : HKCU\Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\BitTorrentBar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2737658
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2801948
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\Freecorder
Key Deleted : HKLM\Software\FreeOnlineRadioPlayerRecorder
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{36794797-7CF7-4B1D-8BB6-6DDA649F7705}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{440A7C69-9713-4AE4-83F1-2494557D91A6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A40A5504-7C3E-41E4-AA23-23CCABF3B91E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2DDB081-10D0-4804-AB95-73C70CBA3805}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\NCH_EN
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\Winamp Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2656B92B-0207-4afb-BEBF-F5FD231ECD39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{36794797-7CF7-4B1D-8BB6-6DDA649F7705}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{440A7C69-9713-4AE4-83F1-2494557D91A6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{59570C1F-B692-48c9-91B4-7809E6945287}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{63A0F7FA-2C95-4d7e-AF25-EFCC303D20A1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6559E502-6EE1-46b8-A83C-F3A45BDA23EE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40A5504-7C3E-41E4-AA23-23CCABF3B91E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B2DDB081-10D0-4804-AB95-73C70CBA3805}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C63CA8A4-AB4E-49e5-A6C0-33FC86D80205}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C6A7847E-8931-4a9a-B4EF-72A91E3CCF4D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD0F1D24-E250-4e93-966C-65615720AEFB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EC1277BB-1C71-4c0d-BA6D-BFEA16E773A6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F999A48B-1950-4D81-9971-79018F807B4B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0B7A5CC4-B866-4EC8-8965-61DCA157B91F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ECA87C5-8141-42A6-AF0C-9BF782173443}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D2DA6D8-CCFF-4936-86F6-A15645F85828}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83765B76-5527-45A8-9918-43BFA2E4BC7D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AB1D02E0-9CEA-49BD-A5AD-774C65BF2EFB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC288F9A-A573-417A-96FD-6ACD5FB3FDFB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0A70317-F15D-4CB6-AEE7-764389DAB8D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F1ECF065-0979-497A-99A4-683537ACA032}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentBar Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FreeOnlineRadioPlayerRecorder Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NCH_EN Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{37483B40-C254-4A72-BDA4-22EE90182C1E}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F999A48B-1950-4D81-9971-79018F807B4B}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F999A48B-1950-4D81-9971-79018F807B4B}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{37483B40-C254-4A72-BDA4-22EE90182C1E}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F999A48B-1950-4D81-9971-79018F807B4B}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.autocompletepro.com/?si=10191&bi=400 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://search.autocompletepro.com/?si=10191&bi=400 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.autocompletepro.com/?si=10191&bi=400 --> hxxp://www.google.com

*************************

AdwCleaner[R1].txt - [32152 octets] - [05/09/2012 23:09:04]
AdwCleaner[S1].txt - [32632 octets] - [07/09/2012 00:02:57]

########## EOF - C:\AdwCleaner[S1].txt - [32693 octets] ##########

#####################################################################################################
RESULT OF TDSSQLOOK .....
TDSSKiller Quarantine Information log
TDSS Qlook Version 1.0.0.5 - kathmandu - Fri 09/07/12 - 0:34:47.02.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1
***** START SCAN Fri 09/07/12 0:34:48.48 *****

---------- TDSSKiller logs ----------

TDSSKiller.2.8.8.0_27.08.2012_21.45.07_log.txt
TDSSKiller.2.8.8.0_29.08.2012_03.35.52_log.txt

---------- TDSSStarter logs ----------


---------- DIR LIST ----------

C:\TDSSKiller_Quarantine\27.08.2012_21.45.07
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0035
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0034
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0033
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0032
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0031
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0030
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0029
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0028
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0027
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0026
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0025
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0024
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0023
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0022
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0021
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0020
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0019
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0018
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0017
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0016
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0015
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0014
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0013
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0012
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0011
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0010
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0009
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0008
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0007
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0006
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0005
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0004
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0003
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0002
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0001
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0000\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0000\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0000\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0000\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0001\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0001\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0001\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0001\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0001\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0002\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0002\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0002\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0002\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0002\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0003\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0003\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0003\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0003\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0003\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0004\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0004\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0004\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0004\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0004\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0005\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0005\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0005\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0005\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0005\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0006\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0006\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0006\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0006\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0006\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0007\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0007\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0007\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0007\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0007\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0008\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0008\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0008\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0008\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0008\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0009\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0009\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0009\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0009\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0009\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0010\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0010\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0010\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0010\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0010\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0011\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0011\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0011\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0011\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0011\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0012\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0012\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0012\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0012\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0012\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0013\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0013\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0013\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0013\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0013\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0014\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0014\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0014\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0014\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0014\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0015\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0015\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0015\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0015\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0015\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0016\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0016\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0016\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0016\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0016\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0017\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0017\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0017\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0017\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0017\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0018\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0018\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0018\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0018\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0018\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0019\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0019\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0019\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0019\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0019\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0020\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0020\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0020\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0020\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0020\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0021\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0021\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0021\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0021\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0021\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0022\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0022\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0022\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0022\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0022\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0023\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0023\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0023\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0023\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0023\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0024\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0024\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0024\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0024\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0024\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0025\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0025\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0025\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0025\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0025\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0026\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0026\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0026\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0026\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0026\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0027\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0027\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0027\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0027\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0027\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0028\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0028\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0028\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0028\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0028\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0029\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0029\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0029\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0029\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0029\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0030\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0030\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0030\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0030\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0030\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0031\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0031\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0031\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0031\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0031\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0032\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0032\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0032\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0032\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0032\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0033\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0033\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0033\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0033\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0033\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0034\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0034\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0034\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0034\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0034\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0035\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0035\svc0000
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0035\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0035\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0035\svc0000\tsk0000.ini

---------- INI FILES ----------

=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0000\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0000\svc0000\object.ini

[InfectedObject]
Type: Service
Name: AxonService
Type: n/a (0x10)
Start: Disabled (0x4)
ImagePath: "C:\Program Files (x86)\NCH Swift Sound\Axon\axon.exe" -service


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0000\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files (x86)\NCH Swift Sound\Axon\axon.exe
md5: 030947713788A7B6415E66D2EBD24B13


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0001\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0001\svc0000\object.ini

[InfectedObject]
Type: Service
Name: Connectify
Type: n/a (0x10)
Start: Disabled (0x4)
ImagePath: C:\Program Files (x86)\Connectify\ConnectifyService.exe


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0001\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files (x86)\Connectify\ConnectifyService.exe
md5: 839BF3E10311FBA5D0DF632623D5ED2B


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0002\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0002\svc0000\object.ini

[InfectedObject]
Type: Service
Name: DelegateService
Type: n/a (0x10)
Start: Disabled (0x4)
ImagePath: "C:\Program Files (x86)\NCH Software\Delegate\delegate.exe" -service


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0002\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files (x86)\NCH Software\Delegate\delegate.exe
md5: EBC38B4DCF30FA00020B9F3205B11D21


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0003\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0003\svc0000\object.ini

[InfectedObject]
Type: Service
Name: DfSdkS
Type: n/a (0x10)
Start: Demand (0x3)
ImagePath: "C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control\Dfsdks.exe"


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0003\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control\Dfsdks.exe
md5: D51B32BA3897F630D99713B74B40D6A2


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0004\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0004\svc0000\object.ini

[InfectedObject]
Type: Service
Name: DialDictateService
Type: n/a (0x10)
Start: Disabled (0x4)
ImagePath: "C:\Program Files (x86)\NCH Swift Sound\DialDictate\dialdictate.exe" -service


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0004\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files (x86)\NCH Swift Sound\DialDictate\dialdictate.exe
md5: 46B0FC52CD0E3486B3C55B1FA5F7BA2F


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0005\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0005\svc0000\object.ini

[InfectedObject]
Type: Service
Name: epmntdrv
Type: Kernel driver (0x1)
Start: Demand (0x3)
ImagePath: \??\C:\windows\system32\epmntdrv.sys


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0005\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\windows\system32\epmntdrv.sys
md5: 9EAFB3B3B60B8AD958985152A9309ACA


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0006\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0006\svc0000\object.ini

[InfectedObject]
Type: Service
Name: EuGdiDrv
Type: Kernel driver (0x1)
Start: Demand (0x3)
ImagePath: \??\C:\windows\system32\EuGdiDrv.sys


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0006\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\windows\system32\EuGdiDrv.sys
md5: FB949ED2C93C878A189039F3D7730942


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0007\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0007\svc0000\object.ini

[InfectedObject]
Type: Service
Name: IMSService
Type: n/a (0x10)
Start: Disabled (0x4)
ImagePath: "C:\Program Files (x86)\NCH Swift Sound\IMS\ims.exe" -service


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0007\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files (x86)\NCH Swift Sound\IMS\ims.exe
md5: 14BC3D9177C0CC7E69E0817554A298DE


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0008\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0008\svc0000\object.ini

[InfectedObject]
Type: Service
Name: JIT Scheduler
Type: n/a (0x110)
Start: Disabled (0x4)
ImagePath: "C:\Program Files (x86)\GiPo@Utilities\JIT Scheduler\schednt.exe"


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0008\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files (x86)\GiPo@Utilities\JIT Scheduler\schednt.exe
md5: 147817D1D27AD291E494836B96708E15


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0009\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0009\svc0000\object.ini

[InfectedObject]
Type: Service
Name: MSRSService
Type: n/a (0x10)
Start: Disabled (0x4)
ImagePath: "C:\Program Files (x86)\NCH Swift Sound\MSRS\msrs.exe" -service


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0009\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files (x86)\NCH Swift Sound\MSRS\msrs.exe
md5: 5C56BE1A9BFBF622E8EE95DD16259CF8


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0010\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0010\svc0000\object.ini

[InfectedObject]
Type: Service
Name: NetBalancer Windows Service
Type: n/a (0x10)
Start: Disabled (0x4)
ImagePath: "C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe"


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0010\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe
md5: BD78F329957C2361F21B52B7AF2D1A22


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0011\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0011\svc0000\object.ini

[InfectedObject]
Type: Service
Name: nnCron
Type: n/a (0x110)
Start: Disabled (0x4)
ImagePath: C:\Program Files (x86)\nnCron\nncron.exe


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0011\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files (x86)\nnCron\nncron.exe
md5: 64A25B8441992FE4A3023083FCBE8BA4


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0012\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0012\svc0000\object.ini

[InfectedObject]
Type: Service
Name: OMSI download service
Type: n/a (0x110)
Start: Disabled (0x4)
ImagePath: C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0012\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
md5: DA345DE3B450E9E1691E7B9956D8FFC3


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0013\object.ini

[InfectedObject]
Verdict: LockedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0013\svc0000\object.ini

[InfectedObject]
Type: Service
Name: sptd
Type: Kernel driver (0x1)
Start: Boot (0x0)
ImagePath: System32\Drivers\sptd.sys
Suspicious states: Locked file;


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0013\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\windows\system32\Drivers\sptd.sys
md5: 602884696850C86434530790B110E8EB


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0014\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0014\svc0000\object.ini

[InfectedObject]
Type: Service
Name: SwitchBoard
Type: n/a (0x10)
Start: Disabled (0x4)
ImagePath: "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0014\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
md5: F577910A133A592234EBAAD3F3AFA258


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0015\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0015\svc0000\object.ini

[InfectedObject]
Type: Service
Name: VRSService
Type: n/a (0x10)
Start: Disabled (0x4)
ImagePath: "C:\Program Files (x86)\NCH Swift Sound\VRS\vrs.exe" -service


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0015\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files (x86)\NCH Swift Sound\VRS\vrs.exe
md5: 1338E2C8EF12FACE454F1D1E8644D504


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0016\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0016\svc0000\object.ini

[InfectedObject]
Type: Service
Name: WebCamHelper
Type: Kernel driver (0x1)
Start: Auto (0x2)
ImagePath: \??\C:\PROGRA~2\AVWEBC~1\WebCamHelper.sys


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0016\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\PROGRA~2\AVWEBC~1\WebCamHelper.sys
md5: 5124AC756D3585A3C080690EA98C6C11


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0017\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0017\svc0000\object.ini

[InfectedObject]
Type: Service
Name: ZentimoService
Type: n/a (0x10)
Start: Disabled (0x4)
ImagePath: C:\Program Files (x86)\Zentimo\ZentimoService.exe


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0017\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files (x86)\Zentimo\ZentimoService.exe
md5: 81036237EDA4A4F5B3ABDAE1F7C9AA60


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0018\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0018\svc0000\object.ini

[InfectedObject]
Type: Service
Name: AxonService
Type: n/a (0x10)
Start: Disabled (0x4)
ImagePath: "C:\Program Files (x86)\NCH Swift Sound\Axon\axon.exe" -service


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0018\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files (x86)\NCH Swift Sound\Axon\axon.exe
md5: 030947713788A7B6415E66D2EBD24B13


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0019\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0019\svc0000\object.ini

[InfectedObject]
Type: Service
Name: Connectify
Type: n/a (0x10)
Start: Disabled (0x4)
ImagePath: C:\Program Files (x86)\Connectify\ConnectifyService.exe


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0019\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files (x86)\Connectify\ConnectifyService.exe
md5: 839BF3E10311FBA5D0DF632623D5ED2B


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0020\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0020\svc0000\object.ini

[InfectedObject]
Type: Service
Name: DelegateService
Type: n/a (0x10)
Start: Disabled (0x4)
ImagePath: "C:\Program Files (x86)\NCH Software\Delegate\delegate.exe" -service


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0020\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files (x86)\NCH Software\Delegate\delegate.exe
md5: EBC38B4DCF30FA00020B9F3205B11D21


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0021\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0021\svc0000\object.ini

[InfectedObject]
Type: Service
Name: DfSdkS
Type: n/a (0x10)
Start: Demand (0x3)
ImagePath: "C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control\Dfsdks.exe"


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0021\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control\Dfsdks.exe
md5: D51B32BA3897F630D99713B74B40D6A2


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0022\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0022\svc0000\object.ini

[InfectedObject]
Type: Service
Name: DialDictateService
Type: n/a (0x10)
Start: Disabled (0x4)
ImagePath: "C:\Program Files (x86)\NCH Swift Sound\DialDictate\dialdictate.exe" -service


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0022\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files (x86)\NCH Swift Sound\DialDictate\dialdictate.exe
md5: 46B0FC52CD0E3486B3C55B1FA5F7BA2F


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0023\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0023\svc0000\object.ini

[InfectedObject]
Type: Service
Name: epmntdrv
Type: Kernel driver (0x1)
Start: Demand (0x3)
ImagePath: \??\C:\windows\system32\epmntdrv.sys


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0023\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\windows\system32\epmntdrv.sys
md5: 9EAFB3B3B60B8AD958985152A9309ACA


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0024\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0024\svc0000\object.ini

[InfectedObject]
Type: Service
Name: EuGdiDrv
Type: Kernel driver (0x1)
Start: Demand (0x3)
ImagePath: \??\C:\windows\system32\EuGdiDrv.sys


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0024\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\windows\system32\EuGdiDrv.sys
md5: FB949ED2C93C878A189039F3D7730942


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0025\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0025\svc0000\object.ini

[InfectedObject]
Type: Service
Name: IMSService
Type: n/a (0x10)
Start: Disabled (0x4)
ImagePath: "C:\Program Files (x86)\NCH Swift Sound\IMS\ims.exe" -service


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0025\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files (x86)\NCH Swift Sound\IMS\ims.exe
md5: 14BC3D9177C0CC7E69E0817554A298DE


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0026\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0026\svc0000\object.ini

[InfectedObject]
Type: Service
Name: JIT Scheduler
Type: n/a (0x110)
Start: Disabled (0x4)
ImagePath: "C:\Program Files (x86)\GiPo@Utilities\JIT Scheduler\schednt.exe"


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0026\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files (x86)\GiPo@Utilities\JIT Scheduler\schednt.exe
md5: 147817D1D27AD291E494836B96708E15


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0027\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0027\svc0000\object.ini

[InfectedObject]
Type: Service
Name: MSRSService
Type: n/a (0x10)
Start: Disabled (0x4)
ImagePath: "C:\Program Files (x86)\NCH Swift Sound\MSRS\msrs.exe" -service


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0027\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files (x86)\NCH Swift Sound\MSRS\msrs.exe
md5: 5C56BE1A9BFBF622E8EE95DD16259CF8


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0028\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0028\svc0000\object.ini

[InfectedObject]
Type: Service
Name: NetBalancer Windows Service
Type: n/a (0x10)
Start: Disabled (0x4)
ImagePath: "C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe"


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0028\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe
md5: BD78F329957C2361F21B52B7AF2D1A22


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0029\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0029\svc0000\object.ini

[InfectedObject]
Type: Service
Name: nnCron
Type: n/a (0x110)
Start: Disabled (0x4)
ImagePath: C:\Program Files (x86)\nnCron\nncron.exe


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0029\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files (x86)\nnCron\nncron.exe
md5: 64A25B8441992FE4A3023083FCBE8BA4


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0030\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0030\svc0000\object.ini

[InfectedObject]
Type: Service
Name: OMSI download service
Type: n/a (0x110)
Start: Disabled (0x4)
ImagePath: C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0030\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
md5: DA345DE3B450E9E1691E7B9956D8FFC3


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0031\object.ini

[InfectedObject]
Verdict: LockedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0031\svc0000\object.ini

[InfectedObject]
Type: Service
Name: sptd
Type: Kernel driver (0x1)
Start: Boot (0x0)
ImagePath: System32\Drivers\sptd.sys
Suspicious states: Locked file;


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0031\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\windows\system32\Drivers\sptd.sys
md5: 602884696850C86434530790B110E8EB


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0032\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0032\svc0000\object.ini

[InfectedObject]
Type: Service
Name: SwitchBoard
Type: n/a (0x10)
Start: Disabled (0x4)
ImagePath: "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0032\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
md5: F577910A133A592234EBAAD3F3AFA258


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0033\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0033\svc0000\object.ini

[InfectedObject]
Type: Service
Name: VRSService
Type: n/a (0x10)
Start: Disabled (0x4)
ImagePath: "C:\Program Files (x86)\NCH Swift Sound\VRS\vrs.exe" -service


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0033\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files (x86)\NCH Swift Sound\VRS\vrs.exe
md5: 1338E2C8EF12FACE454F1D1E8644D504


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0034\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0034\svc0000\object.ini

[InfectedObject]
Type: Service
Name: WebCamHelper
Type: Kernel driver (0x1)
Start: Auto (0x2)
ImagePath: \??\C:\PROGRA~2\AVWEBC~1\WebCamHelper.sys


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0034\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\PROGRA~2\AVWEBC~1\WebCamHelper.sys
md5: 5124AC756D3585A3C080690EA98C6C11


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0035\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0035\svc0000\object.ini

[InfectedObject]
Type: Service
Name: ZentimoService
Type: n/a (0x10)
Start: Disabled (0x4)
ImagePath: C:\Program Files (x86)\Zentimo\ZentimoService.exe


=== C:\TDSSKiller_Quarantine\27.08.2012_21.45.07\susp0035\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files (x86)\Zentimo\ZentimoService.exe
md5: 81036237EDA4A4F5B3ABDAE1F7C9AA60


***** END SCAN Fri 09/07/12 0:34:50.78 *****
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
i will send u other next please .. let s see

#15 kathmandu64

kathmandu64
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:chicago
  • Local time:08:40 PM

Posted 07 September 2012 - 03:50 PM

Hi Gary ive result of COMBOFIX SCRIPT !!!! Iam sending you one of at time because hope this infos dont get lost because computer shuff off, so you know please ok.. it is little confusing to me but i will do it thankx man !!!
ComboFix 12-09-04.03 - kathmandu i 09/07/12 14:45:53.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3891.1843 [GMT -5:00]
Running from: c:\users\kathmandu\Downloads\ComboFix.exe
Command switches used :: c:\users\kathmandu\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-07 to 2012-09-07 )))))))))))))))))))))))))))))))
.
.
2012-09-07 20:13 . 2012-09-07 20:13 -------- d-----w- c:\users\_ocster_backup_\AppData\Local\temp
2012-09-07 20:13 . 2012-09-07 20:13 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-09-07 20:13 . 2012-09-07 20:13 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-09-07 20:13 . 2012-09-07 20:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-07 20:13 . 2012-09-07 20:13 -------- d-----w- c:\users\ANYONE\AppData\Local\temp
2012-09-07 20:13 . 2012-09-07 20:13 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-09-07 05:22 . 2012-09-07 05:22 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E3214838-5080-4FAE-93E8-186ED0B6BD48}\offreg.dll
2012-09-07 04:47 . 2012-09-07 04:47 -------- d-sh--w- c:\program files\%APPDATA%
2012-09-07 03:20 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E3214838-5080-4FAE-93E8-186ED0B6BD48}\mpengine.dll
2012-09-05 18:28 . 2012-09-07 02:58 54024 ----a-w- c:\windows\system32\certsentry.dll
2012-09-05 18:28 . 2012-09-07 02:58 45320 ----a-w- c:\windows\SysWow64\certsentry.dll
2012-09-02 22:10 . 2010-05-26 16:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-09-02 22:10 . 2010-05-26 16:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-09-02 22:09 . 2012-09-02 22:10 -------- d-----w- c:\program files (x86)\DVDFab Media Player
2012-09-01 08:09 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-01 08:09 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-01 08:08 . 2012-08-21 09:13 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-09-01 08:08 . 2012-08-21 09:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-01 08:08 . 2012-08-21 09:13 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-01 08:08 . 2012-08-21 09:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-09-01 08:08 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-01 08:03 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-01 08:03 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-31 20:45 . 2012-08-31 20:45 -------- d-----w- c:\program files (x86)\AutorunCleanUpTool
2012-08-31 06:09 . 2012-08-31 20:40 -------- d-----w- c:\program files\Bkav2006
2012-08-31 03:02 . 2012-08-31 03:02 -------- d-----w- c:\program files (x86)\GFI Software
2012-08-31 03:01 . 2012-08-31 03:01 -------- d-----w- c:\users\kathmandu\AppData\Roaming\GFI Software
2012-08-31 00:24 . 2012-09-05 05:46 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-08-30 23:36 . 2012-08-30 23:36 -------- d-----w- c:\programdata\2F380
2012-08-29 18:47 . 2012-08-29 19:00 -------- d-----w- c:\program files (x86)\SoftCAT
2012-08-29 18:18 . 2012-08-29 18:18 -------- d-----w- c:\program files (x86)\eLibPro
2012-08-28 02:51 . 2012-08-28 02:51 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-28 02:45 . 2012-08-28 02:45 208216 ----a-w- c:\windows\system32\drivers\23511542.sys
2012-08-25 04:39 . 2012-08-25 04:43 -------- d-----w- c:\users\kathmandu\AppData\Local\virtualmoon
2012-08-23 00:40 . 2012-09-05 06:12 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-22 23:45 . 2012-09-05 18:13 -------- d-----w- c:\users\kathmandu\AppData\Local\toolbarcleaner
2012-08-17 05:57 . 2012-08-17 05:57 -------- d-----w- c:\users\kathmandu\AppData\Roaming\skychart
2012-08-17 05:56 . 2012-08-17 05:57 -------- d-----w- c:\program files (x86)\Ciel
2012-08-17 05:51 . 2012-08-17 05:52 -------- d-----w- c:\program files (x86)\VirtualMoon
2012-08-17 05:31 . 2012-08-17 05:32 -------- d-----w- c:\program files (x86)\Celestia
2012-08-17 04:40 . 2012-08-17 04:40 -------- d-----w- c:\program files (x86)\NetSetMan
2012-08-17 04:29 . 2010-07-26 03:23 56496 ----a-w- c:\windows\SysWow64\wbhelp2.dll
2012-08-17 04:29 . 2010-07-26 03:23 544768 ----a-w- c:\windows\SysWow64\wbocx.ocx
2012-08-17 04:29 . 2010-07-26 03:23 258352 ----a-w- c:\windows\SysWow64\unicows.dll
2012-08-17 04:29 . 2010-07-26 03:23 33968 ----a-w- c:\windows\SysWow64\anim.dll
2012-08-17 04:29 . 2012-08-17 04:29 -------- d-----w- c:\program files (x86)\WinUtilities
2012-08-16 20:33 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-16 20:33 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-16 20:33 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-16 20:33 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-16 20:33 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-16 20:33 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-16 20:29 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-16 20:29 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-16 20:29 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-16 20:29 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-16 20:28 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-16 20:28 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 18:29 . 2012-08-14 18:29 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-08-14 18:26 . 2012-08-14 18:26 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2012-08-14 18:18 . 2012-08-14 18:18 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-08-14 18:13 . 2012-08-14 18:13 -------- d-----w- c:\users\kathmandu\AppData\Local\Microsoft Help
2012-08-14 17:10 . 2012-08-14 17:48 -------- d-----w- c:\program files (x86)\FDRLab
2012-08-14 15:14 . 2012-08-14 15:14 -------- d-----w- c:\users\kathmandu\AppData\Roaming\FDRLab
2012-08-13 21:36 . 2012-08-13 21:37 -------- d-----w- c:\users\kathmandu\AppData\Local\Pinnacle
2012-08-13 21:31 . 2012-08-13 21:31 -------- d-sh--w- c:\windows\%APPDATA%
2012-08-13 21:26 . 2012-08-13 21:26 -------- d-----w- c:\program files (x86)\Common Files\Pinnacle
2012-08-13 21:23 . 2012-08-13 21:23 -------- d-----w- c:\programdata\Pinnacle Studio Ultimate Collection
2012-08-13 20:58 . 2012-08-13 20:58 -------- d-----w- c:\program files (x86)\Common Files\Pegasus Imaging
2012-08-13 20:58 . 2012-08-13 20:58 -------- d-----w- c:\program files (x86)\Common Files\Yahoo!
2012-08-13 20:58 . 2012-08-13 20:58 -------- d-----w- c:\programdata\Studio 15
2012-08-13 20:58 . 2012-08-13 20:58 -------- d-----w- c:\programdata\Pinnacle Studio Plus
2012-08-13 20:51 . 2012-08-13 20:58 -------- d-----w- c:\program files (x86)\Pinnacle
2012-08-13 20:50 . 2012-08-13 21:21 -------- d-----w- c:\programdata\Pinnacle
2012-08-11 22:23 . 2012-08-11 22:23 -------- d-----w- c:\programdata\Kaspersky Lab
2012-08-11 04:35 . 2012-08-11 04:35 -------- d-----w- c:\users\kathmandu\AppData\Roaming\UltraVNC
2012-08-11 04:33 . 2012-08-11 04:34 -------- d-----w- c:\program files (x86)\UltraVNC
2012-08-11 04:09 . 2012-08-11 04:09 -------- d-----w- c:\users\kathmandu\AppData\Local\Comodo
2012-08-11 04:09 . 2012-09-05 18:25 -------- d-----w- c:\program files (x86)\Comodo
2012-08-11 04:04 . 2012-08-14 15:52 -------- d-----w- c:\users\kathmandu\AppData\Roaming\foobar2000
2012-08-11 04:03 . 2012-08-11 04:03 -------- d-----w- c:\program files (x86)\foobar2000
2012-08-11 02:38 . 2012-08-11 02:38 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2012-08-11 02:13 . 2012-08-11 02:13 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-08-11 01:26 . 2012-08-11 01:26 -------- d-----w- c:\programdata\Grisoft
2012-08-11 01:12 . 2012-08-11 01:12 -------- d-----w- c:\program files (x86)\MaskMyIP
2012-08-11 01:05 . 2012-08-11 01:05 -------- d-----w- c:\program files (x86)\YourFileDownloader
2012-08-11 01:05 . 2012-08-11 01:05 -------- d-----w- c:\users\kathmandu\AppData\Roaming\YourFileDownloader
2012-08-10 22:57 . 2012-08-10 22:57 -------- d-----w- c:\program files (x86)\Hideman
2012-08-09 17:09 . 2012-02-24 09:14 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-08-09 17:09 . 2012-02-24 09:14 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-08-09 16:39 . 2012-08-09 16:39 -------- d-----w- c:\program files\SAMSUNG
2012-08-09 16:39 . 2012-08-09 16:39 -------- d-----w- c:\programdata\Samsung
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 05:12 . 2011-01-15 18:24 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-08-27 19:32 . 2012-06-08 01:13 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-27 19:32 . 2011-06-15 18:01 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-16 20:51 . 2011-01-07 21:26 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-14 06:47 . 2011-10-28 16:25 276256 ----a-w- c:\windows\system32\drivers\DigiartyVirtualCDBus.sys
2012-07-03 18:46 . 2011-01-07 08:26 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-30 20:36 . 2012-06-30 20:36 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-06-30 20:36 . 2011-01-13 07:54 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-29 05:40 . 2012-06-29 05:40 711240 ----a-w- c:\windows\is-8U6KA.exe
2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2011-09-02 17:03 . 2011-09-11 01:01 730192 ----a-w- c:\program files (x86)\Common Files\ZugoInstaller.exe
2011-02-05 17:16 . 2011-02-05 17:16 12067528 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-05_08.50.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-09-05 08:48 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-09-07 20:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-09-05 08:48 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-07 20:09 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-05 08:48 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-07 20:09 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 05:10 . 2012-09-05 08:55 52338 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-07 05:20 52338 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-12-23 04:40 . 2012-09-05 08:55 30258 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-980790821-3120828224-4190103299-1000_UserData.bin
+ 2010-12-23 04:40 . 2012-09-07 05:20 30258 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-980790821-3120828224-4190103299-1000_UserData.bin
- 2010-12-22 17:46 . 2012-09-05 00:14 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-22 17:46 . 2012-09-07 05:22 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-08-17 19:36 . 2012-08-17 19:36 61160 c:\windows\system32\config\systemprofile\AppData\LocalLow\COMODO\CertSentry\certsentry_setup.exe
+ 2012-09-05 21:14 . 2012-09-07 02:56 61160 c:\windows\system32\config\systemprofile\AppData\LocalLow\COMODO\CertSentry\certsentry_setup.exe
+ 2010-12-22 17:46 . 2012-09-07 05:22 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-22 17:46 . 2012-09-05 00:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-07 05:22 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-05 00:14 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-09-05 08:45 . 2012-09-05 08:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-07 05:08 . 2012-09-07 05:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-07 05:08 . 2012-09-07 05:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-05 08:45 . 2012-09-05 08:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-23 18:08 . 2012-09-06 22:00 432638 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2010-11-23 21:06 . 2012-09-07 05:20 171930 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 02:36 . 2012-09-05 06:10 798944 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-07 17:08 798944 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-07 17:08 172086 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-09-05 06:10 172086 c:\windows\system32\perfc009.dat
+ 2012-09-05 08:41 . 2012-09-07 05:06 628448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-09-02 07:11 . 2012-09-05 08:41 552940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-09-02 07:11 . 2012-09-07 05:06 552940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-09-02 07:12 . 2012-09-05 06:36 553708 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-980790821-3120828224-4190103299-1000-8192.dat
+ 2012-09-02 07:12 . 2012-09-07 05:06 553708 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-980790821-3120828224-4190103299-1000-8192.dat
+ 2012-09-05 18:04 . 2012-09-07 05:06 798326 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-980790821-3120828224-4190103299-1000-12288.dat
+ 2012-09-02 07:12 . 2012-09-07 05:06 1987800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-980790821-3120828224-4190103299-1000-4096.dat
+ 2012-09-07 17:07 . 2012-09-07 17:16 31117944 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SA0EQAP0\DragonSetup[1].exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_MiMediaFiles_MonitoredFolder]
@="{C00213B1-77A8-4F0E-B740-0B36FBF7FAE7}"
[HKEY_CLASSES_ROOT\CLSID\{C00213B1-77A8-4F0E-B740-0B36FBF7FAE7}]
2011-07-21 19:36 792456 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_MiMediaFiles_SynchronizationPending]
@="{FAD5EA38-2D1D-485D-9B07-D35EB72B922E}"
[HKEY_CLASSES_ROOT\CLSID\{FAD5EA38-2D1D-485D-9B07-D35EB72B922E}]
2011-07-21 19:36 792456 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_MiMediaFiles_Synchronized]
@="{69DE75F6-60E6-4E55-B416-171941A5C73E}"
[HKEY_CLASSES_ROOT\CLSID\{69DE75F6-60E6-4E55-B416-171941A5C73E}]
2011-07-21 19:36 792456 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"1D26B803D5A3D0838DCEC271F7368F5556F9CC40._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2012-09-06 1238552]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-11 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-06-04 296056]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\users\kathmandu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\%APPDATA%\Microsoft\Windows\IETldCache
index.dat [2011-12-15 16384]
.
c:\users\kathmandu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled
CX.lnk - c:\program files (x86)\CX\Launcher.exe [2011-3-2 480768]
quanp slideshow 2.lnk - c:\program files (x86)\quanp widget\quanp slideshow 2\quanp slideshow 2.exe [2011-2-4 142336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\~Disabled
Phone Remote Control.lnk - c:\program files (x86)\Phone Remote Control\PhoneRemoteControl.exe [2009-6-6 565064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{569DAC0F-2791-46ab-8EFC-A54B77C04C20}"= "c:\program files (x86)\DVD X Studios\DVD X Utilities 3.0\DVDGhost\ExecuteHooker.dll" [2005-11-14 90112]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\DVDXST~1\DVDXUT~1.0\DVDGhost\DVDGhostAppInit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"BingDesktop"=c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [x]
R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 136176]
R2 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R2 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R2 PCCUJobMgr;Common Client Job Manager Service; [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-06-18 431456]
R2 WebCamHelper;WebCamHelper;c:\progra~2\AVWEBC~1\WebCamHelper.sys [2008-08-18 2688]
R3 AAMWRegFilter;AAMWRegFilter;c:\program files (x86)\Ashampoo\Ashampoo Anti-Malware\AAMW_Regfilter64.sys [x]
R3 ASW3Scan;ASW3Scan;c:\program files (x86)\Ashampoo\Ashampoo Anti-Malware\AAMW_IFS64.sys [x]
R3 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo HDD Control\Dfsdks.exe [2009-08-25 544768]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-24 99384]
R3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [2012-07-14 276256]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 FarMntIo;FarMntIo;c:\windows\system32\drivers\farmntio.sys [2010-06-17 0]
R3 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe [2010-04-23 25824]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
R3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-02-04 63304]
R3 NANMp50;NANMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NANMp50.sys [2010-03-25 46776]
R3 NANSp50;NANSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NANSp50.sys [2010-03-25 45752]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2010-11-09 1534304]
R3 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-04-08 624856]
R3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [2011-07-01 40600]
R3 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Tenda\Common\RaRegistry64.exe [2010-06-28 211808]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [2010-08-31 10752]
R3 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2011-07-01 301720]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-07 232992]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-04-28 932384]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 113704]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 19496]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 152616]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 133160]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 34856]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 128552]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 145960]
R3 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
R3 spiceworks;spiceworks;c:\program files (x86)\Spiceworks\bin\spiceworks.exe service [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-24 203320]
R3 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-24 2735528]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\BatteryCare\WinRing0x64.sys [2008-07-27 14544]
R3 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-19 140672]
R4 acthelper;Ashampoo CoreTuner Helper Service;c:\program files (x86)\Ashampoo\Ashampoo Core Tuner\ACTHelperService.exe [2010-02-15 902488]
R4 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2011-10-26 37280]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-27 250568]
R4 AxonService;Axon Virtual PBX;c:\program files (x86)\NCH Swift Sound\Axon\axon.exe [2011-02-11 1257476]
R4 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-04-20 83240]
R4 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe [2011-08-20 13312]
R4 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R4 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-03-31 70952]
R4 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-03-31 312616]
R4 DelegateService;Express Delegate;c:\program files (x86)\NCH Software\Delegate\delegate.exe [2011-02-11 2538500]
R4 DialDictateService;Dial Dictate;c:\program files (x86)\NCH Swift Sound\DialDictate\dialdictate.exe [2011-02-11 1171460]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 136176]
R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
R4 IMSService;IMS Telephone On-Hold Player;c:\program files (x86)\NCH Swift Sound\IMS\ims.exe [2011-02-11 888836]
R4 JIT Scheduler;JIT Scheduler;c:\program files (x86)\GiPo@Utilities\JIT Scheduler\schednt.exe [2008-03-24 176128]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [x]
R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-02-01 375176]
R4 MSRSService;MSRS Recording System;c:\program files (x86)\NCH Swift Sound\MSRS\msrs.exe [2011-02-11 745476]
R4 NetBalancer Windows Service;NetBalancer Windows Service;c:\program files\NetBalancer\SeriousBit.NetBalancer.Service.exe [2011-08-24 10240]
R4 nnCron;nnCron;c:\program files (x86)\nnCron\nncron.exe [2006-03-21 408576]
R4 ocster_backup;Ocster Backup;c:\program files\Ocster Backup\bin\backupService-ox.exe [2011-06-29 21272]
R4 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R4 RCP-Host;RCP-Host;c:\program files (x86)\Remote Control PC\apc_host.exe [2011-06-04 577024]
R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-18 313696]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
R4 VeriWave FLEXnet License Manager;VeriWave FLEXnet License Manager;c:\program files (x86)\VeriWave\WaveDeploy\lmgrd.exe [2010-12-16 1122568]
R4 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~2\VideoAcceleratorService.exe [2011-11-24 265928]
R4 VRSService;VRS Recording System;c:\program files (x86)\NCH Swift Sound\VRS\vrs.exe [2011-02-11 1155076]
R4 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-07 1255736]
R4 ZentimoService;Zentimo Assistant;c:\program files (x86)\Zentimo\ZentimoService.exe [2011-12-10 555844]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2011-11-14 39728]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-03-02 69376]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 18232]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-08-28 834544]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy2.sys [2011-08-28 31344]
S1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82x64.sys [2010-05-20 34840]
S1 SafDskNT;SafeHouse;c:\windows\system32\drivers\SAFDSKNT.SYS [2009-12-07 76112]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys [2011-06-29 118888]
S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys [2011-11-14 352816]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/05/01 17:26];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-04-12 09:16 148976]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 AVWEBCAM;AV WebCam, WDM Video Capture;c:\windows\system32\DRIVERS\avwebcam.sys [2010-12-02 17152]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [2012-08-22 1852048]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-04-20 75248]
S2 PfFilter;PfFilter;c:\program files (x86)\IObit\Protected Folder\pffilter.sys [2011-03-16 36792]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S2 WefiEngSvc;WeFi Engine Service;c:\program files (x86)\WeFi\WefiEngSvc.exe [2011-03-30 118104]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2010-12-24 29288]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-04 271872]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
S3 Nbdrv;NetBalancer;c:\windows\system32\DRIVERS\nbdrv.sys [2011-05-18 41256]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-04-02 82816]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-01-12 325152]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-08 19:32]
.
2012-03-17 c:\windows\Tasks\FinalTorrent Update Checker.job
- c:\program files (x86)\FinalTorrent\FTCheckForUpdates.exe [2011-08-04 19:24]
.
2012-03-17 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-08-04 19:24]
.
2012-03-17 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-03-27 21:24]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc28a74623a14f.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 09:34]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-11 09:34]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-980790821-3120828224-4190103299-1000Core.job
- c:\users\kathmandu\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-30 00:04]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-980790821-3120828224-4190103299-1000UA.job
- c:\users\kathmandu\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-30 00:04]
.
2012-07-17 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-07-16 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-11-25 02:25]
.
2012-03-17 c:\windows\Tasks\PC Fresh.job
- c:\program files (x86)\PC Fresh\PC Fresh.exe [2011-12-23 19:37]
.
2012-08-11 c:\windows\Tasks\WefiStartup.job
- c:\program files (x86)\WeFi\WefiStartup.exe [2011-03-30 15:43]
.
2011-05-27 c:\windows\Tasks\{32604E3E-64AE-4D11-833D-146F28BDA602}.job
- c:\program files (x86)\mozilla firefox\firefox.exe [2011-01-07 00:17]
.
2011-05-27 c:\windows\Tasks\{45452BA8-CCC6-4F08-BE5F-F2CDE6653309}.job
- c:\program files (x86)\mozilla firefox\firefox.exe [2011-01-07 00:17]
.
2011-05-28 c:\windows\Tasks\{B966A444-AD45-405F-BBCC-99AD0029B58B}.job
- c:\program files (x86)\Skype\Phone\Skype.exe [2012-07-13 18:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_MiMediaFiles_MonitoredFolder]
@="{C00213B1-77A8-4F0E-B740-0B36FBF7FAE7}"
[HKEY_CLASSES_ROOT\CLSID\{C00213B1-77A8-4F0E-B740-0B36FBF7FAE7}]
2011-07-21 19:36 826248 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions-x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_MiMediaFiles_SynchronizationPending]
@="{FAD5EA38-2D1D-485D-9B07-D35EB72B922E}"
[HKEY_CLASSES_ROOT\CLSID\{FAD5EA38-2D1D-485D-9B07-D35EB72B922E}]
2011-07-21 19:36 826248 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions-x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_MiMediaFiles_Synchronized]
@="{69DE75F6-60E6-4E55-B416-171941A5C73E}"
[HKEY_CLASSES_ROOT\CLSID\{69DE75F6-60E6-4E55-B416-171941A5C73E}]
2011-07-21 19:36 826248 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions-x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP
IE: &Download with DAM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Block frame with Ad Muncher
IE: Block image with Ad Muncher
IE: Block link with Ad Muncher
IE: Don't filter page with Ad Muncher
IE: Download &All with DAM
IE: Download &all with DAP
IE: Download FLV &Video with DAM
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\kathmandu\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\kathmandu\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms
IE: Report page to the Ad Muncher developers
IE: Run DAM Media&Grabber
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0419
IE: {{E3CB497B-E230-4445-8B34-13476822F867} - {5AAF9669-C519-4AFF-BB6D-CCEE38D21C90} - c:\progra~2\COMMON~1\TIDYFA~1\OpenFav.dll
TCP: DhcpNameServer = 192.168.15.1
DPF: {8D8972A9-FFFA-11D4-9CC7-00902761BD36} - hxxp://mailjol.com/dev/cab/jscntrl.cab
FF - ProfilePath - c:\users\kathmandu\AppData\Roaming\Mozilla\Firefox\Profiles\t9j0a99v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=HIP&o=&locale=&apn_uid=63D93A27-7C96-4E88-8B4A-B3B601BD699E&apn_ptnrs=&apn_sauid=5CE839D7-667A-49A5-8430-EEF0A0A0C1DF&apn_dtid=&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: extentions.y2layers.installId - 0c588051-3aa1-4c89-90a2-c6140903e427
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,TopRelatedTopics,BestVideoDownloader,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-RunOnce-CD - c:\windows\temp\dragon_setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\{057C7771-F320-4C2A-A2EA-747945FA82F2}*]
@=hex:09,c1,63,fb,04,8d,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]
@=hex:78,95,a5,fe,d5,89,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*]
@=hex:c1,0d,57,ff,d5,89,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]
@=hex:e6,72,f3,e4,d5,89,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*]
@=hex:cd,50,2b,00,d6,89,cc,01
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-07 15:24:53
ComboFix-quarantined-files.txt 2012-09-07 20:24
ComboFix2.txt 2012-09-07 07:46
ComboFix3.txt 2012-09-05 10:08
.
Pre-Run: 7,799,050,240 bytes free
Post-Run: 7,473,676,288 bytes free
.
- - End Of File - - D1B66A73CD2456D681FD0A0971404082
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

RESULT OF VIRUSTOTAL ONLINE VIRES SCANNER !!!! https://www.virustotal.com/file/2c207a4cbb81754191ab093ae2a2969f12b61a098c1a0c0b713f84b04bc797f8/analysis/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users