Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware taking over


  • This topic is locked This topic is locked
24 replies to this topic

#1 TheWhiteKeys

TheWhiteKeys

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 16 September 2012 - 02:50 PM

So I was being stupid and downloaded a song off the internet where I'm usually fairly safe but I guess I obsessed. I scanned it albeit too late and it latched on to the comp. I've been fighting it for days and every time I remove viruses and kits and whatever I lose more and more control of the computer.

Out of most of the logs I see something associated with pccmservice.exe which I've shut down and quarantined but I believe I have some downloader cause they find a ton of different viruses.

I cannot run a dds log as it turns on and shuts off.
Gmer won't let me choose any options other than registry, files, the c drive, and services everything else is greyed out.
Tried sophos but somehow it can't get on to the network so it won't install.
Hitman found some trojans and others but now finds nothing.
Malwarebytes helped in the beginning but after full scans finds nothing.
Spybot found a few files, cleaned em, now finds nothing.
Webroot, my av at the time cause I got a year of their premium for free routinely finds files but never solves the problem completely.
Combofix is what I ran at the beginning, stupidly, and when I came back after it's scan thats when my desktop stopped working and I'm getting a "You need permission to continue" everytime I boot up on the desktop, and my wallpaper is black no matter how many programs claim to fix it. Combofix can no longer install or start up.
Eset never could start up.
Roguekiller works but I'm not skilled enough to use it
Tdss found some files, cleaned em, still where I was previously doesn't find anything new lately.
MGtools will not install.
I even tried adaware which actually found quite a few of the issues, cleaned em, probably lost more control after that.

Sorry this was so long but I'm at my limits now and I desperately need help. The only log I can really obtain is hijackthis which I hear is outdated and not too useful. I can run a good amount of programs and games but I can't do a lot else and the games do not run too well. I've tried to follow some of your other threads but I can't get past the first couple steps. I really appreciate it if someone can run me through this thanks guys

Edited by TheWhiteKeys, 16 September 2012 - 02:53 PM.


BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:40 AM

Posted 21 September 2012 - 08:47 AM

Hi,

My name is Casey and I'll be helping you with your malware problems.

I see that you have run ComboFix - before we start with the removal process I'd like to see the log it produced. It will have been saved at C:\ComboFix.txt. Also, please provide any other logs you can (especially ones where you found and deleted something).

Casey

Edited by Casey_boy, 21 September 2012 - 08:48 AM.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 TheWhiteKeys

TheWhiteKeys
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 21 September 2012 - 12:30 PM

Combofix I had to fix some first issues, which I thought worked out at another forum when we ran a script. My brother who was visiting downloaded something else apparently and later on I just ran it foolishly but I'll show you the last one:

ComboFix 12-09-06.02 - Abraham Justice 09/06/2012 12:42:52.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.6086 [GMT -7:00]
Running from: c:\users\Abraham Justice\Downloads\ComboFix.exe
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-08-06 to 2012-09-06 )))))))))))))))))))))))))))))))
.
.
2012-09-06 19:49 . 2012-09-06 19:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-06 19:49 . 2012-09-06 19:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-06 19:49 . 2012-09-06 19:49 -------- d-----w- c:\users\Mcx1-BROTHERS-PC\AppData\Local\temp
2012-09-06 19:49 . 2012-09-06 19:49 -------- d-----w- c:\users\Guest I guess\AppData\Local\temp
2012-09-06 19:49 . 2012-09-06 19:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-06 19:49 . 2012-09-06 19:49 -------- d-----w- c:\users\Brothers\AppData\Local\temp
2012-09-06 08:29 . 2012-09-06 08:29 -------- d-----w- c:\users\Abraham
2012-09-06 07:54 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-09-06 07:54 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-09-06 07:54 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-09-06 07:54 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-09-06 07:54 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-09-06 07:54 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-09-06 07:54 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-09-06 07:46 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-09-06 07:45 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-09-06 07:45 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-09-06 07:45 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-09-06 07:45 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-09-06 07:45 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-09-06 07:45 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-09-06 07:45 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-09-06 07:45 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-09-06 07:45 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-09-06 07:44 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-09-06 07:44 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-09-06 07:44 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-09-06 07:40 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-06 07:40 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-06 07:39 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-09-06 07:39 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-09-06 07:39 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-09-06 07:39 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-09-06 07:39 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-09-06 07:37 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-09-06 07:37 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-09-06 07:37 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-09-06 07:37 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-09-06 07:37 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-09-06 07:33 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-09-06 07:33 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-09-06 07:33 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-09-06 07:33 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-09-06 07:33 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-09-06 07:30 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-09-06 07:30 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-09-06 07:30 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-09-06 07:30 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-09-06 07:30 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-09-06 07:30 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-09-06 07:30 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-09-06 07:30 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-09-06 07:30 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-09-05 01:58 . 2012-09-05 01:58 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-03 22:50 . 2012-09-03 22:50 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-24 01:15 . 2012-08-24 01:15 -------- d-----w- c:\program files (x86)\Striiv
2012-08-23 04:27 . 2012-08-23 04:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-20 02:20 . 2012-08-20 02:20 -------- d-----w- c:\users\Abraham Justice\AppData\Local\CrashRpt
2012-08-19 21:20 . 2012-08-19 21:20 -------- d-----w- c:\users\Public\Anvisoft
2012-08-19 21:20 . 2012-08-19 21:20 -------- d-----w- c:\program files (x86)\Anvisoft
2012-08-14 19:18 . 2012-08-14 19:22 -------- d-----w- c:\programdata\Hi-Rez Studios
2012-08-14 19:18 . 2012-08-16 15:36 -------- d-----w- c:\program files (x86)\Hi-Rez Studios
2012-08-09 17:40 . 2012-08-09 17:40 388096 ----a-r- c:\users\Abraham Justice\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-06 19:36 . 2010-11-16 11:56 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-09-06 19:36 . 2010-06-08 21:58 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-09-06 19:36 . 2010-06-08 21:58 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-09-03 22:50 . 2012-06-15 06:35 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-03 22:50 . 2010-06-08 20:55 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-30 07:27 . 2012-03-29 06:15 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-30 07:27 . 2011-05-13 20:40 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-29 18:14 . 2012-07-30 19:31 149752 ----a-w- c:\windows\SysWow64\WRusr.dll
2012-08-29 18:14 . 2012-07-30 19:31 102896 ----a-w- c:\windows\system32\WRusr.dll
2012-08-29 18:14 . 2012-07-30 19:31 110160 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2012-08-03 11:27 . 2010-06-09 20:47 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 20:46 . 2010-11-15 02:10 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 16:21 . 2012-07-29 04:44 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-25 23:04 . 2012-06-25 23:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-21 17:28 . 2010-06-08 21:58 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-08-23_03.46.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-06 07:47 . 2012-06-02 04:34 96768 c:\windows\SysWOW64\sspicli.dll
- 2011-06-27 22:42 . 2010-11-20 12:08 96768 c:\windows\SysWOW64\sspicli.dll
+ 2012-09-06 07:46 . 2012-05-05 07:46 43008 c:\windows\SysWOW64\srclient.dll
- 2009-07-13 23:23 . 2009-07-14 01:16 43008 c:\windows\SysWOW64\srclient.dll
+ 2012-09-06 07:47 . 2012-06-02 04:40 22016 c:\windows\SysWOW64\secur32.dll
- 2011-06-27 22:42 . 2010-11-20 12:21 22016 c:\windows\SysWOW64\secur32.dll
+ 2012-09-06 07:37 . 2012-07-04 21:16 57344 c:\windows\SysWOW64\netapi32.dll
+ 2012-09-06 07:55 . 2012-06-29 00:01 73216 c:\windows\SysWOW64\mshtmled.dll
- 2011-10-12 09:53 . 2011-09-01 02:26 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-09-06 07:55 . 2012-06-29 00:06 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-09-06 07:55 . 2012-06-29 00:06 65024 c:\windows\SysWOW64\jsproxy.dll
- 2011-10-12 09:53 . 2011-09-01 02:26 65024 c:\windows\SysWOW64\jsproxy.dll
- 2009-07-14 04:54 . 2012-08-14 18:40 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-09-06 07:54 . 2012-09-06 10:00 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-09-06 07:54 . 2012-09-06 10:00 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-14 18:40 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-06 10:00 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-09-06 20:00 38592 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-08 18:26 . 2012-09-06 20:00 30524 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2922089572-4686520-4244951405-1005_UserData.bin
+ 2010-06-08 21:26 . 2012-09-03 22:44 22582 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2922089572-4686520-4244951405-1000_UserData.bin
- 2011-06-27 22:43 . 2010-11-20 13:27 29184 c:\windows\system32\sspisrv.dll
+ 2012-09-06 07:47 . 2011-11-17 06:35 29184 c:\windows\system32\sspisrv.dll
+ 2012-09-06 07:47 . 2011-11-17 06:35 28160 c:\windows\system32\secur32.dll
- 2011-06-27 22:42 . 2010-11-20 13:27 28160 c:\windows\system32\secur32.dll
- 2011-06-27 22:43 . 2010-11-20 13:27 77312 c:\windows\system32\rdpwsx.dll
+ 2012-09-06 07:46 . 2012-04-26 05:41 77312 c:\windows\system32\rdpwsx.dll
+ 2012-09-06 07:55 . 2012-06-29 03:40 96768 c:\windows\system32\mshtmled.dll
- 2011-10-12 09:53 . 2011-09-01 05:15 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-09-06 07:55 . 2012-06-29 03:46 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-09-06 07:47 . 2011-11-17 06:33 31232 c:\windows\system32\lsass.exe
- 2009-07-13 23:20 . 2009-07-14 01:39 31232 c:\windows\system32\lsass.exe
+ 2012-09-06 07:55 . 2012-06-29 03:45 85504 c:\windows\system32\jsproxy.dll
- 2011-10-12 09:53 . 2011-09-01 05:15 85504 c:\windows\system32\jsproxy.dll
- 2009-07-14 05:30 . 2012-08-01 07:40 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-09-06 08:14 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-07-13 06:00 . 2011-04-28 03:54 80384 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\BTHUSB.SYS
+ 2009-07-14 00:06 . 2009-07-14 00:06 41984 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthenum.sys
+ 2012-09-06 07:47 . 2012-06-02 05:48 95600 c:\windows\system32\drivers\ksecdd.sys
- 2009-07-13 23:19 . 2009-07-14 01:40 43520 c:\windows\system32\csrsrv.dll
+ 2012-09-06 07:46 . 2011-10-26 05:21 43520 c:\windows\system32\csrsrv.dll
+ 2012-01-15 23:00 . 2012-09-04 14:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-01-15 23:00 . 2012-08-22 18:49 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-09-06 07:46 . 2012-02-11 06:36 67072 c:\windows\splwow64.exe
- 2011-06-27 22:43 . 2010-11-20 13:25 67072 c:\windows\splwow64.exe
+ 2009-07-14 04:46 . 2012-09-06 19:59 91616 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-06-08 20:45 . 2012-09-06 08:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-08 20:45 . 2011-06-19 19:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-09-06 07:46 . 2011-12-25 20:40 43280 c:\windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe
+ 2012-09-06 07:46 . 2011-12-25 20:42 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2010-09-13 21:13 . 2012-05-10 19:33 23040 c:\windows\Installer\{90CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2010-09-13 21:13 . 2012-09-06 08:05 23040 c:\windows\Installer\{90CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2010-09-13 21:13 . 2012-05-10 19:33 61440 c:\windows\Installer\{90CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2010-09-13 21:13 . 2012-09-06 08:05 61440 c:\windows\Installer\{90CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2010-09-13 21:13 . 2012-09-06 08:05 27136 c:\windows\Installer\{90CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2010-09-13 21:13 . 2012-05-10 19:33 27136 c:\windows\Installer\{90CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2010-09-13 21:13 . 2012-05-10 19:33 11264 c:\windows\Installer\{90CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2010-09-13 21:13 . 2012-09-06 08:05 11264 c:\windows\Installer\{90CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2010-09-13 21:13 . 2012-05-10 19:33 12288 c:\windows\Installer\{90CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-09-13 21:13 . 2012-09-06 08:05 12288 c:\windows\Installer\{90CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-06-12 08:35 . 2012-09-06 07:57 40960 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe
- 2010-06-12 08:35 . 2012-05-10 19:33 40960 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe
+ 2010-09-15 06:32 . 2012-09-06 08:09 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-09-15 06:32 . 2012-05-10 19:39 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2012-08-18 23:31 . 2012-08-18 23:31 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2012-09-06 19:29 . 2012-09-06 19:29 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2012-09-06 19:29 . 2012-09-06 19:29 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2012-08-18 23:31 . 2012-08-18 23:31 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2009-07-14 00:19 . 2009-07-14 01:07 2048 c:\windows\SysWOW64\msxml3r.dll
+ 2012-09-06 07:46 . 2010-06-26 03:24 2048 c:\windows\SysWOW64\msxml3r.dll
+ 2010-06-09 11:06 . 2012-09-03 08:21 3646 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-09-06 07:46 . 2012-04-26 05:34 9216 c:\windows\system32\rdrmemptylst.exe
+ 2012-09-06 07:46 . 2010-06-26 03:55 2048 c:\windows\system32\msxml3r.dll
- 2009-07-14 00:41 . 2009-07-14 01:30 2048 c:\windows\system32\msxml3r.dll
+ 2012-09-06 19:51 . 2012-09-06 19:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-23 03:45 . 2012-08-23 03:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-06 19:51 . 2012-09-06 19:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-23 03:45 . 2012-08-23 03:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-09-13 21:13 . 2012-05-10 19:33 4096 c:\windows\Installer\{90CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-09-13 21:13 . 2012-09-06 08:05 4096 c:\windows\Installer\{90CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2012-09-06 07:46 . 2012-02-11 05:43 492032 c:\windows\SysWOW64\win32spl.dll
- 2011-06-27 22:43 . 2010-11-20 12:21 492032 c:\windows\SysWOW64\win32spl.dll
+ 2012-09-06 07:46 . 2011-11-17 05:35 314880 c:\windows\SysWOW64\webio.dll
- 2011-06-27 22:43 . 2010-11-20 12:21 314880 c:\windows\SysWOW64\webio.dll
+ 2012-09-06 07:55 . 2012-06-29 00:07 231936 c:\windows\SysWOW64\url.dll
- 2011-10-12 09:53 . 2011-09-01 02:27 231936 c:\windows\SysWOW64\url.dll
+ 2012-09-06 07:47 . 2012-06-02 04:40 225280 c:\windows\SysWOW64\schannel.dll
- 2011-06-27 22:43 . 2010-11-20 12:20 514560 c:\windows\SysWOW64\qdvd.dll
+ 2012-09-06 07:46 . 2012-05-04 09:59 514560 c:\windows\SysWOW64\qdvd.dll
- 2011-06-27 22:43 . 2010-11-20 12:20 442880 c:\windows\SysWOW64\ntshrui.dll
+ 2012-09-06 07:46 . 2012-01-04 08:58 442880 c:\windows\SysWOW64\ntshrui.dll
- 2009-07-13 23:33 . 2009-07-14 01:16 219136 c:\windows\SysWOW64\ncrypt.dll
+ 2012-09-06 07:47 . 2012-06-02 04:39 219136 c:\windows\SysWOW64\ncrypt.dll
- 2009-07-13 23:12 . 2009-07-14 01:15 690688 c:\windows\SysWOW64\msvcrt.dll
+ 2012-09-06 07:38 . 2011-12-16 07:52 690688 c:\windows\SysWOW64\msvcrt.dll
+ 2012-08-30 07:27 . 2012-08-30 07:27 690888 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
+ 2012-08-30 07:27 . 2012-08-30 07:27 474824 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.dll
+ 2012-03-29 06:15 . 2012-08-30 07:27 250568 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-09-06 07:55 . 2012-06-29 00:04 717824 c:\windows\SysWOW64\jscript.dll
+ 2012-09-03 22:50 . 2012-09-03 22:50 246760 c:\windows\SysWOW64\javaws.exe
+ 2012-09-03 22:50 . 2012-09-03 22:50 174056 c:\windows\SysWOW64\javaw.exe
+ 2012-09-03 22:50 . 2012-09-03 22:50 174056 c:\windows\SysWOW64\java.exe
+ 2012-09-06 07:55 . 2012-06-29 00:04 142848 c:\windows\SysWOW64\ieUnatt.exe
- 2011-06-19 19:20 . 2011-06-19 19:20 142848 c:\windows\SysWOW64\ieUnatt.exe
+ 2012-09-06 07:55 . 2012-06-28 23:57 176640 c:\windows\SysWOW64\ieui.dll
- 2011-10-12 09:53 . 2011-09-01 02:21 176640 c:\windows\SysWOW64\ieui.dll
- 2011-03-08 20:03 . 2010-12-23 05:54 534528 c:\windows\SysWOW64\EncDec.dll
+ 2012-09-06 07:38 . 2011-10-15 05:38 534528 c:\windows\SysWOW64\EncDec.dll
+ 2012-09-06 07:38 . 2012-06-06 05:03 805376 c:\windows\SysWOW64\cdosys.dll
- 2011-06-27 22:42 . 2010-11-20 12:18 805376 c:\windows\SysWOW64\cdosys.dll
+ 2012-09-06 07:46 . 2012-02-11 06:43 751104 c:\windows\system32\win32spl.dll
- 2011-06-27 22:43 . 2010-11-20 13:27 751104 c:\windows\system32\win32spl.dll
- 2011-06-27 22:44 . 2010-11-20 13:27 395776 c:\windows\system32\webio.dll
+ 2012-09-06 07:46 . 2011-11-17 06:35 395776 c:\windows\system32\webio.dll
+ 2010-06-09 20:24 . 2012-09-06 06:22 695606 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2010-06-09 01:33 . 2012-09-06 20:00 101898 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2011-10-12 09:53 . 2011-09-01 05:16 237056 c:\windows\system32\url.dll
+ 2012-09-06 07:55 . 2012-06-29 03:47 237056 c:\windows\system32\url.dll
+ 2012-09-06 07:47 . 2011-11-17 06:35 136192 c:\windows\system32\sspicli.dll
- 2011-06-27 22:43 . 2010-11-20 13:27 136192 c:\windows\system32\sspicli.dll
+ 2012-09-06 07:46 . 2012-05-05 08:36 503808 c:\windows\system32\srcore.dll
+ 2012-09-06 07:46 . 2012-02-11 06:36 559104 c:\windows\system32\spoolsv.exe
- 2011-06-27 22:43 . 2010-11-20 13:25 559104 c:\windows\system32\spoolsv.exe
- 2011-06-27 22:44 . 2010-11-20 13:27 340992 c:\windows\system32\schannel.dll
+ 2012-09-06 07:47 . 2012-06-02 05:45 340992 c:\windows\system32\schannel.dll
- 2011-06-27 22:43 . 2010-11-20 13:27 149504 c:\windows\system32\rdpcorekmts.dll
+ 2012-09-06 07:46 . 2012-04-26 05:41 149504 c:\windows\system32\rdpcorekmts.dll
+ 2012-09-06 07:46 . 2012-05-04 11:00 366592 c:\windows\system32\qdvd.dll
- 2011-06-27 22:43 . 2010-11-20 13:27 366592 c:\windows\system32\qdvd.dll
+ 2012-09-06 07:46 . 2012-05-01 05:40 209920 c:\windows\system32\profsvc.dll
- 2011-06-27 22:43 . 2010-11-20 13:27 209920 c:\windows\system32\profsvc.dll
- 2009-07-14 02:36 . 2012-07-10 04:18 644794 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-24 01:27 644794 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-10 04:18 114510 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-08-24 01:27 114510 c:\windows\system32\perfc009.dat
+ 2012-09-06 07:46 . 2012-01-04 10:44 509952 c:\windows\system32\ntshrui.dll
- 2011-06-27 22:43 . 2010-11-20 13:27 509952 c:\windows\system32\ntshrui.dll
- 2009-07-13 23:49 . 2009-07-14 01:41 307200 c:\windows\system32\ncrypt.dll
+ 2012-09-06 07:47 . 2012-06-02 05:44 307200 c:\windows\system32\ncrypt.dll
- 2009-07-13 23:19 . 2009-07-14 01:41 634880 c:\windows\system32\msvcrt.dll
+ 2012-09-06 07:38 . 2011-12-16 08:46 634880 c:\windows\system32\msvcrt.dll
+ 2012-08-30 07:27 . 2012-08-30 07:27 420552 c:\windows\system32\Macromed\Flash\FlashUtil64_11_4_402_265_ActiveX.exe
+ 2012-08-30 07:27 . 2012-08-30 07:27 522952 c:\windows\system32\Macromed\Flash\FlashUtil64_11_4_402_265_ActiveX.dll
+ 2012-09-06 07:55 . 2012-06-29 03:44 816640 c:\windows\system32\jscript.dll
- 2011-06-19 19:20 . 2011-06-19 19:20 173056 c:\windows\system32\ieUnatt.exe
+ 2012-09-06 07:55 . 2012-06-29 03:43 173056 c:\windows\system32\ieUnatt.exe
+ 2012-09-06 07:55 . 2012-06-29 03:35 248320 c:\windows\system32\ieui.dll
- 2011-10-12 09:53 . 2011-09-01 05:08 248320 c:\windows\system32\ieui.dll
+ 2009-07-14 04:45 . 2012-09-06 08:18 415328 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 04:45 . 2011-11-10 17:44 415328 c:\windows\system32\FNTCACHE.DAT
+ 2012-09-06 07:38 . 2011-10-15 06:31 723456 c:\windows\system32\EncDec.dll
- 2009-07-14 05:30 . 2012-08-01 07:40 239616 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-09-06 08:14 239616 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-07-23 18:21 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-09-06 08:14 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-06-27 22:42 . 2010-11-20 13:24 229376 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\fsquirt.exe
+ 2012-09-06 08:02 . 2012-07-06 20:07 552960 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthport.sys
- 2009-07-14 05:31 . 2011-07-13 10:22 399360 c:\windows\system32\DriverStore\drvindex.dat
+ 2009-07-14 05:31 . 2012-09-06 08:14 399360 c:\windows\system32\DriverStore\drvindex.dat
+ 2012-09-06 07:47 . 2012-06-02 05:48 151920 c:\windows\system32\drivers\ksecpkg.sys
+ 2012-09-06 07:47 . 2012-06-02 05:50 458704 c:\windows\system32\drivers\cng.sys
+ 2009-07-14 05:01 . 2012-09-06 19:50 385360 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-07-11 20:20 . 2012-07-22 04:59 748068 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2922089572-4686520-4244951405-1000-12288.dat
+ 2011-07-11 20:20 . 2012-08-30 08:57 748068 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2922089572-4686520-4244951405-1000-12288.dat
+ 2012-09-06 07:38 . 2012-02-10 23:29 172320 c:\windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationHostDLL.dll
+ 2012-09-06 07:46 . 2011-12-25 20:40 746256 c:\windows\Microsoft.NET\Framework64\v2.0.50727\webengine.dll
+ 2012-09-06 07:37 . 2012-04-23 22:33 630784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Drawing.dll
+ 2012-09-06 07:45 . 2012-01-04 03:34 486144 c:\windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll
+ 2012-09-06 07:38 . 2012-02-10 23:31 131360 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2012-09-06 07:46 . 2011-12-25 20:42 437520 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2012-09-06 07:37 . 2012-04-23 22:35 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2012-09-06 07:45 . 2012-01-04 02:51 389888 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2012-09-06 07:45 . 2012-01-04 02:50 364816 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2012-09-06 07:45 . 2012-01-04 02:50 996624 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2012-09-03 22:50 . 2012-09-03 22:50 179200 c:\windows\Installer\867c4.msi
+ 2012-09-06 10:00 . 2012-09-06 10:00 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
+ 2010-09-13 21:13 . 2012-09-06 08:05 409600 c:\windows\Installer\{90CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2010-09-13 21:13 . 2012-05-10 19:33 409600 c:\windows\Installer\{90CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2010-09-13 21:13 . 2012-09-06 08:05 286720 c:\windows\Installer\{90CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2010-09-13 21:13 . 2012-05-10 19:33 286720 c:\windows\Installer\{90CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2010-09-13 21:13 . 2012-05-10 19:33 249856 c:\windows\Installer\{90CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2010-09-13 21:13 . 2012-09-06 08:05 249856 c:\windows\Installer\{90CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2010-09-13 21:13 . 2012-09-06 08:05 794624 c:\windows\Installer\{90CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2010-09-13 21:13 . 2012-05-10 19:33 794624 c:\windows\Installer\{90CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2010-09-13 21:13 . 2012-09-06 08:05 135168 c:\windows\Installer\{90CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2010-09-13 21:13 . 2012-05-10 19:33 135168 c:\windows\Installer\{90CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2010-06-12 08:35 . 2012-05-10 19:33 135168 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2010-06-12 08:35 . 2012-09-06 07:57 135168 c:\windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2012-09-06 07:46 . 2011-10-29 05:23 465920 c:\windows\ehome\mstvcapn.dll
- 2011-06-27 22:43 . 2010-11-20 13:27 465920 c:\windows\ehome\mstvcapn.dll
+ 2012-09-06 07:37 . 2012-04-23 22:35 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-09-06 07:45 . 2012-01-04 02:50 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
- 2011-06-27 22:42 . 2010-11-05 01:53 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
- 2011-06-27 22:44 . 2010-11-05 01:53 532480 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-09-06 07:38 . 2012-02-10 23:31 532480 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-09-06 07:38 . 2012-02-10 23:29 358912 c:\windows\assembly\GAC_64\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-06-27 22:43 . 2010-11-05 01:52 358912 c:\windows\assembly\GAC_64\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-06-27 22:43 . 2010-11-05 01:53 372736 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-09-06 07:38 . 2012-02-10 23:31 372736 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-08-18 23:31 . 2012-08-18 23:31 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2012-09-06 19:29 . 2012-09-06 19:29 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2012-08-18 23:32 . 2012-08-18 23:32 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2012-09-06 19:29 . 2012-09-06 19:29 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2012-09-06 19:29 . 2012-09-06 19:29 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2012-08-18 23:32 . 2012-08-18 23:32 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2012-08-18 23:32 . 2012-08-18 23:32 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2012-09-06 19:29 . 2012-09-06 19:29 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2012-09-06 19:29 . 2012-09-06 19:29 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2012-08-18 23:32 . 2012-08-18 23:32 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2012-08-18 23:32 . 2012-08-18 23:32 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-09-06 19:29 . 2012-09-06 19:29 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-08-18 23:31 . 2012-08-18 23:31 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-09-06 19:29 . 2012-09-06 19:29 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-09-06 19:29 . 2012-09-06 19:29 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-08-18 23:31 . 2012-08-18 23:31 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-08-18 23:31 . 2012-08-18 23:31 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-09-06 19:29 . 2012-09-06 19:29 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-09-06 19:29 . 2012-09-06 19:29 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-08-18 23:31 . 2012-08-18 23:31 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-08-18 23:31 . 2012-08-18 23:31 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-09-06 19:29 . 2012-09-06 19:29 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-09-06 19:29 . 2012-09-06 19:29 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-08-18 23:31 . 2012-08-18 23:31 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-08-18 23:31 . 2012-08-18 23:31 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-09-06 19:29 . 2012-09-06 19:29 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-09-06 19:29 . 2012-09-06 19:29 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2012-08-18 23:31 . 2012-08-18 23:32 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2012-09-06 07:55 . 2012-06-29 00:09 1129472 c:\windows\SysWOW64\wininet.dll
+ 2012-09-06 07:55 . 2012-06-29 00:09 1103872 c:\windows\SysWOW64\urlmon.dll
- 2011-06-27 22:43 . 2010-11-20 12:20 1328128 c:\windows\SysWOW64\quartz.dll
+ 2012-09-06 07:46 . 2011-10-26 04:32 1328128 c:\windows\SysWOW64\quartz.dll
+ 2012-09-06 07:38 . 2011-11-17 05:38 1292080 c:\windows\SysWOW64\ntdll.dll
+ 2012-09-06 07:46 . 2012-06-06 05:05 1390080 c:\windows\SysWOW64\msxml6.dll
- 2011-06-27 22:44 . 2010-11-20 12:19 1390080 c:\windows\SysWOW64\msxml6.dll
- 2011-06-27 22:43 . 2010-11-20 12:19 1236992 c:\windows\SysWOW64\msxml3.dll
+ 2012-09-06 07:46 . 2012-06-06 05:05 1236992 c:\windows\SysWOW64\msxml3.dll
+ 2012-09-06 07:46 . 2012-04-07 11:26 2342400 c:\windows\SysWOW64\msi.dll
+ 2012-09-06 07:55 . 2012-06-29 00:16 1800704 c:\windows\SysWOW64\jscript9.dll
+ 2012-09-06 07:55 . 2012-06-29 00:01 1793024 c:\windows\SysWOW64\iertutil.dll
+ 2012-09-06 07:55 . 2012-06-29 00:27 9737728 c:\windows\SysWOW64\ieframe.dll
+ 2012-09-06 07:46 . 2012-03-03 05:31 1077248 c:\windows\SysWOW64\DWrite.dll
+ 2012-09-06 07:55 . 2012-06-29 03:49 1392128 c:\windows\system32\wininet.dll
+ 2012-09-06 07:38 . 2012-07-18 18:15 3148800 c:\windows\system32\win32k.sys
+ 2012-09-06 07:55 . 2012-06-29 03:49 1346048 c:\windows\system32\urlmon.dll
+ 2012-09-06 07:39 . 2012-03-31 05:40 1402880 c:\windows\system32\spool\drivers\x64\3\JNWDRV.dll
- 2009-07-14 00:03 . 2009-07-14 01:41 1402880 c:\windows\system32\spool\drivers\x64\3\JNWDRV.dll
+ 2012-09-06 07:46 . 2011-10-26 05:25 1572864 c:\windows\system32\quartz.dll
+ 2012-09-06 07:38 . 2011-11-17 06:41 1731920 c:\windows\system32\ntdll.dll
+ 2012-09-06 07:46 . 2012-06-06 06:06 2004480 c:\windows\system32\msxml6.dll
- 2011-06-27 22:44 . 2010-11-20 13:27 2004480 c:\windows\system32\msxml6.dll
+ 2012-09-06 07:46 . 2012-06-06 06:06 1881600 c:\windows\system32\msxml3.dll
+ 2012-09-06 07:46 . 2012-04-07 12:31 3216384 c:\windows\system32\msi.dll
+ 2012-09-06 07:47 . 2011-11-17 06:35 1447936 c:\windows\system32\lsasrv.dll
- 2011-06-27 22:44 . 2010-11-20 13:26 1447936 c:\windows\system32\lsasrv.dll
+ 2012-09-06 07:55 . 2012-06-29 03:56 2312704 c:\windows\system32\jscript9.dll
+ 2012-09-06 07:55 . 2012-06-29 03:42 2144768 c:\windows\system32\iertutil.dll
+ 2012-09-06 07:46 . 2012-03-03 06:35 1544704 c:\windows\system32\DWrite.dll
+ 2012-09-06 07:38 . 2012-03-30 11:35 1918320 c:\windows\system32\drivers\tcpip.sys
- 2011-06-27 22:42 . 2010-11-20 13:25 1133568 c:\windows\system32\cdosys.dll
+ 2012-09-06 07:38 . 2012-06-06 06:02 1133568 c:\windows\system32\cdosys.dll
- 2009-07-14 04:45 . 2011-11-11 19:36 7150706 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-09-06 18:00 7150706 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-11-08 11:32 . 2012-09-06 08:16 2299328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2922089572-4686520-4244951405-1005-12288.dat
+ 2010-06-08 21:23 . 2012-09-04 20:46 3653112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2922089572-4686520-4244951405-1000-8192.dat
+ 2012-09-06 07:38 . 2012-02-10 23:29 2256152 c:\windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll
+ 2012-09-06 07:47 . 2012-03-21 22:30 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
- 2011-07-04 00:42 . 2011-03-29 22:32 5025792 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Windows.Forms.dll
+ 2012-09-06 07:46 . 2011-12-25 20:40 5263360 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Web.dll
- 2011-08-09 20:35 . 2011-05-04 22:31 3190784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
+ 2012-09-06 07:45 . 2012-01-04 03:34 3190784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.dll
- 2011-06-27 22:42 . 2010-11-05 01:56 4927488 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Design.dll
+ 2012-09-06 07:47 . 2012-03-21 22:30 4927488 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Design.dll
+ 2012-09-06 07:45 . 2012-01-04 03:34 9992464 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
+ 2012-09-06 07:45 . 2012-01-04 03:34 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
- 2011-10-12 02:36 . 2011-07-08 22:31 4567040 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll
+ 2012-09-06 07:45 . 2012-01-04 03:34 1577232 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
+ 2012-09-06 07:45 . 2012-01-04 03:34 1756432 c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscordacwks.dll
+ 2012-09-06 07:38 . 2012-02-10 23:31 1737496 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
- 2011-07-04 00:42 . 2011-03-29 22:33 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2012-09-06 07:47 . 2012-03-21 22:32 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2012-09-06 07:46 . 2011-12-25 20:42 5255168 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
- 2011-08-09 20:35 . 2011-05-04 22:32 3190784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2012-09-06 07:45 . 2012-01-04 02:51 3190784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2012-09-06 07:47 . 2012-03-21 22:32 4927488 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
- 2011-06-27 22:42 . 2010-11-05 01:58 4927488 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2012-09-06 07:45 . 2012-01-04 02:51 5925136 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2012-09-06 07:45 . 2012-01-04 02:50 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2011-10-12 02:36 . 2011-07-08 22:33 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2012-06-27 01:03 . 2012-06-27 01:03 3875840 c:\windows\Installer\684ddec.msp
+ 2012-07-17 17:11 . 2012-07-17 17:11 6145024 c:\windows\Installer\684ddb1.msp
+ 2012-06-29 21:33 . 2012-06-29 21:33 6063616 c:\windows\Installer\684dd85.msp
+ 2012-08-02 17:29 . 2012-08-02 17:29 5521920 c:\windows\Installer\684dd58.msp
+ 2012-06-26 00:02 . 2012-06-26 00:02 2460672 c:\windows\Installer\5e9196.msi
+ 2012-08-17 21:23 . 2012-08-17 21:23 7945216 c:\windows\Installer\3152b68.msi
+ 2012-09-06 07:38 . 2012-02-10 23:31 1253376 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2011-06-27 22:44 . 2010-11-05 01:53 1253376 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-09-06 07:45 . 2012-01-04 02:51 3190784 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-08-09 20:35 . 2011-05-04 22:32 3190784 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-07-04 00:42 . 2011-03-29 22:33 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-09-06 07:47 . 2012-03-21 22:32 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-09-06 07:46 . 2011-12-25 20:42 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2011-06-27 22:44 . 2010-11-05 01:53 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
- 2011-06-27 22:42 . 2010-11-05 01:58 4927488 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-09-06 07:47 . 2012-03-21 22:32 4927488 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-09-06 07:38 . 2012-02-10 23:31 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-09-06 07:46 . 2011-12-25 20:40 5263360 c:\windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-09-06 07:38 . 2012-02-10 23:29 2256152 c:\windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll
+ 2012-09-06 07:38 . 2012-02-10 23:29 3998208 c:\windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-09-06 07:45 . 2012-01-04 03:34 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-12 02:36 . 2011-07-08 22:31 4567040 c:\windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-09-06 07:46 . 2011-12-25 20:42 5255168 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-09-06 07:38 . 2012-02-10 23:31 1737496 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll
- 2011-06-27 22:44 . 2010-11-05 01:53 4218880 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-09-06 07:38 . 2012-02-10 23:31 4218880 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-09-06 07:45 . 2012-01-04 02:50 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-12 02:36 . 2011-07-08 22:33 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-08-18 23:31 . 2012-08-18 23:31 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-09-06 19:29 . 2012-09-06 19:29 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-08-18 23:31 . 2012-08-18 23:31 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-09-06 19:29 . 2012-09-06 19:29 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-09-06 07:46 . 2012-06-09 04:41 12873728 c:\windows\SysWOW64\shell32.dll
+ 2012-09-06 07:55 . 2012-06-29 00:52 12317184 c:\windows\SysWOW64\mshtml.dll
- 2009-07-14 02:34 . 2011-11-11 11:11 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-09-06 08:16 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-09-06 07:55 . 2012-06-29 04:55 17809920 c:\windows\system32\mshtml.dll
+ 2012-09-06 07:55 . 2012-06-29 04:09 10925568 c:\windows\system32\ieframe.dll
+ 2010-06-08 12:18 . 2012-09-06 19:50 10894952 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2922089572-4686520-4244951405-1005-8192.dat
+ 2012-09-03 22:49 . 2012-09-03 22:49 27545600 c:\windows\Installer\867b4.msi
+ 2012-07-17 17:17 . 2012-07-17 17:17 22363136 c:\windows\Installer\684dde4.msp
+ 2012-07-18 22:53 . 2012-07-18 22:53 10937344 c:\windows\Installer\684dd61.msp
+ 2012-09-06 10:00 . 2012-09-06 10:00 19337216 c:\windows\Installer\5e918f.msi
+ 2011-08-04 03:53 . 2011-08-04 03:53 17324928 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\MSO.DLL
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Abraham Justice\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Abraham Justice\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Abraham Justice\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\Abraham Justice\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"Anvi_CSB"="c:\program files (x86)\Anvisoft\Cloud System Booster\CSBMini.exe" [2012-07-04 1596232]
"Striiv Agent"="c:\program files (x86)\Striiv\Agent.exe" [2012-04-04 584928]
"MusicManager"="c:\users\Abraham Justice\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-08-16 7316480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PowerPanel Personal Edition User Interaction"="c:\program files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2011-06-17 353728]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-08-29 712104]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Brothers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Install Webroot FF RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe [N/A]
Install Webroot IE RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe [N/A]
.
c:\users\Guest I guess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Install Webroot FF RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe [N/A]
Install Webroot IE RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
"SynchronousUserGroupPolicy"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi9"=wdmaud.drv
.
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-30 250568]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-07 10207232]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-07 317952]
R3 AODDriver4.0;AODDriver4.0;c:\program files (x86)\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-06-30 35840]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2010-04-20 12032]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-05 114144]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 36720]
R3 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-14 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R3 X6va005;X6va005; [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-07 204288]
R4 AMD FusionUtility Service;AMD FusionUtility Service;c:\program files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe [2010-04-14 275832]
R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R4 BroadCamService;BroadCam Video Streaming Server;c:\program files (x86)\NCH Software\BroadCam\broadcam.exe [2010-08-27 1052676]
R4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R4 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-04-03 131912]
R4 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 136176]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 136176]
R4 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2009-08-06 65536]
R4 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe [2007-05-25 567216]
R4 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R4 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-13 87040]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-06 834544]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [2012-08-29 110160]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [2010-06-08 16384]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-01-12 168448]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-01-12 131072]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392]
S2 pcCMService;pcCMService;c:\program files (x86)\Common Files\Motive\pcCMService.exe [2012-04-02 361472]
S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe [2012-04-02 441344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2012-08-29 712104]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 07:27]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 01:47]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 01:47]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2922089572-4686520-4244951405-1000Core.job
- c:\users\Brothers\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-08 20:48]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2922089572-4686520-4244951405-1000UA.job
- c:\users\Brothers\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-08 20:48]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2922089572-4686520-4244951405-1005Core.job
- c:\users\Abraham Justice\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-08 09:11]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2922089572-4686520-4244951405-1005UA.job
- c:\users\Abraham Justice\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-08 09:11]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2922089572-4686520-4244951405-1006Core.job
- c:\users\Guest I guess\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-13 08:12]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2922089572-4686520-4244951405-1006UA.job
- c:\users\Guest I guess\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-13 08:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Abraham Justice\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Abraham Justice\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Abraham Justice\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Abraham Justice\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-08 9642528]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-06-11 2413128]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-06-11 415816]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-06-11 4725320]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://igoogle.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
DPF: {0725D9DE-4CB8-4BC3-8219-3E74C0D544F7} - hxxp://sample3.dmm.co.jp/downloader5/DMMDownloader.cab
FF - ProfilePath - c:\users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://battlelog.battlefield.com/bf3/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: keyword.enabled - true
.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2922089572-4686520-4244951405-1005\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:4a,75,e9,d9,21,ec,b4,71,13,99,22,e1,64,a8,05,da,51,71,2c,c2,64,
86,e4,08,ea,cc,cf,02,12,cc,0a,89,bb,1c,16,0b,1b,74,d4,80,08,29,f6,82,5e,30,\
"rkeysecu"=hex:1f,8d,22,f0,53,77,15,50,d0,6b,35,32,9e,e2,71,de
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Completion time: 2012-09-06 13:04:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-06 20:04
ComboFix2.txt 2012-08-23 03:52
ComboFix3.txt 2012-08-09 08:34
ComboFix4.txt 2012-08-06 22:48
.
Pre-Run: 334,365,532,160 bytes free
Post-Run: 334,430,896,128 bytes free
.
- - End Of File - - F1F7A5B277D5677E0372154736A35E0D
ComboFix 12-08-05.02 - Abraham Justice 08/06/2012 15:19:50.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.5250 [GMT -7:00]
Running from: c:\users\Abraham Justice\Downloads\ComboFix.exe
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\ntuser.dat
c:\users\Abraham Justice\Documents\~WRL0005.tmp
c:\users\Abraham Justice\Documents\~WRL0200.tmp
c:\users\Abraham Justice\Documents\~WRL0246.tmp
c:\users\Abraham Justice\Documents\~WRL0480.tmp
c:\users\Abraham Justice\Documents\~WRL0656.tmp
c:\users\Abraham Justice\Documents\~WRL0988.tmp
c:\users\Abraham Justice\Documents\~WRL1232.tmp
c:\users\Abraham Justice\Documents\~WRL1464.tmp
c:\users\Abraham Justice\Documents\~WRL1544.tmp
c:\users\Abraham Justice\Documents\~WRL1672.tmp
c:\users\Abraham Justice\Documents\~WRL1697.tmp
c:\users\Abraham Justice\Documents\~WRL1861.tmp
c:\users\Abraham Justice\Documents\~WRL2529.tmp
c:\users\Abraham Justice\Documents\~WRL2631.tmp
c:\users\Abraham Justice\Documents\~WRL2847.tmp
c:\users\Abraham Justice\Documents\~WRL3173.tmp
c:\users\Abraham Justice\Documents\~WRL3703.tmp
c:\users\Abraham Justice\Documents\~WRL3732.tmp
c:\users\Abraham Justice\Documents\~WRL3737.tmp
c:\users\Abraham Justice\Documents\~WRL3912.tmp
c:\users\Brothers\AppData\Roaming\Start
c:\users\Brothers\AppData\Roaming\Start\temp_20E5ACDA\flash.10.0.32.18.ocx
c:\users\Brothers\videos\nPlayWMV.exe
c:\users\Brothers\WINDOWS
c:\users\Public\invokesi.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 )))))))))))))))))))))))))))))))
.
.
2012-08-06 22:30 . 2012-08-06 22:30 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-06 22:30 . 2012-08-06 22:30 -------- d-----w- c:\users\Mcx1-BROTHERS-PC\AppData\Local\temp
2012-08-06 22:30 . 2012-08-06 22:30 -------- d-----w- c:\users\Guest I guess\AppData\Local\temp
2012-08-06 22:30 . 2012-08-06 22:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-06 22:30 . 2012-08-06 22:30 -------- d-----w- c:\users\Brothers\AppData\Local\temp
2012-08-06 20:09 . 2012-08-06 20:09 -------- d-----w- c:\users\Abraham Justice\AppData\Local\PassMark
2012-08-06 19:43 . 2012-08-06 19:43 388096 ----a-r- c:\users\Abraham Justice\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-06 07:32 . 2012-08-06 07:32 -------- d-----w- c:\windows\SysWow64\Adobe
2012-08-06 07:29 . 2012-08-06 07:29 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-08-06 00:53 . 2012-08-06 00:54 -------- d-----w- c:\users\Abraham Justice\.explorer.cache
2012-08-06 00:53 . 2012-08-06 00:53 -------- d-----w- c:\users\Abraham Justice\.explorer.local
2012-07-30 20:21 . 2012-07-30 20:21 -------- d-----w- c:\program files (x86)\Trend Micro
2012-07-30 19:31 . 2012-07-30 19:31 -------- d-----w- c:\users\Abraham Justice\AppData\Local\lptmp1889480913
2012-07-30 19:31 . 2012-07-30 19:31 148664 ----a-w- c:\windows\SysWow64\WRusr.dll
2012-07-30 19:31 . 2012-07-30 19:31 101808 ----a-w- c:\windows\system32\WRusr.dll
2012-07-30 19:31 . 2012-07-30 19:31 113168 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2012-07-30 19:31 . 2012-07-30 19:31 -------- d-----w- c:\program files\Webroot
2012-07-30 19:31 . 2012-08-06 20:26 -------- d-----w- c:\programdata\WRData
2012-07-30 16:46 . 2009-12-06 02:42 85504 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-07-30 16:46 . 2012-07-30 16:46 -------- d-----w- c:\program files (x86)\ffdshow
2012-07-30 16:46 . 2012-07-30 16:46 -------- d-----w- c:\programdata\IObit
2012-07-30 16:46 . 2012-07-30 16:46 -------- d-----w- c:\program files (x86)\IObit
2012-07-29 04:44 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-29 04:43 . 2012-07-29 04:43 -------- d-----w- c:\programdata\AVAST Software
2012-07-29 04:43 . 2012-07-29 04:43 -------- d-----w- c:\program files\AVAST Software
2012-07-23 18:18 . 2012-07-23 18:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-07-23 18:18 . 2012-07-23 18:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-07-23 18:18 . 2012-07-23 18:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-07-23 18:18 . 2012-07-23 18:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-07-23 18:18 . 2012-07-23 18:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-07-23 18:18 . 2012-07-23 18:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-07-23 18:18 . 2012-07-23 18:17 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-07-21 20:44 . 2012-07-21 20:44 -------- d-----w- c:\users\Brothers\AppData\Roaming\Leader Technologies
2012-07-21 20:44 . 2012-07-21 23:16 -------- d-----w- c:\users\Brothers\AppData\Roaming\Epson
2012-07-21 07:26 . 2012-07-21 07:26 -------- d-----w- c:\users\Abraham Justice\AppData\Roaming\Epson
2012-07-21 07:26 . 2012-07-21 07:26 -------- d-----w- c:\users\Abraham Justice\AppData\Roaming\Leader Technologies
2012-07-21 04:23 . 2012-07-21 04:23 -------- d-----w- c:\users\Brothers\AppData\Roaming\Leadertech
2012-07-21 04:22 . 2012-07-21 04:22 -------- d-----w- c:\program files (x86)\LTCM Client
2012-07-21 03:56 . 2012-07-21 03:56 -------- d-----w- c:\program files (x86)\Epson Software
2012-07-21 03:56 . 2011-08-10 07:00 464384 ----a-w- c:\windows\system32\esxw2ud.dll
2012-07-21 03:56 . 2009-10-16 07:00 13824 ----a-w- c:\windows\system32\esxcdev.dll
2012-07-21 03:56 . 2009-10-16 07:00 132560 ----a-w- c:\windows\system32\esdevapp.exe
2012-07-21 03:56 . 2012-07-21 04:22 -------- d-----w- c:\program files (x86)\epson
2012-07-21 03:53 . 2012-07-21 03:53 -------- d-----w- c:\program files\Common Files\EPSON
2012-07-21 03:53 . 2012-07-21 23:16 -------- d-----w- c:\programdata\EPSON
2012-07-21 03:53 . 2009-10-01 01:01 88064 ----a-w- c:\windows\system32\E_IBCBHLA.DLL
2012-07-21 03:53 . 2008-11-12 01:00 118784 ----a-w- c:\windows\system32\E_ILMHLA.DLL
2012-07-16 06:06 . 2012-07-16 06:10 -------- d-----w- c:\users\Brothers\AppData\Local\Skyrim
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-06 08:28 . 2010-11-16 11:56 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-08-06 08:28 . 2010-06-08 21:58 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-08-06 08:27 . 2010-06-08 21:58 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-08-04 02:40 . 2012-03-29 06:15 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-04 02:40 . 2011-05-13 20:40 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-21 17:28 . 2010-06-08 21:58 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-06-13 10:03 . 2010-06-09 20:47 58957832 ----a-w- c:\windows\system32\MRT.exe
2012-05-21 01:56 . 2012-05-21 01:56 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-21 01:56 . 2012-05-21 01:56 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-05-18 00:08 . 2010-06-08 09:05 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-18 00:08 . 2010-06-11 17:44 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-05-18 00:08 . 2010-06-11 17:43 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-05-15 10:48 . 2012-05-22 19:39 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-05-15 10:48 . 2012-05-22 19:39 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-05-22 19:39 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-05-22 19:39 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-22 19:39 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-22 19:39 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-22 19:39 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-05-22 19:39 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-05-22 19:39 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-05-22 19:39 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-05-22 19:39 246592 ----a-w- c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2012-05-22 19:39 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-22 19:39 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2012-05-22 19:39 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-05-15 10:48 . 2012-05-22 19:39 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-05-22 19:39 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-05-22 19:39 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-05-22 19:39 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2012-03-14 07:32 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-03-14 07:32 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-02-23 05:10 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2011-10-23 05:30 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-10-23 05:30 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2011-10-23 05:30 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2011-10-23 05:30 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 09:29 . 2011-10-23 05:33 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-10-23 05:33 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2011-10-23 05:33 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2012-02-23 05:13 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2011-10-23 05:33 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-10-23 05:33 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:21 . 2012-05-15 09:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Abraham Justice\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Abraham Justice\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Abraham Justice\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\Abraham Justice\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-08-02 3414680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PowerPanel Personal Edition User Interaction"="c:\program files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2011-06-17 353728]
"TkBellExe"="c:\program files (x86)\Real\realplayer\update\realsched.exe" [2012-05-21 296056]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-07-30 688360]
.
c:\users\Brothers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Epson all-in-one Registration.lnk - c:\users\Abraham Justice\AppData\Roaming\Leadertech\PowerRegister\Epson all-in-one Registration.exe [N/A]
Install Webroot FF RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe [N/A]
Install Webroot IE RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe [N/A]
.
c:\users\Guest I guess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Install Webroot FF RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe [N/A]
Install Webroot IE RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi9"=wdmaud.drv
.
R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 136176]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-07 10207232]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-07 317952]
R3 AODDriver4.0;AODDriver4.0;c:\program files (x86)\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-06-30 35840]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2010-04-20 12032]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 36720]
R3 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-14 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R3 X6va005;X6va005;c:\users\ABRAHA~1\AppData\Local\Temp\005FC52.tmp [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-07 204288]
R4 AMD FusionUtility Service;AMD FusionUtility Service;c:\program files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe [2010-04-14 275832]
R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R4 BroadCamService;BroadCam Video Streaming Server;c:\program files (x86)\NCH Software\BroadCam\broadcam.exe [2010-08-27 1052676]
R4 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-04-03 131912]
R4 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
R4 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2009-08-06 65536]
R4 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe [2007-05-25 567216]
R4 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R4 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-13 87040]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-06 834544]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [2012-07-30 113168]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [2010-06-08 16384]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-01-12 168448]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-01-12 131072]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392]
S2 pcCMService;pcCMService;c:\program files (x86)\Common Files\Motive\pcCMService.exe [2012-04-02 361472]
S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe [2012-04-02 441344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2012-07-30 688360]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 02:40]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 01:47]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-13 01:47]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2922089572-4686520-4244951405-1000Core.job
- c:\users\Brothers\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-08 20:48]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2922089572-4686520-4244951405-1000UA.job
- c:\users\Brothers\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-08 20:48]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2922089572-4686520-4244951405-1005Core.job
- c:\users\Abraham Justice\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-08 09:11]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2922089572-4686520-4244951405-1005UA.job
- c:\users\Abraham Justice\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-08 09:11]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2922089572-4686520-4244951405-1006Core.job
- c:\users\Guest I guess\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-13 08:12]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2922089572-4686520-4244951405-1006UA.job
- c:\users\Guest I guess\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-13 08:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Abraham Justice\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Abraham Justice\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Abraham Justice\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Abraham Justice\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-08 9642528]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-06-11 2413128]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-06-11 415816]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-06-11 4725320]
"Comcast_McciTrayApp"="c:\program files\Comcast\pcTrayApp.exe" [2012-04-03 2727936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://igoogle.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
DPF: {0725D9DE-4CB8-4BC3-8219-3E74C0D544F7} - hxxp://sample3.dmm.co.jp/downloader5/DMMDownloader.cab
FF - ProfilePath - c:\users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://battlelog.battlefield.com/bf3/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: keyword.enabled - true
.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\ABRAHA~1\AppData\Local\Temp\005FC52.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2922089572-4686520-4244951405-1005\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:4a,75,e9,d9,21,ec,b4,71,13,99,22,e1,64,a8,05,da,51,71,2c,c2,64,
86,e4,08,ea,cc,cf,02,12,cc,0a,89,bb,1c,16,0b,1b,74,d4,80,08,29,f6,82,5e,30,\
"rkeysecu"=hex:1f,8d,22,f0,53,77,15,50,d0,6b,35,32,9e,e2,71,de
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Completion time: 2012-08-06 15:47:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-06 22:47
.
Pre-Run: 333,698,621,440 bytes free
Post-Run: 334,008,274,944 bytes free
.
- - End Of File - - 773DB15A98ABDE084A1F13CD7B78E5FB





Not sure if this is the one where I deleted a number of issues or just had punkbuster false negatives but this is the last hitman scan that worked.



Hitman Pro


HitmanPro 3.6.1.164
www.hitmanpro.com

   Computer name . . . . : BROTHERS-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Brothers-PC\Abraham Justice
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2012-09-14 09:44:34
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 23m 28s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 37

   Objects scanned . . . : 2,716,611
   Files scanned . . . . : 124,239
   Remnants scanned  . . : 842,125 files / 1,750,247 keys

Miniport ____________________________________________________________________

   Primary
      DriverObject . . . : FFFFFA8006B3CCB0
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFFA80069F92C0 +0
   Solution
      DriverObject . . . : FFFFFA8006B3CCB0
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFF88000FD44D8 \SystemRoot\system32\drivers\ataport.SYS+29912

Suspicious files ____________________________________________________________

   C:\Users\Abraham Justice\AppData\Local\PunkBuster\BF3\pb\dll\wc002286.dll
      Size . . . . . . . : 942,907 bytes
      Age  . . . . . . . : 253.7 days (2012-01-04 17:16:32)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 151573760160ED491B4528616FF16C058966B9555B73E804AF1CD60B3F8EB33D
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Abraham Justice\AppData\Local\PunkBuster\BF3\pb\dll\wc002287.dll
      Size . . . . . . . : 948,113 bytes
      Age  . . . . . . . : 232.7 days (2012-01-25 16:09:00)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 1BE27031845D80D6803C15BCE2EBE1276C0CA17F3BD47FDA8EAD97DBF5A517AF
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Abraham Justice\AppData\Local\PunkBuster\BF3\pb\dll\wc002292.dll
      Size . . . . . . . : 956,681 bytes
      Age  . . . . . . . : 155.8 days (2012-04-11 13:45:44)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 7218A15A9890CE82EB25F7AB5AC7AA60B4E3055C5574B70A6CABA4274D6DE493
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Abraham Justice\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
      Size . . . . . . . : 956,681 bytes
      Age  . . . . . . . : 1.4 days (2012-09-13 01:03:11)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 7218A15A9890CE82EB25F7AB5AC7AA60B4E3055C5574B70A6CABA4274D6DE493
      Fuzzy  . . . . . . : 31.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Abraham Justice\AppData\Local\PunkBuster\BF3\pb\pbclold.dll
      Size . . . . . . . : 956,681 bytes
      Age  . . . . . . . : 351.0 days (2011-09-29 09:15:13)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 7218A15A9890CE82EB25F7AB5AC7AA60B4E3055C5574B70A6CABA4274D6DE493
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Abraham Justice\AppData\Local\PunkBuster\BF3\pb\pbcls.dll
      Size . . . . . . . : 951,497 bytes
      Age  . . . . . . . : 322.4 days (2011-10-28 00:20:02)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 43358BBCEC1EBE7927CA3B0A3DCA0597D5E8584F0FCBE987B8126A0C12D73A2B
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Abraham Justice\AppData\Local\PunkBuster\BFP4F\pb\pbcl.dll
      Size . . . . . . . : 915,149 bytes
      Age  . . . . . . . : 484.6 days (2011-05-18 19:21:07)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : E189EF452F559BFAC0C0A91EFADC78EAA569B915985A213F99666BE56FC86165
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Abraham Justice\AppData\Local\PunkBuster\BFP4F\pb\PnkBstrK.sys
      Size . . . . . . . : 138,264 bytes
      Age  . . . . . . . : 484.6 days (2011-05-18 19:21:44)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : 4194EFFC7236F018722B6DBF76253E1D833FEEEC158835C4DFAAD0555E7A7D91
      RSA Key Size . . . : 1024
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Abraham Justice\AppData\Local\PunkBuster\GRO\pb\pbcl.dll
      Size . . . . . . . : 957,254 bytes
      Age  . . . . . . . : 85.0 days (2012-06-21 10:29:44)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 119B810057B5BEB396E0788D092661B805D7E9AF1AD066BA3BD952DBA6064C82
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Abraham Justice\AppData\Local\PunkBuster\GRO\pb\PnkBstrK.sys
      Size . . . . . . . : 141,072 bytes
      Age  . . . . . . . : 85.0 days (2012-06-21 10:30:07)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : C3A38891678AC34784E90D385B3DDEAC690E11E05A7657F9D287E7DC373D2592
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Abraham Justice\AppData\Local\PunkBuster\HOS\pb\pbcls.dll
      Size . . . . . . . : 961,427 bytes
      Age  . . . . . . . : 267.2 days (2011-12-22 03:54:23)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : D79347471FE65C5D2E639E92CA39710339FF038C07B0181D7034A746C62E236E
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Abraham Justice\AppData\Local\PunkBuster\WAW\pb\dll\wc002215.dll
      Size . . . . . . . : 894,906 bytes
      Age  . . . . . . . : 668.2 days (2010-11-16 04:48:34)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 2D2039C8996CF49274B07C84169A3754093F176CF390A846B825AF02B32A73A5
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Abraham Justice\AppData\Local\PunkBuster\WAW\pb\dll\wc002259.dll
      Size . . . . . . . : 961,128 bytes
      Age  . . . . . . . : 631.4 days (2010-12-23 00:19:27)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 292C79D834C7F9B4C541E3C9C9CFE10B3DC15298466D69F0C069AE7DE6B879F7
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Abraham Justice\AppData\Local\PunkBuster\WAW\pb\pbcl.dll
      Size . . . . . . . : 961,128 bytes
      Age  . . . . . . . : 631.4 days (2010-12-23 00:19:27)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 292C79D834C7F9B4C541E3C9C9CFE10B3DC15298466D69F0C069AE7DE6B879F7
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Abraham Justice\AppData\Local\PunkBuster\WAW\pb\pbclold.dll
      Size . . . . . . . : 894,906 bytes
      Age  . . . . . . . : 668.3 days (2010-11-16 02:21:23)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 2D2039C8996CF49274B07C84169A3754093F176CF390A846B825AF02B32A73A5
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Abraham Justice\AppData\Local\PunkBuster\WAW\pb\PnkBstrK.sys
      Size . . . . . . . : 139,488 bytes
      Age  . . . . . . . : 668.3 days (2010-11-16 02:21:34)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : B521667C371DC46F5CFA81730F2A29091C32BCA2699B6321C79A097068DEF160
      RSA Key Size . . . : 1024
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Abraham Justice\AppData\Local\PunkBuster\WH\pb\dll\wc002160.dll
      Size . . . . . . . : 858,775 bytes
      Age  . . . . . . . : 825.9 days (2010-06-11 12:42:12)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 55249E443A7A9F7246747FC9BC4D5C21AF98558DC4551E5947BFB734C653FF9B
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Abraham Justice\AppData\Local\PunkBuster\WH\pb\pbcl.dll
      Size . . . . . . . : 858,775 bytes
      Age  . . . . . . . : 825.9 days (2010-06-11 12:42:13)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 55249E443A7A9F7246747FC9BC4D5C21AF98558DC4551E5947BFB734C653FF9B
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Abraham Justice\AppData\Local\PunkBuster\WH\pb\pbclold.dll
      Size . . . . . . . : 822,681 bytes
      Age  . . . . . . . : 825.9 days (2010-06-11 12:35:01)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 87AA84BEB103F8FED3897627F3019BBE53759C180FE63B5FBFF1FA6BA5EEE266
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Abraham Justice\Documents\My Games\Crysis Wars\PunkBuster\pb\pbcl.dll
      Size . . . . . . . : 822,681 bytes
      Age  . . . . . . . : 825.9 days (2010-06-11 12:35:01)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 87AA84BEB103F8FED3897627F3019BBE53759C180FE63B5FBFF1FA6BA5EEE266
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Brothers\AppData\Local\PunkBuster\BF3\pb\dll\wc002286.dll
      Size . . . . . . . : 942,907 bytes
      Age  . . . . . . . : 255.8 days (2012-01-02 15:43:58)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 151573760160ED491B4528616FF16C058966B9555B73E804AF1CD60B3F8EB33D
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Brothers\AppData\Local\PunkBuster\BF3\pb\dll\wc002292.dll
      Size . . . . . . . : 956,681 bytes
      Age  . . . . . . . : 60.5 days (2012-07-15 22:16:37)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 7218A15A9890CE82EB25F7AB5AC7AA60B4E3055C5574B70A6CABA4274D6DE493
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Brothers\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
      Size . . . . . . . : 956,681 bytes
      Age  . . . . . . . : 1.0 days (2012-09-13 10:55:37)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 7218A15A9890CE82EB25F7AB5AC7AA60B4E3055C5574B70A6CABA4274D6DE493
      Fuzzy  . . . . . . : 31.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Brothers\AppData\Local\PunkBuster\BF3\pb\pbclold.dll
      Size . . . . . . . : 956,681 bytes
      Age  . . . . . . . : 294.8 days (2011-11-24 13:46:24)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 7218A15A9890CE82EB25F7AB5AC7AA60B4E3055C5574B70A6CABA4274D6DE493
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Brothers\AppData\Local\PunkBuster\WH\pb\pbcl.dll
      Size . . . . . . . : 822,681 bytes
      Age  . . . . . . . : 820.5 days (2010-06-16 22:45:26)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 87AA84BEB103F8FED3897627F3019BBE53759C180FE63B5FBFF1FA6BA5EEE266
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.

   C:\Users\Brothers\Documents\My Games\Crysis Wars\PunkBuster\pb\pbcl.dll
      Size . . . . . . . : 822,681 bytes
      Age  . . . . . . . : 820.5 days (2010-06-16 22:45:26)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 87AA84BEB103F8FED3897627F3019BBE53759C180FE63B5FBFF1FA6BA5EEE266
      Fuzzy  . . . . . . : 29.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.


Cookies _____________________________________________________________________

   C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\cookies.sqlite:ad.mlnadvertising.com
   C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\cookies.sqlite:ads.as4x.tmcs.net
   C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\cookies.sqlite:ads.pubmatic.com
   C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\cookies.sqlite:at.atwola.com
   C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\cookies.sqlite:interclick.com
   C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\cookies.sqlite:invitemedia.com
   C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\cookies.sqlite:media6degrees.com
   C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\cookies.sqlite:network.realmedia.com
   C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\cookies.sqlite:realmedia.com
   C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\cookies.sqlite:revsci.net
   C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\cookies.sqlite:uk.sitestat.com



AdwCleaner found quite a few things when it worked

# AdwCleaner v2.002 - Logfile created 09/19/2012 at 02:05:51
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Abraham Justice - BROTHERS-PC
# Boot Mode : Normal
# Running from : C:\Users\Abraham Justice\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\searchplugins\Conduit.xml
Folder Found : C:\Users\Abraham Justice\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\ConduitCommon
Folder Found : C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\CT2304157
Folder Found : C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
Folder Found : C:\Users\Brothers\AppData\LocalLow\boost_interprocess

***** [Registry] *****

Key Found : HKCU\Software\Conduit
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\Software\Conduit

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Brothers\AppData\Roaming\Mozilla\Firefox\Profiles\5rfgqpvs.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\prefs.js

Found : user_pref("CT2304157..clientLogIsEnabled", true);
Found : user_pref("CT2304157..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2304157..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2304157.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2304157.AppTrackingLastCheckTime", "Wed Nov 09 2011 20:41:37 GMT-0800 (Pacific Standard[...]
Found : user_pref("CT2304157.BrowserCompStateIsOpen_1000515", true);
Found : user_pref("CT2304157.CT2304157", "CT2304157");
Found : user_pref("CT2304157.CurrentServerDate", "8-1-2012");
Found : user_pref("CT2304157.DialogsAlignMode", "LTR");
Found : user_pref("CT2304157.DialogsGetterLastCheckTime", "Sun Jan 08 2012 02:40:30 GMT-0800 (Pacific Standa[...]
Found : user_pref("CT2304157.DownloadReferralCookieData", "");
Found : user_pref("CT2304157.FeedLastCount129078895246717929", 27);
Found : user_pref("CT2304157.FeedLastCount129095439763593837", 0);
Found : user_pref("CT2304157.FeedPollDate129078895250311712", "Sun Jan 08 2012 04:00:29 GMT-0800 (Pacific St[...]
Found : user_pref("CT2304157.FeedPollDate129095439763593837", "Sun Jan 08 2012 03:40:29 GMT-0800 (Pacific St[...]
Found : user_pref("CT2304157.FeedPollDate129604942912022444", "Sun Jan 08 2012 03:40:29 GMT-0800 (Pacific St[...]
Found : user_pref("CT2304157.FeedTTL129078895250311712", 40);
Found : user_pref("CT2304157.FirstServerDate", "26-7-2011");
Found : user_pref("CT2304157.FirstTime", true);
Found : user_pref("CT2304157.FirstTimeFF3", true);
Found : user_pref("CT2304157.FixPageNotFoundErrors", true);
Found : user_pref("CT2304157.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2304157.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2304157.HasUserGlobalKeys", true);
Found : user_pref("CT2304157.HomePageProtectorEnabled", true);
Found : user_pref("CT2304157.Initialize", true);
Found : user_pref("CT2304157.InitializeCommonPrefs", true);
Found : user_pref("CT2304157.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2304157.InstalledDate", "Mon Jul 25 2011 15:12:43 GMT-0700 (Pacific Daylight Time)");
Found : user_pref("CT2304157.IsAlertDBUpdated", true);
Found : user_pref("CT2304157.IsGrouping", false);
Found : user_pref("CT2304157.IsInitSetupIni", true);
Found : user_pref("CT2304157.IsMulticommunity", false);
Found : user_pref("CT2304157.IsOpenThankYouPage", true);
Found : user_pref("CT2304157.IsOpenUninstallPage", true);
Found : user_pref("CT2304157.IsProtectorsInit", true);
Found : user_pref("CT2304157.LanguagePackLastCheckTime", "Sun Jan 08 2012 02:40:30 GMT-0800 (Pacific Standar[...]
Found : user_pref("CT2304157.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2304157.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2304157.LastLogin_3.5.0.12", "Sat Sep 17 2011 23:28:22 GMT-0700 (Pacific Daylight Time)[...]
Found : user_pref("CT2304157.LastLogin_3.6.0.10", "Sun Jan 08 2012 02:40:30 GMT-0800 (Pacific Standard Time)[...]
Found : user_pref("CT2304157.LatestVersion", "3.9.0.3");
Found : user_pref("CT2304157.Locale", "en");
Found : user_pref("CT2304157.MCDetectTooltipHeight", "83");
Found : user_pref("CT2304157.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2304157.MCDetectTooltipWidth", "295");
Found : user_pref("CT2304157.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2304157.OriginalFirstVersion", "3.5.0.12");
Found : user_pref("CT2304157.SavedHomepage", "hxxp://mail.google.com/mail/");
Found : user_pref("CT2304157.SearchEngineBeforeUnload", "Google");
Found : user_pref("CT2304157.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2304157.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT230[...]
Found : user_pref("CT2304157.SearchInNewTabEnabled", true);
Found : user_pref("CT2304157.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2304157.SearchInNewTabLastCheckTime", "Sun Jan 08 2012 02:40:28 GMT-0800 (Pacific Stand[...]
Found : user_pref("CT2304157.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2304157.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Found : user_pref("CT2304157.SearchProtectorEnabled", false);
Found : user_pref("CT2304157.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT2304157.ServiceMapLastCheckTime", "Sun Jan 08 2012 02:40:29 GMT-0800 (Pacific Standard [...]
Found : user_pref("CT2304157.SettingsLastCheckTime", "Sun Jan 08 2012 02:40:28 GMT-0800 (Pacific Standard Ti[...]
Found : user_pref("CT2304157.SettingsLastUpdate", "1325072866");
Found : user_pref("CT2304157.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2304157.ThirdPartyComponentsLastCheck", "Mon Dec 26 2011 02:33:53 GMT-0800 (Pacific Sta[...]
Found : user_pref("CT2304157.ThirdPartyComponentsLastUpdate", "1312887586");
Found : user_pref("CT2304157.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2304157.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2304157");
Found : user_pref("CT2304157.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2304157.UserID", "UN28110446615361717");
Found : user_pref("CT2304157.ValidationData_Toolbar", 2);
Found : user_pref("CT2304157.alertChannelId", "700614");
Found : user_pref("CT2304157.backendstorage.2304157a129604967990223179000000paramsgk2", "7B22757064617465526[...]
Found : user_pref("CT2304157.backendstorage.facebook_mode", "32");
Found : user_pref("CT2304157.backendstorage.facebook_user_locale", "656E");
Found : user_pref("CT2304157.components.1000515", true);
Found : user_pref("CT2304157.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2304157.globalFirstTimeInfoLastCheckTime", "Sun Jan 08 2012 02:40:30 GMT-0800 (Pacific [...]
Found : user_pref("CT2304157.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2304157.initDone", true);
Found : user_pref("CT2304157.isAppTrackingManagerOn", true);
Found : user_pref("CT2304157.myStuffEnabled", true);
Found : user_pref("CT2304157.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2304157.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2304157.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2304157.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2304157.oldAppsList", "128883653123969059,128883653123969060,111,128883659132094175,129[...]
Found : user_pref("CT2304157.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2304157.searchProtectorEnableByLogin", true);
Found : user_pref("CT2304157.testingCtid", "");
Found : user_pref("CT2304157.toolbarAppMetaDataLastCheckTime", "Sun Jan 08 2012 02:40:30 GMT-0800 (Pacific S[...]
Found : user_pref("CT2304157.toolbarContextMenuLastCheckTime", "Sun Jan 08 2012 02:40:30 GMT-0800 (Pacific S[...]
Found : user_pref("CT2304157.undefined", "Sat Sep 17 2011 23:28:22 GMT-0700 (Pacific Daylight Time)");
Found : user_pref("CT2304157.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2304157&Search[...]
Found : user_pref("CommunityToolbar.ConduitSearchList", "XfireXO Customized Web Search");
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2304157/CT2304157[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/700614/696475/US", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2304157", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2304157",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2304157&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"dbf[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/21817319.xml", "\"3428caec621308bc21d[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Abraham Justice\\AppData\\Roaming\\[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10");
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://www.xfire.com/toolbar/activityreport/", "280x[...]
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://www.xfire.com/toolbar/screenshots/", "320x409[...]
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.live.com/results.aspx?FORM[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2304157");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2304157");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2304157");
Found : user_pref("CommunityToolbar.globalUserId", "64a9420f-88af-4016-ac6e-5a8143a2d5ed");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2304157");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Jan 08 2012 02:40:3[...]
Found : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Jan 08 2012 02:40:37 GMT-080[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Jan 08 2012 02:40:29 GMT-0800 (P[...]
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "72c09ad6-e03a-42d2-8c81-83fd9ce10840");
Found : user_pref("CommunityToolbar.twitter.user_21817319.LastCheckTime", "Sun Jan 08 2012 02:41:29 GMT-0800[...]
Found : user_pref("aol_toolbar.surf.date", "35");
Found : user_pref("aol_toolbar.surf.lastDate", "7");
Found : user_pref("aol_toolbar.surf.lastMonth", "0");
Found : user_pref("aol_toolbar.surf.lastYear", "2009");
Found : user_pref("aol_toolbar.surf.mURL", "");
Found : user_pref("aol_toolbar.surf.mURLh", "0");
Found : user_pref("aol_toolbar.surf.mURLw", "0");
Found : user_pref("aol_toolbar.surf.mURLx", "0");
Found : user_pref("aol_toolbar.surf.mURLy", "0");
Found : user_pref("aol_toolbar.surf.milestone", "-1");
Found : user_pref("aol_toolbar.surf.month", "35");
Found : user_pref("aol_toolbar.surf.prevMonth", "0");
Found : user_pref("aol_toolbar.surf.total", "35");
Found : user_pref("aol_toolbar.surf.week", "35");
Found : user_pref("aol_toolbar.surf.year", "35");
Found : user_pref("browser.search.defaultthis.engineName", "XfireXO Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&Sea[...]
Found : user_pref("oldKeyword", "hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?sredir=2706&invocatio[...]

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Brothers\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Chromium v [Unable to get version]

File : C:\Users\Abraham Justice\AppData\Local\Chromium\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [14814 octets] - [19/09/2012 02:05:51]

########## EOF - C:\AdwCleaner[R1].txt - [14875 octets] ##########

TDSS as well:

10:57:04.0164 5444 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
10:57:04.0715 5444 ============================================================
10:57:04.0715 5444 Current date / time: 2012/09/15 10:57:04.0715
10:57:04.0715 5444 SystemInfo:
10:57:04.0715 5444
10:57:04.0715 5444 OS Version: 6.1.7601 ServicePack: 1.0
10:57:04.0715 5444 Product type: Workstation
10:57:04.0716 5444 ComputerName: BROTHERS-PC
10:57:04.0716 5444 UserName: Abraham Justice
10:57:04.0716 5444 Windows directory: C:\Windows
10:57:04.0716 5444 System windows directory: C:\Windows
10:57:04.0716 5444 Running under WOW64
10:57:04.0716 5444 Processor architecture: Intel x64
10:57:04.0716 5444 Number of processors: 4
10:57:04.0716 5444 Page size: 0x1000
10:57:04.0716 5444 Boot type: Normal boot
10:57:04.0716 5444 ============================================================
10:57:12.0618 5444 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
10:57:12.0640 5444 Drive \Device\Harddisk1\DR1 - Size: 0x1E9600000 (7.65 Gb), SectorSize: 0x200, Cylinders: 0x3E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:57:12.0646 5444 ============================================================
10:57:12.0646 5444 \Device\Harddisk0\DR0:
10:57:12.0652 5444 MBR partitions:
10:57:12.0652 5444 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:57:12.0652 5444 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
10:57:12.0652 5444 \Device\Harddisk1\DR1:
10:57:12.0654 5444 MBR partitions:
10:57:12.0654 5444 ============================================================
10:57:12.0916 5444 C: <-> \Device\Harddisk0\DR0\Partition2
10:57:12.0917 5444 ============================================================
10:57:12.0917 5444 Initialize success
10:57:12.0917 5444 ============================================================
10:57:15.0622 3564 ============================================================
10:57:15.0622 3564 Scan started
10:57:15.0622 3564 Mode: Manual;
10:57:15.0622 3564 ============================================================
10:57:23.0680 3564 ================ Scan system memory ========================
10:57:23.0680 3564 System memory - ok
10:57:23.0681 3564 ================ Scan services =============================
10:57:28.0633 3564 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:57:28.0738 3564 1394ohci - ok
10:57:28.0833 3564 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:57:28.0855 3564 ACPI - ok
10:57:29.0010 3564 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:57:29.0025 3564 AcpiPmi - ok
10:57:30.0403 3564 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:57:30.0405 3564 AdobeARMservice - ok
10:57:35.0938 3564 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:57:35.0942 3564 AdobeFlashPlayerUpdateSvc - ok
10:57:36.0187 3564 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:57:36.0212 3564 adp94xx - ok
10:57:36.0409 3564 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:57:36.0432 3564 adpahci - ok
10:57:36.0589 3564 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:57:36.0655 3564 adpu320 - ok
10:57:37.0105 3564 [ 7233688FC422EF657E082309E6180142 ] ADVService C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
10:57:37.0107 3564 ADVService - ok
10:57:37.0185 3564 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:57:37.0242 3564 AeLookupSvc - ok
10:57:37.0516 3564 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:57:37.0575 3564 AFD - ok
10:57:37.0688 3564 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:57:37.0736 3564 agp440 - ok
10:57:37.0834 3564 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:57:37.0854 3564 ALG - ok
10:57:37.0915 3564 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:57:37.0921 3564 aliide - ok
10:57:38.0023 3564 [ 2164F98FFBEBB17C17C9AA7057126A21 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:57:38.0057 3564 AMD External Events Utility - ok
10:57:38.0587 3564 [ 72893D5E805CC0A721DAC0102329F94E ] AMD FusionUtility Service C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe
10:57:38.0592 3564 AMD FusionUtility Service - ok
10:57:38.0635 3564 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:57:38.0639 3564 amdide - ok
10:57:38.0886 3564 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
10:57:38.0887 3564 amdiox64 - ok
10:57:38.0970 3564 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:57:39.0017 3564 AmdK8 - ok
10:57:42.0822 3564 [ 43BD304BB9F43973A75B37C6D7C88A83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:57:42.0863 3564 amdkmdag - ok
10:57:42.0995 3564 [ 783F10E1CB8503B556E5A9DF0A264031 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
10:57:43.0079 3564 amdkmdap - ok
10:57:43.0237 3564 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:57:43.0239 3564 AmdPPM - ok
10:57:43.0297 3564 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:57:43.0301 3564 amdsata - ok
10:57:43.0345 3564 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:57:43.0402 3564 amdsbs - ok
10:57:43.0457 3564 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:57:43.0516 3564 amdxata - ok
10:57:43.0709 3564 AODDriver4.0 - ok
10:57:43.0904 3564 AODDriver4.01 - ok
10:57:44.0026 3564 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:57:44.0063 3564 AppID - ok
10:57:44.0135 3564 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:57:44.0172 3564 AppIDSvc - ok
10:57:44.0226 3564 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:57:44.0301 3564 Appinfo - ok
10:57:44.0716 3564 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:57:44.0773 3564 Apple Mobile Device - ok
10:57:45.0153 3564 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:57:45.0205 3564 arc - ok
10:57:45.0315 3564 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:57:45.0322 3564 arcsas - ok
10:57:45.0382 3564 [ 4B720CC508B4FB999A7BF0E6D84F73E1 ] ASDR C:\Windows\SysWOW64\ASDR.exe
10:57:45.0674 3564 ASDR - ok
10:57:45.0759 3564 [ A4398A8914C32F18EC2AB562CBA3CAAF ] asusgsb C:\Windows\system32\drivers\asusgsb.sys
10:57:45.0760 3564 asusgsb - ok
10:57:45.0847 3564 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:57:45.0894 3564 AsyncMac - ok
10:57:45.0986 3564 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:57:45.0987 3564 atapi - ok
10:57:46.0155 3564 [ DBB487D09F56C674430AC454FD8BCAB9 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
10:57:46.0159 3564 AtiHDAudioService - ok
10:57:46.0213 3564 [ 7E2F5A758F63F80F8B03F889B4E6B19F ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
10:57:46.0214 3564 AtiHdmiService - ok
10:57:48.0169 3564 [ 43BD304BB9F43973A75B37C6D7C88A83 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:57:48.0210 3564 atikmdag - ok
10:57:48.0307 3564 [ FB4187C282CB467E5E606913A1FA79A3 ] atkdisplf C:\Windows\system32\drivers\ATKDispLowFilter.sys
10:57:48.0309 3564 atkdisplf - ok
10:57:48.0379 3564 [ 86D873FD396FA6708A99A1BDF104D120 ] ATKFUSService C:\Windows\system32\ATKFUSService.exe
10:57:48.0424 3564 ATKFUSService - ok
10:57:48.0694 3564 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
10:57:48.0698 3564 atksgt - ok
10:57:49.0077 3564 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:57:49.0212 3564 AudioEndpointBuilder - ok
10:57:49.0316 3564 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:57:49.0326 3564 AudioSrv - ok
10:57:49.0409 3564 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:57:49.0468 3564 AxInstSV - ok
10:57:49.0649 3564 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:57:49.0706 3564 b06bdrv - ok
10:57:49.0921 3564 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:57:49.0942 3564 b57nd60a - ok
10:57:50.0285 3564 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
10:57:50.0288 3564 BBSvc - ok
10:57:50.0352 3564 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:57:50.0402 3564 BDESVC - ok
10:57:50.0448 3564 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:57:50.0502 3564 Beep - ok
10:57:50.0799 3564 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:57:50.0888 3564 BFE - ok
10:57:51.0137 3564 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
10:57:51.0197 3564 BITS - ok
10:57:51.0216 3564 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:57:51.0235 3564 blbdrive - ok
10:57:51.0539 3564 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:57:51.0541 3564 Bonjour Service - ok
10:57:51.0590 3564 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:57:51.0593 3564 bowser - ok
10:57:51.0636 3564 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:57:51.0649 3564 BrFiltLo - ok
10:57:51.0663 3564 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:57:51.0678 3564 BrFiltUp - ok
10:57:51.0871 3564 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:57:51.0890 3564 BridgeMP - ok
10:57:52.0268 3564 [ A01C9C51D73FF02FAC83B462CC9FF87C ] BroadCamService C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe
10:57:52.0311 3564 BroadCamService - ok
10:57:52.0417 3564 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:57:52.0464 3564 Browser - ok
10:57:52.0596 3564 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:57:52.0626 3564 Brserid - ok
10:57:52.0673 3564 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:57:52.0689 3564 BrSerWdm - ok
10:57:52.0724 3564 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:57:52.0731 3564 BrUsbMdm - ok
10:57:52.0825 3564 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:57:53.0062 3564 BrUsbSer - ok
10:57:53.0150 3564 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:57:53.0184 3564 BTHMODEM - ok
10:57:53.0579 3564 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:57:53.0601 3564 bthserv - ok
10:57:54.0553 3564 [ 9887CA12F407D7FBC7F48F3678F5F0B6 ] BVRPMPR5a64 C:\Windows\system32\drivers\BVRPMPR5a64.SYS
10:57:54.0587 3564 BVRPMPR5a64 - ok
10:57:55.0606 3564 catchme - ok
10:57:55.0668 3564 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:57:55.0695 3564 cdfs - ok
10:57:55.0837 3564 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:57:55.0845 3564 cdrom - ok
10:57:55.0930 3564 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:57:55.0945 3564 CertPropSvc - ok
10:57:56.0038 3564 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:57:56.0056 3564 circlass - ok
10:57:56.0299 3564 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:57:56.0374 3564 CLFS - ok
10:57:56.0889 3564 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:57:56.0942 3564 clr_optimization_v2.0.50727_32 - ok
10:57:57.0312 3564 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:57:57.0372 3564 clr_optimization_v2.0.50727_64 - ok
10:57:57.0791 3564 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:57:58.0423 3564 clr_optimization_v4.0.30319_32 - ok
10:57:59.0053 3564 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:57:59.0105 3564 clr_optimization_v4.0.30319_64 - ok
10:57:59.0142 3564 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:57:59.0144 3564 CmBatt - ok
10:57:59.0253 3564 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:57:59.0299 3564 cmdide - ok
10:57:59.0598 3564 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
10:57:59.0605 3564 CNG - ok
10:57:59.0741 3564 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:57:59.0769 3564 Compbatt - ok
10:57:59.0885 3564 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:57:59.0897 3564 CompositeBus - ok
10:57:59.0900 3564 COMSysApp - ok
10:57:59.0943 3564 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:57:59.0946 3564 crcdisk - ok
10:58:00.0067 3564 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:58:00.0079 3564 CryptSvc - ok
10:58:00.0512 3564 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
10:58:01.0227 3564 cvhsvc - ok
10:58:01.0311 3564 [ FBCB29A76E8105D682B02C69BA9B5C22 ] DAdderFltr C:\Windows\system32\drivers\dadder.sys
10:58:01.0312 3564 DAdderFltr - ok
10:58:01.0588 3564 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:58:01.0656 3564 DcomLaunch - ok
10:58:01.0747 3564 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:58:01.0757 3564 defragsvc - ok
10:58:02.0072 3564 [ 2B9A817DC1BDAD9CE5495099B6A7136A ] Desura Install Service C:\Program Files (x86)\Common Files\Desura\desura_service.exe
10:58:02.0073 3564 Desura Install Service - ok
10:58:02.0210 3564 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:58:02.0258 3564 DfsC - ok
10:58:02.0461 3564 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:58:02.0524 3564 Dhcp - ok
10:58:02.0605 3564 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:58:02.0635 3564 discache - ok
10:58:02.0674 3564 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:58:02.0738 3564 Disk - ok
10:58:02.0893 3564 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:58:02.0915 3564 Dnscache - ok
10:58:03.0046 3564 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:58:03.0091 3564 dot3svc - ok
10:58:03.0243 3564 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:58:03.0266 3564 DPS - ok
10:58:03.0426 3564 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:58:03.0436 3564 drmkaud - ok
10:58:04.0118 3564 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:58:04.0124 3564 DXGKrnl - ok
10:58:04.0246 3564 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:58:04.0256 3564 EapHost - ok
10:58:05.0502 3564 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:58:05.0622 3564 ebdrv - ok
10:58:05.0802 3564 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:58:05.0843 3564 EFS - ok
10:58:06.0575 3564 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:58:06.0616 3564 ehRecvr - ok
10:58:06.0696 3564 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:58:06.0734 3564 ehSched - ok
10:58:06.0843 3564 [ 343ADA10D948DB29251F2D9C809AF204 ] EIO64 C:\Windows\system32\DRIVERS\EIO64.sys
10:58:06.0844 3564 EIO64 - ok
10:58:07.0175 3564 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:58:07.0255 3564 elxstor - ok
10:58:07.0714 3564 [ 757305C7AD34222F4A46D86FE0BEE241 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
10:58:07.0718 3564 EpsonCustomerParticipation - ok
10:58:08.0201 3564 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:58:08.0207 3564 ErrDev - ok
10:58:08.0395 3564 [ B8FA96995726D1FA58476E352C02AD82 ] ES lite Service C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
10:58:08.0397 3564 ES lite Service - ok
10:58:08.0617 3564 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:58:08.0626 3564 EventSystem - ok
10:58:08.0901 3564 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:58:08.0942 3564 exfat - ok
10:58:09.0034 3564 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:58:09.0057 3564 fastfat - ok
10:58:09.0362 3564 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:58:09.0413 3564 Fax - ok
10:58:09.0509 3564 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:58:09.0543 3564 fdc - ok
10:58:09.0653 3564 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:58:09.0674 3564 fdPHost - ok
10:58:09.0766 3564 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:58:09.0794 3564 FDResPub - ok
10:58:09.0873 3564 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:58:09.0910 3564 FileInfo - ok
10:58:10.0069 3564 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:58:10.0071 3564 Filetrace - ok
10:58:10.0137 3564 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:58:10.0157 3564 flpydisk - ok
10:58:10.0436 3564 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:58:10.0458 3564 FltMgr - ok
10:58:10.0937 3564 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
10:58:10.0982 3564 FontCache - ok
10:58:11.0203 3564 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:58:11.0206 3564 FontCache3.0.0.0 - ok
10:58:11.0343 3564 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:58:11.0450 3564 FsDepends - ok
10:58:11.0852 3564 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
10:58:11.0854 3564 fssfltr - ok
10:58:12.0517 3564 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
10:58:12.0526 3564 fsssvc - ok
10:58:12.0662 3564 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:58:12.0701 3564 Fs_Rec - ok
10:58:12.0855 3564 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:58:12.0897 3564 fvevol - ok
10:58:13.0030 3564 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:58:13.0107 3564 gagp30kx - ok
10:58:13.0282 3564 [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv C:\Windows\gdrv.sys
10:58:13.0284 3564 gdrv - ok
10:58:13.0477 3564 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:58:13.0478 3564 GEARAspiWDM - ok
10:58:13.0829 3564 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:58:13.0881 3564 gpsvc - ok
10:58:14.0462 3564 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:58:14.0463 3564 gupdate - ok
10:58:14.0667 3564 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:58:14.0669 3564 gupdatem - ok
10:58:14.0745 3564 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:58:14.0748 3564 gusvc - ok
10:58:14.0877 3564 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:58:14.0887 3564 hcw85cir - ok
10:58:15.0252 3564 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:58:15.0298 3564 HdAudAddService - ok
10:58:15.0380 3564 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:58:15.0446 3564 HDAudBus - ok
10:58:15.0484 3564 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:58:15.0511 3564 HidBatt - ok
10:58:15.0540 3564 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:58:15.0590 3564 HidBth - ok
10:58:15.0632 3564 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:58:15.0681 3564 HidIr - ok
10:58:15.0738 3564 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
10:58:15.0774 3564 hidserv - ok
10:58:15.0897 3564 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:58:15.0918 3564 HidUsb - ok
10:58:16.0417 3564 [ FD1837DEE0A1D7F180D7B301C0656511 ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
10:58:16.0422 3564 HiPatchService - ok
10:58:16.0647 3564 [ 44F92C1F913E582BEF9CAC66443C6230 ] hitmanpro36 C:\Windows\system32\drivers\hitmanpro36.sys
10:58:16.0647 3564 hitmanpro36 - ok
10:58:17.0082 3564 [ 0926C3B5CBF64C88F432FF449B211807 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
10:58:17.0084 3564 HitmanProScheduler - ok
10:58:17.0240 3564 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:58:17.0276 3564 hkmsvc - ok
10:58:17.0451 3564 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:58:17.0492 3564 HomeGroupListener - ok
10:58:17.0607 3564 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:58:17.0613 3564 HomeGroupProvider - ok
10:58:17.0752 3564 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:58:17.0794 3564 HpSAMD - ok
10:58:18.0021 3564 [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
10:58:18.0022 3564 HTCAND64 - ok
10:58:18.0192 3564 [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
10:58:18.0193 3564 htcnprot - ok
10:58:18.0493 3564 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:58:18.0539 3564 HTTP - ok
10:58:18.0635 3564 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:58:18.0678 3564 hwpolicy - ok
10:58:18.0776 3564 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:58:18.0804 3564 i8042prt - ok
10:58:19.0199 3564 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:58:19.0263 3564 iaStorV - ok
10:58:19.0430 3564 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
10:58:19.0440 3564 IDriverT - ok
10:58:19.0755 3564 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:58:19.0881 3564 idsvc - ok
10:58:19.0973 3564 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:58:20.0027 3564 iirsp - ok
10:58:20.0468 3564 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:58:20.0542 3564 IKEEXT - ok
10:58:21.0204 3564 [ 76877DD763A2287F58908795F3F5CCCB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:58:21.0229 3564 IntcAzAudAddService - ok
10:58:21.0265 3564 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:58:21.0301 3564 intelide - ok
10:58:21.0470 3564 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:58:21.0496 3564 intelppm - ok
10:58:21.0623 3564 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:58:21.0723 3564 IPBusEnum - ok
10:58:21.0831 3564 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:58:21.0847 3564 IpFilterDriver - ok
10:58:22.0104 3564 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:58:22.0230 3564 iphlpsvc - ok
10:58:22.0271 3564 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:58:22.0315 3564 IPMIDRV - ok
10:58:22.0433 3564 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:58:22.0452 3564 IPNAT - ok
10:58:23.0183 3564 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:58:23.0233 3564 iPod Service - ok
10:58:23.0309 3564 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:58:23.0366 3564 IRENUM - ok
10:58:23.0455 3564 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:58:23.0472 3564 isapnp - ok
10:58:23.0547 3564 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:58:23.0568 3564 iScsiPrt - ok
10:58:30.0585 3564 [ B4CDA1B4263B53D249AC27A4892DA634 ] JMB36X C:\Windows\SysWOW64\XSrvSetup.exe
10:58:30.0648 3564 JMB36X - ok
10:58:30.0799 3564 [ 75DDB94A2A24F9F7037D10A2DDA06D36 ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
10:58:30.0801 3564 JRAID - ok
10:58:30.0890 3564 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:58:30.0892 3564 kbdclass - ok
10:58:30.0956 3564 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:58:30.0984 3564 kbdhid - ok
10:58:31.0042 3564 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:58:31.0045 3564 KeyIso - ok
10:58:31.0212 3564 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:58:31.0214 3564 KSecDD - ok
10:58:31.0315 3564 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:58:31.0318 3564 KSecPkg - ok
10:58:31.0464 3564 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:58:31.0523 3564 ksthunk - ok
10:58:31.0737 3564 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:58:31.0832 3564 KtmRm - ok
10:58:32.0332 3564 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
10:58:32.0426 3564 LanmanServer - ok
10:58:32.0626 3564 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:58:32.0708 3564 LanmanWorkstation - ok
10:58:33.0015 3564 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
10:58:33.0016 3564 LGBusEnum - ok
10:58:33.0278 3564 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
10:58:33.0279 3564 LGVirHid - ok
10:58:33.0471 3564 [ 83BA097ACAAD0B00505634A62D90F93A ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
10:58:33.0473 3564 lirsgt - ok
10:58:33.0818 3564 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:58:33.0885 3564 lltdio - ok
10:58:34.0140 3564 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:58:34.0183 3564 lltdsvc - ok
10:58:34.0256 3564 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:58:34.0321 3564 lmhosts - ok
10:58:34.0425 3564 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:58:34.0464 3564 LSI_FC - ok
10:58:34.0589 3564 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:58:34.0706 3564 LSI_SAS - ok
10:58:34.0743 3564 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:58:35.0014 3564 LSI_SAS2 - ok
10:58:35.0117 3564 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:58:35.0288 3564 LSI_SCSI - ok
10:58:35.0362 3564 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:58:35.0379 3564 luafv - ok
10:58:35.0939 3564 lxdc_device - ok
10:58:36.0271 3564 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
10:58:36.0273 3564 MBAMProtector - ok
10:58:36.0824 3564 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:58:36.0830 3564 MBAMScheduler - ok
10:58:37.0287 3564 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:58:37.0291 3564 MBAMService - ok
10:58:37.0395 3564 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:58:37.0478 3564 Mcx2Svc - ok
10:58:37.0537 3564 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:58:37.0569 3564 megasas - ok
10:58:37.0779 3564 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:58:37.0881 3564 MegaSR - ok
10:58:38.0012 3564 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:58:38.0042 3564 MMCSS - ok
10:58:38.0163 3564 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:58:38.0192 3564 Modem - ok
10:58:38.0282 3564 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:58:38.0284 3564 monitor - ok
10:58:38.0413 3564 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:58:38.0415 3564 mouclass - ok
10:58:38.0468 3564 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:58:38.0532 3564 mouhid - ok
10:58:38.0654 3564 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:58:38.0700 3564 mountmgr - ok
10:58:39.0230 3564 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:58:39.0232 3564 MozillaMaintenance - ok
10:58:39.0402 3564 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:58:39.0422 3564 mpio - ok
10:58:39.0531 3564 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:58:39.0551 3564 mpsdrv - ok
10:58:39.0967 3564 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:58:40.0053 3564 MpsSvc - ok
10:58:40.0634 3564 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
10:58:40.0635 3564 MREMP50 - ok
10:58:41.0231 3564 [ C2758DF79C83A0D12A5599A040CA1818 ] MREMP50a64 C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS
10:58:41.0405 3564 MREMP50a64 - ok
10:58:41.0487 3564 MREMPR5 - ok
10:58:41.0700 3564 MRENDIS5 - ok
10:58:41.0904 3564 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
10:58:41.0905 3564 MRESP50 - ok
10:58:42.0039 3564 [ 38BD5B32E0722752BE8465D2A6DA43D9 ] MRESP50a64 C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS
10:58:42.0041 3564 MRESP50a64 - ok
10:58:42.0131 3564 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:58:42.0137 3564 MRxDAV - ok
10:58:42.0263 3564 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:58:42.0313 3564 mrxsmb - ok
10:58:42.0428 3564 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:58:42.0482 3564 mrxsmb10 - ok
10:58:42.0509 3564 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:58:42.0533 3564 mrxsmb20 - ok
10:58:42.0598 3564 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:58:42.0603 3564 msahci - ok
10:58:42.0706 3564 [ 41FB1D61DF09C36CCAB0B04EEC66F6D5 ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
10:58:42.0711 3564 MSCamSvc - ok
10:58:42.0833 3564 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:58:42.0896 3564 msdsm - ok
10:58:43.0036 3564 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:58:43.0112 3564 MSDTC - ok
10:58:43.0329 3564 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:58:43.0350 3564 Msfs - ok
10:58:43.0382 3564 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:58:43.0394 3564 mshidkmdf - ok
10:58:43.0534 3564 [ BB590070D606AE6F008341FC9A7B2AD7 ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys
10:58:43.0536 3564 MSHUSBVideo - ok
10:58:43.0708 3564 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:58:43.0799 3564 msisadrv - ok
10:58:43.0990 3564 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:58:44.0040 3564 MSiSCSI - ok
10:58:44.0050 3564 msiserver - ok
10:58:44.0174 3564 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:58:44.0216 3564 MSKSSRV - ok
10:58:44.0265 3564 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:58:44.0270 3564 MSPCLOCK - ok
10:58:44.0372 3564 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:58:44.0396 3564 MSPQM - ok
10:58:44.0649 3564 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:58:45.0107 3564 MsRPC - ok
10:58:45.0256 3564 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:58:45.0257 3564 mssmbios - ok
10:58:45.0538 3564 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:58:45.0557 3564 MSTEE - ok
10:58:45.0674 3564 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:58:45.0721 3564 MTConfig - ok
10:58:45.0820 3564 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:58:46.0029 3564 Mup - ok
10:58:46.0271 3564 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:58:46.0280 3564 napagent - ok
10:58:46.0603 3564 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:58:46.0632 3564 NativeWifiP - ok
10:58:47.0182 3564 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
10:58:47.0238 3564 NDIS - ok
10:58:47.0355 3564 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:58:47.0376 3564 NdisCap - ok
10:58:47.0442 3564 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:58:47.0467 3564 NdisTapi - ok
10:58:47.0595 3564 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:58:47.0645 3564 Ndisuio - ok
10:58:47.0820 3564 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:58:47.0996 3564 NdisWan - ok
10:58:48.0111 3564 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:58:48.0143 3564 NDProxy - ok
10:58:48.0176 3564 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:58:48.0286 3564 NetBIOS - ok
10:58:48.0367 3564 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:58:48.0419 3564 NetBT - ok
10:58:48.0449 3564 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:58:48.0452 3564 Netlogon - ok
10:58:48.0567 3564 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:58:48.0600 3564 Netman - ok
10:58:48.0721 3564 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:58:48.0730 3564 netprofm - ok
10:58:48.0900 3564 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:58:48.0938 3564 NetTcpPortSharing - ok
10:58:49.0149 3564 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:58:49.0160 3564 nfrd960 - ok
10:58:49.0455 3564 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:58:49.0530 3564 NlaSvc - ok
10:58:49.0596 3564 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:58:49.0640 3564 Npfs - ok
10:58:49.0858 3564 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:58:49.0930 3564 nsi - ok
10:58:50.0019 3564 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:58:50.0046 3564 nsiproxy - ok
10:58:50.0751 3564 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:58:50.0842 3564 Ntfs - ok
10:58:50.0879 3564 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:58:50.0903 3564 Null - ok
10:58:50.0977 3564 [ 785298579B5F9B4032152DFBB992FDB6 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
10:58:50.0979 3564 nusb3hub - ok
10:58:51.0023 3564 [ DF2750481B4964814467C974F2B0EEF1 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
10:58:51.0026 3564 nusb3xhc - ok
10:58:51.0285 3564 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
10:58:51.0289 3564 NVHDA - ok
10:58:55.0501 3564 [ BF7A24A71E1932200D864BC1CE15E596 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:58:55.0558 3564 nvlddmkm - ok
10:58:55.0674 3564 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:58:55.0786 3564 nvraid - ok
10:58:55.0911 3564 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:58:55.0979 3564 nvstor - ok
10:58:56.0356 3564 [ 43F91595049DE14C4B61D1E76436164F ] nvsvc C:\Windows\system32\nvvsvc.exe
10:58:56.0361 3564 nvsvc - ok
10:58:57.0178 3564 [ 322B69422836F97B76F4AA59B47507BA ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:58:57.0195 3564 nvUpdatusService - ok
10:58:57.0284 3564 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:58:57.0312 3564 nv_agp - ok
10:58:57.0397 3564 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:58:57.0455 3564 ohci1394 - ok
10:58:57.0917 3564 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:58:57.0920 3564 ose - ok
10:58:59.0580 3564 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:58:59.0676 3564 osppsvc - ok
10:58:59.0898 3564 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:58:59.0932 3564 p2pimsvc - ok
10:59:00.0108 3564 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:59:00.0171 3564 p2psvc - ok
10:59:00.0228 3564 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:59:00.0231 3564 Parport - ok
10:59:00.0310 3564 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:59:00.0312 3564 partmgr - ok
10:59:00.0548 3564 [ 68139940B5AC84AFFB7EB1B713BE66E7 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
10:59:00.0564 3564 PassThru Service - ok
10:59:00.0798 3564 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:59:00.0810 3564 PcaSvc - ok
10:59:01.0009 3564 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:59:01.0050 3564 pci - ok
10:59:01.0169 3564 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:59:01.0170 3564 pciide - ok
10:59:01.0433 3564 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:59:01.0450 3564 pcmcia - ok
10:59:01.0556 3564 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:59:01.0584 3564 pcw - ok
10:59:01.0662 3564 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:59:01.0712 3564 PEAUTH - ok
10:59:01.0760 3564 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:59:01.0801 3564 PerfHost - ok
10:59:02.0290 3564 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:59:02.0360 3564 pla - ok
10:59:02.0534 3564 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:59:02.0584 3564 PlugPlay - ok
10:59:02.0668 3564 [ F485770EEC8959684CC4C4786B63C06C ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
10:59:02.0715 3564 Pml Driver HPZ12 - ok
10:59:02.0762 3564 PnkBstrA - ok
10:59:02.0865 3564 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:59:02.0905 3564 PNRPAutoReg - ok
10:59:03.0000 3564 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:59:03.0007 3564 PNRPsvc - ok
10:59:03.0081 3564 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:59:03.0098 3564 PolicyAgent - ok
10:59:03.0188 3564 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:59:03.0226 3564 Power - ok
10:59:03.0753 3564 [ 7F2B5FAAFBDB55FB617E7D56F78C0A8A ] ppped C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
10:59:03.0770 3564 ppped - ok
10:59:03.0881 3564 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:59:03.0910 3564 PptpMiniport - ok
10:59:04.0053 3564 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:59:04.0090 3564 Processor - ok
10:59:04.0252 3564 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:59:04.0271 3564 ProfSvc - ok
10:59:04.0341 3564 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:59:04.0344 3564 ProtectedStorage - ok
10:59:04.0454 3564 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:59:04.0479 3564 Psched - ok
10:59:04.0730 3564 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:59:04.0807 3564 ql2300 - ok
10:59:04.0918 3564 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:59:04.0943 3564 ql40xx - ok
10:59:05.0085 3564 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:59:05.0152 3564 QWAVE - ok
10:59:05.0208 3564 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:59:05.0225 3564 QWAVEdrv - ok
10:59:05.0275 3564 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:59:05.0290 3564 RasAcd - ok
10:59:05.0363 3564 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:59:05.0375 3564 RasAgileVpn - ok
10:59:05.0436 3564 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:59:05.0454 3564 RasAuto - ok
10:59:05.0555 3564 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:59:05.0577 3564 Rasl2tp - ok
10:59:05.0691 3564 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:59:05.0709 3564 RasMan - ok
10:59:05.0741 3564 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:59:05.0761 3564 RasPppoe - ok
10:59:05.0837 3564 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:59:05.0846 3564 RasSstp - ok
10:59:05.0981 3564 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:59:06.0029 3564 rdbss - ok
10:59:06.0072 3564 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:59:06.0086 3564 rdpbus - ok
10:59:06.0106 3564 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:59:06.0113 3564 RDPCDD - ok
10:59:06.0178 3564 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:59:06.0180 3564 RDPENCDD - ok
10:59:06.0233 3564 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:59:06.0267 3564 RDPREFMP - ok
10:59:06.0355 3564 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:59:06.0377 3564 RDPWD - ok
10:59:06.0534 3564 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:59:06.0577 3564 rdyboost - ok
10:59:06.0715 3564 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:59:06.0744 3564 RemoteAccess - ok
10:59:06.0835 3564 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:59:06.0902 3564 RemoteRegistry - ok
10:59:07.0031 3564 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:59:07.0056 3564 RpcEptMapper - ok
10:59:07.0231 3564 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:59:07.0249 3564 RpcLocator - ok
10:59:07.0611 3564 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:59:07.0622 3564 RpcSs - ok
10:59:07.0770 3564 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:59:07.0786 3564 rspndr - ok
10:59:08.0069 3564 [ 4E821C740A675F6D040BE41D59A62B1D ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
10:59:08.0073 3564 RTHDMIAzAudService - ok
10:59:08.0359 3564 [ 3B01789EE4EAEE97F5EB46B711387D5E ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
10:59:08.0387 3564 RTL8167 - ok
10:59:08.0436 3564 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:59:08.0439 3564 SamSs - ok
10:59:08.0450 3564 Suspicious service (Hidden): SASDIFSV
10:59:08.0606 3564 SASDIFSV ( HiddenService.Multi.Generic ) - warning
10:59:08.0607 3564 SASDIFSV - detected HiddenService.Multi.Generic (1)
10:59:08.0618 3564 Suspicious service (Hidden): SASKUTIL
10:59:08.0773 3564 SASKUTIL ( HiddenService.Multi.Generic ) - warning
10:59:08.0773 3564 SASKUTIL - detected HiddenService.Multi.Generic (1)
10:59:08.0947 3564 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:59:08.0971 3564 sbp2port - ok
10:59:09.0414 3564 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
10:59:09.0466 3564 SBSDWSCService - ok
10:59:09.0565 3564 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:59:09.0683 3564 SCardSvr - ok
10:59:09.0894 3564 [ 6CE6F98EA3D07A9C2CE3CD0A5A86352D ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
10:59:09.0896 3564 SCDEmu - ok
10:59:10.0046 3564 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:59:10.0059 3564 scfilter - ok
10:59:10.0455 3564 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:59:10.0558 3564 Schedule - ok
10:59:10.0651 3564 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:59:10.0654 3564 SCPolicySvc - ok
10:59:10.0798 3564 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:59:10.0820 3564 SDRSVC - ok
10:59:11.0160 3564 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
10:59:11.0164 3564 SeaPort - ok
10:59:11.0266 3564 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:59:11.0274 3564 secdrv - ok
10:59:11.0381 3564 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:59:11.0411 3564 seclogon - ok
10:59:11.0508 3564 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
10:59:11.0537 3564 SENS - ok
10:59:11.0648 3564 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:59:11.0660 3564 SensrSvc - ok
10:59:11.0722 3564 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:59:11.0737 3564 Serenum - ok
10:59:11.0837 3564 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:59:11.0905 3564 Serial - ok
10:59:11.0997 3564 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:59:12.0005 3564 sermouse - ok
10:59:12.0094 3564 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:59:12.0135 3564 SessionEnv - ok
10:59:12.0213 3564 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:59:12.0248 3564 sffdisk - ok
10:59:12.0438 3564 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:59:12.0477 3564 sffp_mmc - ok
10:59:12.0546 3564 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:59:12.0569 3564 sffp_sd - ok
10:59:12.0644 3564 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:59:12.0678 3564 sfloppy - ok
10:59:13.0088 3564 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
10:59:13.0100 3564 Sftfs - ok
10:59:13.0199 3564 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
10:59:13.0204 3564 Sftplay - ok
10:59:13.0265 3564 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
10:59:13.0267 3564 Sftredir - ok
10:59:13.0354 3564 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
10:59:13.0355 3564 Sftvol - ok
10:59:13.0975 3564 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:59:14.0101 3564 SharedAccess - ok
10:59:14.0607 3564 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:59:14.0666 3564 ShellHWDetection - ok
10:59:14.0834 3564 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:59:14.0889 3564 SiSRaid2 - ok
10:59:14.0925 3564 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:59:14.0942 3564 SiSRaid4 - ok
10:59:15.0531 3564 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
10:59:15.0534 3564 SkypeUpdate - ok
10:59:15.0584 3564 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:59:15.0656 3564 Smb - ok
10:59:15.0793 3564 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:59:15.0839 3564 SNMPTRAP - ok
10:59:15.0949 3564 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:59:15.0983 3564 spldr - ok
10:59:16.0258 3564 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:59:16.0285 3564 Spooler - ok
10:59:17.0452 3564 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:59:17.0541 3564 sppsvc - ok
10:59:17.0698 3564 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:59:17.0726 3564 sppuinotify - ok
10:59:18.0229 3564 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
10:59:18.0230 3564 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
10:59:18.0239 3564 sptd ( LockedFile.Multi.Generic ) - warning
10:59:18.0239 3564 sptd - detected LockedFile.Multi.Generic (1)
10:59:18.0430 3564 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:59:18.0467 3564 srv - ok
10:59:18.0655 3564 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:59:18.0691 3564 srv2 - ok
10:59:18.0822 3564 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:59:18.0879 3564 srvnet - ok
10:59:19.0139 3564 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:59:19.0211 3564 SSDPSRV - ok
10:59:19.0328 3564 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:59:19.0367 3564 SstpSvc - ok
10:59:19.0396 3564 Steam Client Service - ok
10:59:19.0843 3564 [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:59:19.0846 3564 Stereo Service - ok
10:59:19.0918 3564 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:59:19.0961 3564 stexstor - ok
10:59:20.0182 3564 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:59:20.0245 3564 stisvc - ok
10:59:20.0363 3564 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:59:20.0364 3564 swenum - ok
10:59:20.0642 3564 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:59:20.0718 3564 swprv - ok
10:59:21.0429 3564 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:59:21.0477 3564 SysMain - ok
10:59:21.0579 3564 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:59:21.0622 3564 TabletInputService - ok
10:59:21.0808 3564 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:59:21.0831 3564 TapiSrv - ok
10:59:21.0886 3564 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:59:21.0888 3564 TBS - ok
10:59:22.0532 3564 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:59:22.0551 3564 Tcpip - ok
10:59:22.0862 3564 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:59:22.0873 3564 TCPIP6 - ok
10:59:22.0978 3564 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:59:23.0020 3564 tcpipreg - ok
10:59:23.0118 3564 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:59:23.0131 3564 TDPIPE - ok
10:59:23.0201 3564 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:59:23.0204 3564 TDTCP - ok
10:59:23.0261 3564 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:59:23.0265 3564 tdx - ok
10:59:23.0367 3564 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:59:23.0369 3564 TermDD - ok
10:59:23.0519 3564 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:59:23.0565 3564 TermService - ok
10:59:23.0744 3564 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:59:23.0796 3564 Themes - ok
10:59:24.0014 3564 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:59:24.0017 3564 THREADORDER - ok
10:59:24.0181 3564 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:59:24.0188 3564 TrkWks - ok
10:59:24.0364 3564 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:59:24.0369 3564 TrustedInstaller - ok
10:59:24.0477 3564 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:59:24.0493 3564 tssecsrv - ok
10:59:24.0615 3564 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:59:24.0619 3564 TsUsbFlt - ok
10:59:24.0690 3564 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:59:24.0695 3564 tunnel - ok
10:59:24.0833 3564 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:59:24.0876 3564 uagp35 - ok
10:59:24.0962 3564 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:59:24.0979 3564 udfs - ok
10:59:25.0087 3564 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:59:25.0135 3564 UI0Detect - ok
10:59:25.0173 3564 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:59:25.0188 3564 uliagpkx - ok
10:59:25.0276 3564 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:59:25.0313 3564 umbus - ok
10:59:25.0458 3564 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:59:25.0518 3564 UmPass - ok
10:59:25.0685 3564 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:59:25.0768 3564 upnphost - ok
10:59:25.0894 3564 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
10:59:25.0895 3564 USBAAPL64 - ok
10:59:26.0025 3564 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:59:26.0049 3564 usbaudio - ok
10:59:26.0194 3564 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:59:26.0230 3564 usbccgp - ok
10:59:26.0322 3564 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:59:26.0389 3564 usbcir - ok
10:59:26.0508 3564 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:59:26.0532 3564 usbehci - ok
10:59:26.0664 3564 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:59:26.0698 3564 usbhub - ok
10:59:26.0813 3564 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
10:59:26.0867 3564 usbohci - ok
10:59:27.0019 3564 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:59:27.0037 3564 usbprint - ok
10:59:27.0501 3564 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:59:27.0544 3564 usbscan - ok
10:59:27.0680 3564 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:59:27.0717 3564 USBSTOR - ok
10:59:27.0815 3564 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:59:27.0852 3564 usbuhci - ok
10:59:28.0003 3564 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
10:59:28.0103 3564 usbvideo - ok
10:59:28.0139 3564 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:59:28.0156 3564 UxSms - ok
10:59:28.0232 3564 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:59:28.0235 3564 VaultSvc - ok
10:59:28.0359 3564 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:59:28.0405 3564 vdrvroot - ok
10:59:28.0564 3564 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:59:28.0597 3564 vds - ok
10:59:28.0681 3564 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:59:28.0713 3564 vga - ok
10:59:28.0778 3564 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:59:28.0815 3564 VgaSave - ok
10:59:29.0029 3564 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:59:29.0072 3564 vhdmp - ok
10:59:29.0159 3564 [ 1161ACFF728D97F75D74D2F1465F8A46 ] vhidmini C:\Windows\system32\DRIVERS\vHidDev.sys
10:59:29.0160 3564 vhidmini - ok
10:59:29.0319 3564 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:59:29.0395 3564 viaide - ok
10:59:29.0480 3564 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:59:29.0574 3564 volmgr - ok
10:59:29.0766 3564 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:59:29.0859 3564 volmgrx - ok
10:59:29.0987 3564 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:59:29.0996 3564 volsnap - ok
10:59:30.0109 3564 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:59:30.0146 3564 vsmraid - ok
10:59:30.0653 3564 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:59:30.0756 3564 VSS - ok
10:59:30.0797 3564 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
10:59:30.0845 3564 vwifibus - ok
10:59:30.0997 3564 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:59:31.0048 3564 W32Time - ok
10:59:31.0105 3564 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:59:31.0124 3564 WacomPen - ok
10:59:31.0291 3564 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:59:31.0311 3564 WANARP - ok
10:59:31.0335 3564 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:59:31.0337 3564 Wanarpv6 - ok
10:59:31.0673 3564 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:59:31.0726 3564 WatAdminSvc - ok
10:59:32.0166 3564 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:59:32.0227 3564 wbengine - ok
10:59:32.0362 3564 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:59:32.0386 3564 WbioSrvc - ok
10:59:32.0552 3564 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:59:32.0745 3564 wcncsvc - ok
10:59:32.0851 3564 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:59:32.0869 3564 WcsPlugInService - ok
10:59:32.0985 3564 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:59:33.0031 3564 Wd - ok
10:59:33.0282 3564 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:59:33.0363 3564 Wdf01000 - ok
10:59:33.0452 3564 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:59:33.0490 3564 WdiServiceHost - ok
10:59:33.0512 3564 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:59:33.0517 3564 WdiSystemHost - ok
10:59:33.0604 3564 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:59:33.0628 3564 WebClient - ok
10:59:33.0817 3564 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:59:33.0911 3564 Wecsvc - ok
10:59:34.0011 3564 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:59:34.0068 3564 wercplsupport - ok
10:59:34.0183 3564 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:59:34.0229 3564 WerSvc - ok
10:59:34.0293 3564 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:59:34.0387 3564 WfpLwf - ok
10:59:34.0520 3564 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:59:34.0560 3564 WIMMount - ok
10:59:34.0688 3564 WinDefend - ok
10:59:34.0743 3564 WinHttpAutoProxySvc - ok
10:59:35.0690 3564 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:59:35.0712 3564 Winmgmt - ok
10:59:37.0124 3564 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\winusb.sys
10:59:37.0175 3564 WinUsb - ok
10:59:37.0680 3564 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:59:37.0731 3564 Wlansvc - ok
10:59:37.0960 3564 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:59:37.0961 3564 wlcrasvc - ok
10:59:38.0687 3564 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:59:38.0701 3564 wlidsvc - ok
10:59:38.0763 3564 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:59:38.0764 3564 WmiAcpi - ok
10:59:38.0851 3564 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:59:38.0891 3564 wmiApSrv - ok
10:59:38.0972 3564 WMPNetworkSvc - ok
10:59:39.0407 3564 [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm c:\Program Files\Zune\WMZuneComm.exe
10:59:39.0420 3564 WMZuneComm - ok
10:59:39.0488 3564 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:59:39.0542 3564 WPCSvc - ok
10:59:39.0622 3564 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:59:39.0722 3564 WPDBusEnum - ok
10:59:39.0919 3564 [ D0BA650BD00C346B0B860F6CEC275296 ] WRkrn C:\Windows\system32\drivers\WRkrn.sys
10:59:39.0920 3564 WRkrn - ok
10:59:40.0398 3564 [ 198434E71A01A170EDA6C73A812B540D ] WRSVC C:\Program Files\Webroot\WRSA.exe
10:59:40.0408 3564 WRSVC - ok
10:59:40.0480 3564 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:59:40.0490 3564 ws2ifsl - ok
10:59:40.0589 3564 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
10:59:40.0597 3564 wscsvc - ok
10:59:40.0612 3564 WSearch - ok
10:59:41.0407 3564 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:59:41.0426 3564 wuauserv - ok
10:59:41.0506 3564 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:59:41.0553 3564 WudfPf - ok
10:59:41.0692 3564 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:59:41.0710 3564 WUDFRd - ok
10:59:41.0787 3564 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:59:41.0809 3564 wudfsvc - ok
10:59:41.0944 3564 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:59:41.0995 3564 WwanSvc - ok
10:59:42.0243 3564 X6va005 - ok
10:59:42.0489 3564 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
10:59:42.0517 3564 xusb21 - ok
10:59:44.0945 3564 [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc c:\Program Files\Zune\ZuneNss.exe
10:59:44.0981 3564 ZuneNetworkSvc - ok
10:59:45.0198 3564 [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc c:\Program Files\Zune\ZuneWlanCfgSvc.exe
10:59:45.0201 3564 ZuneWlanCfgSvc - ok
10:59:45.0231 3564 ================ Scan global ===============================
10:59:45.0367 3564 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:59:45.0479 3564 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
10:59:45.0593 3564 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
10:59:45.0700 3564 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:59:45.0970 3564 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:59:46.0001 3564 [Global] - ok
10:59:46.0001 3564 ================ Scan MBR ==================================
10:59:46.0049 3564 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:00:00.0176 3564 \Device\Harddisk0\DR0 - ok
11:00:00.0186 3564 [ 0625897BD04665FF1D2A7F7090055DEB ] \Device\Harddisk1\DR1
11:00:32.0361 3564 \Device\Harddisk1\DR1 - ok
11:00:32.0362 3564 ================ Scan VBR ==================================
11:00:32.0395 3564 [ 5CF00F0CC6803584B8F364A077098368 ] \Device\Harddisk0\DR0\Partition1
11:00:32.0486 3564 \Device\Harddisk0\DR0\Partition1 - ok
11:00:32.0511 3564 [ B85B60CFA09AD207684AA1C1361DF915 ] \Device\Harddisk0\DR0\Partition2
11:00:32.0618 3564 \Device\Harddisk0\DR0\Partition2 - ok
11:00:32.0619 3564 ============================================================
11:00:32.0619 3564 Scan finished
11:00:32.0619 3564 ============================================================
11:00:32.0641 5512 Detected object count: 3
11:00:32.0641 5512 Actual detected object count: 3
11:00:50.0709 5512 SASDIFSV ( HiddenService.Multi.Generic ) - User select action: Quarantine
11:00:50.0711 5512 SASKUTIL ( HiddenService.Multi.Generic ) - User select action: Quarantine
11:00:50.0777 5512 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
11:00:50.0778 5512 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine
11:01:25.0231 5536 ============================================================
11:01:25.0231 5536 Scan started
11:01:25.0231 5536 Mode: Manual; SigCheck; TDLFS;
11:01:25.0231 5536 ============================================================
11:01:26.0177 5536 ================ Scan system memory ========================
11:01:26.0177 5536 System memory - ok
11:01:26.0178 5536 ================ Scan services =============================
11:01:30.0776 5536 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:01:30.0841 5536 1394ohci - ok
11:01:31.0002 5536 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:01:31.0037 5536 ACPI - ok
11:01:31.0090 5536 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:01:31.0306 5536 AcpiPmi - ok
11:01:31.0950 5536 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:01:31.0978 5536 AdobeARMservice - ok
11:01:35.0481 5536 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:01:35.0506 5536 AdobeFlashPlayerUpdateSvc - ok
11:01:35.0698 5536 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:01:35.0726 5536 adp94xx - ok
11:01:35.0855 5536 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:01:35.0895 5536 adpahci - ok
11:01:36.0047 5536 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:01:36.0078 5536 adpu320 - ok
11:01:36.0304 5536 [ 7233688FC422EF657E082309E6180142 ] ADVService C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
11:01:36.0409 5536 ADVService ( UnsignedFile.Multi.Generic ) - warning
11:01:36.0409 5536 ADVService - detected UnsignedFile.Multi.Generic (1)
11:01:36.0550 5536 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:01:36.0636 5536 AeLookupSvc - ok
11:01:36.0940 5536 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:01:37.0061 5536 AFD - ok
11:01:37.0137 5536 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:01:37.0169 5536 agp440 - ok
11:01:37.0300 5536 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:01:37.0375 5536 ALG - ok
11:01:37.0489 5536 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:01:37.0501 5536 aliide - ok
11:01:37.0647 5536 [ 2164F98FFBEBB17C17C9AA7057126A21 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:01:37.0730 5536 AMD External Events Utility - ok
11:01:38.0112 5536 [ 72893D5E805CC0A721DAC0102329F94E ] AMD FusionUtility Service C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe
11:01:38.0126 5536 AMD FusionUtility Service - ok
11:01:38.0267 5536 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:01:38.0296 5536 amdide - ok
11:01:38.0427 5536 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
11:01:38.0451 5536 amdiox64 - ok
11:01:38.0552 5536 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:01:38.0705 5536 AmdK8 - ok
11:01:40.0604 5536 [ 43BD304BB9F43973A75B37C6D7C88A83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:01:40.0752 5536 amdkmdag - ok
11:01:40.0868 5536 [ 783F10E1CB8503B556E5A9DF0A264031 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
11:01:40.0902 5536 amdkmdap - ok
11:01:41.0121 5536 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:01:41.0229 5536 AmdPPM - ok
11:01:41.0297 5536 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:01:41.0311 5536 amdsata - ok
11:01:41.0418 5536 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:01:41.0449 5536 amdsbs - ok
11:01:41.0541 5536 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:01:41.0554 5536 amdxata - ok
11:01:41.0627 5536 AODDriver4.0 - ok
11:01:41.0695 5536 AODDriver4.01 - ok
11:01:41.0752 5536 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:01:41.0832 5536 AppID - ok
11:01:41.0869 5536 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:01:41.0968 5536 AppIDSvc - ok
11:01:42.0027 5536 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
11:01:42.0090 5536 Appinfo - ok
11:01:42.0276 5536 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:01:42.0303 5536 Apple Mobile Device - ok
11:01:42.0380 5536 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
11:01:42.0407 5536 arc - ok
11:01:42.0458 5536 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:01:42.0471 5536 arcsas - ok
11:01:42.0516 5536 [ 4B720CC508B4FB999A7BF0E6D84F73E1 ] ASDR C:\Windows\SysWOW64\ASDR.exe
11:01:42.0543 5536 ASDR ( UnsignedFile.Multi.Generic ) - warning
11:01:42.0543 5536 ASDR - detected UnsignedFile.Multi.Generic (1)
11:01:42.0620 5536 [ A4398A8914C32F18EC2AB562CBA3CAAF ] asusgsb C:\Windows\system32\drivers\asusgsb.sys
11:01:42.0698 5536 asusgsb - ok
11:01:42.0732 5536 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:01:42.0812 5536 AsyncMac - ok
11:01:42.0922 5536 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:01:42.0947 5536 atapi - ok
11:01:42.0996 5536 [ DBB487D09F56C674430AC454FD8BCAB9 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
11:01:43.0009 5536 AtiHDAudioService - ok
11:01:43.0066 5536 [ 7E2F5A758F63F80F8B03F889B4E6B19F ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
11:01:43.0094 5536 AtiHdmiService - ok
11:01:45.0577 5536 [ 43BD304BB9F43973A75B37C6D7C88A83 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:01:45.0661 5536 atikmdag - ok
11:01:45.0758 5536 [ FB4187C282CB467E5E606913A1FA79A3 ] atkdisplf C:\Windows\system32\drivers\ATKDispLowFilter.sys
11:01:45.0818 5536 atkdisplf - ok
11:01:45.0922 5536 [ 86D873FD396FA6708A99A1BDF104D120 ] ATKFUSService C:\Windows\system32\ATKFUSService.exe
11:01:45.0985 5536 ATKFUSService ( UnsignedFile.Multi.Generic ) - warning
11:01:45.0985 5536 ATKFUSService - detected UnsignedFile.Multi.Generic (1)
11:01:46.0136 5536 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
11:01:46.0162 5536 atksgt - ok
11:01:46.0422 5536 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:01:46.0524 5536 AudioEndpointBuilder - ok
11:01:46.0726 5536 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:01:46.0784 5536 AudioSrv - ok
11:01:46.0858 5536 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:01:46.0903 5536 AxInstSV - ok
11:01:47.0125 5536 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
11:01:47.0202 5536 b06bdrv - ok
11:01:47.0316 5536 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:01:47.0352 5536 b57nd60a - ok
11:01:47.0545 5536 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
11:01:47.0555 5536 BBSvc - ok
11:01:47.0601 5536 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:01:47.0659 5536 BDESVC - ok
11:01:47.0723 5536 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:01:47.0781 5536 Beep - ok
11:01:48.0104 5536 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
11:01:48.0229 5536 BFE - ok
11:01:48.0496 5536 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
11:01:48.0603 5536 BITS - ok
11:01:48.0658 5536 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:01:48.0719 5536 blbdrive - ok
11:01:48.0975 5536 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:01:49.0014 5536 Bonjour Service - ok
11:01:49.0183 5536 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:01:49.0213 5536 bowser - ok
11:01:49.0361 5536 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:01:49.0435 5536 BrFiltLo - ok
11:01:49.0454 5536 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:01:49.0468 5536 BrFiltUp - ok
11:01:49.0571 5536 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
11:01:49.0657 5536 BridgeMP - ok
11:01:50.0216 5536 [ A01C9C51D73FF02FAC83B462CC9FF87C ] BroadCamService C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe
11:01:50.0293 5536 BroadCamService ( UnsignedFile.Multi.Generic ) - warning
11:01:50.0293 5536 BroadCamService - detected UnsignedFile.Multi.Generic (1)
11:01:50.0454 5536 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
11:01:53.0034 5536 Browser - ok
11:01:53.0236 5536 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:01:53.0268 5536 Brserid - ok
11:01:53.0444 5536 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:01:53.0477 5536 BrSerWdm - ok
11:01:53.0495 5536 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:01:53.0593 5536 BrUsbMdm - ok
11:01:54.0222 5536 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:01:54.0267 5536 BrUsbSer - ok
11:01:54.0306 5536 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:01:54.0347 5536 BTHMODEM - ok
11:01:54.0417 5536 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:01:54.0516 5536 bthserv - ok
11:01:54.0584 5536 [ 9887CA12F407D7FBC7F48F3678F5F0B6 ] BVRPMPR5a64 C:\Windows\system32\drivers\BVRPMPR5a64.SYS
11:01:54.0608 5536 BVRPMPR5a64 - ok
11:01:55.0695 5536 catchme - ok
11:01:55.0750 5536 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:01:55.0796 5536 cdfs - ok
11:01:55.0866 5536 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:01:55.0974 5536 cdrom - ok
11:01:56.0086 5536 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:01:56.0175 5536 CertPropSvc - ok
11:01:56.0244 5536 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:01:57.0192 5536 circlass - ok
11:01:57.0376 5536 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:01:57.0394 5536 CLFS - ok
11:01:58.0228 5536 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:01:58.0258 5536 clr_optimization_v2.0.50727_32 - ok
11:01:59.0034 5536 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:01:59.0057 5536 clr_optimization_v2.0.50727_64 - ok
11:01:59.0922 5536 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:01:59.0954 5536 clr_optimization_v4.0.30319_32 - ok
11:02:01.0098 5536 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:02:01.0126 5536 clr_optimization_v4.0.30319_64 - ok
11:02:01.0205 5536 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:02:01.0311 5536 CmBatt - ok
11:02:01.0416 5536 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:02:01.0433 5536 cmdide - ok
11:02:01.0747 5536 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
11:02:01.0795 5536 CNG - ok
11:02:01.0904 5536 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:02:01.0935 5536 Compbatt - ok
11:02:02.0139 5536 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:02:02.0279 5536 CompositeBus - ok
11:02:02.0289 5536 COMSysApp - ok
11:02:02.0423 5536 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:02:02.0449 5536 crcdisk - ok
11:02:02.0596 5536 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:02:02.0683 5536 CryptSvc - ok
11:02:03.0173 5536 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
11:02:03.0211 5536 cvhsvc - ok
11:02:03.0290 5536 [ FBCB29A76E8105D682B02C69BA9B5C22 ] DAdderFltr C:\Windows\system32\drivers\dadder.sys
11:02:03.0357 5536 DAdderFltr - ok
11:02:03.0592 5536 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:02:03.0723 5536 DcomLaunch - ok
11:02:03.0951 5536 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:02:04.0051 5536 defragsvc - ok
11:02:04.0228 5536 [ 2B9A817DC1BDAD9CE5495099B6A7136A ] Desura Install Service C:\Program Files (x86)\Common Files\Desura\desura_service.exe
11:02:04.0248 5536 Desura Install Service - ok
11:02:04.0340 5536 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:02:04.0388 5536 DfsC - ok
11:02:04.0657 5536 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:02:04.0766 5536 Dhcp - ok
11:02:04.0860 5536 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:02:04.0975 5536 discache - ok
11:02:05.0053 5536 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:02:05.0084 5536 Disk - ok
11:02:05.0203 5536 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:02:05.0294 5536 Dnscache - ok
11:02:05.0427 5536 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:02:05.0545 5536 dot3svc - ok
11:02:05.0632 5536 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:02:05.0761 5536 DPS - ok
11:02:05.0830 5536 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:02:05.0921 5536 drmkaud - ok
11:02:06.0405 5536 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:02:06.0447 5536 DXGKrnl - ok
11:02:06.0509 5536 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:02:06.0627 5536 EapHost - ok
11:02:07.0723 5536 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
11:02:07.0880 5536 ebdrv - ok
11:02:07.0981 5536 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
11:02:08.0011 5536 EFS - ok
11:02:08.0529 5536 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:02:08.0566 5536 ehRecvr - ok
11:02:08.0651 5536 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:02:08.0683 5536 ehSched - ok
11:02:08.0789 5536 [ 343ADA10D948DB29251F2D9C809AF204 ] EIO64 C:\Windows\system32\DRIVERS\EIO64.sys
11:02:08.0882 5536 EIO64 - ok
11:02:09.0188 5536 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:02:09.0228 5536 elxstor - ok
11:02:09.0592 5536 [ 757305C7AD34222F4A46D86FE0BEE241 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
11:02:09.0621 5536 EpsonCustomerParticipation - ok
11:02:09.0664 5536 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:02:09.0723 5536 ErrDev - ok
11:02:09.0866 5536 [ B8FA96995726D1FA58476E352C02AD82 ] ES lite Service C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
11:02:09.0892 5536 ES lite Service - ok
11:02:10.0128 5536 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:02:10.0236 5536 EventSystem - ok
11:02:10.0405 5536 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:02:10.0497 5536 exfat - ok
11:02:10.0559 5536 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:02:10.0656 5536 fastfat - ok
11:02:10.0828 5536 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
11:02:10.0886 5536 Fax - ok
11:02:10.0921 5536 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:02:10.0971 5536 fdc - ok
11:02:11.0057 5536 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:02:11.0136 5536 fdPHost - ok
11:02:11.0195 5536 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:02:11.0283 5536 FDResPub - ok
11:02:11.0318 5536 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:02:11.0339 5536 FileInfo - ok
11:02:11.0373 5536 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:02:11.0487 5536 Filetrace - ok
11:02:11.0508 5536 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:02:11.0517 5536 flpydisk - ok
11:02:11.0663 5536 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:02:11.0691 5536 FltMgr - ok
11:02:12.0072 5536 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
11:02:12.0114 5536 FontCache - ok
11:02:12.0317 5536 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:02:12.0341 5536 FontCache3.0.0.0 - ok
11:02:12.0402 5536 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:02:12.0434 5536 FsDepends - ok
11:02:12.0500 5536 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
11:02:12.0524 5536 fssfltr - ok
11:02:13.0253 5536 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
11:02:13.0297 5536 fsssvc - ok
11:02:13.0368 5536 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:02:13.0396 5536 Fs_Rec - ok
11:02:13.0589 5536 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:02:13.0616 5536 fvevol - ok
11:02:13.0677 5536 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:02:13.0709 5536 gagp30kx - ok
11:02:13.0838 5536 [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv C:\Windows\gdrv.sys
11:02:13.0904 5536 gdrv - ok
11:02:14.0050 5536 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:02:14.0093 5536 GEARAspiWDM - ok
11:02:14.0545 5536 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:02:14.0595 5536 gpsvc - ok
11:02:14.0788 5536 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:02:14.0816 5536 gupdate - ok
11:02:14.0836 5536 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:02:14.0846 5536 gupdatem - ok
11:02:14.0968 5536 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:02:14.0999 5536 gusvc - ok
11:02:15.0092 5536 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:02:15.0170 5536 hcw85cir - ok
11:02:15.0310 5536 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:02:15.0376 5536 HdAudAddService - ok
11:02:15.0469 5536 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:02:15.0542 5536 HDAudBus - ok
11:02:15.0591 5536 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:02:15.0633 5536 HidBatt - ok
11:02:15.0731 5536 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:02:15.0815 5536 HidBth - ok
11:02:15.0872 5536 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:02:15.0942 5536 HidIr - ok
11:02:16.0040 5536 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
11:02:16.0090 5536 hidserv - ok
11:02:16.0195 5536 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:02:16.0218 5536 HidUsb - ok
11:02:16.0391 5536 [ FD1837DEE0A1D7F180D7B301C0656511 ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
11:02:16.0443 5536 HiPatchService ( UnsignedFile.Multi.Generic ) - warning
11:02:16.0443 5536 HiPatchService - detected UnsignedFile.Multi.Generic (1)
11:02:16.0529 5536 [ 44F92C1F913E582BEF9CAC66443C6230 ] hitmanpro36 C:\Windows\system32\drivers\hitmanpro36.sys
11:02:16.0556 5536 hitmanpro36 - ok
11:02:16.0656 5536 [ 0926C3B5CBF64C88F432FF449B211807 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
11:02:16.0682 5536 HitmanProScheduler - ok
11:02:16.0746 5536 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:02:16.0866 5536 hkmsvc - ok
11:02:17.0041 5536 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:02:17.0094 5536 HomeGroupListener - ok
11:02:17.0165 5536 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:02:17.0199 5536 HomeGroupProvider - ok
11:02:17.0276 5536 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:02:17.0299 5536 HpSAMD - ok
11:02:17.0362 5536 [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
11:02:17.0440 5536 HTCAND64 - ok
11:02:17.0524 5536 [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
11:02:17.0549 5536 htcnprot - ok
11:02:17.0725 5536 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:02:17.0794 5536 HTTP - ok
11:02:17.0868 5536 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:02:17.0895 5536 hwpolicy - ok
11:02:17.0959 5536 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:02:17.0987 5536 i8042prt - ok
11:02:18.0116 5536 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:02:18.0144 5536 iaStorV - ok
11:02:18.0230 5536 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
11:02:18.0272 5536 IDriverT ( UnsignedFile.Multi.Generic ) - warning
11:02:18.0272 5536 IDriverT - detected UnsignedFile.Multi.Generic (1)
11:02:18.0504 5536 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:02:18.0538 5536 idsvc - ok
11:02:18.0624 5536 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
11:02:18.0648 5536 iirsp - ok
11:02:18.0853 5536 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
11:02:18.0963 5536 IKEEXT - ok
11:02:19.0570 5536 [ 76877DD763A2287F58908795F3F5CCCB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:02:19.0611 5536 IntcAzAudAddService - ok
11:02:19.0665 5536 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
11:02:19.0695 5536 intelide - ok
11:02:19.0744 5536 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:02:19.0836 5536 intelppm - ok
11:02:19.0949 5536 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:02:20.0012 5536 IPBusEnum - ok
11:02:20.0114 5536 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:02:20.0267 5536 IpFilterDriver - ok
11:02:20.0430 5536 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:02:20.0499 5536 iphlpsvc - ok
11:02:20.0589 5536 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:02:20.0667 5536 IPMIDRV - ok
11:02:20.0775 5536 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:02:20.0884 5536 IPNAT - ok
11:02:21.0213 5536 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:02:21.0242 5536 iPod Service - ok
11:02:21.0326 5536 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:02:21.0404 5536 IRENUM - ok
11:02:21.0555 5536 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:02:21.0585 5536 isapnp - ok
11:02:21.0772 5536 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:02:21.0813 5536 iScsiPrt - ok
11:02:25.0213 5536 [ B4CDA1B4263B53D249AC27A4892DA634 ] JMB36X C:\Windows\SysWOW64\XSrvSetup.exe
11:02:25.0217 5536 JMB36X ( UnsignedFile.Multi.Generic ) - warning
11:02:25.0217 5536 JMB36X - detected UnsignedFile.Multi.Generic (1)
11:02:25.0318 5536 [ 75DDB94A2A24F9F7037D10A2DDA06D36 ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
11:02:25.0326 5536 JRAID - ok
11:02:25.0385 5536 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:02:25.0394 5536 kbdclass - ok
11:02:25.0451 5536 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:02:25.0494 5536 kbdhid - ok
11:02:25.0546 5536 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
11:02:25.0554 5536 KeyIso - ok
11:02:25.0598 5536 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:02:25.0607 5536 KSecDD - ok
11:02:25.0646 5536 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:02:25.0655 5536 KSecPkg - ok
11:02:25.0743 5536 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:02:25.0861 5536 ksthunk - ok
11:02:25.0991 5536 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:02:26.0071 5536 KtmRm - ok
11:02:26.0143 5536 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
11:02:26.0190 5536 LanmanServer - ok
11:02:26.0279 5536 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:02:26.0333 5536 LanmanWorkstation - ok
11:02:26.0378 5536 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
11:02:26.0385 5536 LGBusEnum - ok
11:02:26.0433 5536 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
11:02:26.0440 5536 LGVirHid - ok
11:02:26.0493 5536 [ 83BA097ACAAD0B00505634A62D90F93A ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
11:02:26.0500 5536 lirsgt - ok
11:02:26.0541 5536 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:02:26.0594 5536 lltdio - ok
11:02:26.0691 5536 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:02:26.0740 5536 lltdsvc - ok
11:02:26.0803 5536 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:02:26.0828 5536 lmhosts - ok
11:02:26.0856 5536 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
11:02:26.0865 5536 LSI_FC - ok
11:02:26.0960 5536 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
11:02:26.0969 5536 LSI_SAS - ok
11:02:27.0040 5536 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:02:27.0048 5536 LSI_SAS2 - ok
11:02:27.0098 5536 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:02:27.0107 5536 LSI_SCSI - ok
11:02:27.0142 5536 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:02:27.0220 5536 luafv - ok
11:02:27.0222 5536 lxdc_device - ok
11:02:27.0262 5536 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
11:02:27.0269 5536 MBAMProtector - ok
11:02:27.0461 5536 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:02:27.0471 5536 MBAMScheduler - ok
11:02:27.0516 5536 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:02:27.0530 5536 MBAMService - ok
11:02:27.0603 5536 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:02:27.0635 5536 Mcx2Svc - ok
11:02:27.0696 5536 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
11:02:27.0704 5536 megasas - ok
11:02:27.0764 5536 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
11:02:27.0775 5536 MegaSR - ok
11:02:27.0812 5536 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:02:27.0884 5536 MMCSS - ok
11:02:27.0922 5536 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:02:27.0973 5536 Modem - ok
11:02:28.0041 5536 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:02:28.0071 5536 monitor - ok
11:02:28.0105 5536 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:02:28.0114 5536 mouclass - ok
11:02:28.0160 5536 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:02:28.0169 5536 mouhid - ok
11:02:28.0228 5536 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:02:28.0237 5536 mountmgr - ok
11:02:28.0335 5536 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:02:28.0344 5536 MozillaMaintenance - ok
11:02:28.0416 5536 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
11:02:28.0425 5536 mpio - ok
11:02:28.0464 5536 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:02:28.0488 5536 mpsdrv - ok
11:02:28.0710 5536 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:02:28.0816 5536 MpsSvc - ok
11:02:28.0928 5536 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
11:02:28.0973 5536 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
11:02:28.0973 5536 MREMP50 - detected UnsignedFile.Multi.Generic (1)
11:02:29.0184 5536 [ C2758DF79C83A0D12A5599A040CA1818 ] MREMP50a64 C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS
11:02:29.0191 5536 MREMP50a64 - ok
11:02:29.0194 5536 MREMPR5 - ok
11:02:29.0197 5536 MRENDIS5 - ok
11:02:29.0224 5536 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
11:02:29.0252 5536 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
11:02:29.0252 5536 MRESP50 - detected UnsignedFile.Multi.Generic (1)
11:02:29.0300 5536 [ 38BD5B32E0722752BE8465D2A6DA43D9 ] MRESP50a64 C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS
11:02:29.0307 5536 MRESP50a64 - ok
11:02:29.0402 5536 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:02:29.0439 5536 MRxDAV - ok
11:02:29.0523 5536 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:02:29.0549 5536 mrxsmb - ok
11:02:29.0646 5536 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:02:29.0655 5536 mrxsmb10 - ok
11:02:29.0708 5536 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:02:29.0717 5536 mrxsmb20 - ok
11:02:29.0777 5536 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
11:02:29.0785 5536 msahci - ok
11:02:29.0891 5536 [ 41FB1D61DF09C36CCAB0B04EEC66F6D5 ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
11:02:29.0899 5536 MSCamSvc - ok
11:02:29.0944 5536 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:02:29.0953 5536 msdsm - ok
11:02:30.0063 5536 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:02:30.0111 5536 MSDTC - ok
11:02:30.0191 5536 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:02:30.0216 5536 Msfs - ok
11:02:30.0244 5536 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:02:30.0301 5536 mshidkmdf - ok
11:02:30.0371 5536 [ BB590070D606AE6F008341FC9A7B2AD7 ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys
11:02:30.0378 5536 MSHUSBVideo - ok
11:02:30.0428 5536 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:02:30.0436 5536 msisadrv - ok
11:02:30.0473 5536 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:02:30.0550 5536 MSiSCSI - ok
11:02:30.0553 5536 msiserver - ok
11:02:30.0662 5536 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:02:30.0771 5536 MSKSSRV - ok
11:02:30.0802 5536 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:02:30.0826 5536 MSPCLOCK - ok
11:02:30.0951 5536 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:02:30.0974 5536 MSPQM - ok
11:02:31.0079 5536 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:02:31.0090 5536 MsRPC - ok
11:02:31.0177 5536 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:02:31.0186 5536 mssmbios - ok
11:02:31.0243 5536 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:02:31.0285 5536 MSTEE - ok
11:02:31.0371 5536 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
11:02:31.0423 5536 MTConfig - ok
11:02:31.0441 5536 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:02:31.0449 5536 Mup - ok
11:02:31.0573 5536 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
11:02:31.0637 5536 napagent - ok
11:02:31.0746 5536 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:02:31.0773 5536 NativeWifiP - ok
11:02:31.0927 5536 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
11:02:31.0944 5536 NDIS - ok
11:02:31.0970 5536 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:02:32.0062 5536 NdisCap - ok
11:02:32.0115 5536 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:02:32.0139 5536 NdisTapi - ok
11:02:32.0192 5536 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:02:32.0215 5536 Ndisuio - ok
11:02:32.0340 5536 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:02:32.0400 5536 NdisWan - ok
11:02:32.0442 5536 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:02:32.0465 5536 NDProxy - ok
11:02:32.0507 5536 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:02:32.0607 5536 NetBIOS - ok
11:02:32.0728 5536 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:02:32.0803 5536 NetBT - ok
11:02:32.0847 5536 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
11:02:32.0856 5536 Netlogon - ok
11:02:32.0924 5536 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:02:32.0974 5536 Netman - ok
11:02:33.0145 5536 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:02:33.0245 5536 netprofm - ok
11:02:33.0305 5536 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:02:33.0312 5536 NetTcpPortSharing - ok
11:02:33.0472 5536 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
11:02:33.0480 5536 nfrd960 - ok
11:02:33.0690 5536 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:02:33.0715 5536 NlaSvc - ok
11:02:33.0744 5536 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:02:33.0768 5536 Npfs - ok
11:02:33.0782 5536 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:02:33.0873 5536 nsi - ok
11:02:33.0984 5536 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:02:34.0070 5536 nsiproxy - ok
11:02:34.0445 5536 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:02:34.0470 5536 Ntfs - ok
11:02:34.0528 5536 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:02:34.0552 5536 Null - ok
11:02:34.0592 5536 [ 785298579B5F9B4032152DFBB992FDB6 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
11:02:34.0619 5536 nusb3hub - ok
11:02:34.0736 5536 [ DF2750481B4964814467C974F2B0EEF1 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
11:02:34.0744 5536 nusb3xhc - ok
11:02:34.0860 5536 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
11:02:34.0869 5536 NVHDA - ok
11:02:36.0991 5536 [ BF7A24A71E1932200D864BC1CE15E596 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:02:37.0594 5536 nvlddmkm - ok
11:02:37.0771 5536 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:02:37.0806 5536 nvraid - ok
11:02:37.0993 5536 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:02:38.0026 5536 nvstor - ok
11:02:38.0337 5536 [ 43F91595049DE14C4B61D1E76436164F ] nvsvc C:\Windows\system32\nvvsvc.exe
11:02:38.0372 5536 nvsvc - ok
11:02:38.0784 5536 [ 322B69422836F97B76F4AA59B47507BA ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
11:02:38.0804 5536 nvUpdatusService - ok
11:02:39.0201 5536 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:02:39.0210 5536 nv_agp - ok
11:02:39.0289 5536 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:02:39.0297 5536 ohci1394 - ok
11:02:39.0510 5536 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:02:39.0518 5536 ose - ok
11:02:40.0814 5536 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:02:40.0873 5536 osppsvc - ok
11:02:40.0991 5536 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:02:41.0032 5536 p2pimsvc - ok
11:02:41.0159 5536 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:02:41.0171 5536 p2psvc - ok
11:02:41.0278 5536 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:02:41.0287 5536 Parport - ok
11:02:41.0377 5536 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:02:41.0386 5536 partmgr - ok
11:02:41.0598 5536 [ 68139940B5AC84AFFB7EB1B713BE66E7 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
11:02:41.0675 5536 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
11:02:41.0675 5536 PassThru Service - detected UnsignedFile.Multi.Generic (1)
11:02:41.0784 5536 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:02:41.0826 5536 PcaSvc - ok
11:02:41.0907 5536 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
11:02:41.0916 5536 pci - ok
11:02:41.0987 5536 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
11:02:41.0995 5536 pciide - ok
11:02:42.0110 5536 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:02:42.0120 5536 pcmcia - ok
11:02:42.0248 5536 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:02:42.0257 5536 pcw - ok
11:02:42.0511 5536 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:02:42.0567 5536 PEAUTH - ok
11:02:42.0645 5536 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:02:42.0705 5536 PerfHost - ok
11:02:43.0104 5536 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
11:02:43.0193 5536 pla - ok
11:02:43.0366 5536 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:02:43.0392 5536 PlugPlay - ok
11:02:43.0485 5536 [ F485770EEC8959684CC4C4786B63C06C ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
11:02:43.0532 5536 Pml Driver HPZ12 - ok
11:02:43.0535 5536 PnkBstrA - ok
11:02:43.0633 5536 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:02:43.0733 5536 PNRPAutoReg - ok
11:02:43.0820 5536 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:02:43.0830 5536 PNRPsvc - ok
11:02:44.0032 5536 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:02:44.0106 5536 PolicyAgent - ok
11:02:44.0228 5536 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:02:44.0300 5536 Power - ok
11:02:44.0826 5536 [ 7F2B5FAAFBDB55FB617E7D56F78C0A8A ] ppped C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
11:02:44.0843 5536 ppped - ok
11:02:44.0898 5536 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:02:44.0954 5536 PptpMiniport - ok
11:02:45.0061 5536 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
11:02:45.0103 5536 Processor - ok
11:02:45.0163 5536 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
11:02:45.0227 5536 ProfSvc - ok
11:02:45.0291 5536 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:02:45.0300 5536 ProtectedStorage - ok
11:02:45.0370 5536 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:02:45.0417 5536 Psched - ok
11:02:45.0839 5536 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
11:02:45.0863 5536 ql2300 - ok
11:02:45.0917 5536 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
11:02:45.0927 5536 ql40xx - ok
11:02:46.0016 5536 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:02:46.0030 5536 QWAVE - ok
11:02:46.0067 5536 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:02:46.0142 5536 QWAVEdrv - ok
11:02:46.0176 5536 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:02:46.0252 5536 RasAcd - ok
11:02:46.0388 5536 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:02:46.0412 5536 RasAgileVpn - ok
11:02:46.0478 5536 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:02:46.0551 5536 RasAuto - ok
11:02:46.0638 5536 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:02:46.0745 5536 Rasl2tp - ok
11:02:46.0906 5536 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
11:02:46.0967 5536 RasMan - ok
11:02:47.0041 5536 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:02:47.0065 5536 RasPppoe - ok
11:02:47.0121 5536 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:02:47.0176 5536 RasSstp - ok
11:02:47.0319 5536 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:02:47.0369 5536 rdbss - ok
11:02:47.0457 5536 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:02:47.0499 5536 rdpbus - ok
11:02:47.0532 5536 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:02:47.0609 5536 RDPCDD - ok
11:02:47.0662 5536 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:02:47.0737 5536 RDPENCDD - ok
11:02:47.0746 5536 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:02:47.0770 5536 RDPREFMP - ok
11:02:47.0833 5536 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:02:47.0878 5536 RDPWD - ok
11:02:48.0011 5536 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:02:48.0022 5536 rdyboost - ok
11:02:48.0074 5536 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:02:48.0170 5536 RemoteAccess - ok
11:02:48.0249 5536 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:02:48.0297 5536 RemoteRegistry - ok
11:02:48.0323 5536 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:02:48.0392 5536 RpcEptMapper - ok
11:02:48.0483 5536 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:02:48.0492 5536 RpcLocator - ok
11:02:48.0679 5536 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
11:02:48.0706 5536 RpcSs - ok
11:02:48.0737 5536 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:02:48.0762 5536 rspndr - ok
11:02:48.0893 5536 [ 4E821C740A675F6D040BE41D59A62B1D ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
11:02:48.0902 5536 RTHDMIAzAudService - ok
11:02:49.0015 5536 [ 3B01789EE4EAEE97F5EB46B711387D5E ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
11:02:49.0046 5536 RTL8167 - ok
11:02:49.0072 5536 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
11:02:49.0080 5536 SamSs - ok
11:02:49.0132 5536 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:02:49.0141 5536 sbp2port - ok
11:02:49.0415 5536 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
11:02:49.0433 5536 SBSDWSCService - ok
11:02:49.0534 5536 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:02:49.0561 5536 SCardSvr - ok
11:02:49.0638 5536 [ 6CE6F98EA3D07A9C2CE3CD0A5A86352D ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
11:02:49.0646 5536 SCDEmu - ok
11:02:49.0758 5536 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:02:49.0830 5536 scfilter - ok
11:02:50.0181 5536 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
11:02:50.0212 5536 Schedule - ok
11:02:50.0287 5536 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:02:50.0311 5536 SCPolicySvc - ok
11:02:50.0335 5536 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:02:50.0344 5536 SDRSVC - ok
11:02:50.0564 5536 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
11:02:51.0519 5536 SeaPort - ok
11:02:51.0611 5536 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:02:51.0693 5536 secdrv - ok
11:02:51.0767 5536 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
11:02:51.0875 5536 seclogon - ok
11:02:51.0960 5536 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
11:02:52.0049 5536 SENS - ok
11:02:52.0133 5536 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:02:52.0205 5536 SensrSvc - ok
11:02:52.0282 5536 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:02:52.0364 5536 Serenum - ok
11:02:52.0464 5536 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:02:52.0488 5536 Serial - ok
11:02:52.0549 5536 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
11:02:52.0612 5536 sermouse - ok
11:02:52.0771 5536 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
11:02:52.0832 5536 SessionEnv - ok
11:02:52.0940 5536 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:02:52.0982 5536 sffdisk - ok
11:02:53.0023 5536 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:02:53.0096 5536 sffp_mmc - ok
11:02:53.0131 5536 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:02:53.0195 5536 sffp_sd - ok
11:02:53.0371 5536 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
11:02:53.0458 5536 sfloppy - ok
11:02:54.0105 5536 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
11:02:54.0143 5536 Sftfs - ok
11:02:54.0270 5536 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
11:02:54.0303 5536 Sftplay - ok
11:02:54.0467 5536 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
11:02:54.0491 5536 Sftredir - ok
11:02:54.0548 5536 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
11:02:54.0557 5536 Sftvol - ok
11:02:54.0700 5536 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:02:54.0844 5536 SharedAccess - ok
11:02:55.0006 5536 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:02:55.0115 5536 ShellHWDetection - ok
11:02:55.0203 5536 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:02:55.0234 5536 SiSRaid2 - ok
11:02:55.0293 5536 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
11:02:55.0306 5536 SiSRaid4 - ok
11:02:55.0604 5536 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
11:02:55.0632 5536 SkypeUpdate - ok
11:02:55.0695 5536 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:02:55.0740 5536 Smb - ok
11:02:55.0833 5536 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:02:55.0906 5536 SNMPTRAP - ok
11:02:55.0960 5536 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:02:55.0985 5536 spldr - ok
11:02:56.0164 5536 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
11:02:56.0188 5536 Spooler - ok
11:02:57.0038 5536 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
11:02:57.0109 5536 sppsvc - ok
11:02:57.0150 5536 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:02:57.0174 5536 sppuinotify - ok
11:02:57.0527 5536 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
11:02:57.0527 5536 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
11:02:57.0539 5536 sptd ( LockedFile.Multi.Generic ) - warning
11:02:57.0539 5536 sptd - detected LockedFile.Multi.Generic (1)
11:02:57.0699 5536 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
11:02:57.0761 5536 srv - ok
11:02:57.0939 5536 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:02:58.0068 5536 srv2 - ok
11:02:58.0194 5536 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:02:58.0254 5536 srvnet - ok
11:02:58.0370 5536 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:02:58.0439 5536 SSDPSRV - ok
11:02:58.0531 5536 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:02:58.0593 5536 SstpSvc - ok
11:02:58.0607 5536 Steam Client Service - ok
11:02:58.0883 5536 [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
11:02:58.0898 5536 Stereo Service - ok
11:02:58.0996 5536 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
11:02:59.0024 5536 stexstor - ok
11:02:59.0349 5536 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
11:02:59.0452 5536 stisvc - ok
11:02:59.0632 5536 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
11:02:59.0662 5536 swenum - ok
11:02:59.0903 5536 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:03:00.0064 5536 swprv - ok
11:03:00.0581 5536 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
11:03:00.0642 5536 SysMain - ok
11:03:00.0698 5536 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:03:00.0757 5536 TabletInputService - ok
11:03:00.0925 5536 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:03:00.0973 5536 TapiSrv - ok
11:03:01.0031 5536 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:03:01.0085 5536 TBS - ok
11:03:01.0664 5536 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:03:01.0700 5536 Tcpip - ok
11:03:02.0204 5536 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:03:02.0240 5536 TCPIP6 - ok
11:03:02.0305 5536 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:03:02.0429 5536 tcpipreg - ok
11:03:02.0529 5536 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:03:02.0580 5536 TDPIPE - ok
11:03:02.0662 5536 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:03:02.0716 5536 TDTCP - ok
11:03:02.0823 5536 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:03:02.0881 5536 tdx - ok
11:03:02.0928 5536 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
11:03:02.0956 5536 TermDD - ok
11:03:03.0256 5536 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
11:03:03.0410 5536 TermService - ok
11:03:03.0521 5536 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:03:03.0585 5536 Themes - ok
11:03:03.0616 5536 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:03:03.0648 5536 THREADORDER - ok
11:03:03.0699 5536 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:03:03.0789 5536 TrkWks - ok
11:03:03.0985 5536 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:03:04.0080 5536 TrustedInstaller - ok
11:03:04.0147 5536 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:03:04.0234 5536 tssecsrv - ok
11:03:04.0310 5536 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:03:04.0350 5536 TsUsbFlt - ok
11:03:04.0460 5536 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:03:04.0560 5536 tunnel - ok
11:03:04.0644 5536 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
11:03:04.0669 5536 uagp35 - ok
11:03:04.0757 5536 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:03:04.0810 5536 udfs - ok
11:03:04.0865 5536 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:03:04.0874 5536 UI0Detect - ok
11:03:04.0901 5536 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:03:04.0910 5536 uliagpkx - ok
11:03:04.0971 5536 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:03:04.0998 5536 umbus - ok
11:03:05.0019 5536 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:03:05.0090 5536 UmPass - ok
11:03:05.0181 5536 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:03:05.0285 5536 upnphost - ok
11:03:05.0373 5536 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
11:03:05.0400 5536 USBAAPL64 - ok
11:03:05.0462 5536 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
11:03:05.0526 5536 usbaudio - ok
11:03:05.0589 5536 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:03:05.0619 5536 usbccgp - ok
11:03:05.0683 5536 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:03:05.0748 5536 usbcir - ok
11:03:05.0828 5536 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:03:05.0898 5536 usbehci - ok
11:03:06.0027 5536 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:03:06.0068 5536 usbhub - ok
11:03:06.0158 5536 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
11:03:06.0219 5536 usbohci - ok
11:03:06.0289 5536 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:03:06.0357 5536 usbprint - ok
11:03:06.0413 5536 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
11:03:06.0467 5536 usbscan - ok
11:03:06.0501 5536 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:03:06.0567 5536 USBSTOR - ok
11:03:06.0636 5536 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:03:06.0703 5536 usbuhci - ok
11:03:06.0783 5536 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
11:03:06.0825 5536 usbvideo - ok
11:03:06.0869 5536 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:03:06.0920 5536 UxSms - ok
11:03:06.0995 5536 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
11:03:07.0025 5536 VaultSvc - ok
11:03:07.0113 5536 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:03:07.0144 5536 vdrvroot - ok
11:03:07.0331 5536 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
11:03:07.0390 5536 vds - ok
11:03:07.0435 5536 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:03:07.0461 5536 vga - ok
11:03:07.0491 5536 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:03:07.0595 5536 VgaSave - ok
11:03:07.0685 5536 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:03:07.0723 5536 vhdmp - ok
11:03:07.0780 5536 [ 1161ACFF728D97F75D74D2F1465F8A46 ] vhidmini C:\Windows\system32\DRIVERS\vHidDev.sys
11:03:07.0789 5536 vhidmini - ok
11:03:07.0840 5536 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
11:03:07.0866 5536 viaide - ok
11:03:07.0917 5536 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:03:07.0930 5536 volmgr - ok
11:03:08.0069 5536 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:03:08.0086 5536 volmgrx - ok
11:03:08.0173 5536 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:03:08.0207 5536 volsnap - ok
11:03:08.0273 5536 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
11:03:08.0300 5536 vsmraid - ok
11:03:08.0774 5536 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
11:03:08.0858 5536 VSS - ok
11:03:08.0886 5536 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
11:03:08.0928 5536 vwifibus - ok
11:03:09.0033 5536 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:03:09.0060 5536 W32Time - ok
11:03:09.0093 5536 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
11:03:09.0167 5536 WacomPen - ok
11:03:09.0220 5536 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:03:09.0245 5536 WANARP - ok
11:03:09.0251 5536 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:03:09.0276 5536 Wanarpv6 - ok
11:03:09.0711 5536 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:03:09.0755 5536 WatAdminSvc - ok
11:03:09.0970 5536 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
11:03:10.0031 5536 wbengine - ok
11:03:10.0121 5536 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:03:10.0160 5536 WbioSrvc - ok
11:03:10.0261 5536 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:03:10.0339 5536 wcncsvc - ok
11:03:10.0415 5536 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:03:10.0446 5536 WcsPlugInService - ok
11:03:10.0532 5536 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
11:03:10.0562 5536 Wd - ok
11:03:10.0761 5536 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:03:10.0796 5536 Wdf01000 - ok
11:03:10.0850 5536 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:03:10.0929 5536 WdiServiceHost - ok
11:03:10.0942 5536 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:03:10.0960 5536 WdiSystemHost - ok
11:03:11.0016 5536 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
11:03:11.0114 5536 WebClient - ok
11:03:11.0249 5536 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:03:11.0315 5536 Wecsvc - ok
11:03:11.0384 5536 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:03:11.0466 5536 wercplsupport - ok
11:03:11.0531 5536 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:03:11.0587 5536 WerSvc - ok
11:03:11.0648 5536 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:03:11.0704 5536 WfpLwf - ok
11:03:11.0725 5536 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:03:11.0733 5536 WIMMount - ok
11:03:11.0768 5536 WinDefend - ok
11:03:11.0775 5536 WinHttpAutoProxySvc - ok
11:03:12.0306 5536 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:03:12.0485 5536 Winmgmt - ok
11:03:12.0947 5536 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys
11:03:12.0975 5536 WinRing0_1_2_0 - ok
11:03:13.0441 5536 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
11:03:13.0671 5536 WinRM - ok
11:03:13.0763 5536 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\winusb.sys
11:03:13.0826 5536 WinUsb - ok
11:03:14.0035 5536 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:03:14.0072 5536 Wlansvc - ok
11:03:14.0284 5536 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:03:14.0308 5536 wlcrasvc - ok
11:03:15.0122 5536 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:03:15.0169 5536 wlidsvc - ok
11:03:15.0277 5536 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:03:15.0365 5536 WmiAcpi - ok
11:03:15.0439 5536 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:03:15.0505 5536 wmiApSrv - ok
11:03:15.0595 5536 WMPNetworkSvc - ok
11:03:16.0124 5536 [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm c:\Program Files\Zune\WMZuneComm.exe
11:03:16.0157 5536 WMZuneComm - ok
11:03:16.0261 5536 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:03:16.0292 5536 WPCSvc - ok
11:03:16.0344 5536 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:03:16.0383 5536 WPDBusEnum - ok
11:03:16.0475 5536 [ D0BA650BD00C346B0B860F6CEC275296 ] WRkrn C:\Windows\system32\drivers\WRkrn.sys
11:03:16.0506 5536 WRkrn - ok
11:03:16.0812 5536 [ 198434E71A01A170EDA6C73A812B540D ] WRSVC C:\Program Files\Webroot\WRSA.exe
11:03:16.0853 5536 WRSVC - ok
11:03:16.0936 5536 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:03:16.0986 5536 ws2ifsl - ok
11:03:17.0045 5536 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
11:03:17.0114 5536 wscsvc - ok
11:03:17.0120 5536 WSearch - ok
11:03:17.0783 5536 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:03:17.0839 5536 wuauserv - ok
11:03:17.0929 5536 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:03:17.0977 5536 WudfPf - ok
11:03:18.0035 5536 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:03:18.0121 5536 WUDFRd - ok
11:03:18.0177 5536 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:03:18.0241 5536 wudfsvc - ok
11:03:18.0350 5536 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
11:03:18.0435 5536 WwanSvc - ok
11:03:18.0441 5536 X6va005 - ok
11:03:18.0504 5536 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
11:03:18.0549 5536 xusb21 - ok
11:03:19.0841 5536 [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc c:\Program Files\Zune\ZuneNss.exe
11:03:19.0936 5536 ZuneNetworkSvc - ok
11:03:20.0123 5536 [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc c:\Program Files\Zune\ZuneWlanCfgSvc.exe
11:03:20.0154 5536 ZuneWlanCfgSvc - ok
11:03:20.0164 5536 ================ Scan global ===============================
11:03:20.0266 5536 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:03:20.0443 5536 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
11:03:20.0481 5536 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
11:03:20.0566 5536 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:03:20.0685 5536 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:03:20.0693 5536 [Global] - ok
11:03:20.0694 5536 ================ Scan MBR ==================================
11:03:20.0732 5536 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:03:36.0452 5536 \Device\Harddisk0\DR0 - ok
11:03:36.0461 5536 [ 0625897BD04665FF1D2A7F7090055DEB ] \Device\Harddisk1\DR1
11:04:09.0081 5536 \Device\Harddisk1\DR1 - ok
11:04:09.0082 5536 ================ Scan VBR ==================================
11:04:09.0117 5536 [ 5CF00F0CC6803584B8F364A077098368 ] \Device\Harddisk0\DR0\Partition1
11:04:09.0263 5536 \Device\Harddisk0\DR0\Partition1 - ok
11:04:09.0324 5536 [ B85B60CFA09AD207684AA1C1361DF915 ] \Device\Harddisk0\DR0\Partition2
11:04:09.0406 5536 \Device\Harddisk0\DR0\Partition2 - ok
11:04:09.0407 5536 ============================================================
11:04:09.0407 5536 Scan finished
11:04:09.0407 5536 ============================================================
11:04:09.0428 1676 Detected object count: 11
11:04:09.0428 1676 Actual detected object count: 11
11:04:57.0449 1676 C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe - copied to quarantine
11:04:57.0452 1676 HKLM\SYSTEM\ControlSet001\services\ADVService - will be deleted on reboot
11:04:57.0906 1676 HKLM\SYSTEM\ControlSet002\services\ADVService - will be deleted on reboot
11:04:59.0407 1676 C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe - will be deleted on reboot
11:04:59.0407 1676 ADVService ( UnsignedFile.Multi.Generic ) - User select action: Delete
11:05:02.0483 1676 C:\Windows\SysWOW64\ASDR.exe - copied to quarantine
11:05:02.0484 1676 HKLM\SYSTEM\ControlSet001\services\ASDR - will be deleted on reboot
11:05:02.0658 1676 HKLM\SYSTEM\ControlSet002\services\ASDR - will be deleted on reboot
11:05:02.0668 1676 C:\Windows\SysWOW64\ASDR.exe - will be deleted on reboot
11:05:02.0668 1676 ASDR ( UnsignedFile.Multi.Generic ) - User select action: Delete
11:05:02.0672 1676 ATKFUSService ( UnsignedFile.Multi.Generic ) - skipped by user
11:05:02.0673 1676 ATKFUSService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:05:02.0676 1676 BroadCamService ( UnsignedFile.Multi.Generic ) - skipped by user
11:05:02.0676 1676 BroadCamService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:05:02.0680 1676 HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
11:05:02.0680 1676 HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:05:02.0929 1676 C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe - copied to quarantine
11:05:02.0929 1676 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
11:05:02.0998 1676 C:\Windows\SysWOW64\XSrvSetup.exe - copied to quarantine
11:05:03.0002 1676 HKLM\SYSTEM\ControlSet001\services\JMB36X - will be deleted on reboot
11:05:03.0570 1676 HKLM\SYSTEM\ControlSet002\services\JMB36X - will be deleted on reboot
11:05:03.0580 1676 C:\Windows\SysWOW64\XSrvSetup.exe - will be deleted on reboot
11:05:03.0580 1676 JMB36X ( UnsignedFile.Multi.Generic ) - User select action: Delete
11:05:03.0755 1676 C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS - copied to quarantine
11:05:03.0760 1676 HKLM\SYSTEM\ControlSet001\services\MREMP50 - will be deleted on reboot
11:05:04.0185 1676 HKLM\SYSTEM\ControlSet002\services\MREMP50 - will be deleted on reboot
11:05:04.0196 1676 C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS - will be deleted on reboot
11:05:04.0196 1676 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Delete
11:05:04.0233 1676 C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS - copied to quarantine
11:05:04.0239 1676 HKLM\SYSTEM\ControlSet001\services\MRESP50 - will be deleted on reboot
11:05:04.0278 1676 HKLM\SYSTEM\ControlSet002\services\MRESP50 - will be deleted on reboot
11:05:04.0288 1676 C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS - will be deleted on reboot
11:05:04.0288 1676 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Delete
11:05:04.0480 1676 C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe - copied to quarantine
11:05:04.0481 1676 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
11:05:04.0729 1676 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
11:05:04.0737 1676 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot
11:05:05.0581 1676 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted on reboot
11:05:05.0591 1676 C:\Windows\system32\Drivers\sptd.sys - will be deleted on reboot
11:05:05.0591 1676 sptd ( LockedFile.Multi.Generic ) - User select action: Delete
11:05:19.0068 1268 Deinitialize success


I think I probably have more but hopefully this is moderately helpful. Sorry they are outdated but every time one is used it stops finding anything, and most of them do not work now. I almost want to just grab a copy of MRI at this point :crazy: and thank you so much! I know I've left you with bleep all but I'm truly in a fix right now and really need this computer up and running. Much much appreciated for assistence

#4 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:40 AM

Posted 21 September 2012 - 02:05 PM

Combofix I had to fix some first issues, which I thought worked out at another forum when we ran a script.


Do you have a link to that topic please? I need to see what has already happened to get a clear picture of what is going on and what has already been done :)

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#5 TheWhiteKeys

TheWhiteKeys
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 21 September 2012 - 02:24 PM

Oh snap well here we go http://pctechforums.com/viewtopic.php?t=13317 I wonder if they responded? Haven't been able to get chrome working as well so I lost the thread and forgot a lot after vegas but there we are. Thanks!

#6 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:40 AM

Posted 24 September 2012 - 07:34 AM

OK, let's see if one of our other scanning tools will work. I think I need to get a fresh look at this PC :wink:

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#7 TheWhiteKeys

TheWhiteKeys
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 26 September 2012 - 01:46 AM

Could not get the extra.txt to load not sure why, as I have changed nothing but the scan all users box. I should mention I had to get a .com mirror cause the .exe ones were blocked. Bastards. But anyway I have the otl.txt if that's helpful!
*EDIT* Took the extra.txt that loaded to the same directory, but slightly earlier than this one. Hopefully not an issue. Posted below

OTL logfile created on: 9/25/2012 11:26:54 PM - Run 3
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\Abraham Justice\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.32 Gb Available Physical Memory | 66.53% Memory free
19.99 Gb Paging File | 17.07 Gb Available in Paging File | 85.39% Paging File free
Paging file location(s): c:\pagefile.sys 12284 12287e:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 313.79 Gb Free Space | 33.69% Space Free | Partition Type: NTFS
Drive D: | 689.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 7.64 Gb Total Space | 2.95 Gb Free Space | 38.61% Space Free | Partition Type: FAT32

Computer Name: BROTHERS-PC | User Name: Abraham Justice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/25 18:24:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Abraham Justice\Downloads\OTL.com
PRC - [2012/09/22 13:48:23 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/09/07 13:49:46 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/08/31 04:03:14 | 001,633,608 | ---- | M] (Anvisoft Corporation) -- C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBMini.exe
PRC - [2012/08/30 12:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/08/30 10:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/08/17 08:35:40 | 000,079,384 | ---- | M] (Google) -- C:\Users\Abraham Justice\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2012/08/14 11:38:05 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
PRC - [2012/08/06 01:45:05 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/07/12 18:32:18 | 018,832,264 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
PRC - [2012/06/21 10:28:42 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011/10/21 02:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/06/17 10:02:10 | 001,000,896 | ---- | M] (Cyber Power Systems, Inc.) -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
PRC - [2011/06/17 10:01:56 | 000,353,728 | ---- | M] (Cyber Power Systems, Inc.) -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/20 05:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/11/20 05:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/09 13:00:22 | 020,317,008 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/09/09 13:00:19 | 000,902,480 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/09/09 13:00:16 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/09/09 13:00:14 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/09/09 13:00:12 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/09/07 13:49:46 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/08/30 10:39:42 | 000,374,120 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2012/08/14 11:38:05 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
MOD - [2012/07/30 12:32:12 | 000,891,392 | ---- | M] () -- C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}\platform\WINNT_x86-msvc\components\wrxpcom.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/08/29 11:14:28 | 000,712,104 | ---- | M] (Webroot) [Auto | Stopped] -- C:\Program Files\Webroot\WRSA.exe -- (WRSVC)
SRV:64bit: - [2011/10/06 20:28:34 | 000,204,288 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2011/06/09 13:01:00 | 000,555,392 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2010/12/13 15:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/12/01 14:22:58 | 000,063,488 | ---- | M] (ASUSTeK COMPUTER INC.) [Disabled | Stopped] -- C:\Windows\SysNative\ATKFUSService.exe -- (ATKFUSService)
SRV:64bit: - [2007/05/25 09:38:54 | 000,567,216 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysNative\lxdccoms.exe -- (lxdc_device)
SRV - [2012/09/07 13:49:46 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/06 01:20:49 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/08/30 12:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/08/30 10:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/08/30 10:23:26 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/08/30 00:27:11 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/06/21 10:28:42 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/04/02 23:12:55 | 000,131,912 | ---- | M] (Desura Pty Ltd) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/06/17 10:02:10 | 001,000,896 | ---- | M] (Cyber Power Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe -- (ppped)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/08/26 20:41:07 | 001,052,676 | ---- | M] (NCH Software) [Disabled | Stopped] -- C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe -- (BroadCamService)
SRV - [2010/04/14 16:03:46 | 000,275,832 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe -- (AMD FusionUtility Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012/08/29 11:14:29 | 000,110,160 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WRkrn.sys -- (WRkrn)
DRV:64bit: - [2012/07/03 08:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/04/25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/04/03 08:57:58 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:64bit: - [2012/04/03 08:57:58 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/11/29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011/10/26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
DRV:64bit: - [2011/10/06 22:21:40 | 010,207,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/10/06 22:21:40 | 010,207,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/10/06 19:46:02 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/06/06 15:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/13 15:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/27 13:25:22 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/08/20 21:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/06/30 01:27:08 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2010/06/08 16:52:28 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/06/08 14:09:40 | 000,016,384 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EIO64.sys -- (EIO64)
DRV:64bit: - [2010/04/19 18:04:44 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)
DRV:64bit: - [2010/04/12 01:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/03/09 03:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/12/21 22:50:00 | 000,007,552 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vHidDev.sys -- (vhidmini)
DRV:64bit: - [2009/12/02 00:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/11/23 18:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 18:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/11/20 04:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/11/20 04:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/11/01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/10/29 01:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/08/20 09:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/17 18:22:22 | 000,039,424 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATKDispLowFilter.sys -- (atkdisplf)
DRV:64bit: - [2009/02/17 18:22:22 | 000,017,792 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb)
DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/03/08 14:51:05 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010/11/01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://igoogle.com/
IE - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 CB 41 89 EA 06 CB 01 [binary data]
IE - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found
IE - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\..\SearchScopes\{E519AA1F-E8A8-47ED-92E3-BCFB65055819}: "URL" = http://search.comcast.net/search?cat=Web&con=toolbar&q={searchTerms}
IE - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://battlelog.battlefield.com/bf3/"
FF - prefs.js..extensions.enabledAddons: battlefieldplay4free@ea.com:1.0.66.2
FF - prefs.js..extensions.enabledAddons: {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}:1.90.6
FF - prefs.js..extensions.enabledAddons: testpilot@labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: {988da70d-b78d-44a1-a9c7-ed11832a9e2e}:1.3
FF - prefs.js..extensions.enabledAddons: {7473b6bd-4691-4744-a82b-7854eb3d70b6}:10.10.27.6
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.6
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?FORM=SOLTDF&q="

FF - user.js..keyword.enabled: true

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@comrade.gamespy.com/comrade: C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Abraham Justice\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Abraham Justice\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Abraham Justice\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Abraham Justice\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\intel.com/AppUp: C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Users\Abraham Justice\Downloads\null\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/08 15:56:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/20 18:57:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 13:49:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/12 20:57:44 | 000,000,000 | ---D | M]

[2010/12/14 21:23:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Extensions
[2012/09/21 23:22:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\extensions
[2010/06/08 09:43:29 | 000,000,000 | ---D | M] ("Industrial") -- C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\extensions\{44851134-3425-48cc-a957-5a29b9396a5f}
[2012/08/22 21:21:52 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2012/09/20 01:04:56 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2012/03/22 13:27:38 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2012/07/30 13:04:39 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2012/07/30 12:32:12 | 000,000,000 | ---D | M] (Webroot) -- C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}
[2012/09/16 11:51:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/06/08 09:43:29 | 000,000,000 | ---D | M] ("Packerfox") -- C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\extensions\{EFF88F6E-719C-4b3b-979F-7956D8EAD5D9}
[2011/09/28 00:57:44 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\extensions\battlefieldplay4free@ea.com
[2010/06/08 09:43:29 | 000,000,000 | ---D | M] (Simple Dyyno Launcher) -- C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\extensions\NPDyyno@dyyno.com
[2012/09/09 11:35:50 | 000,401,328 | ---- | M] () (No name found) -- C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
[2011/07/25 15:12:32 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\extensions\personas@christopher.beard.xpi
[2012/09/12 10:21:17 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\extensions\testpilot@labs.mozilla.com.xpi
[2011/09/17 23:50:02 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\extensions\youtube2mp3@mondayx.de.xpi
[2012/02/12 15:33:26 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012/09/21 23:22:27 | 000,015,162 | ---- | M] () (No name found) -- C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi
[2007/08/08 21:47:54 | 001,747,426 | ---- | M] () (No name found) -- C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\extensions\{EFF88F6E-719C-4b3b-979F-7956D8EAD5D9}\chrome\tmp.xpi
[2009/01/07 18:26:30 | 000,001,739 | ---- | M] () -- C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\searchplugins\aim-search.xml
[2011/06/20 14:17:32 | 000,000,917 | ---- | M] () -- C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\searchplugins\conduit.xml
[2009/08/08 03:45:02 | 000,001,633 | ---- | M] () -- C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\searchplugins\live-search.xml
[2008/12/17 19:03:38 | 000,000,246 | ---- | M] () -- C:\Users\Abraham Justice\AppData\Roaming\Mozilla\Firefox\Profiles\2mrs88ao.default\searchplugins\Yoog Search.xml
[2012/09/07 13:49:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/07 13:49:46 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/05/20 18:56:20 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/09/04 18:58:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/04 18:58:19 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://gmail.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.4_0\plugins/screen_capture.dll
CHR - plugin: Battlefield Play4Free Updater (Enabled) = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei\1.0.53.2_0\npBP4FUpdater.dll
CHR - plugin: Battlefield Play4Free Updater (Enabled) = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei\1.0.53.2_0\BP4FUpdater.exe
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Abraham Justice\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Abraham Justice\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files (x86)\Download Manager\npfpdlm.dll
CHR - plugin: Comrade Plugin (Enabled) = C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: AppUp (Enabled) = C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: eMusic Remote Plugin (Enabled) = C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: Entanglement = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Send using Gmail (no button) = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahldefgplekckalfcolhhnljbbgaiboc\1.11.10_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.7_0\
CHR - Extension: reddit companion = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe\1.1.1_0\
CHR - Extension: reddit companion = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe\1.1.1_0\.orig
CHR - Extension: Google Drive = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Quizlet = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgofflgeghkhocbociocnckocbjmomjh\4.1_0\
CHR - Extension: Audiotool = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk\1.1_0\
CHR - Extension: YouTube = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adventure Time with Finn and Jake = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocngmpdkbemndadokjpgkhhjihadopd\1.7_0\
CHR - Extension: Reddit Link Opener = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpjdjkonibhggbbjchphchlbonaijjme\1.2.4_0\
CHR - Extension: Ge.tt = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdgghbbgmhcpidlmnepkbihehhkmjomc\0.99_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.9_0\
CHR - Extension: Google Search = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Hangout Canopy = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbjbjpicplblhgkjjdbplpgkmhojmjom\1.3.2.0_0\
CHR - Extension: Sage Notebook = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\dckejpjjnjaagdahkdgighlejbckajak\1.4_0\
CHR - Extension: SiteAdvisor for Chrome = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\dckheglehcdhpjkdmmmghbgkcdebhhae\1.0.2_0\
CHR - Extension: Read Later Fast = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji\1.5.2_0\
CHR - Extension: Be a Local! = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\diiecohgbcgbehcpofpolcnoipmefgbm\17_0\
CHR - Extension: Battlefield Play4Free = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei\1.0.53.2_0\
CHR - Extension: Mapnificent = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\dljjdghcikmaacogeloeooafjopponic\1.0.1_0\
CHR - Extension: Bomomo = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnalbhgkcocoepphagnnlaiomnnngeln\1_0\
CHR - Extension: Invoicera = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\edpnhgjhpakkoojbgaakfgildhipljab\7.0_0\
CHR - Extension: imgur = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehoopddfhgaehhmphfcooacjdpmbjlao\1.1.3_0\
CHR - Extension: TextSendr - Free Text Messages = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejgocgjichhbkknncchbobdlhkdkpbei\1_0\
CHR - Extension: Better Battlelog (BBLog) = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbnkmpcicaafjhmnhiblopefjfacnmem\2.4.1_0\
CHR - Extension: Zeta Uploader = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdaoellipjkfejjeegcjckdkhpanhnmg\1.8.2_0\
CHR - Extension: eBay.com Visual Search = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiapgdjflgcojnnaggmnjpknoemgcakg\0.1_0\
CHR - Extension: Yelp Instant = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\figmodmjdfjndiefilehfbofmpapiaga\1.0.0_0\
CHR - Extension: Rage Editor = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkflepcefkdmoikdpfbgobnahbficcno\1_0\
CHR - Extension: NewsBlur = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\gchdledhagjbhhodjjhiclbnaioljomj\1.1_0\
CHR - Extension: Ajax Animator = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\ginffkjapdobanedcblllenliboglpkp\1.0.2_0\
CHR - Extension: What's My DNS? = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdnhfkfjahmjenbddackhhelemkmejp\1.0.0.1_0\
CHR - Extension: Outright Accounting = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbkjjeflldjbeacnpbbmfaldebpnjjdo\1.0.0.5_0\
CHR - Extension: Downloads = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\hblmehkoicadamekhpelflfmoaoofeml\1.2.3_0\
CHR - Extension: AirMech = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdahlabpinmfcemhcbcfoijcpoalfgdn\10357_0\
CHR - Extension: Flixster = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh\1.0.6_0\
CHR - Extension: Drum Kit Sim = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhajpcpngdciglmkhahlmbdbjkohondo\1_0\
CHR - Extension: Anonymous Email = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhilnpniljpeembobdnlmdmcmllbhll\1.5_0\
CHR - Extension: Troll Emoticons = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\hndllphbhpadfpoikpaofkkkpkpnmjik\4.6.7_0\
CHR - Extension: Dictionary Instant = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\hngaklbjlbjhmoilkegninbmpfigheol\1.0.22_0\
CHR - Extension: Find Wi-Fi = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfdibgccmdloekfajpdialdmhlacfkb\0.0.0.6_0\
CHR - Extension: telety.pe = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikijikcfedekifbolhamdccnhnlkhfpf\6_0\
CHR - Extension: YourNextFilm = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\jadajphjladhhmcjiomkmlihlknbnicc\0.0.0.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: YouTube to MP3 = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkippmhiimpgejpacdkdgladdckocicj\0.0.3_1\
CHR - Extension: BBC Good Food = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkffnoliaheoidfeejcmnidkkgilkja\5_0\
CHR - Extension: Sketchpad = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp\1.0.0.4_0\
CHR - Extension: Aviary Photo Editor for Facebook = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnhpjhojpnckkehlebbkpoammaemnnno\0.0.3_0\
CHR - Extension: Poppit = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Rain Alarm = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\meaikaglpfemjncbioflellmppndgmok\1.1.8_0\
CHR - Extension: Everyday Water = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflbgiohieaejcijfgcjlcjhagbieeeo\0.0.0.1_0\
CHR - Extension: Skinnyo = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhchlnkhbcdkjdoahjmhfgmkloifojcd\1.2_0\
CHR - Extension: Quick Note = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.4.1_0\
CHR - Extension: Tasky for Google Tasks = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbfkceielapenhcdmppjfjfhjelhcjc\1.1.3_0\
CHR - Extension: Colorblendy = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\mngmafdcpeeloikhhabijcnddgildokk\1.1.4_0\
CHR - Extension: CanIStream.It = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\nefjaladmbgpekhpikihnnchgbdfojpk\4_0\
CHR - Extension: Ge.tt = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\nflehelhgpjjhfiigceaplnmgiblnclo\1.1.4_0\
CHR - Extension: Fiabee HTML5 Viewer = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngmmpodmhlhciagihcjpdggoihakcahf\1.0.0.71_0\
CHR - Extension: Graph.tk = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkhkaamdeplibnmodcgodlkghphdbahk\0.0.1.0_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: SoundCloud Audio Downloader = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\noooofokbnodaamgipegcjgmnnookngk\1.2.1_0\
CHR - Extension: Todo.ly = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhefmbclkekanpjjpkbciloojcmpkap\2_0\
CHR - Extension: Rainmaker = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\omleldobkmmcmlgkmfniabhejfhmjjjf\3.0.2_0\
CHR - Extension: Sinuous = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\omlmnomieeknagejjojcpdomnbnbchdl\1.0.4_0\
CHR - Extension: Online Music Alarm = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pblohfmipkhnjcgpoamnmjelcajhpcjg\1.1_0\
CHR - Extension: 4chan Plus = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj\2.5.5_0\
CHR - Extension: Gmail = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: EasyPolls = C:\Users\Abraham Justice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pngmadbhjmlmaoapmlepdnbfkaejmnid\1.11_0\

O1 HOSTS File: ([2012/09/20 02:21:05 | 000,000,051 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Webroot Browser Helper Object) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll (Webroot Software, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Webroot Browser Helper Object) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll (Webroot Software, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Webroot Toolbar) - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar64.dll (Webroot Software, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Webroot Toolbar) - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar.dll (Webroot Software, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe (Cyber Power Systems, Inc.)
O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)
O4 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005..\Run: [Anvi_CSB] C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBMini.exe (Anvisoft Corporation)
O4 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005..\Run: [F.lux] C:\Users\Abraham Justice\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Brothers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk = File not found
O4 - Startup: C:\Users\Brothers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk = File not found
O4 - Startup: C:\Users\Guest I guess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk = File not found
O4 - Startup: C:\Users\Guest I guess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk = File not found
O4 - Startup: C:\Users\Mcx1-BROTHERS-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk = File not found
O4 - Startup: C:\Users\Mcx1-BROTHERS-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk = File not found
O4 - Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk = File not found
O4 - Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\PKG\LPBar64.dll (Webroot Software, Inc.)
O9:64bit: - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\PKG\LPBar64.dll (Webroot Software, Inc.)
O9 - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\PKG\LPBar.dll (Webroot Software, Inc.)
O9 - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\PKG\LPBar.dll (Webroot Software, Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7F1E70F-BFAF-494F-A614-55C99909ACBB}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (digest.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/22 21:52:26 | 000,000,037 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2922089572-4686520-4244951405-1005\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2922089572-4686520-4244951405-1023\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/25 17:24:40 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012/09/22 18:15:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/22 18:09:02 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/09/22 16:24:01 | 000,000,000 | ---D | C] -- C:\_MEI52882
[2012/09/21 23:11:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/21 23:11:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/09/21 23:11:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/21 23:11:42 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/09/21 23:11:42 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/09/21 23:11:42 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/09/21 23:11:42 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/09/21 23:11:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/09/21 23:11:42 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/09/21 23:11:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/21 23:11:42 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/09/21 23:11:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/09/21 23:11:41 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/09/21 23:11:41 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/09/21 23:11:41 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/09/20 02:54:01 | 000,000,000 | ---D | C] -- C:\Users\Abraham Justice\Desktop\MRI_Updates
[2012/09/20 02:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Geek Squad
[2012/09/20 01:04:58 | 000,000,000 | ---D | C] -- C:\Users\Abraham Justice\AppData\Local\CRE
[2012/09/20 01:04:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/09/20 01:04:38 | 000,000,000 | ---D | C] -- C:\Users\Abraham Justice\AppData\Local\Conduit
[2012/09/19 10:13:07 | 000,000,000 | ---D | C] -- C:\_MEI39722
[2012/09/19 02:20:10 | 000,000,000 | ---D | C] -- C:\Users\Abraham Justice\Pavark
[2012/09/17 22:56:31 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/17 22:56:30 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/17 22:56:29 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/09/17 22:56:29 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/17 22:18:04 | 000,000,000 | ---D | C] -- C:\_MEI34602
[2012/09/17 09:58:52 | 000,000,000 | ---D | C] -- C:\_MEI31922
[2012/09/16 22:35:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012/09/16 12:54:05 | 000,000,000 | ---D | C] -- C:\Users\Abraham Justice\AppData\Roaming\LolClient
[2012/09/16 12:23:06 | 000,000,000 | --SD | C] -- C:\Users\Abraham Justice\Google Drive
[2012/09/15 21:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2012/09/15 21:20:20 | 000,000,000 | ---D | C] -- C:\Riot Games
[2012/09/15 21:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012/09/15 20:53:29 | 000,000,000 | ---D | C] -- C:\Users\Abraham Justice\Desktop\League of legends
[2012/09/15 20:52:59 | 000,000,000 | ---D | C] -- C:\Users\Abraham Justice\AppData\Local\PMB Files
[2012/09/15 20:52:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012/09/15 20:52:54 | 000,000,000 | ---D | C] -- C:\PMB Files
[2012/09/15 16:49:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/09/15 16:34:59 | 000,000,000 | ---D | C] -- C:\Users\Abraham Justice\AppData\Local\adaware
[2012/09/15 16:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/09/15 16:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/09/15 16:34:36 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys
[2012/09/15 16:34:35 | 000,057,976 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbredrv.sys
[2012/09/15 16:34:35 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2012/09/15 16:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/09/15 16:34:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012/09/15 15:53:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/09/15 15:53:51 | 000,000,000 | ---D | C] -- C:\Users\Abraham Justice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/09/15 15:53:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012/09/15 11:00:50 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/14 01:13:06 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/09/14 01:03:53 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/09/14 01:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/09/14 01:00:02 | 000,000,000 | ---D | C] -- C:\Users\Abraham Justice\Desktop\RK_Quarantine
[2012/09/14 00:59:28 | 000,000,000 | ---D | C] -- C:\MGtools
[2012/09/14 00:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/09/14 00:54:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/09/13 23:47:33 | 026,228,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/09/13 23:47:33 | 019,828,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/09/13 23:47:33 | 014,879,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012/09/13 23:47:33 | 007,397,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2012/09/13 23:47:33 | 006,109,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2012/09/13 23:47:33 | 000,830,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012/09/13 23:47:33 | 000,247,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012/09/13 23:47:33 | 000,202,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012/09/13 23:47:33 | 000,189,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012/09/13 23:47:33 | 000,031,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012/09/13 23:47:32 | 015,291,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012/09/13 23:47:32 | 009,066,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/09/13 23:47:32 | 007,626,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/09/13 23:47:32 | 002,745,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/09/13 23:47:32 | 002,573,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/09/13 23:47:32 | 002,216,808 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/09/13 23:47:32 | 001,866,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/09/13 23:47:32 | 001,482,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2012/09/13 23:47:31 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/09/13 23:47:31 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/09/13 23:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/09/13 23:24:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/09/13 23:17:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2012/09/13 23:17:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2012/09/12 20:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2012/09/09 14:50:27 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/09/09 13:50:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/09/09 13:48:56 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/09/09 13:48:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/09/09 13:48:02 | 000,000,000 | ---D | C] -- C:\Users\Abraham Justice\AppData\Roaming\TestApp
[2012/09/09 13:48:02 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/09/07 20:59:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/07 20:53:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/07 20:45:34 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/09/07 13:49:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/09/06 03:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/06 00:54:08 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/09/06 00:54:08 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/09/06 00:54:08 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/09/06 00:47:07 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/09/06 00:47:07 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/09/06 00:47:05 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/09/06 00:47:05 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/09/06 00:47:05 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/09/06 00:46:40 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/09/06 00:46:40 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/09/06 00:46:33 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/09/06 00:46:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/09/06 00:46:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/09/06 00:46:28 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/09/06 00:46:23 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/09/06 00:46:23 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/09/06 00:46:22 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/09/06 00:46:21 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/09/06 00:46:21 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/09/06 00:46:15 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/09/06 00:46:14 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/09/06 00:46:11 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/09/06 00:46:10 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/09/06 00:46:07 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/09/06 00:46:07 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/09/06 00:46:04 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/09/06 00:46:04 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/09/06 00:46:04 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/09/06 00:46:03 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012/09/06 00:45:42 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/09/06 00:45:40 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/09/06 00:45:40 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/09/06 00:45:22 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/09/06 00:45:20 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/09/06 00:38:30 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/09/06 00:38:30 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/09/06 00:38:08 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/09/06 00:38:04 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012/09/06 00:38:04 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012/09/06 00:38:02 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/09/06 00:37:59 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/09/06 00:37:59 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/09/06 00:37:59 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/09/06 00:37:49 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/09/06 00:33:45 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/09/06 00:33:45 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/09/06 00:33:24 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/09/06 00:33:24 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/09/06 00:30:25 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/09/06 00:30:25 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/09/06 00:30:24 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/09/06 00:30:15 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/09/06 00:30:15 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/09/06 00:30:15 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/09/06 00:30:10 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/09/06 00:30:10 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/09/03 15:50:40 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/09/03 15:50:25 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/09/03 15:50:25 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/09/03 15:50:25 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2094/06/24 03:00:10 | 000,179,811 | ---- | M] () -- C:\Users\Abraham Justice\Documents\MPEG Streamclip Guide.pdf
[2012/09/25 23:40:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/25 23:19:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2922089572-4686520-4244951405-1006UA.job
[2012/09/25 23:14:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2922089572-4686520-4244951405-1005UA.job
[2012/09/25 23:13:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2922089572-4686520-4244951405-1005Core.job
[2012/09/25 22:53:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/25 22:49:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2922089572-4686520-4244951405-1000UA.job
[2012/09/25 21:19:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2922089572-4686520-4244951405-1006Core.job
[2012/09/25 18:26:48 | 000,019,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/25 18:26:48 | 000,019,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/25 18:19:03 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/09/25 18:18:20 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/25 18:17:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/25 18:17:32 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/22 18:15:44 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/22 12:49:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2922089572-4686520-4244951405-1000Core.job
[2012/09/21 23:15:47 | 000,756,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/21 23:15:47 | 000,644,794 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/21 23:15:47 | 000,114,510 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/20 15:14:14 | 000,000,422 | ---- | M] () -- C:\GSMRIAutomation.cfg
[2012/09/20 03:36:49 | 000,000,364 | ---- | M] () -- C:\Windows\qawin32.INI
[2012/09/20 02:21:05 | 000,000,051 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/20 01:04:33 | 000,000,923 | ---- | M] () -- C:\Users\Abraham Justice\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/09/20 01:04:33 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/09/16 22:35:05 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2012/09/16 12:23:08 | 000,001,704 | ---- | M] () -- C:\Users\Abraham Justice\Desktop\Google Drive.lnk
[2012/09/15 21:23:24 | 000,001,720 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/09/15 16:03:47 | 000,000,036 | ---- | M] () -- C:\Users\Abraham Justice\AppData\Local\housecall.guid.cache
[2012/09/15 15:53:51 | 000,003,209 | ---- | M] () -- C:\Users\Abraham Justice\Desktop\Sophos Virus Removal Tool.lnk
[2012/09/14 01:13:06 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/09/14 00:56:21 | 000,011,370 | ---- | M] () -- C:\Users\Abraham Justice\Documents\cc_20120914_005558.reg
[2012/09/14 00:54:14 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/09/13 23:52:28 | 000,415,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/09/13 10:55:41 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/09/13 10:55:41 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/09/13 10:55:15 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/09/13 01:46:10 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/12 10:26:56 | 000,001,242 | ---- | M] () -- C:\Users\Abraham Justice\Desktop\Cloud System Booster.lnk
[2012/09/09 14:03:49 | 000,773,410 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/09 14:03:48 | 002,187,201 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/09/06 12:59:16 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120913-232822.backup
[2012/09/04 19:15:58 | 000,002,498 | ---- | M] () -- C:\Users\Abraham Justice\Desktop\Google Chrome.lnk
[2012/09/03 15:50:19 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/09/03 15:50:19 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/09/03 15:50:19 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/09/03 15:50:19 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/09/03 15:50:19 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/09/03 15:50:19 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/08/30 12:14:00 | 026,228,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/08/30 12:14:00 | 025,256,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/08/30 12:14:00 | 019,828,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/08/30 12:14:00 | 018,229,096 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012/08/30 12:14:00 | 017,559,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/08/30 12:14:00 | 015,291,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012/08/30 12:14:00 | 014,879,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012/08/30 12:14:00 | 012,465,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012/08/30 12:14:00 | 009,066,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/08/30 12:14:00 | 007,626,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/08/30 12:14:00 | 007,397,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2012/08/30 12:14:00 | 006,109,032 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2012/08/30 12:14:00 | 002,745,192 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/08/30 12:14:00 | 002,725,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012/08/30 12:14:00 | 002,573,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/08/30 12:14:00 | 002,422,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/08/30 12:14:00 | 002,216,808 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/08/30 12:14:00 | 001,866,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/08/30 12:14:00 | 001,760,104 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012/08/30 12:14:00 | 001,482,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2012/08/30 12:14:00 | 000,971,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2012/08/30 12:14:00 | 000,830,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012/08/30 12:14:00 | 000,247,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012/08/30 12:14:00 | 000,202,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012/08/30 12:14:00 | 000,016,366 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012/08/30 10:40:14 | 000,429,416 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/08/30 09:18:05 | 000,118,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012/08/30 09:18:05 | 000,063,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012/08/30 09:18:04 | 003,487,434 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/08/30 09:18:01 | 003,266,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012/08/30 09:17:59 | 006,198,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012/08/30 00:27:10 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/30 00:27:10 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/29 11:14:29 | 000,149,752 | ---- | M] (Webroot) -- C:\Windows\SysWow64\WRusr.dll
[2012/08/29 11:14:29 | 000,110,160 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\WRkrn.sys
[2012/08/29 11:14:29 | 000,102,896 | ---- | M] (Webroot) -- C:\Windows\SysNative\WRusr.dll
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/22 18:15:44 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/20 03:21:36 | 000,000,364 | ---- | C] () -- C:\Windows\qawin32.INI
[2012/09/20 02:37:56 | 000,000,422 | ---- | C] () -- C:\GSMRIAutomation.cfg
[2012/09/20 01:04:33 | 000,000,923 | ---- | C] () -- C:\Users\Abraham Justice\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/09/20 01:04:32 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/09/16 22:35:05 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2012/09/16 12:23:08 | 000,001,704 | ---- | C] () -- C:\Users\Abraham Justice\Desktop\Google Drive.lnk
[2012/09/15 21:23:24 | 000,001,720 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/09/15 16:34:45 | 000,001,828 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/09/15 16:03:47 | 000,000,036 | ---- | C] () -- C:\Users\Abraham Justice\AppData\Local\housecall.guid.cache
[2012/09/15 15:53:51 | 000,003,209 | ---- | C] () -- C:\Users\Abraham Justice\Desktop\Sophos Virus Removal Tool.lnk
[2012/09/14 00:56:00 | 000,011,370 | ---- | C] () -- C:\Users\Abraham Justice\Documents\cc_20120914_005558.reg
[2012/09/14 00:54:14 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/09/12 10:26:56 | 000,001,242 | ---- | C] () -- C:\Users\Abraham Justice\Desktop\Cloud System Booster.lnk
[2012/09/09 14:03:59 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/09/09 13:49:04 | 002,187,201 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/08/30 10:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/08/28 22:54:57 | 002,023,203 | ---- | C] () -- C:\Users\Abraham Justice\Desktop\WP_000710.jpg
[2012/08/06 15:17:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/06 15:17:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/06 15:17:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/06 15:17:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/06 15:17:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/30 09:46:40 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/07/20 20:54:37 | 000,000,088 | ---- | C] () -- C:\Windows\ENX230.ini
[2012/05/02 19:54:46 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/10/18 00:42:44 | 000,000,258 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2011/10/06 22:30:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/09/14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/05/26 12:30:25 | 000,000,000 | ---- | C] () -- C:\Users\Abraham Justice\AppData\Local\{CF581888-305B-406C-AEF2-FF7CEA101864}
[2011/05/18 15:55:57 | 000,001,940 | ---- | C] () -- C:\Users\Abraham Justice\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/04/05 17:16:58 | 030,688,420 | ---- | C] () -- C:\Users\Abraham Justice\Bone Thugs 'N' Harmony - Bone Thugs 'N' Harmony - Rap City (Freestyle Video).mpg
[2011/04/05 17:16:55 | 051,717,360 | ---- | C] () -- C:\Users\Abraham Justice\Bonethugs N Harmony - When Thugs Cry(video).mpg
[2011/04/05 17:16:54 | 047,932,256 | ---- | C] () -- C:\Users\Abraham Justice\Bone Thugs N' Harmony - Resurrection.mpg
[2011/04/05 17:16:52 | 046,741,724 | ---- | C] () -- C:\Users\Abraham Justice\Bone Thugs N Harmony - Thuggish Ruggish Bone.mpg
[2011/04/05 17:16:49 | 042,437,327 | ---- | C] () -- C:\Users\Abraham Justice\Chris Isaak - Wicked Game (Music Video).mpg
[2011/04/05 17:16:32 | 039,440,604 | ---- | C] () -- C:\Users\Abraham Justice\Jamiroquai - Virtual Insanity.mpg
[2011/04/05 17:16:11 | 047,236,036 | ---- | C] () -- C:\Users\Abraham Justice\Tupac - Hit Em Up (Music video Unedited).mpg
[2011/04/05 17:15:23 | 091,965,432 | ---- | C] () -- C:\Users\Abraham Justice\The Avalanches - Frontier Psychiatrist.mpg
[2011/03/28 21:12:33 | 000,001,109 | ---- | C] () -- C:\Users\Abraham Justice\AppData\Roaming\.minecraft - Shortcut.lnk
[2011/03/17 10:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/21 00:56:22 | 000,412,916 | ---- | C] () -- C:\Users\Abraham Justice\2v2 Comeback Kings.zip
[2011/01/10 21:45:55 | 000,000,000 | ---- | C] () -- C:\Windows\pcfriend.INI
[2011/01/08 21:33:06 | 000,339,968 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2011/01/08 21:33:06 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2010/09/29 01:03:37 | 000,003,584 | ---- | C] () -- C:\Users\Abraham Justice\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/17 22:07:18 | 000,109,673 | ---- | C] () -- C:\Program Files (x86)\Armies of Warhammer 40K.rtf
[2010/09/12 22:43:42 | 000,000,120 | ---- | C] () -- C:\Users\Abraham Justice\webct_upload_applet.properties
[2010/08/27 01:15:19 | 000,007,598 | ---- | C] () -- C:\Users\Abraham Justice\AppData\Local\Resmon.ResmonCfg
[2010/08/26 02:57:38 | 000,004,103 | ---- | C] () -- C:\Users\Abraham Justice\TFWsettings.script

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

Edited by TheWhiteKeys, 26 September 2012 - 01:48 AM.


#8 TheWhiteKeys

TheWhiteKeys
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 26 September 2012 - 01:47 AM

Nevermind had to go look for one but here is one I scanned!

OTL Extras logfile created on: 9/25/2012 6:24:33 PM - Run 1
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\Abraham Justice\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.03 Gb Available Physical Memory | 75.45% Memory free
19.99 Gb Paging File | 17.81 Gb Available in Paging File | 89.10% Paging File free
Paging file location(s): c:\pagefile.sys 12284 12287e:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 314.10 Gb Free Space | 33.72% Space Free | Partition Type: NTFS
Drive D: | 689.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 7.64 Gb Total Space | 2.95 Gb Free Space | 38.61% Space Free | Partition Type: FAT32

Computer Name: BROTHERS-PC | User Name: Abraham Justice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url[@ = internetshortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"AntivirusOverride" = 0
"UacDisableNotify" = 0
"AntiSpywareDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A50FC3-BC0C-462C-8AE3-34600DFC3CA7}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{02651C14-08FA-4D5C-804E-BC7CDE650F34}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{02E14C2C-E417-4128-BC3F-AF69EC134F8C}" = lport=3390 | protocol=6 | dir=in | app=system |
"{036D3EF5-39E7-4396-A460-C6C23414573D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{04BC8E64-A7C7-4A7E-9585-0CDCDBE18D6C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{04C49CBF-B9CC-4511-931C-895761305418}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0697571E-8DAA-443F-8265-23E0E3170E85}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{07D2FB1D-8AE8-4C21-9C71-BBF63CA39042}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{0B99D815-B891-4FA4-B7B7-1B6E887909AB}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{108607C5-AE39-49A3-AE7B-CAF82194EE48}" = lport=2869 | protocol=6 | dir=in | app=system |
"{10D9C67F-CD80-4D9F-854D-430FF2BAA453}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{125F2365-C181-4973-8B27-FF9C91241E53}" = rport=10243 | protocol=6 | dir=out | app=system |
"{14F2B0ED-9D7C-4910-8551-C7F50643907B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1538877B-4F7E-4D7B-AFEA-16A5FC00718A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{172E043C-BF6B-42F8-A457-B4C3BD2E5B66}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{187F6910-5DB9-4F18-ADEF-16249BCFB763}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=%systemroot%\system32\svchost.exe |
"{19E5772A-8ACF-48AE-92E9-738C56ECFFBA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1E00C0BE-D73F-4BAF-9490-27F6A9AC75A2}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{21F0FDA4-80D9-431B-895B-3133E8D12796}" = lport=137 | protocol=17 | dir=in | app=system |
"{2A048FEC-ED24-412C-85C1-62E3A599D253}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2AE0E035-01AE-46D7-B451-46D176AF7064}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2B7A0D93-5B42-4CF4-87C2-D6AC7AC03B32}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2DCC2391-98C6-4AC8-AE24-43B23C819ED4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2FCB53E4-BA7F-4AEA-BFBB-959907FE3454}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{34334983-61CC-4ABC-B509-1D815380861E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{343A5E8C-8A80-4160-BF62-F4046D4B2486}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{36CC449C-18B3-4133-9EA6-A04D94DE4FEF}" = lport=1900 | protocol=17 | dir=in | app=%programfiles%\zune\zune.exe |
"{36E1B374-37CE-40FB-BDD5-498C0C9F3434}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3B02E208-3567-49A2-9BDC-BEEA7EA9EDBD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4038C19F-BFAA-484C-B5DE-CD718676608A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{410BE253-1CD2-4A9C-A757-C58701E76952}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{41731B7E-39EF-4FD4-A03F-0D871343BC6F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{44098133-EB21-4A85-B59D-9DC31C029A60}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4AA75A78-5434-4B1A-97B3-C0368700CEEE}" = lport=139 | protocol=6 | dir=in | app=system |
"{4B2B09BD-BFEA-4C99-897A-63034EF90A25}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B9C57E8-5B82-4845-BF78-A8CA6A2DF9DA}" = lport=138 | protocol=17 | dir=in | app=system |
"{4C79187A-5D21-455C-8709-60B3DB48235E}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{4C830334-2FAD-4538-A4EC-D8D4C56E4E67}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{50888A65-2B40-444E-81E1-0A122C5C81FA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{53C01114-5003-4E08-A9E2-8BF807E3FD31}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5B41A93B-D9F9-4CB2-A112-F95A854DC195}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5DD767BF-DC40-485E-AE24-A0EAC9B798D8}" = lport=10244 | protocol=6 | dir=in | app=system |
"{601BB40F-64AB-4431-A616-31F29BAD1FC9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6065675E-41F5-4090-BCDA-1BA5D89E74C4}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{640936EC-1E42-4C70-BFED-BC8FA2F7425F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{65179A93-1828-41B1-8453-BED45CA65279}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{674CC5EA-01A6-470C-88B0-459F52362589}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6A2F1FEA-8C40-486D-A956-CA169D41DF2C}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{6AD964DB-21CC-41D8-81BD-264C088FA44C}" = lport=4100 | protocol=17 | dir=in | name=upnp router control port |
"{6BED3BAC-8725-4931-9526-A805F5518EB3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6EA4F843-5A2C-4306-B9C1-D45BA08F4CE0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{71D0F5DB-63CE-4627-B4FF-85B04DEB867F}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{741AA683-1B22-4A0D-B17E-8BFFEE017BC8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7928FE0B-7F09-4C1B-A8D0-2B8C10D79F84}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{80B28BF2-07CB-4E9E-8B37-C90D694B6B39}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{84717469-850C-4470-98CF-FF8B295DE074}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{85DA6CE7-1268-4687-94E4-7813C219A194}" = lport=2869 | protocol=6 | dir=in | app=system |
"{88397FF8-A9C1-4A37-A807-D56C925C720D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8BBD12FE-0EF8-49F4-B481-6EA5767E522C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8F4E13AE-5641-4B20-8B7C-FC245F075B11}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{910CA68C-63EE-419B-9955-562D437A11AA}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{93CBD455-7991-43C2-9C87-D2072BA4142B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{947BD836-EC02-48BD-B884-2E647B256C4A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{95E544CF-B1DC-47A7-92A7-2F90993420C2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9660338D-1FE7-4B3E-A78A-C9ED0D4FEFE9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{982C49C4-1A87-471D-BA29-7E9453B03170}" = lport=2869 | protocol=6 | dir=in | app=system |
"{99748F6C-A02E-42AC-8AAE-5493B0488C33}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{9A03FD34-E3A7-49C9-A1EC-D5E283DCB571}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9A758512-2F0A-4F4E-9D64-E501F079CE8C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9B3A69D7-499E-42A2-8808-6256D4DABD00}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9C5958D3-E3F3-4673-9A42-986D6D1C63B5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9D174602-E35D-41AC-8C2B-B0D219AB6557}" = lport=445 | protocol=6 | dir=in | app=system |
"{9E37104E-C386-4CA6-A9EA-7AC3C6B8D458}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A05BB34A-318E-4383-B987-223EFD67B9AB}" = lport=3390 | protocol=6 | dir=in | app=system |
"{A1CE8CDB-C207-40EA-8645-EFB6EFF68A08}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A247EBA8-ADF1-45FD-972C-D097924D1900}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A431F47D-AF47-404C-9896-3745E56719ED}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{A76A9E43-E1EA-4530-B9E5-5263935AA18D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B1F091D0-F6D7-4A9A-99CC-5A58D3F7927B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{B4DDCFDC-2478-4161-A874-F69BF75F9C8A}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{B5973731-F8A8-4F73-AED9-91666E015A20}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B5D3EAED-C071-4C5F-9224-4CFB79ACEEDE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B7376724-D764-49EE-8B5F-D2AED0D0743B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BA9689B4-33E2-4A35-B099-8BB748C8F319}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{BDC858A4-EEB9-44B2-98C2-65561D89CD55}" = rport=137 | protocol=17 | dir=out | app=system |
"{BE153FC4-C5A4-48CF-8A38-30C5D824F97D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BF2374D8-E527-4AF2-90E7-A2050DED4FE9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BF36900C-479A-4D17-8F7D-D21C90D8954C}" = rport=139 | protocol=6 | dir=out | app=system |
"{C20E88B0-5096-416D-A4BC-9C1E7921A0CC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C4AC7A36-5B5D-4947-8862-87BD2AF6B4CF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C7EC3033-A15A-4144-ADCC-FDDB504722A0}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{C912474E-FBB7-4C62-8131-9A90071CCF81}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CC6B2DA1-C244-47C1-9846-3EF531F06837}" = rport=138 | protocol=17 | dir=out | app=system |
"{CEC096CD-67BC-4E79-951B-F4AD51D14DDD}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{D354F69C-3F6D-4006-84EE-88F94EA64369}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D3A0A1E0-9DC6-4846-8E08-6F19898A5A57}" = lport=10244 | protocol=6 | dir=in | app=system |
"{D3E4E089-361B-4A0C-AAC7-4E0527F80654}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D455E011-6633-45D9-BA51-0656D7B42C69}" = lport=10245 | protocol=6 | dir=in | app=system |
"{D81AE802-9E36-4871-A412-AC20A89F8176}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DFDEC112-C7A2-4D66-B7DD-DAFE6D96F218}" = rport=445 | protocol=6 | dir=out | app=system |
"{E173BC4F-6E1D-45B8-8B16-D81B41A07D28}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E9C8754E-B47B-498C-887C-C4E84927475C}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{EB852CD4-862D-4E65-86BC-70A797D17299}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EFEBF505-F4D4-4D07-AD8F-282637D984C5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F2EC2811-69B3-4EC8-B9A2-94AA302F663B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F618BA98-EBF7-40F2-8A9A-9D3DAC7F6EA9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F884EA8B-2B02-40B4-8343-A4B7C1978DD4}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001AC95D-DFC2-421A-B8D3-499439275303}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{01AFA84A-B36D-4CE3-988D-F5676C8EDD48}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{01D89C39-89BE-4AED-AEC4-E454F9AC3EEA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount & blade with fire and sword\mb_wfas.exe |
"{020B6097-1C95-49BD-8DDE-DEFD287B17FF}" = protocol=17 | dir=in | app=c:\program files (x86)\trion worlds\end of nations\rtsclientg.exe |
"{02754B53-A49B-4345-B8A0-704D1A4891DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe |
"{04B61419-1428-48EA-AC87-0AC560B37A55}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe |
"{099E9BB5-9752-4CA6-8FA4-889AEE8D65A3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{0AA59292-8D04-4330-BD4C-22907AF632A0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of goo\worldofgoo.exe |
"{0AC68AC0-1D27-4EC7-9DF8-4B6EA2667834}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{0DE12093-259B-4AAC-91EA-4E7C599C5934}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pblauncher.exe |
"{0E3F2A72-1B5C-4191-9EC4-A3BF93AC41DA}" = protocol=17 | dir=in | app=c:\program files (x86)\bf3 alpha trial web plugins\sonar\sonarhost.exe |
"{0E94022C-258F-4A6F-BA75-8847FAD0F5EE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{0F91A104-236C-4A7A-B084-DDCAE3415A27}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{1232B02B-5F2D-4551-8AD2-D465B0AF4780}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer red alert 3 uprising\support\ea help\electronic_arts_technical_support.htm |
"{13084467-A46D-4F70-AF86-03DCC0E23142}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{138372E2-74E4-46DE-8AE7-B2EF7F410714}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{14DCD7EE-5701-4FB9-BA4D-670D4FBD76FE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer red alert 3 uprising\ra3ep1.exe |
"{15C0DA2A-0AC8-4CD6-8F76-86A372F475F1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{15D45B6A-3497-4593-BC07-094C9003A760}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\theatre of war 3 korea\korea.exe |
"{16BF40FF-36DE-4414-873B-C86D9C6CFEA7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe |
"{17360B97-6F9D-43B2-89EA-E529C033408A}" = protocol=17 | dir=in | app=c:\users\abraham justice\appdata\roaming\dropbox\bin\dropbox.exe |
"{17B52ED1-F09F-48DB-A8D5-D1297451EE76}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{18102153-36C1-43EA-B811-13C0F638350C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{1843EE3E-4DEE-4AC8-9A97-CC8A10ED6256}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{19709FBC-59CE-4307-8382-745C0753F1DD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction\redfaction.exe |
"{19B7D6F4-9ECA-40B3-B909-DCB7891401F6}" = protocol=6 | dir=out | svc=winmgmt | app=%systemroot%\system32\svchost.exe |
"{1A5880B0-03CE-4287-855A-D8061BF80DCD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{1AAD6CAF-F51A-4E52-A8D6-72262A510338}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1CB3982A-1FAD-4DBA-82DE-1B1EFD5E26D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{1CBDD015-50CA-4BF0-B50C-0BE034451F0E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\edge\edge.exe |
"{1D3493DC-AE25-4488-9C16-9951155B3408}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1EE136C8-F540-4F5E-91A5-EE19240FA907}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war red tide\redtide.exe |
"{1F6C7475-24FC-406C-B0AC-49AB9B92630E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe |
"{22BE62DA-0DD4-4E71-9136-BC6BE50CF6B3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{22EAD02C-0FF8-4470-924D-F4CADFDF9636}" = protocol=6 | dir=in | app=c:\program files (x86)\gsc game world\cossacks - back to war\bin\dmcr.exe |
"{233C05BD-A69F-4A4E-8B25-B35F04588AE3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medieval ii total war\launcher.exe |
"{2402A099-0210-4CFB-8320-650834041970}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{24F835BD-C921-43F5-9D41-9411F9106F11}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{2806DFFA-F318-4177-B5A6-0EAA71FA65D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{29B93EA3-CF68-4D2C-9F23-AD3BAAAA9CD7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2A00E481-618F-4132-9D10-92148C509573}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction ii\red faction ii.exe |
"{2B90A8D0-5517-4226-B4C4-846F33AA6939}" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"{2DF3B856-49E5-48FE-9DE9-0F67EED379C6}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{2E860C9A-2EAF-45C4-B9F8-F85E7E5A519F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supreme commander 2\bin\supremecommander2.exe |
"{2F814432-FBAD-4FCC-8164-985700696464}" = protocol=6 | dir=in | app=c:\program files (x86)\deep silver\s.t.a.l.k.e.r. - clear sky\bin\dedicated\xrengine.exe |
"{2FC9A832-4A0F-4E01-8E74-282F53CA362F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{314D3409-7DDD-4098-8642-BDB782BD7017}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{318C52D3-03A2-4F6A-B01B-EA219D6B6036}" = protocol=17 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{32B38C39-F190-46FC-A93F-F985734DEBF2}" = protocol=6 | dir=in | svc=winmgmt | app=%systemroot%\system32\svchost.exe |
"{33A9C28B-D2C8-4BE3-B890-0CA684995EED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{33EAA4BF-B6AE-4B8A-8B80-151847BF0D9E}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\playmaxpayne3.exe |
"{34FB5FE0-A513-47C3-94EC-3B22034C5A1C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{34FC22BB-6BAB-4640-80EE-1F9CE7E881AF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer red alert 3 uprising\ra3ep1.exe |
"{35AA7895-4588-4E03-9199-C9E63C72B27F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{365794C3-1387-4860-B0EC-C2CDD351AA02}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{3702D1ED-AB5C-4547-8C44-C033D84E56F3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{38982C78-A3DB-4CB5-9294-2738205C26CB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{38CE1AA9-2DA7-4FF6-A663-6BFB54721100}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\binaries\masseffect2.exe |
"{396FDEB9-6805-48E5-891D-AF25367D4D4C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{3A580020-A87E-4E9A-84A5-D21B5D10CD51}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{3B6FC948-CAFF-47E0-9A5D-344A92962229}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{3B8666C4-0EB8-4C6F-9AD5-D85B895AF9F4}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{3F6BE717-4165-4BD2-8D9E-2B03CE1CDA23}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{40073003-0F32-46B0-BDB1-96B0C1A730CF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{425D198B-C72B-4A96-87F9-BBFB9838AF12}" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"{42E47711-C786-4A74-8597-DF82676CF9B2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\men of war red tide\redtide.exe |
"{434E9321-A094-4583-B458-B904290B9514}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{45916F81-B5F5-497C-93D4-059AB76A1772}" = protocol=17 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{45FB5121-B1B2-4DE6-808B-42847B91A5DB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brink\brink.exe |
"{4BC6AA80-F96B-44A4-A921-B33626C22091}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{4BEBE4F4-F713-4F12-8D94-56B97CF744AC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{4D016B33-9ED5-405E-8C27-2CCFF8DBA2C5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4E81519F-259C-4643-AE5B-9374F645EABA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4EBF46FD-1505-4143-877E-A831968B559F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 3\bf3.exe |
"{54976EFD-21E3-4853-9374-E558A2F7E33D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{54E1894C-BCAD-45C1-94FF-53AC727AF2E9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe |
"{55D68565-0D25-4FD2-B04F-A905D40D9F81}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{56EE483E-8631-4A32-96A0-116438F4B0D4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{57395996-DEFB-4599-B68E-BAB79E02F1F5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount and blade\runme.exe |
"{577BCDFF-EA64-48D2-A77E-F62CB9CDC5BB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{59734AE5-D623-4BCA-B76A-A3DF3AA6FCF8}" = protocol=6 | dir=in | app=c:\program files (x86)\bf3 alpha trial web plugins\sonar\sonarhost.exe |
"{5A8F034F-5CCA-484B-85DB-EF1239342F6C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5B62906C-CCD2-4E56-8132-7CB557F9F88A}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\playmaxpayne3.exe |
"{5BD8E721-1396-458A-8EEA-FF383F80B9AE}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{5BFB7996-90EB-4F02-AD10-D093B83C3771}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{5CCD4C63-4A4F-4591-8F90-6F28EEBB9285}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{5F5E09B4-4E5A-4BAB-9A62-BE23FA16CE74}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\medieval ii total war\launcher.exe |
"{5F99D38D-9018-43BB-B8F8-7F036883026B}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{603EA6B8-E5F2-46AF-A540-70FD91CE1104}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{6215F723-9CEC-4AC8-BF96-772738FAC46B}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{63E9F890-1B67-4651-974D-275DC2295509}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{65F9A023-5FB0-4F63-BBEB-35BE70ABD5E1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{661206F4-2565-45E0-B5B6-626181A289F9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{67A1B0EE-BD86-466D-9498-20B9412A7CC2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{680E5C39-EBBF-4552-BCD6-1D24101BD64A}" = protocol=17 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{68332026-DB52-44CE-8FC0-6867A58DB30D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\mp\builds\binaries\bioshock2launcher.exe |
"{6D666AD8-B2B5-41E6-8090-CCD9CD0BA928}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6F754F1A-77E7-488E-BB08-C1675644C0AA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6FE9FC9C-B2EF-477F-B321-0CA4CE9729C7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{7141BFFC-3653-465F-890B-B71151D93503}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{71713319-7AD0-469D-A513-E219EB19D56F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe |
"{74914904-9868-46B4-A0ED-0BB708268633}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{75298761-7035-4F05-8476-F9E572069232}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{78764CD5-E792-44AC-8F2B-856115987634}" = protocol=6 | dir=in | app=c:\program files (x86)\trion worlds\end of nations\rtsclientg.exe |
"{7AD74B96-925A-42A1-A3A7-51B09C740C1A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\launcher.exe |
"{7B31AFC5-23AC-4FB7-BF1F-B028BBC2C097}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7B767BC1-83D3-4A35-B14A-FA8BAE83E955}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\theatre of war 3 korea\korea.exe |
"{7B86D080-9895-4299-9CC3-AFB097CE8AC8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\edge\edge.exe |
"{7EC8E095-DF6C-49FF-97C6-D9B7A29FF5D6}" = protocol=17 | dir=in | app=c:\program files (x86)\army builder\armybuilder.exe |
"{7F4C2491-8811-4F13-B763-62B29909CEB8}" = protocol=6 | dir=in | app=c:\program files (x86)\deep silver\s.t.a.l.k.e.r. - clear sky\bin\xrengine.exe |
"{8268482F-A057-41FE-ABEF-9CBED86FD161}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{835A1ABB-5667-4364-947D-BABE31CC97A4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{83962AB7-B9F1-4D0E-8D65-457D50443E8B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{841D87D7-6CC9-471B-B665-92D26DBB2BED}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pblauncher.exe |
"{84C786A2-4169-4360-A34E-388C238B47B2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{85BBDBE2-9834-43BA-BBB5-C4BA0F4B6978}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{86D62867-BA26-4575-8BDF-551A5D06BFE2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{899C1129-F418-46FD-9E96-7122613F1ABD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\osmos\osmos.exe |
"{8A52B76D-C7D4-4AF6-AB02-0DCA5BACFDC9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8D62DD44-10B1-43AD-9CAE-C52579CF7AD1}" = protocol=6 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{8F89C00E-C6B7-490C-A7D3-A42717C892F1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{912E3DBF-3442-4460-A693-64A25D579A89}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{92FC8565-2AB0-4CD8-8148-76A53FAA159C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\hirezbridge.exe |
"{941CEC28-BB07-4CE5-AA78-68532D15C05C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\docs\ea help\electronic_arts_technical_support.htm |
"{96899CB9-83F6-4A41-A914-A223BD606904}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{971A92FC-9141-4FA0-ABDC-02D890018D02}" = protocol=6 | dir=in | app=c:\windows\system32\lxdccoms.exe |
"{985E4A0C-033A-44C4-B8C8-8B52701B16D2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{98721C9F-17C8-4D11-8D48-603EB66135A3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pbclient.exe |
"{98DC9633-69B6-4979-916D-074BF2F94901}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{99A6DA1D-C17E-4FD5-86F9-757CE5A4D3A5}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{9AC7434D-74E5-478A-BEB6-157BB6957837}" = protocol=6 | dir=in | app=c:\program files (x86)\army builder\armybuilder.exe |
"{9BE2AE23-6F5F-49C7-AC49-DC49D5C117D3}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{9D38C214-1B11-4D53-94F3-B82DD42A4DF4}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{9E82B091-C14A-4C39-8F98-C33E6DDE3611}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{9F03288E-EA87-4DCD-8981-47105B151BAA}" = protocol=6 | dir=out | app=system |
"{A0919C9A-F6D0-4AE8-A122-6EA1FA13A887}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{A3290919-3EC6-4418-B0AF-AC8F3AC62714}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\launcher.exe |
"{A330C8B5-9182-4857-B251-E6413176E6B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw.exe |
"{A507C8F3-8104-47FF-ACA0-8CC42BE3A26E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect 2\masseffect2launcher.exe |
"{A5AB39C1-DFD8-4054-AE6C-9EF4E9932D31}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brawl busters\bin\pbclient.exe |
"{A6106973-6B8E-40F3-BF5D-36080D605120}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe |
"{A6EDCE67-376B-4579-8335-49BB94EB9CDE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mountblade warband\mb_warband.exe |
"{A721B18E-EB3A-4A7D-958C-414739794415}" = protocol=6 | dir=out | app=system |
"{AC922778-0961-48EF-A001-C31E2956C316}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{ACBD4D77-C9E7-45AD-82CF-28D38C3C7EA4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{AD752D43-47CB-4743-B844-FBEA83C0A828}" = protocol=6 | dir=in | app=c:\users\abraham justice\appdata\roaming\dropbox\bin\dropbox.exe |
"{AE811B20-825D-4B12-8298-78CB87EC6EE0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{AE81B473-3F18-4C69-B26B-F363B2410DEE}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 3\bf3.exe |
"{AF2B733D-2DBF-4CCA-8078-6A56F247D8FE}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{B0A2F029-58C0-4BB5-832B-F1EFB364A195}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction\redfaction.exe |
"{B22661E3-664A-40A8-B2DA-3466C517E990}" = protocol=6 | dir=out | app=system |
"{B32BF95C-2130-43C5-BA8A-7F17E7A2EA02}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B425AE5B-2C07-4E08-807B-A80B2C3D0F9E}" = protocol=17 | dir=in | app=c:\windows\system32\lxdccoms.exe |
"{B44F8669-C4C1-4E51-83E1-1B1B6117415A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount and blade\runme.exe |
"{B6F79EC5-0C04-4D23-B5EF-71D6071E24E8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{B939B67D-DC36-460A-9466-C8D30490CB09}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{B97515FB-8CB8-4602-A886-29E0DCCD5975}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BA8940C0-D689-49B7-AA88-CC5C2D2CCF3A}" = protocol=6 | dir=in | app=c:\users\abraham justice\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{BD87E6E3-7142-4B7A-BC85-5A949188732B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe |
"{BD982424-9A7E-4367-A055-52FC33684AA6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BDA39A75-3FF8-428F-ADDD-332B779AFDA5}" = protocol=6 | dir=out | app=system |
"{BE250AC8-C8F9-4C3A-A116-B01EF8CF2336}" = protocol=6 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{BE5FFCED-18ED-4769-8F2D-A74D42098FB7}" = protocol=17 | dir=in | app=c:\program files (x86)\deep silver\s.t.a.l.k.e.r. - clear sky\bin\xrengine.exe |
"{C0757AA5-A6BC-4975-BEC7-9C47451E3100}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C1976BBF-EF92-45E4-B845-7634417C8B28}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{C1B2584F-38D1-4226-BDA4-9D50B6AFF52D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{C206DD3E-0F82-42A9-B929-94C6A6E1BF6D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2launcher.exe |
"{C246825C-BE61-42A3-8036-F5F099866EC1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C2B16572-AA5D-467B-A1F8-6FB9A01D61B9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{C2E7E47D-A65A-439F-8814-470DC360D9BF}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{C4336ED9-398E-470B-B8B7-9229575C759A}" = protocol=17 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{C737D675-F483-42B8-B7CE-788B3D7093C5}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{C746733E-7827-4A02-9ED2-C9D34385F0C1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{C8178416-3A61-47E7-A744-EDB48166498A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CF2AE46F-E943-451A-9A47-8105F451BB39}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\osmos\osmos.exe |
"{D05AFB4A-CE8B-4200-A295-EA93989C31ED}" = protocol=6 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{D3871056-DE27-4824-8D87-861D418F9844}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D40DBE6D-89D0-4A01-97E9-1BAD89562C7A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brink\brink.exe |
"{D6A65EBA-CAF9-4C9F-A78F-531BAEDD568C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe |
"{D6C2E47B-BB38-4CA8-BD9B-A1598ED89420}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D7F0D51E-5FEE-4949-A9F2-E1BE6305903E}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D88603A4-32A9-4109-A67E-84AA91E8655A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D97ACD57-AC79-4502-A3C6-E0556D3A282C}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DA460493-4484-4313-B6E7-F7A8BC507A09}" = protocol=17 | dir=in | app=c:\users\abraham justice\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{DD542B45-7372-4106-94F9-F877C9FC6D00}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{DE498A64-1516-4523-9637-06BDEA02C38A}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{DEAB5598-C613-4C86-B676-3F5C2A6A9A84}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mount & blade with fire and sword\mb_wfas.exe |
"{DF0B80D5-765E-4A2B-AB3A-CCEC9D17D8F2}" = protocol=6 | dir=out | app=system |
"{DF1DE5D4-AD53-4431-8666-EC2FB9A32B96}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E0064279-40D1-429C-AA67-7302ADC2CB4B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe |
"{E2215E06-64A6-4A90-9260-397621942D4E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E33688D8-8D62-4057-AAD5-BC972EC8B587}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E474B78D-186E-42C7-A8E7-F995FB13B2AD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of goo\worldofgoo.exe |
"{E64FC78C-4F63-4B7E-93D2-42CD9B9A603B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\cameron_mehrabian\counter-strike\hl.exe |
"{E73CC36D-2234-464E-A247-27AE67926115}" = protocol=6 | dir=out | app=system |
"{E809562E-D638-43EB-A135-00E48FC14AAA}" = dir=in | app=c:\users\abraham justice\appdata\local\apps\2.0\1xlhdtma.atz\r880aajq.5ma\coho..tion_4fdd38d166a17713_0001.0001_2ea3ae6aea32b9ef\coholauncher.exe |
"{E8CE5AB9-9F7D-4B2A-93B8-41D804DBBF50}" = protocol=17 | dir=in | app=c:\program files (x86)\gsc game world\cossacks - back to war\bin\dmcr.exe |
"{ED95D1AD-E52D-467E-9977-5988E53E5D29}" = protocol=17 | dir=in | app=c:\program files (x86)\deep silver\s.t.a.l.k.e.r. - clear sky\bin\dedicated\xrengine.exe |
"{EDCA20EB-D3A6-4924-9FBB-4210FE32D57A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer red alert 3 uprising\support\ea help\electronic_arts_technical_support.htm |
"{EDD05B65-2378-4DE8-95CF-39976DCB7051}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{EF9BFA52-B014-45C0-9358-078B74FBC4D8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F1939C05-89C0-4A01-81FF-F5679D8AC616}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{F1D7D855-F93D-4A7F-A536-602B88C39EB4}" = protocol=6 | dir=in | app=%systemroot%\system32\wbem\unsecapp.exe |
"{F40880EE-A9FC-4915-8600-B99AE471CD8C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\cameron_mehrabian\counter-strike\hl.exe |
"{F490C634-0B3A-423A-8465-14B766E75406}" = protocol=6 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{F777DD95-1C4D-4579-8CAB-1C6E76891BCE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F7E94FCB-8471-4669-AFE8-E2D8B6433CA2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red faction ii\red faction ii.exe |
"{F8083FED-3104-405B-AFB4-5594114F9FA9}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{FD045642-44F9-4B33-ABFB-E653F3ADFCDA}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{FD2D3D0F-EFA7-4737-8283-BB1F178A1EF7}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"TCP Query User{1026D2EE-1434-4FA4-A21B-D1BABEA7EFC3}C:\users\abraham justice\downloads\null\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\users\abraham justice\downloads\null\pando networks\media booster\pmb.exe |
"TCP Query User{1CF879B6-9002-40B5-82E3-F6AEF1AAAD63}C:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe |
"TCP Query User{34A1D5F0-A220-4977-8FD9-B119FA569994}C:\program files (x86)\steam\steamapps\jtbrekhus\source sdk base 2007\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\jtbrekhus\source sdk base 2007\hl2.exe |
"TCP Query User{37213786-2824-4A5A-95EA-EEA1CD9D246B}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{3C05CE6D-8F52-48ED-9B58-9C6A6F37085B}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{4197184D-1BE5-47AC-8D58-44B4427E381A}C:\program files (x86)\gamespy\comrade\comrade.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gamespy\comrade\comrade.exe |
"TCP Query User{440E761C-93EC-44B6-84A7-CB0A7698E08B}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{4B11525C-AB44-4D40-B31B-2502F7FD1FE6}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{5EF5036B-DF3A-4EAC-AB05-A1D392B905CD}C:\users\abraham justice\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\abraham justice\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{63BC117D-1471-4C93-AB9C-AA0F1B4A5A9A}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{65F327C5-70F6-4520-A186-B84E9EA4541B}C:\users\abraham justice\appdata\local\apps\2.0\1xlhdtma.atz\r880aajq.5ma\laun...app_59711684aa47878d_0001.001a_5005ad36fe6b9561\launcher.exe" = protocol=6 | dir=in | app=c:\users\abraham justice\appdata\local\apps\2.0\1xlhdtma.atz\r880aajq.5ma\laun...app_59711684aa47878d_0001.001a_5005ad36fe6b9561\launcher.exe |
"TCP Query User{6B8A5A01-A5D8-4C3C-BD45-F6A8764EE438}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{73F71848-2166-4644-8D9B-2DB3A5EA2111}C:\program files (x86)\ea games\dead space 2\deadspace2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\dead space 2\deadspace2.exe |
"TCP Query User{7F96FC8F-D9F5-4D41-99B4-9A99072F2FAB}C:\users\abraham justice\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\abraham justice\appdata\roaming\spotify\spotify.exe |
"TCP Query User{892D6E2F-0D18-40F5-86D8-FD1B8A27ECEC}C:\program files (x86)\electronic arts\crysis® 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crysis® 2\bin32\crysis2.exe |
"TCP Query User{8FD0CF08-7F60-4AFB-82B4-7BB2B19A1966}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{D7BC8796-ACC2-49E1-BC2A-366C8DF4A4A9}C:\ubisoft\gro\ncsa-live\yeti_release.exe" = protocol=6 | dir=in | app=c:\ubisoft\gro\ncsa-live\yeti_release.exe |
"TCP Query User{ED99E77A-4A7C-4BA8-A54A-215BEEBE1064}C:\users\brothers\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\brothers\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{F1264DBC-AC51-4B7A-8C44-DA0575C19FDF}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe |
"TCP Query User{F8F5A300-4F0C-4EEB-93C6-67727E372152}C:\program files (x86)\tremulous\tremulous.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tremulous\tremulous.exe |
"TCP Query User{FD7ACDDC-73A9-4476-9762-1C488298B4C3}C:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe |
"UDP Query User{0E7DF7E3-456F-4479-B1E8-2A43E19FF803}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe |
"UDP Query User{24DF2E4B-BEBF-4BCE-A708-38FFD08B08ED}C:\users\abraham justice\appdata\local\apps\2.0\1xlhdtma.atz\r880aajq.5ma\laun...app_59711684aa47878d_0001.001a_5005ad36fe6b9561\launcher.exe" = protocol=17 | dir=in | app=c:\users\abraham justice\appdata\local\apps\2.0\1xlhdtma.atz\r880aajq.5ma\laun...app_59711684aa47878d_0001.001a_5005ad36fe6b9561\launcher.exe |
"UDP Query User{26A43469-80B7-4206-8D1C-38ED79B47B51}C:\program files (x86)\electronic arts\crysis® 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crysis® 2\bin32\crysis2.exe |
"UDP Query User{300E4FE7-F3FA-4DD4-B58F-882328D58944}C:\users\abraham justice\downloads\null\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\users\abraham justice\downloads\null\pando networks\media booster\pmb.exe |
"UDP Query User{58AF2976-003F-40B9-84B2-24EB136328A6}C:\program files (x86)\gamespy\comrade\comrade.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gamespy\comrade\comrade.exe |
"UDP Query User{5E9FFE7A-B1BF-4C54-A780-4A4E73274F27}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{6EEA709E-0297-4033-ABE3-EEB9B2E4C3D8}C:\program files (x86)\ea games\dead space 2\deadspace2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\dead space 2\deadspace2.exe |
"UDP Query User{79C00DC2-0DD5-4884-8D65-80A844156954}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{7A33AB32-9C32-45E2-8BAE-E767126102AD}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{961764DC-8125-4592-B815-7AF72FBF1023}C:\program files (x86)\tremulous\tremulous.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tremulous\tremulous.exe |
"UDP Query User{9CEFA16C-BC78-4AAF-9CAE-0AE3AE4F6D8F}C:\users\abraham justice\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\abraham justice\appdata\roaming\spotify\spotify.exe |
"UDP Query User{B0C3BB67-C351-4252-B12A-860A92F14444}C:\users\brothers\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\brothers\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{B37CDA93-E811-425F-9903-F5B89EF3D753}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{C6555ADC-6870-4799-856A-44BD97E2E5BB}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{D491EF5C-DB40-4CB0-903C-F1F7E48C8BB4}C:\program files (x86)\steam\steamapps\jtbrekhus\source sdk base 2007\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\jtbrekhus\source sdk base 2007\hl2.exe |
"UDP Query User{D67E6760-EE44-4153-BF87-25785B167A54}C:\users\abraham justice\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\abraham justice\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{E2CDDCE7-9CDF-4B58-A205-412AAB52DE4E}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{E59812D7-A6D5-4869-84FA-B06804344560}C:\ubisoft\gro\ncsa-live\yeti_release.exe" = protocol=17 | dir=in | app=c:\ubisoft\gro\ncsa-live\yeti_release.exe |
"UDP Query User{E9665ACD-E82F-4061-903B-5BC79D36AEDC}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{F63B9A93-33E8-4BFA-B12B-909E6440111D}C:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock 2\sp\builds\binaries\bioshock2.exe |
"UDP Query User{F9BB7192-9E3E-45C7-AFBC-63E4B55A0749}C:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\maxpayne3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java™ 6 Update 24 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7FA24ACE-BF20-5570-F94A-3AE540223771}" = AMD Catalyst Install Manager
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BF9FD124-1112-4C8D-8F79-779A11C6287D}" = Logitech GamePanel Software 3.05.151
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"CCleaner" = CCleaner
"EPSON NX230 Series" = EPSON NX230 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR archiver
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0AD75EDE-7B93-48CF-9D83-8A424396FBA1}" = Cossacks - Back To War
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12C85315-0989-4C28-8956-33458F464DD6}" = The Chronicles of Riddick - Assault on Dark Athena
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{212D202D-487D-49C4-8A76-4D3BB91B8471}" = BOINC
"{2680A0EA-84CA-DB0B-1C81-86F83C12BBF2}" = Amazon MP3 Uploader
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{26FDF89A-FA65-4FA2-8522-37CC84DFDCEE}" = Mercenaries 2: World in Flames™
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2B04E7DC-7F74-4C18-A2FE-66E6CE821A06}" = Company of Heroes Online (THQ)
"{2b12a4e9-c782-45ef-801e-abd0a08d3d8d}" = Ad-Aware Antivirus
"{2E9CBC83-B021-4118-8BB9-40FFF1179C3C}" = AMD Fusion Utility
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{43867B63-C464-4570-823D-D92DC08E3400}_is1" = Army Builder 3.3b
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{45410935-B52C-468A-A836-0D1000058201}" = BulletStorm
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4922E726-43DD-4BB4-FCE0-7F1A4AAD8ED0}" = APEXvjDesktop
"{49a6bec9-2c86-4dfa-a31b-7ffb146b04de}" = Nero 9 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5454085C-129F-416C-9C0B-8B1000058301}" = BioShock 2
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{660787DD-68B3-4E67-9073-4A66DD7AD193}" = ASUS VGA Driver
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6984B5E1-721C-4F8E-BF5A-ED5F45D90EB6}" = CyberPower PowerPanel Personal Edition 1.3.2
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6E03FAB5-6253-58B8-B939-AA83F64C3278}" = CCC Help Swedish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{7F752BAB-4AFD-4138-983D-7E9E7CFE077D}" = GameSpy Comrade
"{7FE01684-4C95-FB0E-061D-EDB29166B98B}" = Warner Bros. Digital Copy Manager
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{96334581-5554-3E5F-8BC9-924C3C3AC5BE}" = Google Talk Plugin
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{ADD0F13D-4EB0-4324-AF83-24870EC44BF6}_is1" = Visual Watermark Free version 1.1
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{B90FBC1A-9E7D-4D9F-9BD0-7D1123232196}" = Armies of the Imperium Patch v2.6.05
"{BBD363AA-3F9E-4569-8A52-D1DEECCF5121}" = SoundPackager
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB92C58B-7BDF-48E3-92E3-51768DCCA585}_is1" = EVGA OC Scanner 1.7.4
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CCFEB50F-87CB-48A4-890F-21E56F1D7ECE}" = Armies of the Imperium
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7AF16E7-5938-4369-BA54-B1ABD541BC32}" = Utility
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D95CD7BE-A894-4F6C-B9DF-578C3CB411D4}" = VLC
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E60199E7-0EDB-889A-AA3D-661FFF28303A}" = Application Profiles
"{EACCC042-848D-4166-9D97-B13D1D108722}" = Google Drive
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder™ Mouse
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ECDE16E7-E3FC-F094-F14D-0326D03B9D96}" = Catalyst Control Center InstallProxy
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict: Soviet Assault
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter" = AC3Filter (remove only)
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Aimersoft Media Converter_is1" = Aimersoft Media Converter(Build 1.2.2.0)
"Alien vs. Triangles" = NVIDIA Alien vs. Triangles demo
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"BroadCam" = BroadCam Video Streaming Server
"Call of Pripyat: Redux1.0" = Call of Pripyat: Redux
"Cloud System Booster" = Cloud System Booster
"com.amazon.music.uploader" = Amazon MP3 Uploader
"com.apexvj.com" = APEXvjDesktop
"com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1" = Warner Bros. Digital Copy Manager
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"DarthMod Ultimate Commander Edition" = DarthMod Ultimate Commander Edition
"Debut" = Debut Video Capture Software
"Desura" = Desura
"DivX Setup" = DivX Setup
"DoD:S - Perfection Patch v1.0" = DoD:S - Perfection Patch v1.0
"Download Manager" = Download Manager 2.3.10
"End of Nations" = End of Nations
"Endless City" = NVIDIA Endless City demo
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"ESN Sonar" = ESN Sonar
"ESN Sonar-0.70.0" = ESN Sonar
"ESN Sonar-0.70.4" = ESN Sonar
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FinePix Genie_is1" = FUJIFILM MyFinePix Studio 1.0
"FLAC" = FLAC 1.2.1b (remove only)
"FlashOffliner" = FlashOffliner 1.0
"Fraps" = Fraps
"Free Fire Screensaver" = Free Fire Screensaver
"FXAA Post-Process Injector" = FXAA Post-Process Injector
"Game Booster_is1" = Game Booster 3
"G-Force" = G-Force
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"HijackThis" = HijackThis 1.99.1
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War™ 1.6 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War™ 1.2 Patch
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty® - World at War™ 1.7 Patch
"InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War™ 1.4 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty® - World at War™ 1.1 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War™ 1.5 Patch
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Intel AppUp(SM) center 35228" = Intel AppUp(SM) center
"Kindle Auto eBook Converter" = Kindle Auto eBook Converter 0.4.50
"LTCM Client" = LTCM Client
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"OpenAL" = OpenAL
"Origin" = Origin
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"Precision" = EVGA Precision 2.0.4
"RealPlayer 15.0" = RealPlayer
"Rockstar Games Social Club" = Rockstar Games Social Club
"S.T.A.L.K.E.R. - Clear Sky_is1" = S.T.A.L.K.E.R. - Clear Sky [v1.0009]
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 104600" = Portal 2 - The Final Hours
"Steam App 104700" = Super MNC Invitational
"Steam App 10500" = Empire: Total War
"Steam App 109410" = Brawl Busters
"Steam App 110800" = L.A. Noire: The Complete Edition
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 12900" = Audiosurf
"Steam App 17080" = Tribes: Ascend
"Steam App 200210" = Realm of the Mad God
"Steam App 20530" = Red Faction
"Steam App 20550" = Red Faction II
"Steam App 218" = Source SDK Base 2007
"Steam App 22000" = World of Goo
"Steam App 22100" = Mount & Blade
"Steam App 22350" = Brink
"Steam App 240" = Counter-Strike: Source
"Steam App 24800" = Command and Conquer: Red Alert 3 - Uprising
"Steam App 24980" = Mass Effect 2
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 29180" = Osmos
"Steam App 300" = Day of Defeat: Source
"Steam App 3130" = Men of War: Red Tide
"Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
"Steam App 38740" = EDGE
"Steam App 4000" = Garry's Mod
"Steam App 40100" = Supreme Commander 2
"Steam App 41700" = S.T.A.L.K.E.R.: Call of Pripyat
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"Steam App 4700" = Medieval II: Total War
"Steam App 4760" = Rome: Total War Gold Edition
"Steam App 4770" = Rome: Total War - Alexander
"Steam App 4780" = Medieval II: Total War Kingdoms
"Steam App 48000" = LIMBO
"Steam App 48700" = Mount & Blade: Warband
"Steam App 48720" = Mount & Blade: With Fire and Sword
"Steam App 55150" = Warhammer 40,000 Space Marine
"Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™
"Steam App 56460" = Warhammer® 40,000®: Dawn of War® II – Retribution™ Beta
"Steam App 620" = Portal 2
"Steam App 63960" = Theatre of War 3: Korea
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 730" = Counter-Strike: Global Offensive Beta
"Steam App 8190" = Just Cause 2
"Steam App 8850" = BioShock 2
"Switch" = Switch Sound File Converter
"Tremulous" = Tremulous 1.1.0
"uTorrent" = µTorrent
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WRUNINST" = Webroot SecureAnywhere
"Wrye Bash" = Wrye Bash
"wxPython2.8-ansi-py25_is1" = wxPython 2.8.7.1 (ansi) for Python 2.5
"Xfire" = Xfire (remove only)
"xvid" = XviD MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}" = HHD Software Hex Editor Neo 4.96
"477233b55d082a86" = Company of Heroes Online Launcher (THQ)
"comtypes-py2.5" = Python 2.5 comtypes-0.5.2
"DarthMod Ultimate Commander Edition " = DarthMod Ultimate Commander Edition
"Dropbox" = Dropbox
"fc418bf9b18f76aa" = Ghost Recon Online (NCSA-Live)
"Flux" = F.lux
"Google Chrome" = Google Chrome
"MusicManager" = Music Manager
"PIL-py2.5" = Python 2.5 PIL-1.1.6
"psyco-py2.5" = Python 2.5 psyco-1.6
"pywin32-py2.5" = Python 2.5 pywin32-212
"Sansa Updater" = Sansa Updater
"SoundPackager" = SoundPackager
"Spotify" = Spotify
"Third Age - Total War 2.0 (Part1of2)" = Third Age - Total War 2.0 (Part1of2)
"Third Age - Total War 2.0 (Part2of2)" = Third Age - Total War 2.0 (Part2of2)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/25/2012 8:11:27 PM | Computer Name = Brothers-PC | Source = CVHSVC | ID = 100
Description = Information only. Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.


Error - 9/25/2012 8:24:33 PM | Computer Name = Brothers-PC | Source = VSS | ID = 13
Description =

Error - 9/25/2012 8:24:33 PM | Computer Name = Brothers-PC | Source = VSS | ID = 12292
Description =

Error - 9/25/2012 8:24:33 PM | Computer Name = Brothers-PC | Source = VSS | ID = 8193
Description =

Error - 9/25/2012 8:24:33 PM | Computer Name = Brothers-PC | Source = System Restore | ID = 8193
Description =

Error - 9/25/2012 9:13:07 PM | Computer Name = Brothers-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Abraham Justice\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 9/25/2012 9:13:45 PM | Computer Name = Brothers-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.exe, version: 6.1.7601.17567,
time stamp: 0x4d672ee4 Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec4aa8e Exception code: 0xc015000f Fault offset: 0x000000000006f82a
Faulting
process id: 0xa54 Faulting application start time: 0x01cd9b7bb8575dd4 Faulting application
path: C:\Windows\Explorer.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 6a7d1d73-0777-11e2-983d-6cf049b66ae6

Error - 9/25/2012 9:17:54 PM | Computer Name = Brothers-PC | Source = CVHSVC | ID = 100
Description = Information only. Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.


Error - 9/25/2012 9:19:26 PM | Computer Name = Brothers-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d672ee4 Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x00000000000532d0
Faulting
process id: 0x998 Faulting application start time: 0x01cd9b84d0242ef5 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 35a7a849-0778-11e2-a80b-6cf049b66ae6

Error - 9/25/2012 9:21:32 PM | Computer Name = Brothers-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Abraham Justice\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ Media Center Events ]
Error - 5/19/2012 6:24:07 PM | Computer Name = Brothers-PC | Source = MCUpdate | ID = 0
Description = 3:24:07 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/20/2012 6:22:17 AM | Computer Name = Brothers-PC | Source = MCUpdate | ID = 0
Description = 3:22:13 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/20/2012 6:08:16 PM | Computer Name = Brothers-PC | Source = MCUpdate | ID = 0
Description = 3:08:15 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/21/2012 6:32:04 AM | Computer Name = Brothers-PC | Source = MCUpdate | ID = 0
Description = 3:32:01 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/22/2012 6:34:49 AM | Computer Name = Brothers-PC | Source = MCUpdate | ID = 0
Description = 3:34:48 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/22/2012 7:34:57 AM | Computer Name = Brothers-PC | Source = MCUpdate | ID = 0
Description = 4:34:56 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/22/2012 8:35:03 AM | Computer Name = Brothers-PC | Source = MCUpdate | ID = 0
Description = 5:35:02 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/22/2012 9:38:52 AM | Computer Name = Brothers-PC | Source = MCUpdate | ID = 0
Description = 6:38:51 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/22/2012 6:53:41 PM | Computer Name = Brothers-PC | Source = MCUpdate | ID = 0
Description = 3:53:41 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/23/2012 6:43:00 AM | Computer Name = Brothers-PC | Source = MCUpdate | ID = 0
Description = 3:42:55 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

[ System Events ]
Error - 9/25/2012 9:18:50 PM | Computer Name = Brothers-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 9/25/2012 9:18:51 PM | Computer Name = Brothers-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 9/25/2012 9:18:52 PM | Computer Name = Brothers-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 9/25/2012 9:18:52 PM | Computer Name = Brothers-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 9/25/2012 9:18:53 PM | Computer Name = Brothers-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 9/25/2012 9:19:29 PM | Computer Name = Brothers-PC | Source = Service Control Manager | ID = 7022
Description = The Client Virtualization Handler service hung on starting.

Error - 9/25/2012 9:21:41 PM | Computer Name = Brothers-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 9/25/2012 9:21:41 PM | Computer Name = Brothers-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 9/25/2012 9:21:42 PM | Computer Name = Brothers-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 9/25/2012 9:21:43 PM | Computer Name = Brothers-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.


< End of report >

#9 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:40 AM

Posted 28 September 2012 - 09:26 AM

I'd like us to try running ComboFix again.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.



If you cannot get ComboFix to run, please try renaming it to caseyboy.exe If that still doesn't work, then please try running it from within Safe Mode.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#10 TheWhiteKeys

TheWhiteKeys
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 28 September 2012 - 09:31 PM

Tried it, tried different names, tried it on safemode and safemode with networking and no matter what it gets stuck on; Output folder: C:\32788R22FWJFW\N_
Output folder: C:\32788R22FWJFW. I'm really on my last limits here, I have never encountered a virus so deeply embedded into the computer. What can I possibly do besides burning down the computer? How does something prevent me from using something in safe mode, how is that possible?

#11 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:40 AM

Posted 01 October 2012 - 12:40 PM

OK, let's see if this will run please:


  • Double click ListParts64.exe to launch the program.
  • Press the Scan button.
  • When finished scanning it will make a log Result.txt on your Desktop.
  • Please post me the contents of the log.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#12 TheWhiteKeys

TheWhiteKeys
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 01 October 2012 - 01:56 PM

ListParts by Farbar Version: 25-09-2012
Ran by Abraham Justice (administrator) on 01-10-2012 at 11:52:24
Windows 7 (X64)
Running From: C:\Users\Abraham Justice\Downloads\Blackstone!
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 37%
Total physical RAM: 8190.49 MB
Available physical RAM: 5084.24 MB
Total Pagefile: 20472.68 MB
Available Pagefile: 17210.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:307.82 GB) NTFS
2 Drive d: (MRI5.7.0) (CDROM) (Total:0.67 GB) (Free:0 GB) CDFS


****** End Of Log ******

I was gonna do a full reinstall, but I need to find the windows 7 disk, and my external hard drive just clicks and doesn't appear to work. What a nightmare this is thanks for your assistance!

#13 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:40 AM

Posted 02 October 2012 - 09:35 AM

Hi again,


  • Download RogueKiller on the desktop
  • Close all the running processes
  • Right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, please copy and paste it in your reply. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#14 TheWhiteKeys

TheWhiteKeys
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 02 October 2012 - 12:14 PM

Started in : Normal mode
User : Abraham Justice [Admin rights]
Mode : Scan -- Date : 10/02/2012 10:11:42

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[TASK][SUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\ABRAHA~1\AppData\Local\Temp\IHUB40F.tmp.exe -> FOUND
[TASK][SUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" /silent $(Arg0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31000528AS ATA Device +++++
--- User ---
[MBR] 88df1b34e0b9e895b3eeeb840ababd38
[BSP] 6a737524e8c6862ecf3784dddc9b2897 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: PNY USB 2.0 FD USB Device +++++
--- User ---
[MBR] eb8d51438fa8baba3e661c30d3707f11
[BSP] c2ad7217b17c2a75266f111daa880cff : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0xff) [VISIBLE] Offset (sectors): 4294967295 | Size: 2097151 Mo
1 - [XXXXXX] UNKNOWN (0xff) [VISIBLE] Offset (sectors): 4294967295 | Size: 2097151 Mo
2 - [XXXXXX] UNKNOWN (0xff) [VISIBLE] Offset (sectors): 4294967295 | Size: 2097151 Mo
3 - [XXXXXX] UNKNOWN (0xff) [VISIBLE] Offset (sectors): 4294967295 | Size: 361440 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: USB DISK 2.0 USB Device +++++
--- User ---
[MBR] 2d6c47c5fc2ac20c6bd03a6b4effe943
[BSP] 24494814edbf74626ccdbd1defaa5f85 : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0xff) [VISIBLE] Offset (sectors): 4294967295 | Size: 2097151 Mo
1 - [XXXXXX] UNKNOWN (0xff) [VISIBLE] Offset (sectors): 4294967295 | Size: 2097151 Mo
2 - [XXXXXX] UNKNOWN (0xff) [VISIBLE] Offset (sectors): 4294967295 | Size: 2097151 Mo
3 - [XXXXXX] UNKNOWN (0xff) [VISIBLE] Offset (sectors): 4294967295 | Size: 361440 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[35].txt >>
RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[14].txt ;
RKreport[15].txt ; RKreport[16].txt ; RKreport[17].txt ; RKreport[18].txt ; RKreport[19].txt ;
RKreport[1].txt ; RKreport[20].txt ; RKreport[21].txt ; RKreport[22].txt ; RKreport[23].txt ;
RKreport[24].txt ; RKreport[25].txt ; RKreport[26].txt ; RKreport[27].txt ; RKreport[28].txt ;
RKreport[29].txt ; RKreport[2].txt ; RKreport[30].txt ; RKreport[31].txt ; RKreport[32].txt ;
RKreport[33].txt ; RKreport[34].txt ; RKreport[35].txt ; RKreport[3].txt ; RKreport[4].txt ;
RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt

One of the few things that does work

#15 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:40 AM

Posted 03 October 2012 - 09:48 AM

Hi,

:step1: Please download Rkill by Grinler and save it to your desktop.Link 1
Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, you will need to run the application again.

:step2: Then run another OTL scan for me.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users