Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

LP problems!


  • This topic is locked This topic is locked
30 replies to this topic

#1 Mephisto-nim

Mephisto-nim

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 AM

Posted 21 September 2012 - 02:30 AM

hi! hello again XD
I really need help in how to fix my LP :( .. my normal mode isnt working anymore right now im using safe mode
my LP is Fujitsu Lifebook A seires.. it all started after I ran a scan from malwarebytes anti-malware that says i need to restart after that my normal mode is always freezing only the cursor is moving pls help me!! X(

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,669 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:13 AM

Posted 26 September 2012 - 02:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/469381 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Mephisto-nim

Mephisto-nim
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 AM

Posted 28 September 2012 - 05:21 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.7.2
Run by user at 2:07:00 on 2012-09-29
Microsoft Windows 7 Home Basic 6.1.7600.0.1252.44.1033.18.1909.1027 [GMT 4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Fujitsu\PSUtility\PSUService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Vixtel\NetVista\Test Node\jre1.5.0_10\bin\javaw.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\My Lockbox\mylbx.exe
C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_Prot
uDefault_Page_URL = hxxp://ts.fujitsu.com
mStart Page = hxxp://home.sweetim.com/?st=2&barid={7FD70832-C4B1-11E0-BD9F-E839DF45899E}
mSearchAssistant = hxxp://start.facemoods.com/?a=bf2&s={searchTerms}&f=4
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
mWinlogon: Userinit=userinit.exe,
BHO: 2YourFace Addon: {1185823f-f22f-4027-80e5-4f68acd5de5e} - C:\Program Files (x86)\2YourFace\bho.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll
BHO: Incredibar.com Helper Object: {6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Users\user\Documents\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: Incredibar Toolbar: {f9639e4a-801b-4843-aee3-03d9da199e77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [<NO NAME>]
uRun: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
uRun: [Facebook Update] "C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
mRun: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
mRun: [DeskUpdateNotifier] "C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe"
mRun: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe" /md I
mRun: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\realplayer\update\realsched.exe" -osboot
mRun: [Tutorials] "C:\Program Files (x86)\Tuto4pc\sangguni.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Users\user\Documents\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
TCP: DhcpNameServer = 192.168.254.1
TCP: Interfaces\{83539524-28E2-4320-B165-B34F84A9C3F8} : DhcpNameServer = 192.168.254.1
TCP: Interfaces\{83539524-28E2-4320-B165-B34F84A9C3F8}\1436365637370205F696E647 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{83539524-28E2-4320-B165-B34F84A9C3F8}\4646D616361627165676 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{99580D45-DB6F-4D40-B4C8-498A2A88833B} : DhcpNameServer = 192.168.254.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Users\user\Documents\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: 2YourFace Addon: {1185823F-F22F-4027-80E5-4F68ACD5DE5E} - C:\Program Files (x86)\2YourFace\bho.dll
BHO-X64: C:\\Program Files (x86)\\2YourFace\\bho.dll - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO-X64: Babylon toolbar helper - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: CescrtHlpr Object: {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll
BHO-X64: facemoods Helper - No File
BHO-X64: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll
BHO-X64: Incredibar.com Helper Object - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Users\user\Documents\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: SweetIM Toolbar Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
BHO-X64: SWEETIE - No File
BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: facemoods Toolbar: {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll
TB-X64: SweetIM Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB-X64: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
mRun-x64: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun-x64: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
mRun-x64: [DeskUpdateNotifier] "C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe"
mRun-x64: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe" /md I
mRun-x64: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\realplayer\update\realsched.exe" -osboot
mRun-x64: [Tutorials] "C:\Program Files (x86)\Tuto4pc\sangguni.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ur7mav29.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com/?st=2&barid={7FD70832-C4B1-11E0-BD9F-E839DF45899E}
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B7e7b6cc6-cbeb-4417-b4b4-259b0b2f322a%7D&mid=3b7a17eb8e2147d09ed4397099a1606d-65aad6ac4914457823b23060e798d00fd6d5fbb0&ds=AVG&v=11.1.0.12&lang=en&pr=fr&d=2012-06-07%2019%3A42%3A58&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8i1JcJVk&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - ce619b79000000000000e839df45899e
FF - user.js: extensions.incredibar_i.hardId - ce619b79000000000000e839df45899e
FF - user.js: extensions.incredibar_i.instlDay - 15365
FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2720:00:16
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8i1JcJVk
FF - user.js: extensions.incredibar_i.upn2n - 92823741778775398
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10606
FF - user.js: extensions.incredibar_i.ppd - 20
FF - user.js: extentions.y2layers.installId - bf7e1d72-ac06-4ccf-81e7-9b1074f5fbdb
FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
.
FF - user.js: extensions.autoDisableScopes - 14
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 FSProFilter;FSPro File Filter;C:\Windows\system32\Drivers\FSPFltd.sys --> C:\Windows\system32\Drivers\FSPFltd.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 PowerSavingUtilityService;PowerSavingUtilityService;C:\Program Files\Fujitsu\PSUtility\PSUService.exe [2009-7-30 63336]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-20 2314240]
R2 VFPRadioSupportService;Bluetooth Feature Support;C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [2009-12-24 145840]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
R2 WirelessSelectorService;WirelessSelectorService;C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe [2009-7-21 62312]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\Windows\system32\DRIVERS\FUJ02E3.sys --> C:\Windows\system32\DRIVERS\FUJ02E3.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-20 135664]
S2 NetVista Agent;NetVista Agent;C:\Program Files (x86)\Vixtel\NetVista\Test Node\bin\wrapper.exe [2011-7-20 204800]
S2 SkypeUpdate;Skype Updater;C:\Users\user\Documents\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-10 250288]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-2-6 1431888]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-20 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-15 113120]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-09-20 18:15:00 -------- d-----w- C:\Users\user\AppData\Roaming\Malwarebytes
2012-09-20 18:14:38 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-20 03:06:35 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-20 03:06:34 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-20 03:06:01 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M ====================
.
2012-09-22 19:25:10 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-22 19:25:10 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-24 11:43:16 384352 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-07-25 23:21:28 291680 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
.
============= FINISH: 2:07:25.04 ===============

Attached Files



#4 Mephisto-nim

Mephisto-nim
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 AM

Posted 28 September 2012 - 05:32 PM

Umm..... I would like to add some details... when I told about my laptop freezing and hanging after I run a scan of malwarebytes anti-malware it says that I need to restart my Laptop to clean the virus at that moment my laptop start not responding anymore so I force shutdown.. after opening it once again in normal mode a error occur and says that cleanup.dll specified folder something like that and it started that my cursor is the only thing moving in the screen my application are gone and i cant access to Start menu so i restarted in safe mode then I posted my Lp problems. After a few days passes I read in one forum that has a similar problem to mines so i checked it.. it says there that the user uninstall the malwarebytes anti-malware after doing so hes normal mode works fine now but the problem is that the trojans are not cleared since he wasnt able to complete the clean up... so i did the same thing uninstall the program my normal mode is now okay but i want to clean my laptop from virus and etc.

I wish this info helps quite abit to add up.. ^_^

Edited by Mephisto-nim, 28 September 2012 - 06:10 PM.


#5 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:13 AM

Posted 28 September 2012 - 06:41 PM

Hello Mephisto-nim and thanks for the elaborations! :)

Posted Image From Programs and Features (via Control Panel), please uninstall the below:
  • Babylon toolbar on IE
  • Facemoods Toolbar
  • Incredibar Toolbar on IE and Chrome
  • SweetIM for Messenger 3.5
  • SweetIM Toolbar for Internet Explorer 4.1

__

Posted Image Please download and run TDSSKiller
  • VERY IMPORTANT: In the event that threats are detected, allow TDSSKiller to perform the default action by simply pressing the Continue button.
  • Do NOT change the default action on your own unless instructed by a malware helper! Doing so may render your computer unbootable.
  • If threats were detected, TDSSKiller will require a reboot in order to attempt to clean the system.
  • After the scan is complete, you can find the TDSSKiller log at the root of your C: drive.
    • Example: C:\TDSSKiller.2.8.10.0_29.09.2012_00.22.50_log.txt
  • Please post the contents of this file to your next reply.
__

Posted Image Please post the log from Malwarebytes which you say caused the boot issue.
The logs can be accessed while you are in Safe Mode by going into this folder: C:\Users\user\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

__

Posted Image Please download Junkware Removal Tool to your desktop.
  • Please save the work in your browsers before proceeding.
  • Right-mouse click on JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please post the contents of JRT.txt into your next reply.

Edited by thisisu, 29 September 2012 - 12:27 AM.


#6 Mephisto-nim

Mephisto-nim
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 AM

Posted 29 September 2012 - 12:52 PM

Junkware Removal Tool (JRT) by Thisisu
Version: 1.1.5 (09.28.2012)
OS: Windows 7 Home Basic x64
Ran by user on 29/09/2012 at 17:36:16.66
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [KEY] hkey_classes_root\clsid\{1185823f-f22f-4027-80e5-4f68acd5de5e}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{1185823f-f22f-4027-80e5-4f68acd5de5e}
Successfully deleted: [KEY] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{1185823f-f22f-4027-80e5-4f68acd5de5e}
Successfully deleted: [KEY] hkey_classes_root\clsid\{2eecd738-5844-4a99-b4b6-146bf802613b}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\settings\{2eecd738-5844-4a99-b4b6-146bf802613b}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{2eecd738-5844-4a99-b4b6-146bf802613b}
Successfully deleted: [KEY] hkey_classes_root\appid\{6536801b-f50c-449b-9476-093dfd3789e3}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\settings\{6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\settings\{97f2ff5b-260c-4ccf-834a-2dda4e29e39e}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{97f2ff5b-260c-4ccf-834a-2dda4e29e39e}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\settings\{98889811-442d-49dd-99d7-dc866be87dbc}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{98889811-442d-49dd-99d7-dc866be87dbc}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\settings\{9cfaccb6-2f3f-4177-94ea-0d2b72d384c1}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{9cfaccb6-2f3f-4177-94ea-0d2b72d384c1}
Successfully deleted: [KEY] hkey_classes_root\appid\{bdb69379-802f-4eaf-b541-f8de92dd98db}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\internet explorer\searchscopes\{cff4db9b-135f-47c0-9269-b4c6572fd61a}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\settings\{db4e9724-f518-4dfd-9c7c-78b52103cab9}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{db4e9724-f518-4dfd-9c7c-78b52103cab9}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\settings\{eee6c35c-6118-11dc-9c72-001320c79847}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{eee6c35c-6118-11dc-9c72-001320c79847}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{eee6c35d-6118-11dc-9c72-001320c79847}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{f72841f0-4ef1-4df5-bce5-b3ac8acf5478}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\settings\{f9639e4a-801b-4843-aee3-03d9da199e77}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{f9639e4a-801b-4843-aee3-03d9da199e77}
Successfully deleted: [KEY] hkey_classes_root\clsid\{fd72061e-9fde-484d-a58a-0bab4151cad8}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\settings\{fd72061e-9fde-484d-a58a-0bab4151cad8}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{fd72061e-9fde-484d-a58a-0bab4151cad8}
Successfully deleted: [KEY] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fd72061e-9fde-484d-a58a-0bab4151cad8}
Successfully deleted: [KEY] "hkey_classes_root\appid\babylonhelper.exe"
Successfully deleted: [KEY] "hkey_current_user\software\im"
Successfully deleted: [KEY] "hkey_current_user\software\iminstaller"
Successfully deleted: [KEY] "hkey_current_user\software\incredimail"
Successfully deleted: [KEY] "hkey_local_machine\software\babylon"
Successfully deleted: [KEY] "hkey_local_machine\software\wow6432node\google\chrome\extensions\dhkplhfnhceodhffomolpfigojocbpcb"
Successfully deleted: [KEY] "hkey_local_machine\software\wow6432node\microsoft\tracing\babylon_rasapi32"
Successfully deleted: [KEY] "hkey_local_machine\software\wow6432node\microsoft\tracing\babylon_rasmancs"
Successfully deleted: [KEY] "hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasapi32"
Successfully deleted: [KEY] "hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasmancs"
Successfully deleted: [KEY] "hkey_local_machine\software\wow6432node\microsoft\tracing\mybabylontb_rasapi32"
Successfully deleted: [KEY] "hkey_local_machine\software\wow6432node\microsoft\tracing\mybabylontb_rasmancs"



*** Files:

Successfully deleted: [FILE] C:\Program Files (x86)\yontoo\YontooIEClient.dll
Successfully deleted: [FILE] C:\Program Files (x86)\yontoo\YontooIEClient.dll
Successfully deleted: [FILE] C:\Windows\prefetch\BABYLONTOOLBARSRV.EXE-C17A4BCD.pf



*** Folders:

Successfully deleted: [FOLDER] "C:\ProgramData\babylon"
Successfully deleted: [FOLDER] "C:\ProgramData\installmate"
Successfully deleted: [FOLDER] "C:\ProgramData\premium"
Successfully deleted: [FOLDER] "C:\Users\user\AppData\Roaming\babylon"
Successfully deleted: [FOLDER] "C:\Users\user\appdata\local\babylon"
Successfully deleted: [FOLDER] "C:\Users\user\appdata\locallow\babylontoolbar"
Successfully deleted: [FOLDER] "C:\Users\user\appdata\locallow\incredibar.com"
Successfully deleted: [FOLDER] "C:\Program Files (x86)\tuto4pc"
Successfully deleted: [FOLDER] "C:\Program Files (x86)\yontoo"
Failed to delete: [FOLDER-LOCKED!] "C:\Program Files (x86)\2yourface"



*** Ask Toolbar Cleanup:
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{00000000-6e41-4fd3-8538-502f5495e5fc}
Successfully deleted: [KEY] hkey_current_user\software\microsoft\windows\currentversion\ext\stats\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [FF .XML PROFILE] "askcom.xml"



*** FireFox detected and repaired

Potentially unwanted user.js Detected!
Dumping contents:


=============================
user_pref("extensions.incredibar_i.newTab", false);
user_pref("extensions.incredibar_i.tlbrSrchUrl", "http://mystart.Incredibar.com/?a=6R8i1JcJVk&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar_i.id", "ce619b79000000000000e839df45899e");
user_pref("extensions.incredibar_i.hardId", "ce619b79000000000000e839df45899e");
user_pref("extensions.incredibar_i.instlDay", "15365");
user_pref("extensions.incredibar_i.vrsn", "1.5.3.27");
user_pref("extensions.incredibar_i.vrsni", "1.5.3.27");
user_pref("extensions.incredibar_i.vrsnTs", "1.5.3.2720:00:16");
user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
user_pref("extensions.incredibar_i.prdct", "incredibar");
user_pref("extensions.incredibar_i.aflt", "orgnl");
user_pref("extensions.incredibar_i.smplGrp", "none");
user_pref("extensions.incredibar_i.tlbrId", "base");
user_pref("extensions.incredibar_i.instlRef", "");
user_pref("extensions.incredibar_i.dfltLng", "");
user_pref("extensions.incredibar_i.excTlbr", "false");
user_pref("extensions.incredibar_i.ms_url_id", "");
user_pref("extensions.incredibar_i.upn2", "6R8i1JcJVk");
user_pref("extensions.incredibar_i.upn2n", "92823741778775398");
user_pref("extensions.incredibar_i.productid", "26");
user_pref("extensions.incredibar_i.installerproductid", "26");
user_pref("extensions.incredibar_i.did", "10606");
user_pref("extensions.incredibar_i.ppd", "20");
user_pref("extentions.y2layers.installId", "bf7e1d72-ac06-4ccf-81e7-9b1074f5fbdb");
user_pref("extentions.y2layers.defaultEnableAppsList", "ezLooker,pagerage,buzzdock,toprelatedtopics,twittube");

user_pref("extensions.autoDisableScopes", 14);

=============================

Successfully deleted: [USER.JS PROFILE] "user.js"
Potentially unwanted user.js Detected!
Dumping contents:

=============================
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=101241");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100888");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
user_pref("extensions.incredibar_i.ms_url_id", "");
user_pref("extensions.incredibar_i.upn2", "6R8i1JcJVk");
user_pref("extensions.incredibar_i.upn2n", "92823741778775398");
user_pref("extensions.incredibar_i.productid", "26");
user_pref("extensions.incredibar_i.installerproductid", "26");
user_pref("extensions.incredibar_i.did", "10606");
user_pref("extensions.incredibar_i.ppd", "20");
user_pref("extensions.incredibar_i.instlRef", "");

=============================


Successfully deleted: [USER.JS ROOT] "C:\user.js"
Successfully deleted: [FF .XML SEARCHPLUGINS PROG] "C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml"
Successfully deleted: [FF EXTENSIONS PROG] "C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com"
Successfully deleted: [FF EXTENSIONS PROFILE] ffxtlbr@incredibar.com
Successfully deleted: [FF EXTENSIONS PROFILE] plugin@yontoo.com
Successfully deleted: [FF EXTENSIONS PROFILE] {eee6c361-6118-11dc-9c72-001320c79847}
Successfully deleted: [FF .XML SEARCHPLUGINS PROFILE] "MyStart Search.xml"
Removed the following from [PREFS.JS] :

user_pref("avg.install.userHPSettings", "http://home.sweetim.com/?st=2&barid={7FD70832-C4B1-11E0-BD9F-E839DF45899E}");
user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
user_pref("browser.search.order.1", "Search the web (Babylon)");
user_pref("browser.startup.homepage", "http://home.sweetim.com/?st=2&barid={7FD70832-C4B1-11E0-BD9F-E839DF45899E}");
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "orgnl");
user_pref("extensions.BabylonToolbar.babTrack", "affID=101308");
user_pref("extensions.BabylonToolbar.bbDpng", 25);
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.dfltSrch", true);
user_pref("extensions.BabylonToolbar.firstRun", false);
user_pref("extensions.BabylonToolbar.hmpg", true);
user_pref("extensions.BabylonToolbar.id", "ce619b79000000000000e839df45899e");
user_pref("extensions.BabylonToolbar.instlDay", "15214");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.keyWordUrl", "http://search.babylon.com/?AF=100888&babsrc=adbartrp&mntrId=ce619b79000000000000e839df45899e&q=");
user_pref("extensions.BabylonToolbar.lastActv", "30");
user_pref("extensions.BabylonToolbar.lastDP", 25);
user_pref("extensions.BabylonToolbar.lastVrsnTs", "");
user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "7.0");
user_pref("extensions.BabylonToolbar.newTab", true);
user_pref("extensions.BabylonToolbar.newTabUrl", "http://search.babylon.com/?AF=100888&babsrc=NT_ss&mntrId=ce619b79000000000000e839df45899e");
user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.propectorlck", 66064448);
user_pref("extensions.BabylonToolbar.prtkDS", 1);
user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.ptch_0717", true);
user_pref("extensions.BabylonToolbar.smplGrp", "free");
user_pref("extensions.BabylonToolbar.srcExt", "ss");
user_pref("extensions.BabylonToolbar.srchPrvdr", "Search the web (Babylon)");
user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar.vrsn", "1.4.35.10");
user_pref("extensions.BabylonToolbar.vrsnTs", "1.4.35.1012:06:29");
user_pref("extensions.incredibar_i.aflt", "orgnl");
user_pref("extensions.incredibar_i.dfltLng", "");
user_pref("extensions.incredibar_i.did", "10606");
user_pref("extensions.incredibar_i.excTlbr", "false");
user_pref("extensions.incredibar_i.hardId", "ce619b79000000000000e839df45899e");
user_pref("extensions.incredibar_i.id", "ce619b79000000000000e839df45899e");
user_pref("extensions.incredibar_i.installerproductid", "26");
user_pref("extensions.incredibar_i.instlDay", "15365");
user_pref("extensions.incredibar_i.instlRef", "");
user_pref("extensions.incredibar_i.ms_url_id", "");
user_pref("extensions.incredibar_i.newTab", false);
user_pref("extensions.incredibar_i.ppd", "20");
user_pref("extensions.incredibar_i.prdct", "incredibar");
user_pref("extensions.incredibar_i.productid", "26");
user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
user_pref("extensions.incredibar_i.smplGrp", "none");
user_pref("extensions.incredibar_i.tlbrId", "base");
user_pref("extensions.incredibar_i.tlbrSrchUrl", "http://mystart.Incredibar.com/?a=6R8i1JcJVk&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar_i.upn2", "6R8i1JcJVk");
user_pref("extensions.incredibar_i.upn2n", "92823741778775398");
user_pref("extensions.incredibar_i.vrsn", "1.5.3.27");
user_pref("extensions.incredibar_i.vrsnTs", "1.5.3.2720:00:16");
user_pref("extensions.incredibar_i.vrsni", "1.5.3.27");
user_pref("extentions.y2layers.defaultEnableAppsList", "ezLooker,pagerage,buzzdock,toprelatedtopics,twittube");
user_pref("extentions.y2layers.installId", "bf7e1d72-ac06-4ccf-81e7-9b1074f5fbdb");
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "MyStart Search");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "MyStart Search");
user_pref("sweetim.toolbar.urls.homepage", "http://home.sweetim.com/?st=2&barid={7FD70832-C4B1-11E0-BD9F-E839DF45899E}");


*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on 29/09/2012 at 17:36:52.33
End of Report

The TDSSkiller log was too long so i zipped it >,<

Attached Files



#7 Mephisto-nim

Mephisto-nim
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 AM

Posted 29 September 2012 - 12:58 PM

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.20.07

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
user :: USER-PC [administrator]

Protection: Enabled

20/09/2012 22:17:58
mbam-log-2012-09-20 (22-17-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 258924
Time elapsed: 15 minute(s), 57 second(s)

Memory Processes Detected: 2
C:\Users\user\AppData\Roaming\Tuto4pc\Tuto4pc\UpdateSangguniStnicHP.exe (PUP.Tuto4PC) -> 3184 -> Delete on reboot.
C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> 3552 -> Delete on reboot.

Memory Modules Detected: 1
C:\Program Files (x86)\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Delete on reboot.

Registry Keys Detected: 26
HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Tuto4pc (PUP.Tuto4PC) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tuto4pc_is1 (PUP.Tuto4PC) -> Quarantined and deleted successfully.

Registry Values Detected: 7
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|UpdateTutorialsHP (PUP.Tuto4PC) -> Data: C:\Users\user\AppData\Roaming\Tuto4pc\Tuto4pc\UpdateSangguniStnicHP.exe -runonce -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Browser companion helper (PUP.Blabbers) -> Data: C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej -> Quarantined and deleted successfully.
HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Quarantined and deleted successfully.
HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Quarantined and deleted successfully.
HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Worm.AutoRun) -> Data: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1309\p13076dsh.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0649\mix76dsh.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1849\p1876dsh.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9849\p9876dsh.exe,explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Taskman (Trojan.Agent) -> Data: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1309\p13076dsh.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0649\mix76dsh.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1849\p1876dsh.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9849\p9876dsh.exe,explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe) Good: (Explorer.exe) -> Quarantined and repaired successfully.

Folders Detected: 1
C:\Program Files (x86)\BrowserCompanion (PUP.Blabbers) -> Delete on reboot.

Files Detected: 717
C:\Users\user\AppData\Roaming\Tuto4pc\Tuto4pc\UpdateSangguniStnic.exe (PUP.Tuto4PC) -> No action taken.
C:\Users\user\AppData\Roaming\Tuto4pc\Tuto4pc\UpdateSangguniStnicHP.exe (PUP.Tuto4PC) -> Delete on reboot.
C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> Delete on reboot.
C:\Program Files (x86)\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\101E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\1075.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\1080.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\10A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\110D.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\1110.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\111E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\113E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\11C1.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\11E6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\11FD.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\120.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\125E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\1290.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\133C.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\136.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\147D.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\1488.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\1593.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\1708.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\1781.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\17AF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\1805.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\185F.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\1899.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\18D8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\18F8.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\18F9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\1954.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\19A6.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\1A04.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\1A12.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\1B06.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\1B40.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\1B57.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\1BD5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\1BFF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\1C3B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\1CCE.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\1CF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\1D1F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\1D2B.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\1E19.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\1E55.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\1E7F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\1EBF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\1F1A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\1FA4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\1FCF.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\2004.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\2065.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\2102.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\2122.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\21E0.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\222C.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\225C.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\225D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\2261.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\227E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\22C.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\239C.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\23C1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\2408.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\2455.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\24DF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\24EB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\2549.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\2596.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\2609.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\2622.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\2665.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\2721.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\275A.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\284D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\28E5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\2A14.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\2A38.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\2A3B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\2A4A.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\2A61.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\2ABA.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\2AD1.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\2AF7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\2B19.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\2B3A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\2B6E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\2B96.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\2C5E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\2CD4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\2D3B.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\2DE1.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\2E12.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\2E7F.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\2E91.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\2EE2.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\2FBD.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\3004.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\3044.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\308E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\312C.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\3169.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\31DC.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\3200.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\324.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\3268.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\3273.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\32A2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\3445.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\3455.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\34B.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\34F8.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\358D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\3766.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\37F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\380.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\3816.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\3851.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\385D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\388D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\38C0.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\38E1.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\391C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\3AE6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\3AFA.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\3C08.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\3C64.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\3CB9.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\3DF6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\3E0E.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\3E9B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\3F03.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\400A.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\4053.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\405F.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\407B.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\407E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\40AB.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\40FA.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\4116.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\415B.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\4184.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\41AA.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\41F6.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\426D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\4299.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\432C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\4379.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\437C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\4381.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\43A0.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\43D3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\43E9.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\4439.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\443F.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\4500.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\4510.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\4568.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\45E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\466B.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\466D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\4700.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\4715.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\473F.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\4745.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\474C.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\481D.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\4956.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\49EF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\49FE.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\4AFD.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\4BC2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\4BF3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\4C5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\4CB2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\4D7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\4DA9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\4E17.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\4E2A.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\4E4A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\4F3E.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\4F52.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\5026.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\503F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\5052.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\508D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\50F4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\510F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\5116.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\512C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\5139.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\517A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\51A3.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\51E1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\51E6.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\51FC.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\522E.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\5264.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\52D3.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\52F9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\52FA.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\5318.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\5434.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\5574.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\55D2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\55E5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\5654.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\56C5.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\5730.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\5783.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\578A.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\578D.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\584E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\586E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\58B2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\58B8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\5906.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\594C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\5953.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\595B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\5A39.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\5BB5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\5C21.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\5C84.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\5C9B.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\5CF8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\5DB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\5E01.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\5E4E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\5EFE.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\5F29.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\5FE8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\600.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\6011.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\6048.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\608B.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\6091.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\60BF.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\60DC.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\60EF.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\611B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\62E2.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\6312.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\63F.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\63F0.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\6401.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\6503.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\655C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\655F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\65D7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\65D8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\65F3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\660E.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\6615.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\6683.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\6746.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\67E6.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\67F2.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\6809.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\68BF.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\6966.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\6970.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\69C7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\6A0D.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\6A3C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\6B8B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\6B9.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\6B99.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\6BB3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\6C1A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\6C36.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\6C3D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\6C49.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\6C87.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\6C98.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\6CE2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\6D96.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\6DA0.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\6EA.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\6ED0.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\6EF0.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\6F30.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\6F45.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\7066.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\71E3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\7211.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\7213.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\721F.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\722D.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\724D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\72BD.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\72BE.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\72DA.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\7334.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\73C.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\73C5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\73F9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\7410.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\7501.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\755B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\75B9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\75D4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\7609.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\762B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\76B6.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\7744.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\7765.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\78B1.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\78E1.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\7912.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\7919.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\7966.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\79CB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\79FC.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\7A16.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\7AFB.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\7B05.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\7B3A.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\7B64.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\7B8E.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\7B92.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\7BC4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\7C44.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\7D21.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\7DD8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\7E23.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\7E6F.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\7E9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\7E9B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\7EAE.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\7FBB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\7FC3.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\7FCA.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\7FCD.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\8055.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\80A8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\8140.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\8170.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\81B9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\81EF.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\821A.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\827C.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\8351.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\8354.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\8386.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\8451.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\845E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\8479.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\8506.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\857.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\8593.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\85F2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\85F3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\8632.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\8637.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\86A8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\86E9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\878A.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\87AF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\8823.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\8831.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\88CE.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\8980.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\89B7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\89C6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\8A5D.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\8A9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\8B8D.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\8BC0.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\8C1C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\8CA7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\8CBA.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\8D40.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\8D73.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\8DCA.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\8DF2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\8DFB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\8E92.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\8EC6.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\8F48.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\8F5F.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\8F85.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\907D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\908F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\90A9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\9166.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\91C5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\921B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\923A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\9294.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\92C0.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\93EC.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\9417.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\948D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\94C3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\9576.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\9592.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\95CF.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\95EA.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\95ED.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\95F4.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\95F9.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\965B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\9665.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\968E.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\96D3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\9785.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\97B1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\97BD.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\97F2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\9810.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\9817.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\98CA.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\9914.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\999D.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\99CF.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\99D2.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\9A4D.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\9ACC.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\9ADE.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\9AE9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\9BD4.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\9C51.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\9C65.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\9D0D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\9EA0.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\9ED1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\9ED5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\9F80.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\A019.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\A0AE.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\A0CD.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\A0D5.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\A102.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\A138.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\A1AB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\A1C4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\A1FB.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\A257.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\A3EC.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\A436.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\A48B.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\A4AF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\A4C0.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\A564.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\A645.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\A69C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\A7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\A71C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\A72F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\A78.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\A846.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\A88B.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\A8BB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\A93E.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\A995.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\A9AB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\AB22.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\AB96.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\ABC2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\ABDB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\AC43.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\ACE.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\AD12.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\AD79.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\AD91.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\ADE3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\AE12.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\AE8B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\AEA.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\AF3C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\B0BB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\B118.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\B16C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\B16F.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\B1CE.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\B2BB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\B2DD.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\B30E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\B33B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\B370.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\B3E7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\B3E9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\B49B.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\B527.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\B5EA.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\B678.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\B717.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\B79C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\B82.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\B8CD.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\B8F0.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\B92F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\B94E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\BA2F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\BA76.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\BAD6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\BAE2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\BB1D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\BB3F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\BB4C.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\BBDD.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\BC0B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\BCFE.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\BD28.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\BD4A.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\BD90.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\BE6E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\BED2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\BEE2.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C019.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C022.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C027.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C032.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C040.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C05F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C0B6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C0D4.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C131.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C1DD.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C20A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C2F7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C31D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C33.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C39.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C3A4.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C4A9.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C4D1.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C4EF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C5C8.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C607.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C61E.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C62F.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C651.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C689.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C6BD.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C70D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C716.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C78.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C7A0.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C7AC.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C84C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C8A6.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C8A9.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C948.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C999.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C9C0.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C9D3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\C9DB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\CA48.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\CB59.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\CBE.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\CDA1.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\CE2D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\CF44.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\D020.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\D0ED.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\D11A.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\D11C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\D17D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\D191.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\D278.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\D2A2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\D2BF.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\D2CD.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\D434.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\D49A.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\D512.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\D567.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\D586.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\D587.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\D630.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\D663.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\D673.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\D68E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\D75A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\D7F7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\D83D.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\D905.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\D921.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\DAA2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\DAE2.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\DB67.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\DBD3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\DC08.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\DC69.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\DCAD.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\DDA4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\DDD9.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\DED.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\DF1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\DF20.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\DF3B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\DFCA.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\DFFB.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\E10D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\E134.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\E153.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\E1C6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\E1CC.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\E1D5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\E1D7.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\E27A.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\E28A.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\E2C.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\E31B.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\E36F.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\E3CA.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\E3CB.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\E3D.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\E45B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\E47C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\E47D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\E482.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\E56B.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\E593.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\E5B6.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\E626.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\E6DE.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\E74D.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\E785.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\E853.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\E8C2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\E8E7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\E903.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\EAAD.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\EAAE.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\EAE2.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\EAFA.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\EB40.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\EB46.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\EB5C.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\EB7C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\EB8D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\EBB.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\EBD.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\EC06.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\EC56.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\EC61.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\EC63.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\ECA3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\ECA7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\ECC7.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\ECDA.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\EE36.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\EE82.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\EEFF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\EF29.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\EF2D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\EF85.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\EFC0.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\F063.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\F0E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\F0EB.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\F16E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\F1E3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\F2B8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\F2C6.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\F2D.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\F2D1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\F45.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\F46.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\F466.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\F4DE.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\F501.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\F5E2.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\F5F8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\F600.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\F65.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\F679.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\F73E.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\F74.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\F77.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\F826.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\F885.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\F888.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\F8C8.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\F8F4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\F9A4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\F9D4.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\F9E2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\FA88.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\FAA8.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\FAAE.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\FB27.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\FB76.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\FBF5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\FBFC.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\FBFD.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\FCA2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\FCAE.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\FCD4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\FCFC.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\FCFF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\FD54.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\FD72.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\FE00.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\FE2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\FE21.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\FE7A.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\FED0.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\FFC.tmp (Trojan.Downloader.H) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\tuto4pc_ph_softonic.exe (Adware.Eorezo) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\35.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Program Files (x86)\BrowserCompanion\logo.ico (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Program Files (x86)\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Delete on reboot.
C:\Program Files (x86)\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Program Files (x86)\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Program Files (x86)\BrowserCompanion\updater.ini (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Program Files (x86)\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Quarantined and deleted successfully.

(end)

#8 Mephisto-nim

Mephisto-nim
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 AM

Posted 29 September 2012 - 01:02 PM

That is the malware log.
sorry if its dis-organized >,< your help is much appreciated ^^

#9 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:13 AM

Posted 29 September 2012 - 01:39 PM

Posted Image - Please boot into Safe Mode with Networking and update MBAM
Now run another Quick Scan with MBAM but do not allow MBAM to Quarantine/Delete anything. Just post the latest log here of you Skipping all the detections (if any were found).

__

Posted Image Please download OTL.

  • Save it to your desktop.
  • Right mouse click on the OTL icon on your desktop and select Run as Administrator
  • Check the "Scan All Users" checkbox.
  • Check the "Standard Output".
  • Change the setting of "Drivers" and "Services" to "All"
  • Copy the text in the code box below and paste it into the Posted Image text-field.
    activex
    netsvcs
    /md5start
    mix76dsh.exe
    p1876dsh.exe
    p9876dsh.exe
    explorer.exe
    zaberg.exe
    /md5stop
    C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0649\*.*
    C:\Users\user\AppData\Roaming\*.tmp
    %windir%\system32\drivers\*.sys /lockedfiles
    
  • Now click the Posted Image button.
  • Two reports will be created:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Paste the contents of OTL.txt here for me to review but attach Extras.txt


#10 Mephisto-nim

Mephisto-nim
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 AM

Posted 29 September 2012 - 02:27 PM

ummm.. about that I've uninstall MBAM program since Sep 23,2012 so.. i cant run a scan of MBAM.
I did say it at my last DDS post below.

Edited by Mephisto-nim, 29 September 2012 - 02:28 PM.


#11 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:13 AM

Posted 29 September 2012 - 02:35 PM

Download: mbam-clean-1.60.2.0003.exe to your desktop.
Run it by right-mouse clicking it and selecting "Run as administrator".
Follow the prompts. Reboot if requested to reboot.

__

Posted Image Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When the scan is complete, click OK, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

#12 Mephisto-nim

Mephisto-nim
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 AM

Posted 29 September 2012 - 03:44 PM

MBAM in safe mode

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.29.04

Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7600.16385
user :: USER-PC [administrator]

Protection: Disabled

30/09/2012 00:33:11
mbam-log-2012-09-30 (00-33-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 255077
Time elapsed: 7 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#13 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:13 AM

Posted 29 September 2012 - 03:52 PM

Good ;)

Now complete the OTL instructions from this post.

#14 Mephisto-nim

Mephisto-nim
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 AM

Posted 29 September 2012 - 04:12 PM

OTL logfile created on: 9/30/2012 12:57:20 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Home Basic Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.86 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 65.75% Memory free
3.73 Gb Paging File | 3.06 Gb Available in Paging File | 82.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 296.08 Gb Total Space | 234.97 Gb Free Space | 79.36% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/30 00:53:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2012/09/25 13:43:01 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/29 22:31:59 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
MOD - [2012/09/25 13:42:58 | 000,460,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppgooglenaclpluginchrome.dll
MOD - [2012/09/25 13:42:55 | 004,005,912 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll
MOD - [2012/09/25 13:41:27 | 000,156,712 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\avutil-51.dll
MOD - [2012/09/25 13:41:26 | 000,275,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\avformat-54.dll
MOD - [2012/09/25 13:41:24 | 002,168,360 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\avcodec-54.dll


========== Services (All) ==========

SRV:64bit: - [2012/02/06 18:12:25 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/03/03 10:17:10 | 000,182,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2010/12/21 10:16:27 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/12/21 10:16:14 | 000,442,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\winhttp.dll -- (WinHttpAutoProxySvc)
SRV:64bit: - [2010/12/21 10:16:09 | 000,258,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WebClnt.dll -- (WebClient)
SRV:64bit: - [2010/11/02 09:16:53 | 001,114,624 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/02 09:12:53 | 001,133,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2010/09/14 10:45:57 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wcncsvc.dll -- (wcncsvc)
SRV:64bit: - [2010/08/27 10:14:02 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/08/21 10:29:47 | 000,558,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2009/12/24 12:43:40 | 000,145,840 | ---- | M] (CSR, plc) [Auto | Stopped] -- C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe -- (VFPRadioSupportService)
SRV:64bit: - [2009/07/30 13:43:00 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Stopped] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)
SRV:64bit: - [2009/07/21 22:31:20 | 000,062,312 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe -- (WirelessSelectorService)
SRV:64bit: - [2009/07/14 05:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/14 05:41:59 | 000,075,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\WUDFSvc.dll -- (wudfsvc)
SRV:64bit: - [2009/07/14 05:41:58 | 002,418,176 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2009/07/14 05:41:58 | 002,018,816 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WsmSvc.dll -- (WinRM)
SRV:64bit: - [2009/07/14 05:41:57 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wpdbusenum.dll -- (WPDBusEnum)
SRV:64bit: - [2009/07/14 05:41:57 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wpcsvc.dll -- (WPCSvc)
SRV:64bit: - [2009/07/14 05:41:56 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2009/07/14 05:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2009/07/14 05:41:56 | 000,578,560 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2009/07/14 05:41:56 | 000,381,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\w32time.dll -- (W32Time)
SRV:64bit: - [2009/07/14 05:41:56 | 000,353,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\upnphost.dll -- (upnphost)
SRV:64bit: - [2009/07/14 05:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2009/07/14 05:41:56 | 000,237,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wecsvc.dll -- (Wecsvc)
SRV:64bit: - [2009/07/14 05:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/14 05:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/14 05:41:56 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
SRV:64bit: - [2009/07/14 05:41:56 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wdi.dll -- (WdiSystemHost)
SRV:64bit: - [2009/07/14 05:41:56 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wdi.dll -- (WdiServiceHost)
SRV:64bit: - [2009/07/14 05:41:56 | 000,084,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wercplsupport.dll -- (wercplsupport)
SRV:64bit: - [2009/07/14 05:41:56 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wersvc.dll -- (WerSvc)
SRV:64bit: - [2009/07/14 05:41:56 | 000,040,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WcsPlugInService.dll -- (WcsPlugInService)
SRV:64bit: - [2009/07/14 05:41:56 | 000,038,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\uxsms.dll -- (UxSms)
SRV:64bit: - [2009/07/14 05:41:55 | 000,706,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\termsrv.dll -- (TermService)
SRV:64bit: - [2009/07/14 05:41:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2009/07/14 05:41:55 | 000,316,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/14 05:41:55 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\trkwks.dll -- (TrkWks)
SRV:64bit: - [2009/07/14 05:41:55 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TabSvc.dll -- (TabletInputService)
SRV:64bit: - [2009/07/14 05:41:55 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tbssvc.dll -- (TBS)
SRV:64bit: - [2009/07/14 05:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/14 05:41:54 | 001,780,736 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sysmain.dll -- (SysMain)
SRV:64bit: - [2009/07/14 05:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/14 05:41:54 | 000,369,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV:64bit: - [2009/07/14 05:41:54 | 000,193,024 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ssdpsrv.dll -- (SSDPSRV)
SRV:64bit: - [2009/07/14 05:41:54 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SessEnv.dll -- (SessionEnv)
SRV:64bit: - [2009/07/14 05:41:54 | 000,075,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sstpsvc.dll -- (SstpSvc)
SRV:64bit: - [2009/07/14 05:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/14 05:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/14 05:41:53 | 001,390,080 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pla.dll -- (pla)
SRV:64bit: - [2009/07/14 05:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2009/07/14 05:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2009/07/14 05:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2009/07/14 05:41:53 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\QAGENTRT.DLL -- (napagent)
SRV:64bit: - [2009/07/14 05:41:53 | 000,438,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\p2psvc.dll -- (p2psvc)
SRV:64bit: - [2009/07/14 05:41:53 | 000,343,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2009/07/14 05:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/14 05:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/14 05:41:53 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qwave.dll -- (QWAVE)
SRV:64bit: - [2009/07/14 05:41:53 | 000,208,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2009/07/14 05:41:53 | 000,190,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SCardSvr.dll -- (SCardSvr)
SRV:64bit: - [2009/07/14 05:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/14 05:41:53 | 000,186,368 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\pcasvc.dll -- (PcaSvc)
SRV:64bit: - [2009/07/14 05:41:53 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009/07/14 05:41:53 | 000,159,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\regsvc.dll -- (RemoteRegistry)
SRV:64bit: - [2009/07/14 05:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2009/07/14 05:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/14 05:41:53 | 000,064,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\Sens.dll -- (SENS)
SRV:64bit: - [2009/07/14 05:41:53 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2009/07/14 05:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2009/07/14 05:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/14 05:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV:64bit: - [2009/07/14 05:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/14 05:41:52 | 000,302,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/14 05:41:28 | 000,368,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msdtckrm.dll -- (KtmRm)
SRV:64bit: - [2009/07/14 05:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 05:41:27 | 000,824,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2009/07/14 05:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009/07/14 05:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (THREADORDER)
SRV:64bit: - [2009/07/14 05:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/14 05:41:18 | 000,300,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lltdsvc.dll -- (lltdsvc)
SRV:64bit: - [2009/07/14 05:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/14 05:41:18 | 000,023,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lmhsvc.dll -- (lmhosts)
SRV:64bit: - [2009/07/14 05:41:13 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\KMSVC.DLL -- (hkmsvc)
SRV:64bit: - [2009/07/14 05:41:11 | 000,156,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\iscsiexe.dll -- (MSiSCSI)
SRV:64bit: - [2009/07/14 05:41:10 | 000,565,760 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\iphlpsvc.dll -- (iphlpsvc)
SRV:64bit: - [2009/07/14 05:41:10 | 000,500,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2009/07/14 05:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2009/07/14 05:41:09 | 000,101,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPBusEnum.dll -- (IPBusEnum)
SRV:64bit: - [2009/07/14 05:41:08 | 000,845,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\IKEEXT.DLL -- (IKEEXT)
SRV:64bit: - [2009/07/14 05:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/14 05:40:59 | 000,776,192 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\gpsvc.dll -- (gpsvc)
SRV:64bit: - [2009/07/14 05:40:52 | 000,034,816 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FDResPub.dll -- (FDResPub)
SRV:64bit: - [2009/07/14 05:40:52 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fdPHost.dll -- (fdPHost)
SRV:64bit: - [2009/07/14 05:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV:64bit: - [2009/07/14 05:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/14 05:40:32 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/14 05:40:32 | 000,162,816 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\dps.dll -- (DPS)
SRV:64bit: - [2009/07/14 05:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/14 05:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/14 05:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2009/07/14 05:40:15 | 000,080,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\certprop.dll -- (SCPolicySvc)
SRV:64bit: - [2009/07/14 05:40:15 | 000,080,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\certprop.dll -- (CertPropSvc)
SRV:64bit: - [2009/07/14 05:40:13 | 000,136,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2009/07/14 05:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/14 05:40:10 | 000,703,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2009/07/14 05:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/14 05:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/14 05:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2009/07/14 05:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2009/07/14 05:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2009/07/14 05:40:01 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/14 05:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/14 05:39:56 | 001,525,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV:64bit: - [2009/07/14 05:39:55 | 000,203,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbem\WmiApSrv.exe -- (wmiApSrv)
SRV:64bit: - [2009/07/14 05:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/14 05:39:50 | 001,598,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2009/07/14 05:39:49 | 000,532,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vds.exe -- (vds)
SRV:64bit: - [2009/07/14 05:39:48 | 000,040,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\UI0Detect.exe -- (UI0Detect)
SRV:64bit: - [2009/07/14 05:39:41 | 000,014,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\snmptrap.exe -- (SNMPTRAP)
SRV:64bit: - [2009/07/14 05:39:37 | 000,593,408 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\SearchIndexer.exe -- (WSearch)
SRV:64bit: - [2009/07/14 05:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/14 05:39:21 | 000,141,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msdtc.exe -- (MSDTC)
SRV:64bit: - [2009/07/14 05:39:21 | 000,127,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/14 05:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (VaultSvc)
SRV:64bit: - [2009/07/14 05:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/14 05:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
SRV:64bit: - [2009/07/14 05:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (Netlogon)
SRV:64bit: - [2009/07/14 05:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/14 05:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (EFS)
SRV:64bit: - [2009/07/14 05:39:15 | 000,010,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Locator.exe -- (RpcLocator)
SRV:64bit: - [2009/07/14 05:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2009/07/14 05:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dllhost.exe -- (COMSysApp)
SRV:64bit: - [2009/07/14 05:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV - [2012/09/29 22:31:58 | 000,722,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012/09/22 23:25:11 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/20 04:53:34 | 000,184,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/08/20 04:53:32 | 001,286,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2012/08/20 04:52:42 | 005,751,928 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/08/17 05:17:50 | 000,194,032 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2012/08/15 14:36:08 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Users\user\Documents\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/27 10:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/06/20 13:08:17 | 000,135,664 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdatem)
SRV - [2011/06/20 13:08:17 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate)
SRV - [2010/12/21 09:38:22 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/12/21 09:38:21 | 000,204,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\WebClnt.dll -- (WebClient)
SRV - [2010/09/24 13:53:40 | 000,384,792 | ---- | M] (Fujitsu Technology Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe -- (TestHandler)
SRV - [2010/09/14 10:07:14 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\wcncsvc.dll -- (wcncsvc)
SRV - [2010/04/23 16:23:26 | 000,204,800 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Vixtel\NetVista\Test Node\bin\wrapper.exe -- (NetVista Agent)
SRV - [2010/03/18 17:23:04 | 000,044,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/01 20:04:48 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/11/01 20:04:42 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/07/14 05:39:48 | 000,194,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\servicing\TrustedInstaller.exe -- (TrustedInstaller)
SRV - [2009/07/14 05:16:20 | 001,175,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\WsmSvc.dll -- (WinRM)
SRV - [2009/07/14 05:16:20 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\wpcsvc.dll -- (WPCSvc)
SRV - [2009/07/14 05:16:18 | 000,076,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\wdi.dll -- (WdiSystemHost)
SRV - [2009/07/14 05:16:18 | 000,076,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\wdi.dll -- (WdiServiceHost)
SRV - [2009/07/14 05:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\WcsPlugInService.dll -- (WcsPlugInService)
SRV - [2009/07/14 05:16:17 | 000,266,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\upnphost.dll -- (upnphost)
SRV - [2009/07/14 05:16:15 | 000,241,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/14 05:16:14 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/07/14 05:16:13 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\SessEnv.dll -- (SessionEnv)
SRV - [2009/07/14 05:16:13 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\Sens.dll -- (SENS)
SRV - [2009/07/14 05:16:12 | 001,508,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\pla.dll -- (pla)
SRV - [2009/07/14 05:16:12 | 000,210,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\qwave.dll -- (QWAVE)
SRV - [2009/07/14 05:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 05:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV - [2009/07/14 05:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009/07/14 05:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV - [2009/07/14 05:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV - [2009/07/14 05:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 05:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV - [2009/07/14 05:14:35 | 000,428,032 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWow64\SearchIndexer.exe -- (WSearch)
SRV - [2009/07/14 05:14:28 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\perfhost.exe -- (PerfHost)
SRV - [2009/07/14 05:14:25 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV - [2009/07/14 05:14:18 | 000,007,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\dllhost.exe -- (COMSysApp)
SRV - [2009/06/11 01:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/11 00:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/06/11 00:30:59 | 000,042,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009/06/11 00:30:45 | 000,856,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2009/02/10 19:01:49 | 000,116,104 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/11/07 00:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2007/05/08 19:47:22 | 000,271,920 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/04/13 21:09:56 | 000,792,112 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2006/10/27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/08/08 10:24:00 | 000,167,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe -- (RichVideo)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (All) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2012/09/29 22:32:00 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/09/17 18:58:54 | 000,056,672 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/09/14 05:34:34 | 000,105,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/09/12 11:47:20 | 000,199,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/12 11:47:02 | 000,175,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/13 16:40:52 | 000,150,880 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/08/10 04:52:16 | 000,040,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/08/09 13:56:42 | 000,230,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2011/05/04 06:51:08 | 000,287,744 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb10.sys -- (mrxsmb10)
DRV:64bit: - [2011/05/04 06:51:08 | 000,157,696 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb.sys -- (mrxsmb)
DRV:64bit: - [2011/05/04 06:51:05 | 000,126,464 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb20.sys -- (mrxsmb20)
DRV:64bit: - [2011/04/29 07:13:10 | 000,461,312 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srv.sys -- (srv)
DRV:64bit: - [2011/04/29 07:12:54 | 000,399,872 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srv2.sys -- (srv2)
DRV:64bit: - [2011/04/29 07:12:37 | 000,161,792 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srvnet.sys -- (srvnet)
DRV:64bit: - [2011/04/27 06:57:40 | 000,102,400 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\dfsc.sys -- (DfsC)
DRV:64bit: - [2011/04/25 09:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tcpip.sys -- (TCPIP6)
DRV:64bit: - [2011/04/25 09:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tcpip.sys -- (Tcpip)
DRV:64bit: - [2011/04/25 06:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\afd.sys -- (AFD)
DRV:64bit: - [2011/02/25 20:17:38 | 000,327,680 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2011/02/25 20:15:35 | 000,343,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbhub.sys -- (usbhub)
DRV:64bit: - [2011/02/25 20:15:35 | 000,051,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbehci.sys -- (usbehci)
DRV:64bit: - [2011/02/25 20:15:13 | 001,657,216 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\ntfs.sys -- (Ntfs)
DRV:64bit: - [2011/02/25 20:15:13 | 000,410,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStorV.sys -- (iaStorV)
DRV:64bit: - [2011/02/25 20:15:13 | 000,166,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstor.sys -- (nvstor)
DRV:64bit: - [2011/02/25 20:15:13 | 000,148,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvraid.sys -- (nvraid)
DRV:64bit: - [2011/02/25 20:15:13 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/02/25 20:15:13 | 000,091,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBSTOR.SYS -- (USBSTOR)
DRV:64bit: - [2011/02/25 20:15:13 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/23 09:15:06 | 000,090,624 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bowser.sys -- (bowser)
DRV:64bit: - [2011/01/26 10:53:10 | 000,982,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV:64bit: - [2010/07/22 17:13:28 | 000,054,848 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\FSPFltd.sys -- (FSProFilter)
DRV:64bit: - [2010/07/12 20:11:59 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2010/07/12 20:11:31 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sffp_sd.sys -- (sffp_sd)
DRV:64bit: - [2010/06/08 12:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/05 00:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/04 08:40:58 | 000,184,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbvideo.sys -- (usbvideo)
DRV:64bit: - [2009/12/18 14:38:56 | 008,038,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/11/27 08:15:00 | 000,244,736 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/11/06 15:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/11/01 20:04:42 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/10/28 14:40:58 | 002,018,080 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTKVHD64.sys -- (IntcAzAudAddService)
DRV:64bit: - [2009/10/26 15:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/09 23:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/26 10:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/07/14 05:52:31 | 000,367,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\clfs.sys -- (CLFS)
DRV:64bit: - [2009/07/14 05:52:31 | 000,021,584 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\compbatt.sys -- (Compbatt)
DRV:64bit: - [2009/07/14 05:52:31 | 000,017,488 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmdide.sys -- (cmdide)
DRV:64bit: - [2009/07/14 05:52:21 | 000,491,088 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adp94xx.sys -- (adp94xx)
DRV:64bit: - [2009/07/14 05:52:21 | 000,339,536 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adpahci.sys -- (adpahci)
DRV:64bit: - [2009/07/14 05:52:21 | 000,334,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpi.sys -- (ACPI)
DRV:64bit: - [2009/07/14 05:52:21 | 000,182,864 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adpu320.sys -- (adpu320)
DRV:64bit: - [2009/07/14 05:52:21 | 000,097,856 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\arcsas.sys -- (arcsas)
DRV:64bit: - [2009/07/14 05:52:21 | 000,087,632 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\arc.sys -- (arc)
DRV:64bit: - [2009/07/14 05:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AGP440.sys -- (agp440)
DRV:64bit: - [2009/07/14 05:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atapi.sys -- (atapi)
DRV:64bit: - [2009/07/14 05:52:21 | 000,015,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdide.sys -- (amdide)
DRV:64bit: - [2009/07/14 05:52:21 | 000,015,440 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aliide.sys -- (aliide)
DRV:64bit: - [2009/07/14 05:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 05:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ndis.sys -- (NDIS)
DRV:64bit: - [2009/07/14 05:48:27 | 000,224,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msiscsi.sys -- (iScsiPrt)
DRV:64bit: - [2009/07/14 05:48:27 | 000,155,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mpio.sys -- (mpio)
DRV:64bit: - [2009/07/14 05:48:27 | 000,140,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdsm.sys -- (msdsm)
DRV:64bit: - [2009/07/14 05:48:27 | 000,094,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mountmgr.sys -- (mountmgr)
DRV:64bit: - [2009/07/14 05:48:27 | 000,060,496 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\mup.sys -- (Mup)
DRV:64bit: - [2009/07/14 05:48:27 | 000,049,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mouclass.sys -- (mouclass)
DRV:64bit: - [2009/07/14 05:48:27 | 000,032,320 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mssmbios.sys -- (mssmbios)
DRV:64bit: - [2009/07/14 05:48:27 | 000,030,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msahci.sys -- (msahci)
DRV:64bit: - [2009/07/14 05:48:27 | 000,015,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\msisadrv.sys -- (msisadrv)
DRV:64bit: - [2009/07/14 05:48:26 | 000,367,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msrpc.sys -- (MsRPC)
DRV:64bit: - [2009/07/14 05:48:26 | 000,122,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NV_AGP.SYS -- (nv_agp)
DRV:64bit: - [2009/07/14 05:48:26 | 000,051,264 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nfrd960.sys -- (nfrd960)
DRV:64bit: - [2009/07/14 05:48:04 | 000,284,736 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MegaSR.sys -- (MegaSR)
DRV:64bit: - [2009/07/14 05:48:04 | 000,115,776 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV:64bit: - [2009/07/14 05:48:04 | 000,114,752 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_fc.sys -- (LSI_FC)
DRV:64bit: - [2009/07/14 05:48:04 | 000,106,560 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas.sys -- (LSI_SAS)
DRV:64bit: - [2009/07/14 05:48:04 | 000,095,312 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecdd.sys -- (KSecDD)
DRV:64bit: - [2009/07/14 05:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 05:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbdclass.sys -- (kbdclass)
DRV:64bit: - [2009/07/14 05:48:04 | 000,044,112 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iirsp.sys -- (iirsp)
DRV:64bit: - [2009/07/14 05:48:04 | 000,035,392 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\megasas.sys -- (megasas)
DRV:64bit: - [2009/07/14 05:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\isapnp.sys -- (isapnp)
DRV:64bit: - [2009/07/14 05:48:04 | 000,016,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelide.sys -- (intelide)
DRV:64bit: - [2009/07/14 05:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/14 05:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/14 05:47:48 | 000,530,496 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\elxstor.sys -- (elxstor)
DRV:64bit: - [2009/07/14 05:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 05:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\disk.sys -- (Disk)
DRV:64bit: - [2009/07/14 05:47:48 | 000,070,224 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\fileinfo.sys -- (FileInfo)
DRV:64bit: - [2009/07/14 05:47:48 | 000,065,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GAGP30KX.SYS -- (gagp30kx)
DRV:64bit: - [2009/07/14 05:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009/07/14 05:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 05:47:47 | 000,290,368 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\fltMgr.sys -- (FltMgr)
DRV:64bit: - [2009/07/14 05:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/14 05:45:55 | 000,654,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Wdf01000.sys -- (Wdf01000)
DRV:64bit: - [2009/07/14 05:45:55 | 000,363,584 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volmgrx.sys -- (volmgrx)
DRV:64bit: - [2009/07/14 05:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volsnap.sys -- (volsnap)
DRV:64bit: - [2009/07/14 05:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/14 05:45:55 | 000,161,872 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vsmraid.sys -- (vsmraid)
DRV:64bit: - [2009/07/14 05:45:55 | 000,071,760 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volmgr.sys -- (volmgr)
DRV:64bit: - [2009/07/14 05:45:55 | 000,064,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ULIAGPKX.SYS -- (uliagpkx)
DRV:64bit: - [2009/07/14 05:45:55 | 000,064,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UAGP35.SYS -- (uagp35)
DRV:64bit: - [2009/07/14 05:45:55 | 000,062,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\termdd.sys -- (TermDD)
DRV:64bit: - [2009/07/14 05:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/14 05:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 05:45:55 | 000,021,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wd.sys -- (Wd)
DRV:64bit: - [2009/07/14 05:45:55 | 000,019,008 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\spldr.sys -- (spldr)
DRV:64bit: - [2009/07/14 05:45:55 | 000,017,488 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viaide.sys -- (viaide)
DRV:64bit: - [2009/07/14 05:45:55 | 000,012,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swenum.sys -- (swenum)
DRV:64bit: - [2009/07/14 05:45:46 | 001,524,816 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ql2300.sys -- (ql2300)
DRV:64bit: - [2009/07/14 05:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/14 05:45:46 | 000,080,464 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sisraid4.sys -- (SiSRaid4)
DRV:64bit: - [2009/07/14 05:45:46 | 000,075,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\partmgr.sys -- (partmgr)
DRV:64bit: - [2009/07/14 05:45:45 | 000,220,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcmcia.sys -- (pcmcia)
DRV:64bit: - [2009/07/14 05:45:45 | 000,183,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pci.sys -- (pci)
DRV:64bit: - [2009/07/14 05:45:45 | 000,128,592 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ql40xx.sys -- (ql40xx)
DRV:64bit: - [2009/07/14 05:45:45 | 000,104,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbp2port.sys -- (sbp2port)
DRV:64bit: - [2009/07/14 05:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/14 05:45:45 | 000,043,584 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sisraid2.sys -- (SiSRaid2)
DRV:64bit: - [2009/07/14 05:45:45 | 000,012,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pciide.sys -- (pciide)
DRV:64bit: - [2009/07/14 05:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/14 05:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (1394hub)
DRV:64bit: - [2009/07/14 05:19:07 | 000,286,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerId.sys -- (Brserid)
DRV:64bit: - [2009/07/14 05:01:19 | 000,651,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\PEAuth.sys -- (PEAUTH)
DRV:64bit: - [2009/07/14 04:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbprint.sys -- (usbprint)
DRV:64bit: - [2009/07/14 04:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbscan.sys -- (usbscan)
DRV:64bit: - [2009/07/14 04:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/14 04:16:48 | 000,204,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpwd.sys -- (RDPWD)
DRV:64bit: - [2009/07/14 04:16:41 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tssecsrv.sys -- (tssecsrv)
DRV:64bit: - [2009/07/14 04:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/14 04:16:34 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPENCDD.sys -- (RDPENCDD)
DRV:64bit: - [2009/07/14 04:16:34 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\RDPCDD.sys -- (RDPCDD)
DRV:64bit: - [2009/07/14 04:16:32 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdtcp.sys -- (TDTCP)
DRV:64bit: - [2009/07/14 04:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdpipe.sys -- (TDPIPE)
DRV:64bit: - [2009/07/14 04:10:48 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\modem.sys -- (Modem)
DRV:64bit: - [2009/07/14 04:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009/07/14 04:10:25 | 000,083,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rassstp.sys -- (RasSstp)
DRV:64bit: - [2009/07/14 04:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn)
DRV:64bit: - [2009/07/14 04:10:22 | 000,088,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\wanarp.sys -- (Wanarpv6)
DRV:64bit: - [2009/07/14 04:10:22 | 000,088,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wanarp.sys -- (WANARP)
DRV:64bit: - [2009/07/14 04:10:18 | 000,111,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\raspptp.sys -- (PptpMiniport)
DRV:64bit: - [2009/07/14 04:10:17 | 000,092,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\raspppoe.sys -- (RasPppoe)
DRV:64bit: - [2009/07/14 04:10:13 | 000,164,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndiswan.sys -- (NdisWan)
DRV:64bit: - [2009/07/14 04:10:13 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asyncmac.sys -- (AsyncMac)
DRV:64bit: - [2009/07/14 04:10:12 | 000,130,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rasl2tp.sys -- (Rasl2tp)
DRV:64bit: - [2009/07/14 04:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rasacd.sys -- (RasAcd)
DRV:64bit: - [2009/07/14 04:10:05 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndproxy.sys -- (NDProxy)
DRV:64bit: - [2009/07/14 04:10:04 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV:64bit: - [2009/07/14 04:10:03 | 000,116,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipnat.sys -- (IPNAT)
DRV:64bit: - [2009/07/14 04:10:00 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndistapi.sys -- (NdisTapi)
DRV:64bit: - [2009/07/14 04:09:49 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\tcpipreg.sys -- (tcpipreg)
DRV:64bit: - [2009/07/14 04:09:48 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qwavedrv.sys -- (QWAVEdrv)
DRV:64bit: - [2009/07/14 04:09:42 | 000,131,584 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pacer.sys -- (Psched)
DRV:64bit: - [2009/07/14 04:09:38 | 000,125,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tunnel.sys -- (tunnel)
DRV:64bit: - [2009/07/14 04:09:26 | 000,044,544 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\netbios.sys -- (NetBIOS)
DRV:64bit: - [2009/07/14 04:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/14 04:09:25 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndisuio.sys -- (Ndisuio)
DRV:64bit: - [2009/07/14 04:09:09 | 000,093,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\smb.sys -- (Smb)
DRV:64bit: - [2009/07/14 04:08:59 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irenum.sys -- (IRENUM)
DRV:64bit: - [2009/07/14 04:08:51 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rspndr.sys -- (rspndr)
DRV:64bit: - [2009/07/14 04:08:51 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lltdio.sys -- (lltdio)
DRV:64bit: - [2009/07/14 04:08:25 | 000,077,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mpsdrv.sys -- (mpsdrv)
DRV:64bit: - [2009/07/14 04:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/14 04:07:23 | 000,318,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nwifi.sys -- (NativeWifiP)
DRV:64bit: - [2009/07/14 04:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt)
DRV:64bit: - [2009/07/14 04:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/14 04:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/14 04:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/14 04:07:00 | 000,118,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthpan.sys -- (BthPan)
DRV:64bit: - [2009/07/14 04:06:57 | 000,551,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthport.sys -- (BTHPORT)
DRV:64bit: - [2009/07/14 04:06:56 | 000,158,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rfcomm.sys -- (RFCOMM)
DRV:64bit: - [2009/07/14 04:06:56 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\umbus.sys -- (umbus)
DRV:64bit: - [2009/07/14 04:06:53 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthenum.sys -- (BthEnum)
DRV:64bit: - [2009/07/14 04:06:52 | 000,100,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbth.sys -- (HidBth)
DRV:64bit: - [2009/07/14 04:06:52 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BTHUSB.SYS -- (BTHUSB)
DRV:64bit: - [2009/07/14 04:06:52 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthmodem.sys -- (BTHMODEM)
DRV:64bit: - [2009/07/14 04:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/14 04:06:45 | 000,098,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbccgp.sys -- (usbccgp)
DRV:64bit: - [2009/07/14 04:06:45 | 000,072,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ohci1394.sys -- (ohci1394)
DRV:64bit: - [2009/07/14 04:06:37 | 000,100,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbcir.sys -- (usbcir)
DRV:64bit: - [2009/07/14 04:06:34 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\circlass.sys -- (circlass)
DRV:64bit: - [2009/07/14 04:06:30 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbohci.sys -- (usbohci)
DRV:64bit: - [2009/07/14 04:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2009/07/14 04:06:27 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbuhci.sys -- (usbuhci)
DRV:64bit: - [2009/07/14 04:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/14 04:06:23 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidir.sys -- (HidIr)
DRV:64bit: - [2009/07/14 04:06:22 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidusb.sys -- (HidUsb)
DRV:64bit: - [2009/07/14 04:06:16 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drmkaud.sys -- (drmkaud)
DRV:64bit: - [2009/07/14 04:06:13 | 000,122,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hdaudbus.sys -- (HDAudBus)
DRV:64bit: - [2009/07/14 04:06:06 | 000,172,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WUDFRd.sys -- (WUDFRd)
DRV:64bit: - [2009/07/14 04:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/14 04:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/14 04:02:07 | 000,027,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacompen.sys -- (WacomPen)
DRV:64bit: - [2009/07/14 04:01:03 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV:64bit: - [2009/07/14 04:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sfloppy.sys -- (sfloppy)
DRV:64bit: - [2009/07/14 04:01:01 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sffdisk.sys -- (sffdisk)
DRV:64bit: - [2009/07/14 04:00:54 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fdc.sys -- (fdc)
DRV:64bit: - [2009/07/14 04:00:54 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\flpydisk.sys -- (flpydisk)
DRV:64bit: - [2009/07/14 04:00:41 | 000,097,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\parport.sys -- (Parport)
DRV:64bit: - [2009/07/14 04:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serial.sys -- (Serial)
DRV:64bit: - [2009/07/14 04:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/14 04:00:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serenum.sys -- (Serenum)
DRV:64bit: - [2009/07/14 04:00:20 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbdhid.sys -- (kbdhid)
DRV:64bit: - [2009/07/14 04:00:20 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mouhid.sys -- (mouhid)
DRV:64bit: - [2009/07/14 04:00:20 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sermouse.sys -- (sermouse)
DRV:64bit: - [2009/07/14 04:00:19 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ksthunk.sys -- (ksthunk)
DRV:64bit: - [2009/07/14 04:00:18 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mskssrv.sys -- (MSKSSRV)
DRV:64bit: - [2009/07/14 04:00:17 | 000,008,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mstee.sys -- (MSTEE)
DRV:64bit: - [2009/07/14 04:00:17 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mspclock.sys -- (MSPCLOCK)
DRV:64bit: - [2009/07/14 04:00:17 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mspqm.sys -- (MSPQM)
DRV:64bit: - [2009/07/14 04:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/14 03:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/14 03:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/14 03:47:45 | 000,078,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV:64bit: - [2009/07/14 03:38:52 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\monitor.sys -- (monitor)
DRV:64bit: - [2009/07/14 03:38:47 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vga.sys -- (VgaSave)
DRV:64bit: - [2009/07/14 03:38:47 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vgapnp.sys -- (vga)
DRV:64bit: - [2009/07/14 03:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/14 03:35:59 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\blbdrive.sys -- (blbdrive)
DRV:64bit: - [2009/07/14 03:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/14 03:31:04 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\errdev.sys -- (ErrDev)
DRV:64bit: - [2009/07/14 03:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/14 03:31:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wmiacpi.sys -- (WmiAcpi)
DRV:64bit: - [2009/07/14 03:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/14 03:26:13 | 000,113,152 | ---- | M] (Microsoft Corporation) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\luafv.sys -- (luafv)
DRV:64bit: - [2009/07/14 03:25:40 | 000,034,304 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\filetrace.sys -- (Filetrace)
DRV:64bit: - [2009/07/14 03:24:10 | 000,309,248 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\rdbss.sys -- (rdbss)
DRV:64bit: - [2009/07/14 03:23:57 | 000,140,800 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mrxdav.sys -- (MRxDAV)
DRV:64bit: - [2009/07/14 03:23:29 | 000,204,800 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fastfat.sys -- (fastfat)
DRV:64bit: - [2009/07/14 03:23:29 | 000,195,072 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\exfat.sys -- (exfat)
DRV:64bit: - [2009/07/14 03:22:20 | 000,751,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\http.sys -- (HTTP)
DRV:64bit: - [2009/07/14 03:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/14 03:21:29 | 000,259,072 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\netbt.sys -- (NetBT)
DRV:64bit: - [2009/07/14 03:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tdx.sys -- (tdx)
DRV:64bit: - [2009/07/14 03:21:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nsiproxy.sys -- (nsiproxy)
DRV:64bit: - [2009/07/14 03:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\i8042prt.sys -- (i8042prt)
DRV:64bit: - [2009/07/14 03:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrom.sys -- (cdrom)
DRV:64bit: - [2009/07/14 03:19:48 | 000,044,032 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\npfs.sys -- (Npfs)
DRV:64bit: - [2009/07/14 03:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009/07/14 03:19:47 | 000,026,112 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\msfs.sys -- (Msfs)
DRV:64bit: - [2009/07/14 03:19:38 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\null.sys -- (Null)
DRV:64bit: - [2009/07/14 03:19:25 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdk8.sys -- (AmdK8)
DRV:64bit: - [2009/07/14 03:19:25 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelppm.sys -- (intelppm)
DRV:64bit: - [2009/07/14 03:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/07/14 03:19:25 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\processr.sys -- (Processor)
DRV:64bit: - [2009/06/11 00:41:10 | 000,047,104 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV:64bit: - [2009/06/11 00:41:10 | 000,014,976 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV:64bit: - [2009/06/11 00:41:10 | 000,014,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV:64bit: - [2009/06/11 00:41:06 | 000,018,432 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrFiltLo.sys -- (BrFiltLo)
DRV:64bit: - [2009/06/11 00:41:06 | 000,008,704 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrFiltUp.sys -- (BrFiltUp)
DRV:64bit: - [2009/06/11 00:37:19 | 000,023,040 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\secdrv.sys -- (secdrv)
DRV:64bit: - [2009/06/11 00:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 00:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 00:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 00:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007/11/07 00:23:14 | 000,040,464 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2006/11/01 20:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3)
DRV:64bit: - [2006/11/01 20:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [2009/07/14 05:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E5D7B6AF-DA80-42B5-AAC0-3B64D1C1062C}
IE:64bit: - HKLM\..\SearchScopes\{E5D7B6AF-DA80-42B5-AAC0-3B64D1C1062C}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {8A82ED0C-8053-4A65-8940-731C2C2A986E}
IE - HKLM\..\SearchScopes\{8A82ED0C-8053-4A65-8940-731C2C2A986E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2675299836-3941121238-1115800653-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ts.fujitsu.com
IE - HKU\S-1-5-21-2675299836-3941121238-1115800653-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com/ig/redirectd [Binary data over 200 bytes]
IE - HKU\S-1-5-21-2675299836-3941121238-1115800653-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-2675299836-3941121238-1115800653-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-2675299836-3941121238-1115800653-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2675299836-3941121238-1115800653-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-2675299836-3941121238-1115800653-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=bf2&s={searchTerms}&f=4
IE - HKU\S-1-5-21-2675299836-3941121238-1115800653-1000\..\SearchScopes\{8A82ED0C-8053-4A65-8940-731C2C2A986E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF_enAE437
IE - HKU\S-1-5-21-2675299836-3941121238-1115800653-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={06F0ED6F-6AE0-4A1B-9050-F676B0BA9B32}&mid=3b7a17eb8e2147d09ed4397099a1606d-65aad6ac4914457823b23060e798d00fd6d5fbb0&lang=en&ds=AVG&pr=pr&d=2012-09-29 22:32:00&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2675299836-3941121238-1115800653-1000\..\SearchScopes\{DD8EDE91-6666-413A-84CC-A09F048281AF}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^AE&apn_uid=90ba480a-6fa3-47dd-8abd-c92cf4119eaa&apn_sauid=4A09F1E5-3A12-4B0B-BD41-F8D7A712B490&
IE - HKU\S-1-5-21-2675299836-3941121238-1115800653-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.2.0.2
FF - prefs.js..extensions.enabledAddons: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2189
FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledAddons: avg@toolbar:11.1.0.12
FF - prefs.js..extensions.enabledAddons: bbrs_002@blabbers.com:1.0.5
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B7e7b6cc6-cbeb-4417-b4b4-259b0b2f322a%7D&mid=3b7a17eb8e2147d09ed4397099a1606d-65aad6ac4914457823b23060e798d00fd6d5fbb0&ds=AVG&v=11.1.0.12&lang=en&pr=fr&d=2012-06-07%2019%3A42%3A58&sap=ku&q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..browser.startup.homepage: "http://mystart.incredibar.com/mb119?a=6R8i1JcJVk&i=26"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_7.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_7.0 [2011/11/28 08:14:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/11 02:22:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.34\ [2012/09/29 22:32:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/07 17:58:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/15 14:36:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/07 17:59:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011/11/28 08:14:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\shabtay@gmail.com: C:\Program Files (x86)\2YourFace\2YourFace.xpi

[2011/06/20 16:04:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2011/08/12 11:00:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\extensions
[2011/08/12 11:00:49 | 000,000,000 | ---D | M] (2YourFace) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\extensions\support@2yourface.com
[2012/08/15 13:52:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012/08/15 13:52:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions
[2011/08/12 11:00:49 | 000,000,000 | ---D | M] (2YourFace) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\extensions\support@2yourface.com
[2012/08/15 13:52:12 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\plugin@yontoo.com
[2011/08/12 11:06:26 | 000,000,000 | ---D | M] (2YourFace) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\support@2yourface.com
[2012/09/29 17:36:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\ur7mav29.default\extensions
[2011/12/10 23:14:27 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\ur7mav29.default\extensions\bbrs_002@blabbers.com
[2011/08/12 11:00:49 | 000,000,000 | ---D | M] (2YourFace) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\ur7mav29.default\extensions\support@2yourface.com
[2012/08/15 13:50:19 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\ur7mav29.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire
[2012/08/15 13:50:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\ur7mav29.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\121dd294d0865e35c0d529b188ce61b9_expire
[2012/06/09 18:27:25 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\ur7mav29.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\21d2bb231d3c04f5b6434220b2b1cb9e_expire
[2012/08/15 13:50:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\ur7mav29.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\30e236d2fa64fab08a73074ad3ce75d6_expire
[2012/08/15 13:50:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\ur7mav29.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3888b8c1991d146635b62d265e884dd6_expire
[2012/08/15 13:50:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\ur7mav29.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\39f11eb154a69eec87beb0cf0654139a_expire
[2012/08/15 13:50:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\ur7mav29.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3f74f97ed1af234b56c078c832a3895c_expire
[2012/06/09 18:27:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\ur7mav29.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\42ac55a3a33599e8a6ee2d2147fcbf90_expire
[2012/08/15 13:50:22 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\ur7mav29.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire
[2012/08/15 13:50:21 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\ur7mav29.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\656bf02a99a3ba2fbf237f6152b7f3de_expire
[2012/06/09 18:27:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\ur7mav29.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\680670b86f0b67567a12d8162b67b978_expire
[2012/04/07 14:56:52 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\ur7mav29.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\845d35a3845a6b81af290ebab09006a3_expire
[2012/08/15 13:50:20 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\ur7mav29.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\aaff3303cdd7526dcb9cd1bc7f49fa7a_expire
[2012/08/15 13:50:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\ur7mav29.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b_expire
[2012/08/15 14:36:41 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\ur7mav29.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ce3363d5699ae282fc51a75cea546a02_expire
[2012/08/15 13:50:19 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\ur7mav29.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire
[2012/08/15 13:50:22 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\ur7mav29.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire
[2012/08/15 13:50:23 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\ur7mav29.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire
[2012/08/15 13:50:20 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\ur7mav29.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f7d497934fd1ed52a1509608fad1bf59_expire
[2012/04/11 10:40:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\ur7mav29.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f9a72145bb8585e68e96588597268814_expire
[2012/08/15 13:50:21 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\ur7mav29.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire
[2012/08/15 13:50:21 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\ur7mav29.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire
[2012/03/20 18:12:26 | 000,003,983 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\ur7mav29.default\searchplugins\sweetim.xml
[2012/09/29 17:36:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/24 18:08:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/07/09 20:25:46 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12
[2012/09/29 22:32:06 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.5.34\
File not found (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UR7MAV29.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}
File not found (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UR7MAV29.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM
[2012/08/15 14:36:09 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/07 17:58:39 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/09/29 22:31:56 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/15 14:36:07 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/08/12 10:59:51 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012/08/15 14:36:07 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com.ph/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com.ph/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0\chromeNPAPI.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - Extension: SocialReviver = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfipfkeoidmndggnnpobeenlamiclald\3.14_0\
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Facebook Colour Changer = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpllmoilcakpgbeodibeifcfnndoheam\1.3.1_0\
CHR - Extension: Google Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Kagamine Rin & Len Theme = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajbmlfcphelnfmnfmknjhhnajbihaaa\2_0\
CHR - Extension: AdBlock = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Click to Call = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: AVG Secure Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.34_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/11 01:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Users\user\Documents\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2675299836-3941121238-1115800653-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2675299836-3941121238-1115800653-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [ConMgr] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe (CSR, plc)
O4:64bit: - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DeskUpdateNotifier] C:\Fujitsu\Programs\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Tutorials] "C:\Program Files (x86)\Tuto4pc\sangguni.exe" File not found
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2675299836-3941121238-1115800653-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-2675299836-3941121238-1115800653-1000..\Run: [Facebook Update] C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2675299836-3941121238-1115800653-1000..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2675299836-3941121238-1115800653-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2675299836-3941121238-1115800653-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2675299836-3941121238-1115800653-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Users\user\Documents\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Users\user\Documents\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99580D45-DB6F-4D40-B4C8-498A2A88833B}: DhcpNameServer = 192.168.254.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Users\user\Documents\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2675299836-3941121238-1115800653-1000 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/17 15:45:22 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7a5988fc-a0e2-11e0-8282-e839df45899e}\Shell - "" = AutoRun
O33 - MountPoints2\{7a5988fc-a0e2-11e0-8282-e839df45899e}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX:64bit: {171D265F-EA5F-C17B-A26F-8A541D8FCA0D} - Offline Browsing Pack
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2BF2C7D7-7E36-C61C-131E-810D3C89C3C9} - DirectX
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {65DDFADF-840D-4EDF-6457-4958303561AE} - Offline Browsing Pack
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6CB82B51-6F56-494D-6B0A-C986D8D5AFE7} - Offline Browsing Pack
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F54E029C-38FE-BDC1-1665-31DE831F3BD6} - Microsoft Windows Media Player
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP


========== Files/Folders - Created Within 30 Days ==========

[2012/09/30 00:53:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/09/30 00:00:36 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2012/09/30 00:00:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/30 00:00:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/30 00:00:24 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/30 00:00:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/29 23:54:08 | 010,523,968 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\user\Desktop\123abc.exe
[2012/09/29 23:43:08 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2012/09/29 23:39:57 | 000,080,456 | ---- | C] (Malwarebytes Corporation) -- C:\Users\user\Desktop\mbam-clean-1.60.2.0003.exe
[2012/09/29 22:41:48 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\AVG2013
[2012/09/29 22:32:08 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\TuneUp Software
[2012/09/29 22:32:00 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/09/29 22:31:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/09/29 22:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/09/29 22:13:58 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\MFAData
[2012/09/29 22:13:58 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Avg2013
[2012/09/29 21:47:03 | 000,000,000 | ---D | C] -- C:\TDSSkiller log
[2012/09/29 17:17:45 | 000,000,000 | ---D | C] -- C:\JRT
[2012/09/29 17:05:54 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\tdsskiller.exe
[2012/09/20 07:13:09 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/09/20 07:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/09/20 07:12:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/09/20 07:06:35 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/09/20 07:06:34 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/09/20 07:06:34 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/09/20 07:06:01 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/09/20 07:05:58 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/09/20 07:05:56 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/09/20 07:05:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/09/19 14:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/09/17 18:58:54 | 000,056,672 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2012/09/14 05:34:34 | 000,105,312 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2012/09/12 11:47:20 | 000,199,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2012/09/12 11:47:02 | 000,175,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[205 C:\Users\user\AppData\Roaming\*.tmp files -> C:\Users\user\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/30 00:53:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/09/30 00:50:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/30 00:50:37 | 1500,946,432 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/30 00:46:29 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/30 00:07:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/30 00:00:25 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/29 23:56:42 | 010,523,968 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\user\Desktop\123abc.exe
[2012/09/29 23:50:36 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/29 23:50:36 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/29 23:39:57 | 000,080,456 | ---- | M] (Malwarebytes Corporation) -- C:\Users\user\Desktop\mbam-clean-1.60.2.0003.exe
[2012/09/29 23:23:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/29 22:32:09 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/09/29 22:32:00 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/09/29 21:47:02 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2675299836-3941121238-1115800653-1000UA.job
[2012/09/29 17:16:06 | 000,543,219 | ---- | M] () -- C:\Users\user\Desktop\JRT.exe
[2012/09/29 17:07:06 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\user\Desktop\tdsskiller.exe
[2012/09/29 01:44:15 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2675299836-3941121238-1115800653-1000Core.job
[2012/09/22 23:25:10 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/09/22 23:25:10 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/09/20 07:05:24 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/09/20 07:05:16 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/09/20 07:05:16 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/09/20 07:05:14 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/09/20 07:05:14 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/09/20 07:05:14 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/09/20 03:11:56 | 000,027,520 | ---- | M] () -- C:\Users\user\AppData\Local\dt.dat
[2012/09/19 11:55:32 | 000,409,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/09/17 18:58:54 | 000,056,672 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2012/09/14 05:34:34 | 000,105,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2012/09/12 11:47:20 | 000,199,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2012/09/12 11:47:02 | 000,175,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[205 C:\Users\user\AppData\Roaming\*.tmp files -> C:\Users\user\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/30 00:00:25 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/29 22:32:09 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/09/29 17:16:05 | 000,543,219 | ---- | C] () -- C:\Users\user\Desktop\JRT.exe
[2012/09/20 13:24:01 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2012/09/20 03:11:56 | 000,027,520 | ---- | C] () -- C:\Users\user\AppData\Local\dt.dat
[2012/06/06 11:57:02 | 000,000,632 | RHS- | C] () -- C:\Users\user\ntuser.pol
[2012/02/06 18:13:15 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/11/09 17:28:48 | 000,484,845 | ---- | C] () -- C:\Users\user\bleep assessment.jpeg
[2011/10/21 13:05:49 | 000,004,608 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/02 21:29:51 | 000,000,053 | ---- | C] () -- C:\Windows\SysWow64\imon1.dat
[2011/07/24 17:10:47 | 000,000,012 | ---- | C] () -- C:\ProgramData\ReminderNextRun
[2011/07/01 01:06:23 | 002,346,540 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png
[2011/06/25 11:20:12 | 000,593,920 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/06/25 11:20:12 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/06/25 11:20:11 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/06/25 11:01:28 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011/06/20 18:38:54 | 000,002,105 | ---- | C] () -- C:\Users\user\Canon MP Navigator EX 3.0.lnk
[2011/06/20 18:38:07 | 000,001,848 | ---- | C] () -- C:\Users\user\Canon My Printer.lnk
[2011/06/20 13:27:38 | 000,772,430 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/25 20:15:39 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/02/25 20:15:39 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/02/25 20:15:39 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/02/25 20:15:38 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/02/25 20:15:38 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin

========== ZeroAccess Check ==========

[2009/07/14 08:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/07/27 18:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/07/27 18:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 05:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 05:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 05:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< MD5 for: EXPLORER.EXE >
[2011/02/26 10:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 10:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 09:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 05:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 09:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/07/12 20:19:53 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 09:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 09:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 10:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 10:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/07/12 20:22:35 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 09:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/07/12 20:19:53 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/07/12 20:22:35 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/07/12 20:19:53 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/07/12 20:22:35 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 05:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/07/12 20:19:53 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 10:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/07/12 20:22:35 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0649\*.* >

< C:\Users\user\AppData\Roaming\*.tmp >
[205 C:\Users\user\AppData\Roaming\*.tmp files -> C:\Users\user\AppData\Roaming\*.tmp -> ]

< %windir%\system32\drivers\*.sys /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\Users\user\bleep assessment.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:ADF211B1

< End of report >

Attached Files



#15 Mephisto-nim

Mephisto-nim
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 AM

Posted 29 September 2012 - 04:14 PM

MBAM in normal mode

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.29.04

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
user :: USER-PC [administrator]

Protection: Enabled

30/09/2012 00:03:33
mbam-log-2012-09-30 (00-03-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 256439
Time elapsed: 12 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users