Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit Removed Now Only Safe Mode Boot Vista


  • This topic is locked This topic is locked
16 replies to this topic

#1 pleased123

pleased123

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 17 October 2012 - 09:36 PM

I have Bitdefender on my PC and I did a scan and it said I had a rootkit and needed to be restarted to remove so I restarted and now normal boot goes to blue screen every time stop 0x0000007E, and safe mode works. I tried scan with updated malwarebytes in safe mode, and it comes back clean. I have ran Defogger and attached DDS log:

DDS (Ver_2012-10-14.05) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
Run by Matt at 22:31:43 on 2012-10-17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.2900 [GMT -4:00]
.
AV: Bitdefender Antivirus *Disabled/Outdated* {98CD50CE-5097-4098-9669-6C401FB3969C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Disabled/Outdated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}
FW: Bitdefender Firewall *Disabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [FAStartup] <no file>
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
StartupFolder: C:\Users\Matt\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://aic.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://128.61.156.78/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 10.255.216.1
TCP: Interfaces\{1DE8A359-2917-47B6-B3DC-84D428E6DD7B} : DHCPNameServer = 10.255.216.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
STS: {201CE528-154B-4FF3-9C6F-012E28454F0A} - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages = scecli FAPassSync
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
x64-mStart Page = about:blank
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.exe
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\System32\NvMcTray.dll,NvTaskbarInit
x64-Run: [NVHotkey] rundll32.exe C:\Windows\System32\nvHotkey.dll,Start
x64-Run: [SysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe
x64-Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableLUA = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\cudcqmb1.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-09-03 14:27; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2009-08-19 17:08; {20a82645-c095-46ed-80e3-08825760534b}; c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-8-17 54480]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2012-9-17 93160]
R3 avchv;avchv Function Driver;C:\Windows\System32\drivers\avchv.sys [2012-9-17 258736]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\System32\drivers\itecir.sys [2010-3-8 67104]
S0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2012-9-17 700384]
S0 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2012-9-17 145696]
S1 BDVEDISK;BDVEDISK;C:\Windows\System32\drivers\bdvedisk.sys [2012-9-17 76944]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [2009-8-17 89600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-5-24 2360584]
S2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 136176]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-17 676936]
S2 SafeBox;SafeBox;C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [2012-9-17 95184]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-11-23 1692480]
S2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [2012-9-17 68416]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-9-21 36328]
S3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2012-9-17 577248]
S3 BDSandBox;BDSandBox;C:\Windows\System32\drivers\bdsandbox.sys [2012-9-17 82384]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-9-3 36392]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-5-9 16776]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-5-9 9096]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-24 238848]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-8-25 1038088]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2012-8-17 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 136176]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-17 25928]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-10 115168]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr28ux.sys [2011-10-7 1003520]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2009-11-5 83488]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\System32\drivers\OA001Ufd.sys [2009-3-6 159840]
S3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\System32\drivers\OA001Vid.sys [2009-3-8 319840]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2011-8-31 15360]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-9-21 125416]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-9-21 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-9-21 159208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [2012-9-17 65344]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-4 89920]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-10-17 04:34:03 4338409472 --sha-w- C:\pagefile.sys
2012-10-12 21:27:22 2213464 ----a-w- C:\Users\Matt\tdss.exe
2012-10-10 19:29:58 65309168 ----a-w- C:\Windows\System32\mrt.exe
2012-09-29 23:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-28 00:18:26 145696 ----a-w- C:\Windows\System32\drivers\gzflt.sys
2012-09-17 19:17:24 512448 ----a-w- C:\ProgramData\1347908927.bdinstall.bin
2012-09-13 13:45:46 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-13 13:28:08 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-03 18:26:50 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-09-03 18:26:50 157680 ----a-w- C:\Windows\SysWow64\javaws.exe
2012-09-03 18:26:50 149488 ----a-w- C:\Windows\SysWow64\javaw.exe
2012-09-03 18:26:50 149488 ----a-w- C:\Windows\SysWow64\java.exe
2012-09-03 18:26:49 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-24 16:07:02 218624 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 15:53:29 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 11:15:45 17810944 ----a-w- C:\Windows\System32\mshtml.dll
2012-08-24 10:39:42 10925568 ----a-w- C:\Windows\System32\ieframe.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:22:46 1346048 ----a-w- C:\Windows\System32\urlmon.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:18:46 237056 ----a-w- C:\Windows\System32\url.dll
2012-08-24 10:17:03 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:14:34 816640 ----a-w- C:\Windows\System32\jscript.dll
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:12:04 2144768 ----a-w- C:\Windows\System32\iertutil.dll
2012-08-24 10:11:57 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2012-08-24 10:10:14 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 10:04:06 248320 ----a-w- C:\Windows\System32\ieui.dll
2012-08-24 07:27:00 12319744 ----a-w- C:\Windows\SysWow64\mshtml.dll
2012-08-24 07:03:49 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:50 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:49:57 231936 ----a-w- C:\Windows\SysWow64\url.dll
2012-08-24 06:48:38 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2012-08-24 06:47:36 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:45:46 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2012-08-24 06:44:35 1793024 ----a-w- C:\Windows\SysWow64\iertutil.dll
2012-08-24 06:44:10 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-24 06:40:11 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2012-08-23 21:07:34 82384 ----a-w- C:\Windows\System32\drivers\bdsandbox.sys
.
============= FINISH: 22:31:53.88 ===============

Attached Files


Edited by pleased123, 17 October 2012 - 09:47 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:14 AM

Posted 19 October 2012 - 09:50 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Let see if we can restore your computer to a date prior to running Bitdefender and restarting your computer.

Follow the directives listed here.
http://windows.microsoft.com/en-US/windows-vista/Start-System-Restore-from-a-command-prompt

Select a restore point prior to running Bitdefender. This should possibly restore the infection but will take care of it.

If successful please run the DDS tool and post a fresh log for my review.

Wait for further instructions.

#3 pleased123

pleased123
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 20 October 2012 - 02:31 AM

System restore says there are no restore points created.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:14 AM

Posted 20 October 2012 - 08:03 AM

This fix is taken from this topic.
http://answers.microsoft.com/en-us/windows/forum/windows_vista-system/unable-to-boot-stop-0x0000007e-vista-business/b1e2c43e-7b86-467f-9d4d-f4d2f57a2e0f

If at any time you need help to proceed please ask.

Try Startup Repair from the Recovery Console (if you have one) or from a Vista disk - if you do
not have a Vista disk you can borrow a friends (they are not copy protected) or make one. Also
your System maker will sell the physical disks cheap since you already own Windows.

This tells you how to access the System Recovery Options and/or with a Vista Disk
http://windowshelp.microsoft.com/Windows/en-US/Help/326b756b-1601-435e-99d0-1585439470351033.mspx

Try StartUp Repair from Recovery Options and/or a Vista disk.

How to do a Startup Repair
http://www.vistax64.com/tutorials/91467-startup-repair.html

Also from the COMMAND PROMPT of Recovery Console (if possible) or a Vista disk

SFC /scannow
Hit Enter

and after that runs

chkdsk /f /r
Hit Enter

( Spaces between C and / k and / and f and / )

Retry Startup Repair after Chkdsk.

If needed after those you can try System Restore from the Recovery or Vista disk.

How to Do a System Restore in Vista
http://www.vistax64.com/tutorials/76905-system-restore-how.html

=======================================

If you need to make repair disks - these help repair Windows not re-install.

How to Make a Bootable Disk in Vista
http://www.brighthub.com/computing/windows-platform/articles/7050.aspx

Download: Windows Vista x86 (32 bit) Recovery Disc
http://neosmart.net/blog/2008/download-windows-vista-x64-recovery-disc/

Download: Windows Vista x64 (64 bit) Recovery Disc
http://neosmart.net/blog/2008/download-windows-vista-x64-recovery-disc/

How to Make a Windows Vista Repair Disk If You Don’t Have One
http://www.howtogeek.com/howto/windows-vista/how-to-make-a-windows-vista-repair-disk-if-you-dont-have-one/

#5 pleased123

pleased123
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 21 October 2012 - 12:45 AM

System startup repair detected no problems, sfc /scannow said it found corrupted files but could not repair, chkdsk /r /f would not run

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:14 AM

Posted 21 October 2012 - 08:33 AM

Try to run these tools in Safe Mode.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#7 pleased123

pleased123
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 22 October 2012 - 04:03 PM

01:27:34.0006 1396 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
01:27:34.0443 1396 ============================================================
01:27:34.0443 1396 Current date / time: 2012/10/22 01:27:34.0443
01:27:34.0443 1396 SystemInfo:
01:27:34.0443 1396
01:27:34.0443 1396 OS Version: 6.0.6002 ServicePack: 2.0
01:27:34.0443 1396 Product type: Workstation
01:27:34.0443 1396 ComputerName: MATT-PC
01:27:34.0443 1396 UserName: Matt
01:27:34.0443 1396 Windows directory: C:\Windows
01:27:34.0443 1396 System windows directory: C:\Windows
01:27:34.0443 1396 Running under WOW64
01:27:34.0443 1396 Processor architecture: Intel x64
01:27:34.0443 1396 Number of processors: 2
01:27:34.0443 1396 Page size: 0x1000
01:27:34.0443 1396 Boot type: Safe boot with network
01:27:34.0443 1396 ============================================================
01:27:34.0646 1396 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:27:34.0646 1396 ============================================================
01:27:34.0646 1396 \Device\Harddisk0\DR0:
01:27:34.0646 1396 MBR partitions:
01:27:34.0646 1396 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2F800, BlocksNum 0x1E00000
01:27:34.0646 1396 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E2F800, BlocksNum 0xD04C000
01:27:34.0646 1396 ============================================================
01:27:34.0662 1396 C: <-> \Device\Harddisk0\DR0\Partition2
01:27:34.0662 1396 D: <-> \Device\Harddisk0\DR0\Partition1
01:27:34.0662 1396 ============================================================
01:27:34.0662 1396 Initialize success
01:27:34.0662 1396 ============================================================
01:27:36.0892 1780 ============================================================
01:27:36.0892 1780 Scan started
01:27:36.0892 1780 Mode: Manual;
01:27:36.0892 1780 ============================================================
01:27:37.0002 1780 ================ Scan system memory ========================
01:27:37.0002 1780 System memory - ok
01:27:37.0002 1780 ================ Scan services =============================
01:27:37.0048 1780 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
01:27:37.0048 1780 ACPI - ok
01:27:37.0048 1780 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
01:27:37.0064 1780 adfs - ok
01:27:37.0064 1780 [ 57A3B9A69F14414ACE12AFD6BA701773 ] Adobe Version Cue CS4 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
01:27:37.0080 1780 Adobe Version Cue CS4 - ok
01:27:37.0080 1780 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
01:27:37.0080 1780 AdobeARMservice - ok
01:27:37.0095 1780 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
01:27:37.0111 1780 adp94xx - ok
01:27:37.0126 1780 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
01:27:37.0126 1780 adpahci - ok
01:27:37.0142 1780 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
01:27:37.0142 1780 adpu160m - ok
01:27:37.0142 1780 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
01:27:37.0142 1780 adpu320 - ok
01:27:37.0158 1780 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
01:27:37.0158 1780 AeLookupSvc - ok
01:27:37.0173 1780 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
01:27:37.0173 1780 AESTFilters - ok
01:27:37.0189 1780 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
01:27:37.0189 1780 AFD - ok
01:27:37.0204 1780 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
01:27:37.0204 1780 agp440 - ok
01:27:37.0204 1780 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
01:27:37.0220 1780 aic78xx - ok
01:27:37.0220 1780 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
01:27:37.0220 1780 ALG - ok
01:27:37.0220 1780 [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide C:\Windows\system32\drivers\aliide.sys
01:27:37.0220 1780 aliide - ok
01:27:37.0236 1780 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
01:27:37.0236 1780 amdide - ok
01:27:37.0236 1780 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
01:27:37.0236 1780 AmdK8 - ok
01:27:37.0236 1780 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
01:27:37.0251 1780 androidusb - ok
01:27:37.0251 1780 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
01:27:37.0251 1780 Appinfo - ok
01:27:37.0251 1780 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:27:37.0267 1780 Apple Mobile Device - ok
01:27:37.0267 1780 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
01:27:37.0267 1780 arc - ok
01:27:37.0282 1780 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
01:27:37.0282 1780 arcsas - ok
01:27:37.0282 1780 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:27:37.0282 1780 AsyncMac - ok
01:27:37.0282 1780 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
01:27:37.0282 1780 atapi - ok
01:27:37.0298 1780 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:27:37.0314 1780 AudioEndpointBuilder - ok
01:27:37.0314 1780 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
01:27:37.0314 1780 AudioSrv - ok
01:27:37.0329 1780 avc3 - ok
01:27:37.0329 1780 [ 4C6BCC638798ABE1F70AFCA70D889C3F ] avchv C:\Windows\system32\DRIVERS\avchv.sys
01:27:37.0329 1780 avchv - ok
01:27:37.0345 1780 avckf - ok
01:27:37.0345 1780 [ A7C9995BA861FCE78B2CEAAE61D39FD7 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
01:27:37.0345 1780 BCM42RLY - ok
01:27:37.0376 1780 [ 912012B708A7D8E8CE2EE55AFB663DFF ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
01:27:37.0376 1780 BCM43XX - ok
01:27:37.0392 1780 BdDesktopParental - ok
01:27:37.0392 1780 BdfNdisf - ok
01:27:37.0407 1780 bdftdif - ok
01:27:37.0407 1780 [ CCAA465F33FF3CD0836AA7F4520D5025 ] BDSandBox C:\Windows\system32\drivers\bdsandbox.sys
01:27:37.0407 1780 BDSandBox - ok
01:27:37.0407 1780 BDVEDISK - ok
01:27:37.0423 1780 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
01:27:37.0438 1780 BFE - ok
01:27:37.0454 1780 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
01:27:37.0485 1780 BITS - ok
01:27:37.0485 1780 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
01:27:37.0485 1780 blbdrive - ok
01:27:37.0501 1780 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
01:27:37.0501 1780 Bonjour Service - ok
01:27:37.0501 1780 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:27:37.0501 1780 bowser - ok
01:27:37.0516 1780 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
01:27:37.0516 1780 BrFiltLo - ok
01:27:37.0516 1780 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
01:27:37.0516 1780 BrFiltUp - ok
01:27:37.0532 1780 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
01:27:37.0532 1780 Browser - ok
01:27:37.0532 1780 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
01:27:37.0532 1780 Brserid - ok
01:27:37.0548 1780 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
01:27:37.0548 1780 BrSerWdm - ok
01:27:37.0548 1780 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
01:27:37.0548 1780 BrUsbMdm - ok
01:27:37.0548 1780 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
01:27:37.0548 1780 BrUsbSer - ok
01:27:37.0563 1780 [ 09F926A0D9C0BAFD8417A4307D2ED13C ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
01:27:37.0563 1780 BthEnum - ok
01:27:37.0563 1780 [ 72F70A38BB15252EB7C4DA7BA3BD4ED1 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
01:27:37.0563 1780 BTHMODEM - ok
01:27:37.0579 1780 [ BEFC5311736B475AC5B60C14FF7C775A ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
01:27:37.0579 1780 BthPan - ok
01:27:37.0594 1780 [ E1466882252FF51EDDE48C3F7EDA2591 ] BthPort C:\Windows\system32\Drivers\BTHport.sys
01:27:37.0610 1780 BthPort - ok
01:27:37.0610 1780 [ 22E65FFD640F16968F855F5B3528D366 ] BthServ C:\Windows\System32\bthserv.dll
01:27:37.0610 1780 BthServ - ok
01:27:37.0610 1780 [ 970192CDED77A128E7E30722E5EE6B9C ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
01:27:37.0610 1780 BTHUSB - ok
01:27:37.0626 1780 [ 319C67F7D157EAAC519DCC5F29E929D0 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
01:27:37.0626 1780 btwaudio - ok
01:27:37.0626 1780 [ 0B79273C8C2846D28AAB936E7A2DBAAD ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
01:27:37.0626 1780 btwavdt - ok
01:27:37.0641 1780 [ 6C32A638EE80FD832418CE78E516FFA1 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
01:27:37.0657 1780 btwdins - ok
01:27:37.0657 1780 [ FDA1B5124E07003C3D0D279E5050485E ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
01:27:37.0672 1780 btwl2cap - ok
01:27:37.0672 1780 [ 47216D8B5F4042E6D0736BFA2E57B5DF ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
01:27:37.0672 1780 btwrchid - ok
01:27:37.0672 1780 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:27:37.0672 1780 cdfs - ok
01:27:37.0688 1780 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
01:27:37.0688 1780 cdrom - ok
01:27:37.0688 1780 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
01:27:37.0688 1780 CertPropSvc - ok
01:27:37.0688 1780 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
01:27:37.0688 1780 circlass - ok
01:27:37.0704 1780 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
01:27:37.0719 1780 CLFS - ok
01:27:37.0719 1780 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:27:37.0719 1780 clr_optimization_v2.0.50727_32 - ok
01:27:37.0735 1780 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:27:37.0735 1780 clr_optimization_v2.0.50727_64 - ok
01:27:37.0750 1780 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:27:37.0750 1780 clr_optimization_v4.0.30319_32 - ok
01:27:37.0750 1780 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:27:37.0766 1780 clr_optimization_v4.0.30319_64 - ok
01:27:37.0766 1780 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
01:27:37.0766 1780 CmBatt - ok
01:27:37.0782 1780 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
01:27:37.0782 1780 cmdide - ok
01:27:37.0782 1780 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
01:27:37.0782 1780 Compbatt - ok
01:27:37.0782 1780 COMSysApp - ok
01:27:37.0797 1780 cpuz130 - ok
01:27:37.0797 1780 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
01:27:37.0797 1780 crcdisk - ok
01:27:37.0813 1780 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:27:37.0813 1780 CryptSvc - ok
01:27:37.0828 1780 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
01:27:37.0844 1780 DcomLaunch - ok
01:27:37.0844 1780 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
01:27:37.0844 1780 DfsC - ok
01:27:37.0906 1780 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
01:27:37.0969 1780 DFSR - ok
01:27:37.0969 1780 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
01:27:37.0969 1780 Dhcp - ok
01:27:37.0984 1780 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
01:27:37.0984 1780 disk - ok
01:27:37.0984 1780 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:27:37.0984 1780 Dnscache - ok
01:27:38.0000 1780 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
01:27:38.0000 1780 DockLoginService - ok
01:27:38.0000 1780 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
01:27:38.0016 1780 dot3svc - ok
01:27:38.0016 1780 [ 74C02B1717740C3B8039539E23E4B53F ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
01:27:38.0016 1780 Dot4 - ok
01:27:38.0031 1780 [ 08321D1860235BF42CF2854234337AEA ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
01:27:38.0031 1780 Dot4Print - ok
01:27:38.0031 1780 [ 4ADCCF0124F2B6911D3786A5D0E779E5 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
01:27:38.0031 1780 dot4usb - ok
01:27:38.0047 1780 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
01:27:38.0047 1780 DPS - ok
01:27:38.0047 1780 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
01:27:38.0047 1780 drmkaud - ok
01:27:38.0062 1780 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:27:38.0078 1780 DXGKrnl - ok
01:27:38.0094 1780 [ 17D40652EF3E55EEAE187A89DF40965A ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys
01:27:38.0094 1780 e1express - ok
01:27:38.0109 1780 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
01:27:38.0109 1780 E1G60 - ok
01:27:38.0109 1780 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
01:27:38.0109 1780 EapHost - ok
01:27:38.0125 1780 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
01:27:38.0125 1780 Ecache - ok
01:27:38.0125 1780 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
01:27:38.0140 1780 ehRecvr - ok
01:27:38.0140 1780 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
01:27:38.0140 1780 ehSched - ok
01:27:38.0140 1780 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
01:27:38.0140 1780 ehstart - ok
01:27:38.0156 1780 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
01:27:38.0172 1780 elxstor - ok
01:27:38.0187 1780 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
01:27:38.0187 1780 EMDMgmt - ok
01:27:38.0187 1780 [ 9EAFB3B3B60B8AD958985152A9309ACA ] epmntdrv C:\Windows\system32\epmntdrv.sys
01:27:38.0187 1780 epmntdrv - ok
01:27:38.0203 1780 [ 991FAB6AA066E1214EFB5B496FB7959A ] ErrDev C:\Windows\system32\drivers\errdev.sys
01:27:38.0203 1780 ErrDev - ok
01:27:38.0203 1780 [ FB949ED2C93C878A189039F3D7730942 ] EuGdiDrv C:\Windows\system32\EuGdiDrv.sys
01:27:38.0203 1780 EuGdiDrv - ok
01:27:38.0218 1780 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
01:27:38.0218 1780 EventSystem - ok
01:27:38.0234 1780 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
01:27:38.0234 1780 exfat - ok
01:27:38.0250 1780 [ 2C1D443E14F376E8331F52F135DCA9EF ] FACAP C:\Windows\system32\DRIVERS\facap.sys
01:27:38.0250 1780 FACAP - ok
01:27:38.0296 1780 [ 4BF226EDC5E2575827E045932FF7DB8A ] FAService C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
01:27:38.0328 1780 FAService - ok
01:27:38.0343 1780 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:27:38.0343 1780 fastfat - ok
01:27:38.0343 1780 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
01:27:38.0343 1780 fdc - ok
01:27:38.0343 1780 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
01:27:38.0359 1780 fdPHost - ok
01:27:38.0359 1780 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
01:27:38.0359 1780 FDResPub - ok
01:27:38.0359 1780 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:27:38.0359 1780 FileInfo - ok
01:27:38.0374 1780 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:27:38.0374 1780 Filetrace - ok
01:27:38.0390 1780 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
01:27:38.0390 1780 FLEXnet Licensing Service - ok
01:27:38.0421 1780 [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
01:27:38.0437 1780 FLEXnet Licensing Service 64 - ok
01:27:38.0437 1780 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
01:27:38.0437 1780 flpydisk - ok
01:27:38.0452 1780 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:27:38.0452 1780 FltMgr - ok
01:27:38.0468 1780 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
01:27:38.0499 1780 FontCache - ok
01:27:38.0499 1780 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:27:38.0499 1780 FontCache3.0.0.0 - ok
01:27:38.0515 1780 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
01:27:38.0515 1780 fssfltr - ok
01:27:38.0530 1780 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
01:27:38.0562 1780 fsssvc - ok
01:27:38.0562 1780 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:27:38.0562 1780 Fs_Rec - ok
01:27:38.0577 1780 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
01:27:38.0577 1780 gagp30kx - ok
01:27:38.0577 1780 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:27:38.0577 1780 GEARAspiWDM - ok
01:27:38.0593 1780 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
01:27:38.0593 1780 GoToAssist - ok
01:27:38.0608 1780 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
01:27:38.0624 1780 gpsvc - ok
01:27:38.0624 1780 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:27:38.0624 1780 gupdate - ok
01:27:38.0640 1780 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:27:38.0640 1780 gupdatem - ok
01:27:38.0640 1780 gzflt - ok
01:27:38.0655 1780 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
01:27:38.0671 1780 HDAudBus - ok
01:27:38.0671 1780 [ 39F7D79B3401BE029D8451F761D30331 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
01:27:38.0671 1780 HidBth - ok
01:27:38.0686 1780 [ 5F47839455D01FF6403B008D481A6F5B ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
01:27:38.0686 1780 HidIr - ok
01:27:38.0686 1780 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
01:27:38.0686 1780 hidserv - ok
01:27:38.0686 1780 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
01:27:38.0686 1780 HidUsb - ok
01:27:38.0702 1780 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
01:27:38.0702 1780 hkmsvc - ok
01:27:38.0702 1780 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
01:27:38.0702 1780 HpCISSs - ok
01:27:38.0733 1780 [ D4F91CF4DE215D6F14A06087D46725E4 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
01:27:38.0749 1780 HPSLPSVC - ok
01:27:38.0764 1780 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:27:38.0796 1780 HTTP - ok
01:27:38.0796 1780 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
01:27:38.0796 1780 i2omp - ok
01:27:38.0796 1780 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
01:27:38.0796 1780 i8042prt - ok
01:27:38.0811 1780 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
01:27:38.0811 1780 iaStorV - ok
01:27:38.0842 1780 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:27:38.0858 1780 idsvc - ok
01:27:38.0858 1780 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
01:27:38.0858 1780 iirsp - ok
01:27:38.0874 1780 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
01:27:38.0874 1780 IKEEXT - ok
01:27:38.0889 1780 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
01:27:38.0889 1780 intelide - ok
01:27:38.0889 1780 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
01:27:38.0889 1780 intelppm - ok
01:27:38.0905 1780 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
01:27:38.0905 1780 IPBusEnum - ok
01:27:38.0905 1780 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:27:38.0905 1780 IpFilterDriver - ok
01:27:38.0920 1780 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
01:27:38.0920 1780 iphlpsvc - ok
01:27:38.0920 1780 IpInIp - ok
01:27:38.0936 1780 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
01:27:38.0936 1780 IPMIDRV - ok
01:27:38.0936 1780 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
01:27:38.0952 1780 IPNAT - ok
01:27:38.0967 1780 [ D38469601B72D2DA4F847FC642174E21 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
01:27:38.0983 1780 iPod Service - ok
01:27:38.0983 1780 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:27:38.0983 1780 IRENUM - ok
01:27:38.0998 1780 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
01:27:38.0998 1780 isapnp - ok
01:27:38.0998 1780 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
01:27:38.0998 1780 iScsiPrt - ok
01:27:39.0014 1780 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
01:27:39.0014 1780 iteatapi - ok
01:27:39.0014 1780 [ E157D6B89D87A1B467ECDD66D280A1C2 ] itecir C:\Windows\system32\DRIVERS\itecir.sys
01:27:39.0014 1780 itecir - ok
01:27:39.0030 1780 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
01:27:39.0030 1780 iteraid - ok
01:27:39.0030 1780 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
01:27:39.0030 1780 kbdclass - ok
01:27:39.0045 1780 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
01:27:39.0045 1780 kbdhid - ok
01:27:39.0045 1780 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
01:27:39.0045 1780 KeyIso - ok
01:27:39.0061 1780 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:27:39.0061 1780 KSecDD - ok
01:27:39.0076 1780 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
01:27:39.0076 1780 ksthunk - ok
01:27:39.0092 1780 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
01:27:39.0092 1780 KtmRm - ok
01:27:39.0108 1780 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
01:27:39.0108 1780 LanmanServer - ok
01:27:39.0108 1780 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:27:39.0108 1780 LanmanWorkstation - ok
01:27:39.0123 1780 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
01:27:39.0123 1780 lltdio - ok
01:27:39.0123 1780 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:27:39.0139 1780 lltdsvc - ok
01:27:39.0139 1780 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
01:27:39.0139 1780 lmhosts - ok
01:27:39.0154 1780 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
01:27:39.0154 1780 LSI_FC - ok
01:27:39.0154 1780 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
01:27:39.0154 1780 LSI_SAS - ok
01:27:39.0170 1780 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
01:27:39.0170 1780 LSI_SCSI - ok
01:27:39.0170 1780 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
01:27:39.0186 1780 luafv - ok
01:27:39.0186 1780 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
01:27:39.0186 1780 MBAMProtector - ok
01:27:39.0201 1780 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
01:27:39.0217 1780 MBAMService - ok
01:27:39.0217 1780 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
01:27:39.0217 1780 Mcx2Svc - ok
01:27:39.0217 1780 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
01:27:39.0217 1780 megasas - ok
01:27:39.0232 1780 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
01:27:39.0248 1780 MegaSR - ok
01:27:39.0248 1780 Microsoft SharePoint Workspace Audit Service - ok
01:27:39.0264 1780 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
01:27:39.0264 1780 MMCSS - ok
01:27:39.0264 1780 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
01:27:39.0264 1780 Modem - ok
01:27:39.0264 1780 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:27:39.0264 1780 monitor - ok
01:27:39.0279 1780 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
01:27:39.0279 1780 mouclass - ok
01:27:39.0279 1780 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
01:27:39.0279 1780 mouhid - ok
01:27:39.0279 1780 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
01:27:39.0295 1780 MountMgr - ok
01:27:39.0295 1780 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:27:39.0295 1780 MozillaMaintenance - ok
01:27:39.0310 1780 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
01:27:39.0310 1780 mpio - ok
01:27:39.0310 1780 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:27:39.0310 1780 mpsdrv - ok
01:27:39.0326 1780 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
01:27:39.0342 1780 MpsSvc - ok
01:27:39.0342 1780 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
01:27:39.0342 1780 Mraid35x - ok
01:27:39.0342 1780 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:27:39.0357 1780 MRxDAV - ok
01:27:39.0357 1780 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:27:39.0357 1780 mrxsmb - ok
01:27:39.0373 1780 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:27:39.0373 1780 mrxsmb10 - ok
01:27:39.0373 1780 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:27:39.0373 1780 mrxsmb20 - ok
01:27:39.0388 1780 [ 730B784962D22D2C6481EAE2370E7C8C ] msahci C:\Windows\system32\drivers\msahci.sys
01:27:39.0388 1780 msahci - ok
01:27:39.0388 1780 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
01:27:39.0388 1780 msdsm - ok
01:27:39.0404 1780 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
01:27:39.0404 1780 MSDTC - ok
01:27:39.0404 1780 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:27:39.0404 1780 Msfs - ok
01:27:39.0420 1780 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
01:27:39.0420 1780 msisadrv - ok
01:27:39.0420 1780 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:27:39.0420 1780 MSiSCSI - ok
01:27:39.0435 1780 msiserver - ok
01:27:39.0435 1780 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
01:27:39.0435 1780 MSKSSRV - ok
01:27:39.0435 1780 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
01:27:39.0435 1780 MSPCLOCK - ok
01:27:39.0451 1780 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
01:27:39.0451 1780 MSPQM - ok
01:27:39.0451 1780 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:27:39.0466 1780 MsRPC - ok
01:27:39.0466 1780 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
01:27:39.0466 1780 mssmbios - ok
01:27:39.0482 1780 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
01:27:39.0482 1780 MSTEE - ok
01:27:39.0482 1780 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
01:27:39.0482 1780 Mup - ok
01:27:39.0498 1780 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
01:27:39.0498 1780 napagent - ok
01:27:39.0513 1780 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:27:39.0513 1780 NativeWifiP - ok
01:27:39.0529 1780 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
01:27:39.0529 1780 NDIS - ok
01:27:39.0544 1780 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:27:39.0544 1780 NdisTapi - ok
01:27:39.0544 1780 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:27:39.0544 1780 Ndisuio - ok
01:27:39.0560 1780 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:27:39.0560 1780 NdisWan - ok
01:27:39.0560 1780 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:27:39.0560 1780 NDProxy - ok
01:27:39.0560 1780 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
01:27:39.0576 1780 Net Driver HPZ12 - ok
01:27:39.0576 1780 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:27:39.0576 1780 NetBIOS - ok
01:27:39.0591 1780 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
01:27:39.0591 1780 netbt - ok
01:27:39.0591 1780 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
01:27:39.0591 1780 Netlogon - ok
01:27:39.0607 1780 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
01:27:39.0607 1780 Netman - ok
01:27:39.0622 1780 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
01:27:39.0622 1780 netprofm - ok
01:27:39.0638 1780 [ 6491AAFC06B537AE9DD3EC9F4D16F821 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
01:27:39.0654 1780 netr28ux - ok
01:27:39.0669 1780 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:27:39.0669 1780 NetTcpPortSharing - ok
01:27:39.0669 1780 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
01:27:39.0669 1780 nfrd960 - ok
01:27:39.0685 1780 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
01:27:39.0685 1780 NlaSvc - ok
01:27:39.0685 1780 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
01:27:39.0685 1780 Npfs - ok
01:27:39.0700 1780 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
01:27:39.0700 1780 nsi - ok
01:27:39.0700 1780 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
01:27:39.0700 1780 nsiproxy - ok
01:27:39.0732 1780 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
01:27:39.0747 1780 Ntfs - ok
01:27:39.0763 1780 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
01:27:39.0763 1780 Null - ok
01:27:39.0794 1780 [ 1ABC4C478A48B3E294727CA515A94B69 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx64.sys
01:27:39.0794 1780 NVENETFD - ok
01:27:39.0810 1780 [ CB599955CE2CE9694721562F9481CD84 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
01:27:39.0810 1780 NVHDA - ok
01:27:39.0966 1780 [ E71676DA94F04B1D001AC9C5F5E72B32 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:27:40.0122 1780 nvlddmkm - ok
01:27:40.0122 1780 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
01:27:40.0122 1780 nvraid - ok
01:27:40.0137 1780 [ E58D81FB8616D0CB55C1E36AA0B213C9 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
01:27:40.0137 1780 nvsmu - ok
01:27:40.0137 1780 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
01:27:40.0137 1780 nvstor - ok
01:27:40.0153 1780 [ 662A129CEBB4C0B01F95612A7F6DCC9A ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
01:27:40.0153 1780 nvstor64 - ok
01:27:40.0153 1780 [ B33CA037C291D6F43AB7025727D1C385 ] nvsvc C:\Windows\system32\nvvsvc.exe
01:27:40.0168 1780 nvsvc - ok
01:27:40.0168 1780 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
01:27:40.0184 1780 nv_agp - ok
01:27:40.0184 1780 NwlnkFlt - ok
01:27:40.0184 1780 NwlnkFwd - ok
01:27:40.0200 1780 [ 404B0121AE1A75D9A63B6934EB07C258 ] OA001Ufd C:\Windows\system32\DRIVERS\OA001Ufd.sys
01:27:40.0200 1780 OA001Ufd - ok
01:27:40.0215 1780 [ 4B69D156DB42B26425AB3B172FA50D92 ] OA001Vid C:\Windows\system32\DRIVERS\OA001Vid.sys
01:27:40.0215 1780 OA001Vid - ok
01:27:40.0215 1780 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
01:27:40.0215 1780 ohci1394 - ok
01:27:40.0231 1780 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:27:40.0231 1780 ose - ok
01:27:40.0309 1780 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:27:40.0387 1780 osppsvc - ok
01:27:40.0402 1780 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
01:27:40.0418 1780 p2pimsvc - ok
01:27:40.0434 1780 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
01:27:40.0449 1780 p2psvc - ok
01:27:40.0449 1780 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
01:27:40.0449 1780 Parport - ok
01:27:40.0465 1780 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
01:27:40.0465 1780 partmgr - ok
01:27:40.0465 1780 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
01:27:40.0465 1780 PcaSvc - ok
01:27:40.0480 1780 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
01:27:40.0480 1780 pci - ok
01:27:40.0480 1780 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys
01:27:40.0480 1780 pciide - ok
01:27:40.0496 1780 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
01:27:40.0496 1780 pcmcia - ok
01:27:40.0512 1780 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
01:27:40.0527 1780 PEAUTH - ok
01:27:40.0543 1780 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
01:27:40.0543 1780 PerfHost - ok
01:27:40.0574 1780 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
01:27:40.0605 1780 pla - ok
01:27:40.0605 1780 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
01:27:40.0621 1780 PlugPlay - ok
01:27:40.0621 1780 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
01:27:40.0621 1780 Pml Driver HPZ12 - ok
01:27:40.0636 1780 [ 8AC5649C9070674D4607301C180AB10B ] pneteth C:\Windows\system32\DRIVERS\pneteth.sys
01:27:40.0636 1780 pneteth - ok
01:27:40.0636 1780 PnkBstrA - ok
01:27:40.0652 1780 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
01:27:40.0668 1780 PNRPAutoReg - ok
01:27:40.0668 1780 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
01:27:40.0683 1780 PNRPsvc - ok
01:27:40.0699 1780 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
01:27:40.0699 1780 PolicyAgent - ok
01:27:40.0714 1780 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
01:27:40.0714 1780 PptpMiniport - ok
01:27:40.0714 1780 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
01:27:40.0714 1780 Processor - ok
01:27:40.0730 1780 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
01:27:40.0730 1780 ProfSvc - ok
01:27:40.0730 1780 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
01:27:40.0730 1780 ProtectedStorage - ok
01:27:40.0730 1780 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
01:27:40.0746 1780 PSched - ok
01:27:40.0746 1780 [ 901DBA98359966A62A6548596988E931 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
01:27:40.0746 1780 PxHlpa64 - ok
01:27:40.0761 1780 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
01:27:40.0792 1780 ql2300 - ok
01:27:40.0792 1780 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
01:27:40.0792 1780 ql40xx - ok
01:27:40.0808 1780 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
01:27:40.0808 1780 QWAVE - ok
01:27:40.0824 1780 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
01:27:40.0824 1780 QWAVEdrv - ok
01:27:40.0870 1780 [ 2A09A6B271D1F50ADF5E33B37D460DE6 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
01:27:40.0902 1780 R300 - ok
01:27:40.0917 1780 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
01:27:40.0917 1780 RasAcd - ok
01:27:40.0917 1780 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
01:27:40.0917 1780 RasAuto - ok
01:27:40.0917 1780 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
01:27:40.0933 1780 Rasl2tp - ok
01:27:40.0933 1780 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
01:27:40.0933 1780 RasMan - ok
01:27:40.0948 1780 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
01:27:40.0948 1780 RasPppoe - ok
01:27:40.0948 1780 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
01:27:40.0948 1780 RasSstp - ok
01:27:40.0964 1780 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
01:27:40.0964 1780 rdbss - ok
01:27:40.0980 1780 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
01:27:40.0980 1780 RDPCDD - ok
01:27:40.0995 1780 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
01:27:40.0995 1780 rdpdr - ok
01:27:40.0995 1780 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
01:27:40.0995 1780 RDPENCDD - ok
01:27:41.0011 1780 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
01:27:41.0011 1780 RDPWD - ok
01:27:41.0011 1780 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
01:27:41.0011 1780 RemoteAccess - ok
01:27:41.0026 1780 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
01:27:41.0026 1780 RemoteRegistry - ok
01:27:41.0026 1780 [ CD71E053D7260E4102D99A28F9196070 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
01:27:41.0042 1780 RFCOMM - ok
01:27:41.0042 1780 [ D13D70FAC45FC1DF69F88559B1F72F0A ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys
01:27:41.0042 1780 rimmptsk - ok
01:27:41.0042 1780 [ BB9EDC55B0B8CB4FCD713428820E0776 ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys
01:27:41.0042 1780 rimsptsk - ok
01:27:41.0058 1780 [ 481C3FDEACAAE04B74C58288DBC91DF9 ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
01:27:41.0058 1780 rismxdp - ok
01:27:41.0058 1780 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
01:27:41.0058 1780 RpcLocator - ok
01:27:41.0073 1780 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
01:27:41.0073 1780 RpcSs - ok
01:27:41.0089 1780 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
01:27:41.0089 1780 rspndr - ok
01:27:41.0089 1780 SafeBox - ok
01:27:41.0089 1780 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
01:27:41.0089 1780 SamSs - ok
01:27:41.0104 1780 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
01:27:41.0104 1780 sbp2port - ok
01:27:41.0104 1780 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
01:27:41.0120 1780 SCardSvr - ok
01:27:41.0136 1780 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
01:27:41.0151 1780 Schedule - ok
01:27:41.0151 1780 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
01:27:41.0151 1780 SCPolicySvc - ok
01:27:41.0151 1780 [ BE100BC2BE2513314C717BB2C4CFFF10 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
01:27:41.0167 1780 sdbus - ok
01:27:41.0167 1780 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
01:27:41.0167 1780 SDRSVC - ok
01:27:41.0182 1780 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
01:27:41.0182 1780 SeaPort - ok
01:27:41.0182 1780 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
01:27:41.0182 1780 secdrv - ok
01:27:41.0182 1780 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
01:27:41.0198 1780 seclogon - ok
01:27:41.0198 1780 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
01:27:41.0198 1780 SENS - ok
01:27:41.0198 1780 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
01:27:41.0198 1780 Serenum - ok
01:27:41.0214 1780 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
01:27:41.0214 1780 Serial - ok
01:27:41.0214 1780 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
01:27:41.0214 1780 sermouse - ok
01:27:41.0229 1780 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
01:27:41.0229 1780 SessionEnv - ok
01:27:41.0245 1780 [ 3A19C899BCF0EA24CFEC2038E6A489DB ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
01:27:41.0245 1780 sffdisk - ok
01:27:41.0245 1780 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
01:27:41.0245 1780 sffp_mmc - ok
01:27:41.0245 1780 [ FDCA63A2EEE528585EB66CEAC183EC22 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
01:27:41.0245 1780 sffp_sd - ok
01:27:41.0260 1780 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
01:27:41.0260 1780 sfloppy - ok
01:27:41.0292 1780 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
01:27:41.0323 1780 SftService - ok
01:27:41.0338 1780 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
01:27:41.0338 1780 SharedAccess - ok
01:27:41.0354 1780 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:27:41.0354 1780 ShellHWDetection - ok
01:27:41.0354 1780 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
01:27:41.0354 1780 SiSRaid2 - ok
01:27:41.0370 1780 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
01:27:41.0370 1780 SiSRaid4 - ok
01:27:41.0416 1780 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
01:27:41.0448 1780 slsvc - ok
01:27:41.0463 1780 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
01:27:41.0463 1780 SLUINotify - ok
01:27:41.0463 1780 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
01:27:41.0463 1780 Smb - ok
01:27:41.0479 1780 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
01:27:41.0479 1780 SNMPTRAP - ok
01:27:41.0479 1780 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
01:27:41.0479 1780 spldr - ok
01:27:41.0494 1780 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
01:27:41.0494 1780 Spooler - ok
01:27:41.0510 1780 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
01:27:41.0526 1780 sptd - ok
01:27:41.0541 1780 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
01:27:41.0541 1780 srv - ok
01:27:41.0557 1780 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
01:27:41.0557 1780 srv2 - ok
01:27:41.0557 1780 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
01:27:41.0557 1780 srvnet - ok
01:27:41.0572 1780 [ 866F8212EF7E75BAC8BCA03331E30CB4 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
01:27:41.0572 1780 ssadbus - ok
01:27:41.0588 1780 [ 73E2BA39E7EB024DC686412E2E924A74 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
01:27:41.0588 1780 ssadmdfl - ok
01:27:41.0588 1780 [ 74B032D6C1E36AE2F790752FDE8CE055 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
01:27:41.0588 1780 ssadmdm - ok
01:27:41.0604 1780 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
01:27:41.0604 1780 SSDPSRV - ok
01:27:41.0604 1780 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
01:27:41.0604 1780 SstpSvc - ok
01:27:41.0635 1780 [ C5DF63AE2693C9B6B01B4A2E6C1C64AC ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
01:27:41.0635 1780 STacSV - ok
01:27:41.0650 1780 [ BA16447226ABFD342E130D2F24F73D32 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
01:27:41.0650 1780 STHDA - ok
01:27:41.0666 1780 [ 14B4DB4381E4A55F570D8BB699B791D6 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
01:27:41.0666 1780 StillCam - ok
01:27:41.0682 1780 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
01:27:41.0682 1780 stisvc - ok
01:27:41.0697 1780 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
01:27:41.0697 1780 stllssvr - ok
01:27:41.0697 1780 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
01:27:41.0697 1780 swenum - ok
01:27:41.0713 1780 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
01:27:41.0728 1780 swprv - ok
01:27:41.0728 1780 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
01:27:41.0728 1780 Symc8xx - ok
01:27:41.0728 1780 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
01:27:41.0728 1780 Sym_hi - ok
01:27:41.0744 1780 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
01:27:41.0744 1780 Sym_u3 - ok
01:27:41.0744 1780 [ 79A93EC9D224B1F43C0E2F023D61DCA3 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
01:27:41.0760 1780 SynTP - ok
01:27:41.0775 1780 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
01:27:41.0791 1780 SysMain - ok
01:27:41.0791 1780 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:27:41.0791 1780 TabletInputService - ok
01:27:41.0806 1780 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
01:27:41.0806 1780 TapiSrv - ok
01:27:41.0806 1780 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
01:27:41.0822 1780 TBS - ok
01:27:41.0853 1780 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
01:27:41.0869 1780 Tcpip - ok
01:27:41.0900 1780 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
01:27:41.0900 1780 Tcpip6 - ok
01:27:41.0900 1780 [ FD8FDE859E38E40A20085EBB0C22B416 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
01:27:41.0916 1780 tcpipreg - ok
01:27:41.0916 1780 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
01:27:41.0916 1780 TDPIPE - ok
01:27:41.0916 1780 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
01:27:41.0916 1780 TDTCP - ok
01:27:41.0931 1780 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
01:27:41.0931 1780 tdx - ok
01:27:41.0931 1780 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
01:27:41.0931 1780 TermDD - ok
01:27:41.0947 1780 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
01:27:41.0962 1780 TermService - ok
01:27:41.0962 1780 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
01:27:41.0962 1780 Themes - ok
01:27:41.0978 1780 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
01:27:41.0978 1780 THREADORDER - ok
01:27:41.0978 1780 TORNPF - ok
01:27:41.0978 1780 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
01:27:41.0994 1780 TrkWks - ok
01:27:41.0994 1780 trufos - ok
01:27:41.0994 1780 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:27:41.0994 1780 TrustedInstaller - ok
01:27:42.0009 1780 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
01:27:42.0009 1780 tssecsrv - ok
01:27:42.0009 1780 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
01:27:42.0009 1780 tunmp - ok
01:27:42.0009 1780 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
01:27:42.0009 1780 tunnel - ok
01:27:42.0025 1780 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
01:27:42.0025 1780 uagp35 - ok
01:27:42.0040 1780 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
01:27:42.0040 1780 udfs - ok
01:27:42.0040 1780 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
01:27:42.0040 1780 UI0Detect - ok
01:27:42.0056 1780 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
01:27:42.0056 1780 uliagpkx - ok
01:27:42.0072 1780 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
01:27:42.0072 1780 uliahci - ok
01:27:42.0072 1780 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
01:27:42.0087 1780 UlSata - ok
01:27:42.0087 1780 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
01:27:42.0087 1780 ulsata2 - ok
01:27:42.0103 1780 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
01:27:42.0103 1780 umbus - ok
01:27:42.0103 1780 [ 01ABE05C401E70795B43A8933B44831E ] UMPass C:\Windows\system32\DRIVERS\umpass.sys
01:27:42.0103 1780 UMPass - ok
01:27:42.0103 1780 UPDATESRV - ok
01:27:42.0118 1780 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
01:27:42.0118 1780 upnphost - ok
01:27:42.0134 1780 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
01:27:42.0134 1780 USBAAPL64 - ok
01:27:42.0134 1780 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
01:27:42.0150 1780 usbccgp - ok
01:27:42.0150 1780 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
01:27:42.0150 1780 usbcir - ok
01:27:42.0165 1780 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
01:27:42.0165 1780 usbehci - ok
01:27:42.0165 1780 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
01:27:42.0165 1780 usbhub - ok
01:27:42.0181 1780 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
01:27:42.0181 1780 usbohci - ok
01:27:42.0181 1780 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
01:27:42.0181 1780 usbprint - ok
01:27:42.0196 1780 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
01:27:42.0196 1780 usbscan - ok
01:27:42.0196 1780 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:27:42.0196 1780 USBSTOR - ok
01:27:42.0212 1780 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
01:27:42.0212 1780 usbuhci - ok
01:27:42.0212 1780 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
01:27:42.0212 1780 UxSms - ok
01:27:42.0228 1780 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
01:27:42.0243 1780 vds - ok
01:27:42.0243 1780 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
01:27:42.0243 1780 vga - ok
01:27:42.0243 1780 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
01:27:42.0243 1780 VgaSave - ok
01:27:42.0259 1780 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
01:27:42.0259 1780 viaide - ok
01:27:42.0259 1780 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
01:27:42.0259 1780 volmgr - ok
01:27:42.0274 1780 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
01:27:42.0274 1780 volmgrx - ok
01:27:42.0290 1780 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
01:27:42.0290 1780 volsnap - ok
01:27:42.0306 1780 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
01:27:42.0306 1780 vsmraid - ok
01:27:42.0337 1780 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
01:27:42.0352 1780 VSS - ok
01:27:42.0352 1780 VSSERV - ok
01:27:42.0368 1780 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
01:27:42.0384 1780 W32Time - ok
01:27:42.0384 1780 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
01:27:42.0384 1780 WacomPen - ok
01:27:42.0399 1780 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
01:27:42.0399 1780 Wanarp - ok
01:27:42.0399 1780 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
01:27:42.0399 1780 Wanarpv6 - ok
01:27:42.0415 1780 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
01:27:42.0415 1780 wcncsvc - ok
01:27:42.0430 1780 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:27:42.0430 1780 WcsPlugInService - ok
01:27:42.0430 1780 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
01:27:42.0430 1780 Wd - ok
01:27:42.0446 1780 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
01:27:42.0462 1780 Wdf01000 - ok
01:27:42.0462 1780 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
01:27:42.0462 1780 WdiServiceHost - ok
01:27:42.0477 1780 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
01:27:42.0477 1780 WdiSystemHost - ok
01:27:42.0477 1780 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
01:27:42.0477 1780 WebClient - ok
01:27:42.0493 1780 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
01:27:42.0493 1780 Wecsvc - ok
01:27:42.0493 1780 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
01:27:42.0493 1780 wercplsupport - ok
01:27:42.0508 1780 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
01:27:42.0508 1780 WerSvc - ok
01:27:42.0524 1780 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
01:27:42.0524 1780 WimFltr - ok
01:27:42.0524 1780 WinDefend - ok
01:27:42.0524 1780 WinHttpAutoProxySvc - ok
01:27:42.0540 1780 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
01:27:42.0540 1780 Winmgmt - ok
01:27:42.0586 1780 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
01:27:42.0618 1780 WinRM - ok
01:27:42.0618 1780 [ 7F2F9E48566B2087F2AAAD258CB2A8D4 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
01:27:42.0618 1780 WinUSB - ok
01:27:42.0633 1780 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
01:27:42.0649 1780 Wlansvc - ok
01:27:42.0649 1780 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
01:27:42.0664 1780 wlcrasvc - ok
01:27:42.0696 1780 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:27:42.0727 1780 wlidsvc - ok
01:27:42.0742 1780 wltrysvc - ok
01:27:42.0742 1780 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
01:27:42.0742 1780 WmiAcpi - ok
01:27:42.0758 1780 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
01:27:42.0758 1780 wmiApSrv - ok
01:27:42.0758 1780 WMPNetworkSvc - ok
01:27:42.0774 1780 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
01:27:42.0774 1780 WPCSvc - ok
01:27:42.0774 1780 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
01:27:42.0774 1780 WPDBusEnum - ok
01:27:42.0774 1780 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
01:27:42.0789 1780 WpdUsb - ok
01:27:42.0805 1780 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
01:27:42.0820 1780 WPFFontCache_v0400 - ok
01:27:42.0820 1780 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
01:27:42.0836 1780 ws2ifsl - ok
01:27:42.0836 1780 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
01:27:42.0836 1780 wscsvc - ok
01:27:42.0836 1780 WSearch - ok
01:27:42.0883 1780 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
01:27:42.0930 1780 wuauserv - ok
01:27:42.0930 1780 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
01:27:42.0930 1780 WUDFRd - ok
01:27:42.0945 1780 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
01:27:42.0945 1780 wudfsvc - ok
01:27:42.0945 1780 ================ Scan global ===============================
01:27:42.0945 1780 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
01:27:42.0961 1780 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
01:27:42.0976 1780 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
01:27:42.0992 1780 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
01:27:43.0008 1780 [Global] - ok
01:27:43.0008 1780 ================ Scan MBR ==================================
01:27:43.0008 1780 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
01:27:43.0226 1780 \Device\Harddisk0\DR0 - ok
01:27:43.0226 1780 ================ Scan VBR ==================================
01:27:43.0226 1780 [ 2F5C7CD0C88394ED0BABA75DC80B4831 ] \Device\Harddisk0\DR0\Partition1
01:27:43.0226 1780 \Device\Harddisk0\DR0\Partition1 - ok
01:27:43.0226 1780 [ 20634A22DE3D632E2ED0D6E608B82813 ] \Device\Harddisk0\DR0\Partition2
01:27:43.0242 1780 \Device\Harddisk0\DR0\Partition2 - ok
01:27:43.0242 1780 ============================================================
01:27:43.0242 1780 Scan finished
01:27:43.0242 1780 ============================================================
01:27:43.0242 0616 Detected object count: 0
01:27:43.0242 0616 Actual detected object count: 0
01:27:47.0235 2004 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-22 12:20:31
-----------------------------
12:20:31.002 OS Version: Windows x64 6.0.6002 Service Pack 2
12:20:31.002 Number of processors: 2 586 0x170A
12:20:31.002 ComputerName: MATT-PC UserName: Matt
12:20:31.205 Initialize success
12:20:43.342 AVAST engine defs: 12102101
12:20:46.384 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000069
12:20:46.384 Disk 0 Vendor: SAMSUNG_ VAM0 Size: 122104MB BusType: 3
12:20:46.384 Disk 0 MBR read successfully
12:20:46.384 Disk 0 MBR scan
12:20:46.384 Disk 0 Windows VISTA default MBR code
12:20:46.400 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 94 MB offset 63
12:20:46.400 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 194560
12:20:46.400 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 106648 MB offset 31651840
12:20:46.415 Disk 0 scanning C:\Windows\system32\drivers
12:20:53.794 Service scanning
12:21:13.575 Modules scanning
12:21:13.575 Disk 0 trace - called modules:
12:21:13.824 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll nvstor64.sys
12:21:13.824 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005318060]
12:21:13.824 3 CLASSPNP.SYS[fffffa6000fc9c33] -> nt!IofCallDriver -> [0xfffffa800504dc70]
12:21:13.824 5 acpi.sys[fffffa60007a7fde] -> nt!IofCallDriver -> \Device\00000069[0xfffffa80051b6060]
12:21:14.074 AVAST engine scan C:\Windows
12:21:15.104 AVAST engine scan C:\Windows\system32
12:24:20.447 AVAST engine scan C:\Windows\system32\drivers
12:24:26.687 AVAST engine scan C:\Users\Matt
12:26:26.012 File: C:\Users\Matt\Documents\My Games\Tradewinds\tradewinds.exe **INFECTED** Win32:Malware-gen
12:27:09.458 AVAST engine scan C:\ProgramData
12:28:03.590 Scan finished successfully
13:15:11.324 Disk 0 MBR has been saved successfully to "C:\Users\Matt\Desktop\MBR.dat"
13:15:11.324 The log file has been saved successfully to "C:\Users\Matt\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   565bytes   0 downloads


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:14 AM

Posted 23 October 2012 - 08:13 AM

Did you installed this game and your problem started or have you had it for somethime.

12:26:26.012 File: C:\Users\Matt\Documents\My Games\Tradewinds\tradewinds.exe **INFECTED** Win32:Malware-gen


Delete it if installed recently.
===


  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

#9 pleased123

pleased123
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 24 October 2012 - 06:56 AM

That file had been on my computer way before the problem, but I did remove it. Did not change the problem here are the logs:

OTL logfile created on: 10/24/2012 1:14:31 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matt\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 3.04 Gb Available Physical Memory | 81.15% Memory free
3.86 Gb Paging File | 3.29 Gb Available in Paging File | 85.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 104.15 Gb Total Space | 19.45 Gb Free Space | 18.68% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.24 Gb Free Space | 54.97% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Matt\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe /service File not found
SRV:64bit: - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe /service File not found
SRV:64bit: - (SafeBox) -- C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe File not found
SRV:64bit: - (BdDesktopParental) -- C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe File not found
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (wltrysvc) -- C:\Windows\SysNative\WLTRYSVC.EXE ()
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (FAService) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe (Sensible Vision )
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Adobe Version Cue CS4) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)


========== Driver Services (SafeList) ==========

DRV:64bit: - (bdftdif) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys File not found
DRV:64bit: - (BdfNdisf) -- c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys File not found
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (BDSandBox) -- C:\Windows\SysNative\drivers\bdsandbox.sys (BitDefender SRL)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avchv) -- C:\Windows\SysNative\DRIVERS\avchv.sys (BitDefender)
DRV:64bit: - (pneteth) -- C:\Windows\SysNative\DRIVERS\pneteth.sys (June Fabrics Technology Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()
DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\DRIVERS\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\Drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (itecir) -- C:\Windows\SysNative\DRIVERS\itecir.sys (ITE Tech. Inc. )
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\DRIVERS\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (OA001Vid) -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys (Creative Technology Ltd.)
DRV:64bit: - (OA001Ufd) -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys (Creative Technology Ltd.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\BCM42RLY.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys (REDC)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys (REDC)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (FACAP) -- C:\Windows\SysNative\DRIVERS\facap.sys (Sensible Vision )
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\DRIVERS\serscan.sys (Microsoft Corporation)
DRV:64bit: - (e1express) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\DRIVERS\wimfltr.sys (Microsoft Corporation)
DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()
DRV - (TORNPF) -- C:\Windows\SysWOW64\drivers\tornpf.sys (The Tor Project, Inc.)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {EC95E777-E2EE-42DF-BFE8-E28BFF46F8AA}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{EC95E777-E2EE-42DF-BFE8-E28BFF46F8AA}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_enUS460
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "yahoo.com"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.socks_version: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2013\BDTBEXT
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/13 01:24:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/13 01:24:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext

[2009/10/03 17:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2012/10/23 01:02:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\cudcqmb1.default\extensions
[2010/05/13 02:14:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\cudcqmb1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/27 01:30:36 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\cudcqmb1.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2012/10/13 01:24:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/13 01:24:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/13 01:24:53 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/11 22:18:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/13 01:24:45 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/10/18 18:15:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe File not found
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://aic.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab (DjVuCtl Class)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://128.61.156.78/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.255.216.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DE8A359-2917-47B6-B3DC-84D428E6DD7B}: DhcpNameServer = 10.255.216.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {201CE528-154B-4FF3-9C6F-012E28454F0A} - MtgraphiMsf - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/01 12:48:33 | 000,014,242 | ---- | M] () - C:\AutoEnginuity.log -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


========== Files/Folders - Created Within 30 Days ==========

[2012/10/23 01:07:02 | 000,649,864 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Matt\Desktop\autoruns.exe
[2012/10/20 03:26:05 | 000,694,323 | ---- | C] (Farbar) -- C:\Users\Matt\Desktop\FSS.exe
[2012/10/20 03:12:14 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\RK_Quarantine
[2012/10/20 02:46:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/20 02:43:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/20 02:43:35 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\temp
[2012/10/20 02:38:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/20 02:38:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/20 02:38:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/20 02:38:40 | 000,000,000 | --SD | C] -- C:\Confuse
[2012/10/20 02:38:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/20 02:38:23 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/10/20 02:37:51 | 004,984,242 | R--- | C] (Swearware) -- C:\Users\Matt\Desktop\Confuse.exe
[2012/10/19 22:33:48 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\94528472.sys
[2012/10/19 22:31:03 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Matt\Desktop\tdsskiller.exe
[2012/10/19 00:45:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2012/10/19 00:10:20 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Matt\Desktop\aswMBR.exe
[2012/10/18 22:49:57 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\subinacl.exe
[2012/10/18 22:30:16 | 000,815,665 | ---- | C] (Farbar) -- C:\Users\Matt\Desktop\ListParts64.exe
[2012/10/18 22:26:46 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/10/18 22:24:59 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\tweaking.com_windows_repair_aio
[2012/10/18 18:44:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft
[2012/10/18 18:10:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/18 17:43:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2012/10/18 17:42:16 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Bitdefender
[2012/10/18 17:23:59 | 000,000,000 | ---D | C] -- C:\JRT
[2012/10/17 22:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/17 22:08:02 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/10/13 01:24:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/10 15:20:29 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/10/10 15:20:22 | 001,268,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/10/10 15:20:21 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/24 00:55:43 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/24 00:55:43 | 000,603,738 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/24 00:55:43 | 000,103,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/24 00:50:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/24 00:50:26 | 268,435,456 | -HS- | M] () -- C:\Windows\SysNative\temppf.sys
[2012/10/23 22:36:18 | 000,001,550 | ---- | M] () -- C:\ProgramData\1351046178.bdinstall.bin
[2012/10/23 22:36:03 | 000,001,550 | ---- | M] () -- C:\ProgramData\1351046163.bdinstall.bin
[2012/10/23 22:35:48 | 000,001,550 | ---- | M] () -- C:\ProgramData\1351046148.bdinstall.bin
[2012/10/23 01:08:38 | 000,008,268 | ---- | M] () -- C:\Users\Matt\AppData\Local\d3d9caps.dat
[2012/10/23 01:07:09 | 000,055,296 | ---- | M] () -- C:\Users\Matt\Desktop\BSOD_Windows7_Vista_v2.64_jcgriff2_.exe
[2012/10/23 01:07:02 | 000,649,864 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Matt\Desktop\autoruns.exe
[2012/10/22 15:41:39 | 000,000,565 | ---- | M] () -- C:\Users\Matt\Desktop\MBR.zip
[2012/10/22 13:15:11 | 000,000,512 | ---- | M] () -- C:\Users\Matt\Desktop\MBR.dat
[2012/10/22 00:11:47 | 000,001,460 | ---- | M] () -- C:\Users\Matt\AppData\Local\d3d9caps64.dat
[2012/10/21 23:41:00 | 000,000,936 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\wklnhst.dat
[2012/10/20 03:26:06 | 000,694,323 | ---- | M] (Farbar) -- C:\Users\Matt\Desktop\FSS.exe
[2012/10/20 03:11:31 | 001,425,920 | ---- | M] () -- C:\Users\Matt\Desktop\RogueKiller.exe
[2012/10/20 02:37:51 | 004,984,242 | R--- | M] (Swearware) -- C:\Users\Matt\Desktop\Confuse.exe
[2012/10/19 22:33:48 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\94528472.sys
[2012/10/19 22:31:09 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Matt\Desktop\tdsskiller.exe
[2012/10/19 01:11:30 | 000,000,372 | ---- | M] () -- C:\Users\Matt\Documents - Shortcut.lnk
[2012/10/19 00:10:58 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Matt\Desktop\aswMBR.exe
[2012/10/18 23:03:59 | 000,703,516 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/18 22:45:13 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-MATT-PC-Microsoft®-Windows-Vista™-Home-Premium-(64-bit).dat
[2012/10/18 22:30:16 | 000,815,665 | ---- | M] (Farbar) -- C:\Users\Matt\Desktop\ListParts64.exe
[2012/10/18 18:15:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/10/18 17:43:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2012/10/17 22:22:43 | 000,000,020 | ---- | M] () -- C:\Users\Matt\defogger_reenable
[2012/10/17 01:40:59 | 000,003,616 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/17 01:40:59 | 000,003,616 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/17 01:40:54 | 000,005,332 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/10/17 00:39:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/17 00:39:01 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/17 00:35:06 | 000,092,136 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/10/16 18:14:13 | 000,092,136 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/10/14 23:48:31 | 000,000,473 | ---- | M] () -- C:\Windows\SysNative\checkdnsid.xml
[2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/23 22:36:18 | 000,001,550 | ---- | C] () -- C:\ProgramData\1351046178.bdinstall.bin
[2012/10/23 22:36:03 | 000,001,550 | ---- | C] () -- C:\ProgramData\1351046163.bdinstall.bin
[2012/10/23 22:35:48 | 000,001,550 | ---- | C] () -- C:\ProgramData\1351046148.bdinstall.bin
[2012/10/23 01:07:09 | 000,055,296 | ---- | C] () -- C:\Users\Matt\Desktop\BSOD_Windows7_Vista_v2.64_jcgriff2_.exe
[2012/10/22 15:41:39 | 000,000,565 | ---- | C] () -- C:\Users\Matt\Desktop\MBR.zip
[2012/10/22 13:15:11 | 000,000,512 | ---- | C] () -- C:\Users\Matt\Desktop\MBR.dat
[2012/10/20 03:11:31 | 001,425,920 | ---- | C] () -- C:\Users\Matt\Desktop\RogueKiller.exe
[2012/10/20 02:38:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/20 02:38:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/20 02:38:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/20 02:38:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/20 02:38:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/19 01:11:30 | 000,000,372 | ---- | C] () -- C:\Users\Matt\Documents - Shortcut.lnk
[2012/10/18 23:02:51 | 000,303,616 | ---- | C] ( ) -- C:\SetACL.exe
[2012/10/18 22:45:13 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-MATT-PC-Microsoft®-Windows-Vista™-Home-Premium-(64-bit).dat
[2012/10/17 22:22:43 | 000,000,020 | ---- | C] () -- C:\Users\Matt\defogger_reenable
[2012/10/17 01:41:48 | 268,435,456 | -HS- | C] () -- C:\Windows\SysNative\temppf.sys
[2012/10/14 23:47:39 | 000,000,473 | ---- | C] () -- C:\Windows\SysNative\checkdnsid.xml
[2012/08/13 14:08:19 | 000,173,295 | ---- | C] () -- C:\Windows\hpoins46.dat
[2012/08/13 14:08:18 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2012/07/29 20:18:35 | 000,000,064 | ---- | C] () -- C:\ProgramData\-7mSoL6lNbSg5Tbr
[2012/07/29 20:18:35 | 000,000,064 | ---- | C] () -- C:\ProgramData\-7mSoL6lNbSg5Tb
[2012/07/29 20:18:31 | 000,000,368 | ---- | C] () -- C:\ProgramData\7mSoL6lNbSg5Tb
[2012/01/28 13:52:22 | 000,404,065 | ---- | C] () -- C:\Users\Matt\moms flowers
[2011/12/30 18:26:14 | 000,000,281 | ---- | C] () -- C:\Windows\EReg072.dat
[2011/10/07 19:49:13 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/08/31 02:07:29 | 000,234,536 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/08/31 02:07:21 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/08/05 09:18:56 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dvdtest10024.dat
[2011/05/09 22:08:50 | 000,018,048 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011/05/09 22:08:49 | 002,340,992 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011/05/09 22:08:49 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011/05/09 22:08:49 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011/05/09 22:08:49 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011/04/14 01:45:37 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011/04/14 01:45:37 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011/04/14 01:45:37 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011/04/14 01:40:15 | 000,039,365 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011/01/27 00:16:10 | 000,703,516 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/20 07:59:36 | 000,000,258 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/27 01:14:09 | 000,092,136 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/08/27 01:14:02 | 000,092,136 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/08/24 23:56:15 | 000,050,688 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/20 15:46:31 | 000,000,936 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\wklnhst.dat
[2009/08/19 17:23:24 | 000,008,268 | ---- | C] () -- C:\Users\Matt\AppData\Local\d3d9caps.dat
[2009/08/19 17:20:18 | 000,001,460 | ---- | C] () -- C:\Users\Matt\AppData\Local\d3d9caps64.dat

========== ZeroAccess Check ==========

[2006/11/02 11:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 13:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 03:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 22:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/10/20 02:18:28 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\AVG10
[2012/10/18 17:42:16 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Bitdefender
[2009/08/25 22:09:49 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\com.adobe.ExMan
[2012/05/10 11:15:46 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\DAEMON Tools Lite
[2010/06/15 17:50:28 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Datel
[2012/03/26 22:29:37 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Dropbox
[2011/08/05 09:36:28 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\DVD-Cloner
[2011/07/31 19:56:21 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ImgBurn
[2011/05/27 09:28:45 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PCDr
[2012/04/17 14:32:13 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PDF Software
[2012/09/17 15:09:13 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\QuickScan
[2009/08/20 13:07:38 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Red Alert 3 Demo
[2009/08/20 15:46:32 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Template
[2012/07/29 20:32:00 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TestApp
[2012/10/22 01:27:25 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\uTorrent
[2009/09/06 14:33:41 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2008/05/07 22:03:22 | 000,303,616 | ---- | M] ( ) -- C:\SetACL.exe
[2004/06/11 16:33:28 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\subinacl.exe

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >
[2012/10/20 02:46:19 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-4165812746-1730509679-3114505534-1000\desktop.ini
[2006/11/02 11:42:03 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 11:42:03 | 000,032,630 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/11/29 21:07:21 | 000,000,890 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011/11/29 21:07:22 | 000,000,894 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< MD5 for: AGP440.SYS >
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 22:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/24 23:26:24 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys
[2009/04/11 03:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009/04/11 03:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009/04/24 23:26:24 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/04/11 02:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\SysWOW64\autochk.exe
[2009/04/11 02:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe
[2008/01/20 22:50:26 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
[2009/04/11 03:09:58 | 000,734,720 | ---- | M] (Microsoft Corporation) MD5=E24D4475713CB382A720D003BDDA9628 -- C:\Windows\SysNative\autochk.exe
[2009/04/11 03:09:58 | 000,734,720 | ---- | M] (Microsoft Corporation) MD5=E24D4475713CB382A720D003BDDA9628 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_3ffe01d977405f71\autochk.exe
[2008/01/20 22:49:38 | 000,733,696 | ---- | M] (Microsoft Corporation) MD5=F74203F70337352EEABADAE16A05EAEA -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_3e1288cd7a1e9425\autochk.exe

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 07:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006/11/02 07:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2009/04/24 23:53:49 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2009/04/24 23:53:48 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2009/04/24 23:53:48 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2009/04/24 23:53:47 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009/04/24 23:53:48 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2009/04/24 23:53:47 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2009/04/24 23:53:47 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2009/04/24 23:53:48 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 22:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 22:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: IASTORV.SYS >
[2008/01/20 22:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008/01/20 22:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: KERNEL32.DLL >
[2009/08/17 17:23:04 | 001,233,920 | ---- | M] (Microsoft Corporation) MD5=08E8EF6A8D18BD1D89896903DCD103D2 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_ee74eaec2aa8523e\kernel32.dll
[2008/01/20 22:48:14 | 001,213,952 | ---- | M] (Microsoft Corporation) MD5=1122C8BE4BC4F392598A9543DC1014E0 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_efdc80c50ea8f9e4\kernel32.dll
[2009/08/17 17:23:04 | 001,233,408 | ---- | M] (Microsoft Corporation) MD5=1A5CE3CDE414ED758D4E1616F422C20B -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_ede0a61311929b23\kernel32.dll
[2009/08/17 17:23:03 | 000,858,112 | ---- | M] (Microsoft Corporation) MD5=1B5BE39A927C36B3162ADA23B6CA001E -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_fa751df65c5ab198\kernel32.dll
[2011/04/12 12:15:13 | 001,210,880 | ---- | M] (Microsoft Corporation) MD5=2299078C1E59FE69ADDF49897D6A373A -- C:\Windows\SysNative\kernel32.dll
[2011/04/12 12:15:13 | 001,210,880 | ---- | M] (Microsoft Corporation) MD5=2299078C1E59FE69ADDF49897D6A373A -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18449_none_f1a0c2e10be78eec\kernel32.dll
[2009/08/17 17:23:03 | 001,210,880 | ---- | M] (Microsoft Corporation) MD5=2EEE45C483BA534A84CACC9D8001FE0E -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_f02073a427f9ef9d\kernel32.dll
[2011/04/12 10:33:49 | 000,860,160 | ---- | M] (Microsoft Corporation) MD5=35FC1E7929DA4828B9CC73DC84B42E6F -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22898_none_fa6188305c690deb\kernel32.dll
[2009/08/17 17:23:04 | 000,841,216 | ---- | M] (Microsoft Corporation) MD5=4118366CDDA655F8AEDB20CD03DEBAE9 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_f8c9953e5f091439\kernel32.dll
[2009/08/17 17:23:04 | 000,840,704 | ---- | M] (Microsoft Corporation) MD5=444A00544B4EDFEDD8FCCD281EDE3ED4 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_f835506545f35d1e\kernel32.dll
[2011/04/12 11:14:49 | 001,208,832 | ---- | M] (Microsoft Corporation) MD5=6ADB508FEADBDEC41C194B4C03FA5201 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18631_none_efbd1caf0ec055f8\kernel32.dll
[2011/04/12 10:56:23 | 000,857,600 | ---- | M] (Microsoft Corporation) MD5=6EBBE14BE54877C386C63FFED52D391D -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18631_none_fa11c701432117f3\kernel32.dll
[2011/04/12 10:55:40 | 001,213,440 | ---- | M] (Microsoft Corporation) MD5=777DF7F47BEE82833E324F0EB18B7ED1 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22898_none_f00cddde28084bf0\kernel32.dll
[2008/01/20 22:48:58 | 000,855,552 | ---- | M] (Microsoft Corporation) MD5=799EEDF377F3B72DB30192AD9FD3C7F3 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_fa312b174309bbdf\kernel32.dll
[2011/04/12 12:11:05 | 000,859,648 | ---- | M] (Microsoft Corporation) MD5=7F4CAEAC24592FA9F574E1F8CD1D0604 -- C:\Windows\SysWOW64\kernel32.dll
[2011/04/12 12:11:05 | 000,859,648 | ---- | M] (Microsoft Corporation) MD5=7F4CAEAC24592FA9F574E1F8CD1D0604 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18449_none_fbf56d33404850e7\kernel32.dll
[2009/08/17 17:23:03 | 001,208,832 | ---- | M] (Microsoft Corporation) MD5=8331C9E592358DE5157169699BD836D7 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_efd6b6170eac8ed6\kernel32.dll
[2009/04/11 03:11:15 | 001,217,536 | ---- | M] (Microsoft Corporation) MD5=A1489655AB04BBB5290C3FC274D33E57 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18005_none_f1c7f9d10bcac530\kernel32.dll
[2009/04/11 02:26:44 | 000,858,112 | ---- | M] (Microsoft Corporation) MD5=A5830F679B5B38AE9700A72087178745 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18005_none_fc1ca423402b872b\kernel32.dll
[2011/04/12 11:11:55 | 000,860,672 | ---- | M] (Microsoft Corporation) MD5=BBB3D68596C6B6E8A7ECAFDB2962E89B -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.22625_none_fc90aa945959509a\kernel32.dll
[2009/08/17 17:23:03 | 000,855,552 | ---- | M] (Microsoft Corporation) MD5=D4902D1DC60CB71197EFE4474A582841 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_fa2b6069430d50d1\kernel32.dll
[2011/04/12 11:22:51 | 001,211,904 | ---- | M] (Microsoft Corporation) MD5=F2338C94CDCD7AD28A14428D46A05D0B -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.22625_none_f23c004224f88e9f\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/01/20 22:50:56 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=66306D7E90650EBE667811C1AF010BAC -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_1471f289e5a92fc4\mswsock.dll
[2009/04/11 02:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\SysWOW64\mswsock.dll
[2009/04/11 02:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/20 22:48:39 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
[2009/04/11 03:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\SysNative\mswsock.dll
[2009/04/11 03:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_165d6b95e2cafb10\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/01/20 22:50:38 | 000,739,384 | ---- | M] (Microsoft Corporation) MD5=2A2EE457AF36C5C9A6808C768BD3A12B -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_03e5c74ad46c7e4e\ndis.sys
[2008/02/08 00:41:30 | 000,643,640 | ---- | M] (Microsoft Corporation) MD5=37A917C8586225B0D04E407C11639B7E -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.20768_none_02504837f08cff85\ndis.sys
[2009/04/11 03:15:34 | 000,738,264 | ---- | M] (Microsoft Corporation) MD5=65950E07329FCEE8E6516B17C8D0ABB6 -- C:\Windows\SysNative\drivers\ndis.sys
[2009/04/11 03:15:34 | 000,738,264 | ---- | M] (Microsoft Corporation) MD5=65950E07329FCEE8E6516B17C8D0ABB6 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_05d14056d18e499a\ndis.sys
[2008/02/08 13:31:28 | 000,739,384 | ---- | M] (Microsoft Corporation) MD5=F9A3AE5C9F047D71A36A99F9ABCA7D02 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.22110_none_04649429ed923a09\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 22:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 03:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009/04/11 03:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 22:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NTFS.SYS >
[2009/04/11 03:15:34 | 001,515,496 | ---- | M] (Microsoft Corporation) MD5=BAC869DFB98E499BA4D9BB1FB43270E1 -- C:\Windows\SysNative\drivers\ntfs.sys
[2009/04/11 03:15:34 | 001,515,496 | ---- | M] (Microsoft Corporation) MD5=BAC869DFB98E499BA4D9BB1FB43270E1 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_047b3e4cd26ad615\ntfs.sys
[2008/01/20 22:50:39 | 001,540,152 | ---- | M] (Microsoft Corporation) MD5=FE86BA5AC3B50E2CA911E9C60C07B638 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6001.18000_none_028fc540d5490ac9\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/01/20 22:52:05 | 000,521,216 | ---- | M] (Microsoft Corporation) MD5=96E310EC2BB1FC55FA4D32839AA990A2 -- C:\Windows\winsxs\amd64_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_6a5ccd73c670213d\ntmssvc.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 22:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008/01/20 22:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: PROQUOTA.EXE >
[2006/11/02 07:16:03 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=98559F204D7547D50176CEE965B623A1 -- C:\Windows\SysNative\proquota.exe
[2006/11/02 07:16:03 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=98559F204D7547D50176CEE965B623A1 -- C:\Windows\winsxs\amd64_microsoft-windows-proquota_31bf3856ad364e35_6.0.6000.16386_none_81aed15f4dd7884b\proquota.exe
[2006/11/02 05:45:33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\SysWOW64\proquota.exe
[2006/11/02 05:45:33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.0.6000.16386_none_259035db957a1715\proquota.exe

< MD5 for: QMGR.DLL >
[2009/04/11 03:11:22 | 001,081,856 | ---- | M] (Microsoft Corporation) MD5=6D316F4859634071CC25C4FD4589AD2C -- C:\Windows\SysNative\qmgr.dll
[2009/04/11 03:11:22 | 001,081,856 | ---- | M] (Microsoft Corporation) MD5=6D316F4859634071CC25C4FD4589AD2C -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_819ad97caef1480e\qmgr.dll
[2008/01/20 22:50:12 | 001,082,368 | ---- | M] (Microsoft Corporation) MD5=D896A0D43F8AB81ECB1FC6C24DECFD58 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_7faf6070b1cf7cc2\qmgr.dll

< MD5 for: SCECLI.DLL >
[2008/01/20 22:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 22:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 03:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009/04/11 03:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< MD5 for: SPOOLSV.EXE >
[2010/08/17 10:54:44 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=439017BE66398AB809D81B3AE8393883 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.22468_none_34a17b8490538c82\spoolsv.exe
[2010/08/17 10:02:18 | 000,270,848 | ---- | M] (Microsoft Corporation) MD5=7F59AA690212241B398D6DBE4071EE3C -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.22743_none_32cba802932180c9\spoolsv.exe
[2010/08/17 10:04:48 | 000,267,776 | ---- | M] (Microsoft Corporation) MD5=92E6738D25C2123BE9515C0EAC0776CD -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18511_none_3260788179ed5d57\spoolsv.exe
[2008/01/20 22:49:35 | 000,267,264 | ---- | M] (Microsoft Corporation) MD5=E6519A9E756D74DC51C697BA62162F51 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_326a3ea579e6364c\spoolsv.exe
[2009/04/11 03:10:56 | 000,268,288 | ---- | M] (Microsoft Corporation) MD5=EADA445EAEDD1D7DF4C5EB42B3612729 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18005_none_3455b7b177080198\spoolsv.exe
[2010/08/17 10:54:20 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=F66FF751E7EFC816D266977939EF5DC3 -- C:\Windows\SysNative\spoolsv.exe
[2010/08/17 10:54:20 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=F66FF751E7EFC816D266977939EF5DC3 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18294_none_33f36be77751de08\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: TERMSRV.DLL >
[2009/04/11 03:11:26 | 000,547,328 | ---- | M] (Microsoft Corporation) MD5=5CDD30BC217082DAC71A9878D9BFD566 -- C:\Windows\SysNative\termsrv.dll
[2009/04/11 03:11:26 | 000,547,328 | ---- | M] (Microsoft Corporation) MD5=5CDD30BC217082DAC71A9878D9BFD566 -- C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6002.18005_none_eca9565809c353e4\termsrv.dll
[2008/01/20 22:48:12 | 000,546,816 | ---- | M] (Microsoft Corporation) MD5=F870A5589D6A94B426EFB13689023946 -- C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_eabddd4c0ca18898\termsrv.dll

< MD5 for: USERINIT.EXE >
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >


OTL Extras logfile created on: 10/24/2012 1:14:31 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matt\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 3.04 Gb Available Physical Memory | 81.15% Memory free
3.86 Gb Paging File | 3.29 Gb Available in Paging File | 85.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 104.15 Gb Total Space | 19.45 Gb Free Space | 18.68% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.24 Gb Free Space | 54.97% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Flash Renamer] -- "C:\Program Files (x86)\Flash Renamer\FlashRen.exe" "/p %1" (RL Vision)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Flash Renamer] -- "C:\Program Files (x86)\Flash Renamer\FlashRen.exe" "/p %1" (RL Vision)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = E1 EE 63 F2 3C 75 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4165812746-1730509679-3114505534-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0557C73B-86A0-4F5E-B432-70585719D38F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{096E7F3C-EAA2-43FC-B63C-B0A3F999AA6E}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{0B2287E4-A4BD-4B9D-80DF-AD630FB2DF23}" = rport=10244 | protocol=6 | dir=out | app=system |
"{10BE28D5-9F69-4684-88C7-67F08F20999D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{123A324D-3C7F-4887-9FE1-6C1112D463E8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{12EED0AD-C0C8-4CB5-8E8C-7446158736EB}" = lport=10244 | protocol=6 | dir=in | app=system |
"{13264569-EE39-42C2-ACD1-89131733A262}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1611CD45-6671-41CB-9B09-DE187B03035F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1767B6A9-9935-41B4-8BA8-7CB63994E843}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{18E6FA10-46B5-4850-BC26-6B8419EA938E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1A20350D-D285-4800-A232-A55DD9785073}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{21E4D255-6476-4F23-ACA1-23A5B7ED2494}" = lport=2869 | protocol=6 | dir=in | app=system |
"{23F3E227-49F3-48D0-AEF8-040A6C296B2F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B98AAB3-D01E-4CEA-85B2-48A348BC40C0}" = lport=3390 | protocol=6 | dir=in | app=system |
"{2F6707BA-5C95-4728-B1E6-0F1E579C35B0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{318A032E-13DE-4628-BC0D-96FFB1B24201}" = lport=10244 | protocol=6 | dir=in | app=system |
"{3AE09AF6-7768-4DCC-ABEC-2B36C69E1658}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3E016D00-7665-4245-ACA1-9FFC08D62673}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4C10349B-57BC-44AB-B769-1CE0A50ADC7F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5274D013-C40F-4212-BA71-A3FF1F1D4857}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{57319045-F3AF-4BF7-8257-AA826E44C814}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5AF45E5D-8702-4C0D-B309-817D11D6CDAD}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{5F6DB4AA-3BA0-441C-9D0C-9FFE3123FDF3}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{7B132570-3653-490C-A9AB-36ED574EAEA9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{840EF34B-0D34-4C2D-B86D-DF1DBD6D8E0B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{84C48D9D-D63A-4619-A06A-9BBC4936C03F}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{90AD0DF1-7D31-4E3D-A3A5-D73585B56EC5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{912CB256-1BE3-4793-8AB8-3F75A70C120D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9465B3C1-44D3-489F-8AB0-D576455F0C74}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{99599023-790E-4474-9A18-612D5E1AC19A}" = rport=10244 | protocol=6 | dir=out | app=system |
"{9B064BD2-DBD0-466B-BFAB-C95F6206E087}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A1FEEDEB-05FC-4BED-9EC6-994BD34D52EC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A2B938FB-123F-42A2-927F-556A78BBF645}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A3AFF20D-88DB-41E5-A766-9EF4F69235A3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A5348A81-9AB5-45B2-A318-40BD1DE185F7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{ABAC104C-6C93-4D22-8763-C7B253EC9C4B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ADE42C53-2C25-4495-95B9-2D7D860E5E56}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B79483E4-3505-49D7-9515-995E3BF45280}" = lport=3390 | protocol=6 | dir=in | app=system |
"{B83A2968-FB15-4BC3-921E-1256BA212279}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C0034114-205F-4911-88EE-6521E296897F}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{C1659E0F-02B4-417C-A674-488D2C497028}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C956D1B5-BF3B-47A5-BEB6-DE3FDFBAD813}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CC5160CE-2B46-4365-AC2F-ED65CA50D7D3}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{CCC52214-E702-4CFB-BD01-AF8A912A040C}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{D05CDABC-D2A7-4D8D-B05B-D0A9B4E7229D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D1AACD8D-3EBC-4165-BFBF-58CFCBFB39AA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E685B3DC-41B4-4DA3-8FB1-97796B4D4C10}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F13BE9F9-1AC0-4814-997C-3C0C9B418106}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{F698654D-30E2-4EF9-8DF2-7428A263CE36}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011680D4-B68C-4B4D-A0C3-4B2C368705C9}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{092DE81F-09ED-423D-B51C-9BA472D33BCA}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{11C13D03-0034-432E-A8BC-0404BF86558D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{143059F8-C70B-4F7D-9060-451DF5680DE2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{152459A8-7D28-4527-9ACD-6ED24CDB3CDC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1AB777A4-8CAD-426E-995C-EB560D955250}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1BAEF1F4-FEF8-439E-9A85-EBF46943C811}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{1C5A94A4-52C1-4863-8F8D-E70E05F576DB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{1DC17AE8-663A-476E-A44E-26EBE423D06F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1ED60C54-37F6-4DE0-B4CE-A5261B27B1A5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1FDFBD35-6C33-4CD4-A1E6-89039FCD3CA5}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{2A7D7BAB-0926-4311-9996-D5F244EC3B56}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2D35EDB0-D35B-4C58-A1A8-92F1F42B2899}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{35102E4E-F647-4339-A59B-3A849E7B2C29}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3DFB020A-B608-43B5-B72B-1DC045E65FE6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{48C6B2E1-542E-43E5-8CE1-FC88B1037AA7}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{4A66BA66-DCC4-49F0-8B06-F62D87F474EE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4BCC2B1E-DAE1-4413-8925-A007E6D01622}" = dir=in | app=c:\users\matt\appdata\local\temp\7zs7d7d\setup\hpznui40.exe |
"{6E84833E-3809-4FB7-B610-B86C732A9AD1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6FBEDCDA-5484-4405-8BA3-D5E50E5A4E92}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{710F3AF7-6F06-47A3-BEEE-2A3F2ABCC5EF}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{7121A834-9C48-4548-97B0-9276B78CF8FF}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{77CE4EB0-806D-4FC8-A2D8-FE64FFB8ECAF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{78A5F08A-2AA3-426A-A028-A7ECA73709B3}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{81FE8940-E7F5-4F19-91DF-E2BDC9A1ACDF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{842DAB13-2E68-4DA8-A97D-5A77CF361570}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{85221908-D68B-455E-9297-4D2E14E94BB0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8AA58AE9-6A18-4672-BC59-B125FCFC6F32}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{8F87700F-5C59-445A-A178-2144FCEF10CA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9954DEAC-4889-4E27-AD21-EE77D21A3A2B}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{9BEA0805-FFDB-404A-87DF-B0005EA0682A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{9EE019B6-DB26-4F56-ADE7-070FC8B67454}" = protocol=6 | dir=out | app=system |
"{A159C25B-23B3-4036-9C8A-DBE93E525164}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{A185012B-B027-4661-8E96-C4621ED4FDA0}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B03CC9A3-4B25-4624-96F7-8207C50C1B7D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{B2059D82-A20D-4BFA-ACDD-96F771C2FC97}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{BC6BDEE6-0425-44D3-87FF-F0A391CFC9FE}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{BD757CCC-3AEC-43DC-A131-CC20F1E242C3}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{C821531C-E953-4FE5-A14F-6CA49559F81D}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D623A1FC-974D-4C6B-B673-BDAE73AB4AB6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DCB7B7BF-3494-4A1A-86CF-1F6DB2E971D3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{DCD0429B-FE84-4387-85FB-CF9564E985D2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E4F5C037-075D-4530-81D4-E399DDE3164F}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{E4FFD7B5-C5C6-41BD-B600-777B75A90397}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E5A05B22-0656-4050-819B-3CB75C3A0D61}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E61B7C92-0D12-486E-887F-2BD8FA26B8F2}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{EFC1C99D-858F-4BCB-A74C-9344A208D47E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{FD470338-FEFB-4570-A04E-F8C9D861B23A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"TCP Query User{15407AB0-FC71-41CE-8F75-5F4D1F806ECF}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{19CC8C43-7DB4-486C-9721-6DD9A80AB12A}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{22388D78-6BE8-4D71-B5C1-2FC05611539C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{4078B11C-602B-4D01-9015-AAE25BADF206}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{4E67FA6A-FC40-4970-898D-2123A871D3A5}F:\empires2.exe" = protocol=6 | dir=in | app=f:\empires2.exe |
"TCP Query User{6BD086A2-906D-4466-8386-35E2BD85DF8A}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{8559515E-F4F8-4B62-BFCE-B4EC7FFE107C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{B3A58A24-7468-43EF-B011-79013FEFD0D9}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe |
"TCP Query User{BD737BE8-04BA-4D45-863D-384244B06CFE}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe |
"TCP Query User{BD9F0850-7446-4E98-80A1-10478D433BFD}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{E17C04DD-2C0A-4E38-BC71-6A15F9280B95}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{E5369CF5-ECEE-4ED3-A389-702AAB8A6C50}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{007B1195-96B3-4BA3-8E17-E0910400C8CA}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{0E03E722-BBD5-4CE8-AF22-B0C5B9C9BCE9}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{1DE29C86-6644-4613-98D6-76E1FD5E6C26}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe |
"UDP Query User{5BE49F37-F527-4B05-950F-243F7D486708}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{67B142E7-B470-4555-BE7F-E97C1650DA5A}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{7CF5BE90-D4E7-41B3-8B25-ABB3875550D2}F:\empires2.exe" = protocol=17 | dir=in | app=f:\empires2.exe |
"UDP Query User{92F1DAF1-182E-40AA-85E1-A5E4492746E8}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{95A652B5-9B71-4A22-845C-977716ADEF02}C:\program files (x86)\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.exe |
"UDP Query User{B317A507-46DE-4D46-BF84-4503805260B9}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{D83A1FBF-D713-4318-BADB-A8CDD116AD6A}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{F15056BE-0E71-439B-8F64-D2243C07C101}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{F3FBFAA7-9CCA-41D3-8ECF-2DDCDABF910A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.4402
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}" = HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCF07271-A853-4D3A-B668-4B752174CAA8}" = iTunes
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E51BCCB3-C820-46A8-9277-391E9DB49D7A}" = FastAccess
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Bitdefender" = Bitdefender Total Security 2013
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"CCleaner" = CCleaner
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Dell Touchpad
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AC20F25-D404-4454-8D87-A6479FF45556}" = MtgraphiMsf
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java™ 6 Update 35
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63934E99-A4F7-478C-8BB0-259BB9D78FFF}" = Microsoft Report Viewer Redistributable 2005
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85498904-0748-45AA-9482-6DB8EA971B91}" = DJ_AIO_06_F4500_SW_MIN
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C0E5147E-C9F3-4360-9ED0-2E875F11766C}" = Respondus LockDown Browser
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = The Sims™ 3 Fast Lane Stuff
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDC8065B-80DE-4466-B90B-2581F6D77DFF}" = Image Plugin
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Age of Empires 2.0" = Microsoft Age of Empires II
"Algebrator_is1" = Algebrator 5.0
"Alt.Binz" = Alt.Binz 0.25.0
"Audacity_is1" = Audacity 1.2.6
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"Cool Timer_is1" = Cool Timer 3.6
"Dell Webcam Central" = Dell Webcam Central
"Diablo II" = Diablo II
"DjVu" = LizardTech DjVu Control (autoinstall)
"DVD-Cloner 8_is1" = DVD-Cloner V8.40 Build 1009
"Flash Renamer_is1" = Flash Renamer 6.41
"GoToAssist" = GoToAssist 8.0.0.514
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"mIRC" = mIRC
"Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"QuickPar" = QuickPar 0.9
"ScanTool.net for Windows" = ScanTool.net for Windows v1.13
"SimCity 3000" = SimCity 3000
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.5
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.3d
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager

Error encountered while reading event logs.

< End of report >

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:14 AM

Posted 24 October 2012 - 09:00 AM

Event logs are useful in identifying problems.
Both your Extra.txt file and the OTL log are not reporting this.
Let see what we can find.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • List last 10 Event Viewer log
Click Go and copy/paste the log (Result.txt) into your next post.

#11 pleased123

pleased123
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 25 October 2012 - 12:12 AM

Problem has been solved. The rootkit had changed my boot configuration data. To view this data restart your computer tapping F10, you should find yourself at a black screen showing Edit Boot Options at the top. The brackets on my pc read: [ /noexecute=optin /minint ] the brackets should have read only [ /noexecute=optin ] . Farbar recovery scan tool was used to correct problem.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:14 AM

Posted 25 October 2012 - 08:49 AM

Good catch.

Farbar recovery scan tool was used to correct problem.
If you still have the Farbar log I would appreciate if you could paste it in your next reply.

===

May I suggest we continue with the cleanup.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Please post the logs for my review.

#13 pleased123

pleased123
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 25 October 2012 - 10:55 PM

I do not have the farbar log, but here are all other logs:

ComboFix 12-10-25.02 - Matt 10/25/2012 23:29:40.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.1989 [GMT -4:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1351046148.bdinstall.bin
c:\programdata\1351046163.bdinstall.bin
c:\programdata\1351046178.bdinstall.bin
c:\programdata\1351081444.bdinstall.bin
c:\programdata\1351081469.bdinstall.bin
c:\programdata\1351110859.bdinstall.bin
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-09-26 to 2012-10-26 )))))))))))))))))))))))))))))))
.
.
2012-10-26 03:37 . 2012-10-26 03:39 -------- d-----w- c:\users\Matt\AppData\Local\temp
2012-10-26 03:37 . 2012-10-26 03:37 -------- d-----w- c:\users\Tor\AppData\Local\temp
2012-10-26 03:37 . 2012-10-26 03:37 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
2012-10-26 03:37 . 2012-10-26 03:37 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-10-26 03:37 . 2012-10-26 03:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-25 00:10 . 2012-10-25 00:10 -------- d-----w- C:\FRST
2012-10-24 12:53 . 2012-08-29 11:40 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-24 12:17 . 2012-10-24 12:17 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-10-20 06:38 . 2012-10-20 06:43 -------- d-----w- C:\Confuse
2012-10-20 02:33 . 2012-10-20 02:33 208216 ----a-w- c:\windows\system32\drivers\94528472.sys
2012-10-19 04:45 . 2012-10-21 22:28 -------- d-----w- c:\windows\system32\catroot2
2012-10-19 03:03 . 2012-10-19 03:03 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2012-10-19 03:02 . 2008-05-08 02:03 303616 ----a-w- C:\SetACL.exe
2012-10-19 02:49 . 2004-06-11 20:33 290304 ----a-w- C:\subinacl.exe
2012-10-19 02:26 . 2012-10-19 03:06 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-10-18 22:44 . 2012-10-19 02:16 -------- d-----w- c:\program files (x86)\NirSoft
2012-10-18 21:23 . 2012-10-18 21:29 -------- d-----w- C:\JRT
2012-10-18 02:08 . 2012-09-29 23:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-10 19:20 . 2012-09-13 13:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 19:20 . 2012-09-13 13:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 19:20 . 2012-08-24 16:07 218624 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 19:20 . 2012-08-24 15:53 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-10 19:20 . 2012-06-02 00:20 1268736 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 19:20 . 2012-06-02 00:02 985088 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 19:20 . 2012-06-02 00:20 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 19:20 . 2012-06-02 00:20 132096 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 19:20 . 2012-06-02 00:02 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-10 19:20 . 2012-06-02 00:02 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 19:29 . 2006-11-02 12:35 65309168 ----a-w- c:\windows\system32\mrt.exe
2012-09-24 19:32 . 2012-09-03 18:27 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-24 19:32 . 2010-05-19 17:47 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-24 11:15 . 2012-09-22 13:56 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 13:56 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 13:56 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 13:56 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 13:56 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 13:56 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 13:56 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 13:56 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 13:56 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 13:56 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 13:56 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 13:56 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 13:56 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 13:56 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 13:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 13:56 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 13:56 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 13:56 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 13:56 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 13:56 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 13:56 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 13:56 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-17 11:55 . 2010-06-24 15:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2009-05-24 95496]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2011-01-13 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-29 766536]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-05 559616]
.
c:\users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
c:\users\Mcx2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
c:\users\Tor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
c:\users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 1025576]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [2009-03-30 89600]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 01:07]
.
2012-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 01:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-12 1657128]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 4119552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-17 15871520]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-17 82464]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-03-17 89120]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.255.216.1
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://128.61.156.78/activex/AMC.cab
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\cudcqmb1.default\
FF - prefs.js: browser.startup.homepage - yahoo.com
FF - ExtSQL: 2012-09-03 14:27; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-24 08:17; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2009-08-19 17:08; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-FAStartup - (no file)
SharedTaskScheduler-{201CE528-154B-4FF3-9C6F-012E28454F0A} - (no file)
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
.
**************************************************************************
.
Completion time: 2012-10-25 23:42:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-26 03:42
.
Pre-Run: 9,247,539,200 bytes free
Post-Run: 8,708,059,136 bytes free
.
- - End Of File - - 6519358B756F5BD3C7208AE68142D0AC


Results of screen317's Security Check version 0.99.53
Windows Vista Service Pack 2 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
Malwarebytes Anti-Malware version 1.62.0.1300
HijackThis 2.0.2
Java™ 6 Update 37
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.183.10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader X (10.1.4)
Mozilla Firefox (16.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````


# AdwCleaner v2.005 - Logfile created 10/25/2012 at 23:51:46
# Updated 14/10/2012 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : Matt - MATT-PC
# Boot Mode : Normal
# Running from : C:\Users\Matt\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\DAEMON Tools Toolbar

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\S-1-5-21-4165812746-1730509679-3114505534-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default
File : C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\cudcqmb1.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Tor\AppData\Roaming\Mozilla\Firefox\Profiles\4tsdw05a.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1569 octets] - [25/10/2012 23:51:46]

########## EOF - C:\AdwCleaner[R1].txt - [1629 octets] ##########

#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:14 AM

Posted 26 October 2012 - 07:30 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 37

Remove also the old version of HijackThis 2.0.2 which is not reporting correct information on 64 bit systems.


===

Critical vulnerabilities have been identified in Adobe Flash Player v11.3.300.264 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)

Remove the two current versions using the Add/Remove programs applet.
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

Remove the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Everything that was found will be deleted.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number)..

Please post the log and let me know what problem persists.

#15 pleased123

pleased123
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 26 October 2012 - 09:47 AM

Everything seems good! Here is log:

# AdwCleaner v2.005 - Logfile created 10/26/2012 at 10:42:56
# Updated 14/10/2012 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : Matt - MATT-PC
# Boot Mode : Normal
# Running from : C:\Users\Matt\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\DAEMON Tools Toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default
File : C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\cudcqmb1.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Tor\AppData\Roaming\Mozilla\Firefox\Profiles\4tsdw05a.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1692 octets] - [25/10/2012 23:51:46]
AdwCleaner[S1].txt - [1393 octets] - [26/10/2012 10:42:56]

########## EOF - C:\AdwCleaner[S1].txt - [1453 octets] ##########




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users