Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Click Hijacking


  • This topic is locked This topic is locked
57 replies to this topic

#1 PewLazers

PewLazers

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 11 November 2012 - 02:19 PM

I've had click hijacking going on for about 2 months or so now. At first I rarely noticed it and now it seems it happens quite often. I've ran scans of Malaware Bytes, Hitman Pro, and Microsoft Security Essentials all of which found different things and removed them but the problem remains. I ran combofix earlier today, the log is attached. Any help would be great.

Thanks.


Edit:
Repost Combofix Log
Oh My!


ComboFix 12-11-10.01 - willerz 11/11/2012 14:00:15.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2939.1830 [GMT -5:00]
Running from: c:\users\willerz\Downloads\Walk Out Songs\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-11 to 2012-11-11 )))))))))))))))))))))))))))))))
.
.
2012-11-11 19:06 . 2012-11-11 19:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-11 08:31 . 2012-11-11 08:31 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EBD4770B-94D2-4B9E-BDDB-FA47E36351BE}\offreg.dll
2012-11-11 08:27 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EBD4770B-94D2-4B9E-BDDB-FA47E36351BE}\mpengine.dll
2012-11-10 14:50 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-10 14:41 . 2012-11-10 14:41 -------- d-----w- c:\program files (x86)\ETS
2012-11-07 18:47 . 2012-11-07 18:59 -------- d-----w- c:\programdata\HitmanPro
2012-11-05 23:52 . 2012-11-05 23:52 -------- d-----w- C:\Riot Games
2012-11-02 17:26 . 2012-11-02 17:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-31 22:12 . 2012-10-31 22:12 -------- d-----w- c:\users\willerz\AppData\Roaming\Malwarebytes
2012-10-31 22:10 . 2012-10-31 22:10 -------- d-----w- c:\programdata\Malwarebytes
2012-10-31 22:10 . 2012-10-31 22:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-31 22:10 . 2012-09-29 23:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-24 15:47 . 2012-10-24 15:47 -------- d-----w- c:\users\willerz\AppData\Local\Macromedia
2012-10-24 15:16 . 2012-10-24 15:16 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-24 15:16 . 2012-10-24 15:16 -------- d-----w- c:\windows\system32\Macromed
2012-10-22 01:04 . 2012-10-03 02:45 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F17D9F5E-DD11-400D-A0B7-0CDF833047F3}\gapaengine.dll
2012-10-19 00:36 . 2012-10-28 05:16 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-24 15:16 . 2011-12-05 08:57 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-12 17:11 . 2010-05-25 02:06 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-03 23:26 . 2012-10-03 23:17 525792 ----a-w- c:\windows\DIFxAPI.dll
2012-10-03 02:45 . 2011-03-19 01:55 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-22 00:23 . 2012-09-22 00:24 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-22 00:23 . 2011-04-02 04:52 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-20 00:54 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-09-20 00:54 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-09-14 19:19 . 2012-10-10 14:49 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 14:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 02:03 . 2012-08-31 02:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 02:03 . 2010-10-25 01:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 18:03 . 2012-10-10 14:49 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 14:49 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 14:49 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05 . 2012-10-10 14:49 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-10 14:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-24 11:15 . 2012-09-23 22:04 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-23 22:04 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-23 22:04 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-23 22:04 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-23 22:04 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-23 22:04 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-23 22:04 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-23 22:04 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-23 22:04 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-23 22:04 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-23 22:04 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-23 22:04 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-23 22:04 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-23 22:04 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-23 22:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-23 22:04 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-23 22:04 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-23 22:04 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-23 22:04 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-23 22:04 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-23 22:04 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-23 22:04 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-20 13:21 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-20 13:21 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-20 13:21 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{442AE524-EBA5-4b17-82F3-888D68BC999A}]
2009-11-24 19:27 252416 ----a-w- c:\program files (x86)\oovootb\auxi\oovooAu.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}]
2009-11-24 21:35 87512 ----a-w- c:\program files (x86)\oovootb\oovoodx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{A1FB2F9A-D35E-11DD-8935-E46A56D89593}"= "c:\program files (x86)\oovootb\oovoodx.dll" [2009-11-24 87512]
.
[HKEY_CLASSES_ROOT\clsid\{a1fb2f9a-d35e-11dd-8935-e46a56d89593}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA&inst=NwA3AC0ANAAxADIANwA0ADkAMAAzADIALQBTAFQAMQArADIALQBGAFAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAFgATwAzADYAKwAxAC0ARgA5AE0ANwBDACsANQAtAEYAOQBNADEAMABCACsAMQA&prod=90&ver=9.0.894" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-25 1255736]
R4 gupdate1cafbc455ef312a;Google Update Service (gupdate1cafbc455ef312a);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-25 133104]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S2 BNPagent;Bradford Persistent Agent Service;c:\program files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [2011-10-28 3079960]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 11392]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-24 15:16]
.
2012-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-25 04:39]
.
2012-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-25 04:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 152.32.5.230 152.32.5.232
FF - ProfilePath - c:\users\willerz\AppData\Roaming\Mozilla\Firefox\Profiles\h8j0687m.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-09-21 20:24; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{99E00A4C-D35E-11DD-BA95-9B6A56D89593} - (no file)
SafeBoot-15669121.sys
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-11 14:09:51
ComboFix-quarantined-files.txt 2012-11-11 19:09
.
Pre-Run: 79,411,933,184 bytes free
Post-Run: 79,064,489,984 bytes free
.
- - End Of File - - 2BED710A4CFD69FC9E61DB11160BC644

Attached Files


Edited by Oh My, 13 November 2012 - 10:38 AM.
Repost Combofix Log


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:53 AM

Posted 13 November 2012 - 10:37 AM

Greetings PewLazers and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:


===================================================


Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================


Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided. I will post back as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 PewLazers

PewLazers
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 13 November 2012 - 11:03 AM

Thank You Oh My! I am looking forward to it.

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:53 AM

Posted 13 November 2012 - 11:17 AM

Greetings PewLazers,

While I am reviewing the information you provided could I impose upon you to post the TDSSKiller log from 11-2? Please do this for me.


===================================================


Posting Previous TDSSKiller log

--------------------

  • Using Windows Explorer navigate to the root directory (normally c:\)
  • Locate the TDSSKiller log which will be named similar to:

    TDSSKiller_version_date_time_log.txt
  • Copy and paste the contents of that document in your reply

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • Would you allow me to call you by your first name?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:53 AM

Posted 13 November 2012 - 01:24 PM

Greetings PewLazers,

Please don't miss my previous post.

Here are some additional steps I would like you to take.


===================================================


AdwCleaner by Xplode - Search for Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Search
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well

===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.


    Posted Image
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.


    Posted Image
  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


OTL

--------------------

Please download OTL here.

  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Copy and paste the two reports in your next reply.

  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • AdwCleaner log
  • aswMBR log
  • OTL log
  • Extra log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 PewLazers

PewLazers
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 14 November 2012 - 12:24 AM

Sure you can call me by my first name.

OTL Extras logfile created on: 11/13/2012 11:57:15 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\willerz\Downloads\Walk Out Songs
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 46.16% Memory free
5.74 Gb Paging File | 4.14 Gb Available in Paging File | 72.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 79.65 Gb Free Space | 34.21% Space Free | Partition Type: NTFS

Computer Name: ILLWILL | User Name: willerz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2298127317-2982985084-3003126483-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0296D320-27C3-4014-A91F-4C3CEFE1AF92}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{047115ED-EC7A-4146-A9A6-9CA0BF4947E0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{099F5E59-B493-471E-90E6-E91CAD1D0238}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{12AC2762-47D1-4139-9525-EB1610021C49}" = lport=139 | protocol=6 | dir=in | app=system |
"{1588C0F5-C12E-4967-B55D-944CF5EE9306}" = rport=445 | protocol=6 | dir=out | app=system |
"{2C55FD18-AFEB-44A1-90C1-4A906F4F0419}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3ADB8E4E-4BCB-41EF-A7D8-1F743A8028F4}" = rport=139 | protocol=6 | dir=out | app=system |
"{421DDB57-101A-4BDF-9A9E-CA42431DC35F}" = lport=137 | protocol=17 | dir=in | app=system |
"{50263550-BC30-4762-933E-0FB913F5600A}" = rport=137 | protocol=17 | dir=out | app=system |
"{50C7F5B9-A83C-4FBD-A41C-3BA38BFB5BAB}" = lport=138 | protocol=17 | dir=in | app=system |
"{5F4B0A24-1C0B-4BAA-B6D5-E149D8EB98C8}" = lport=445 | protocol=6 | dir=in | app=system |
"{6B82B833-B3A6-4C89-95AA-4FDF5C002FDC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{77F7C2E9-8E86-41C0-AF66-4E9725190727}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{788B1F2E-8D4A-47E1-B417-3A39B2FF9E36}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{859838A8-3976-4091-8EC9-41B367E4C1CF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{97DAB5AB-C5BE-4DC9-B162-24A0E7724B69}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9CF61E49-76B2-48F4-B47C-BBCCA3D404C8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AA734FA7-D5C0-46D0-894B-761AC992E5EA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AD87AF50-3A9F-4DC0-AF81-C62E09578A85}" = rport=138 | protocol=17 | dir=out | app=system |
"{C6CCC6D5-C0ED-4719-91DC-35B7EDA0EBBA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF1B4676-1AF0-4F98-B88A-D6E9FCE56A31}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F541FBCE-CC25-4B01-AC15-EB0711175AAF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FB8418CB-7A73-477B-BD55-B3224EC6DB1B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FBC949A2-01A1-4448-B247-9B953C5EA842}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0222AAB0-F568-4EF0-AB4C-C838A4E5B99B}" = protocol=17 | dir=in | app=c:\program files (x86)\bradford networks\persistent agent\bndaemon.exe |
"{199CF528-7E2A-49DF-AA6B-5617DA5115F9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1E717374-3D72-4AF6-9D58-5109F9353DCB}" = protocol=6 | dir=in | app=c:\program files (x86)\dolbyaxon\axon.exe |
"{22E92672-F261-4ECC-B5E2-21858DCC8AEC}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{27CBFA51-5CFC-496E-B234-1BE5188A5341}" = protocol=6 | dir=in | app=c:\program files (x86)\bradford networks\persistent agent\bndaemon.exe |
"{2B4DDD6A-670F-46B1-B45B-2DFE7F7E2E5F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2D68B2FC-B35F-4622-BDC6-40CDE6101871}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{327D7757-8573-4E6E-BA36-D7B4F49F6F4D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{350B44A4-25B8-4FF0-B865-B0785EBA3486}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4203D87B-0847-4C50-8A06-6EAF2C74CA91}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{43B8E0A3-A7D6-437F-885F-48516E5545E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{46E31051-0A3E-4736-9A46-8318B99B2706}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{494C3943-80F4-465D-BD62-D915010C16DB}" = protocol=17 | dir=in | app=c:\program files (x86)\bradford networks\persistent agent\bndaemon.exe |
"{4D3FFAAB-A669-43BC-8A85-B42BCE57D4FF}" = protocol=17 | dir=in | app=c:\program files (x86)\dolbyaxon\axon.exe |
"{588ECABA-4A5D-4273-B20A-FA5F5B8E86D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{591BF499-A8A0-43FD-8308-0E6D4E39B049}" = protocol=6 | dir=in | app=c:\program files (x86)\bradford networks\persistent agent\bndaemon.exe |
"{5F3A09B0-5BF7-4E16-BD76-42FFDDEFB308}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5F8B80DB-E303-42BA-B6B8-A0B12FFCC73D}" = protocol=17 | dir=in | app=c:\program files (x86)\bradford networks\persistent agent\bndaemon.exe |
"{78CAE0CC-2EAF-401E-A071-8A616A97DBA5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{813DB960-2A31-4077-A903-40396DFCF29D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{85753644-6C39-44CE-8C18-B15C3C52E088}" = protocol=6 | dir=in | app=c:\program files (x86)\bradford networks\persistent agent\bndaemon.exe |
"{883829CF-C551-4FDC-98D0-A3D596841F41}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9476A535-8481-43C1-8B21-D1FA41E9D07C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{95F80589-EC48-4E72-B4A7-7760CA5FB0A8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{96BAA800-9389-4D77-A0F1-393C12C2BD64}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{96D88BA4-2C06-42C9-AA8C-8A114814A06D}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{970C78D0-4BE3-4C93-BAAD-0CB0481E0CAF}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9C3E9194-D2E3-407A-89BB-513DB365FDA8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A28BC49A-937B-4B0D-80B3-5E3FF1CDF4D7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A36893BD-E9D7-4B52-8A50-44A26076BD32}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B4244E97-1B10-403C-9A99-953A146B47BD}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B67CDD90-D0EC-43D5-9B92-560873C0C0B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BBFA804F-5449-4DBB-8755-CBEEB68496E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C29D05B3-9920-4B1B-A6B1-FC1430FC369F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DE4ECB4D-2AAF-4AFB-8699-86DAC91EC804}" = protocol=6 | dir=out | app=system |
"{E3064CB2-77E2-4598-A4B3-AC91F8151796}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E477A541-C882-407D-ABA6-C3EB9952D40F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EC1647B6-3DEA-48D3-8D16-96132B964D52}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F1EC1878-0308-4AA7-9977-60D72AB245D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F5D81A09-4575-4AC6-A9EA-F33B0DE68965}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{1BBD967B-09EC-4ECE-92FE-B224536E11A0}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{A7DB145D-3428-4786-BD2E-395D40BF188A}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"UDP Query User{A0E5EA25-41D6-4283-8BCD-57954A0DEB79}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{AD67A37C-1041-41F3-9D14-923A782FEEE5}C:\program files (x86)\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"EPSON NX410 Series" = EPSON NX410 Series Printer Uninstall
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft Security Client" = Microsoft Security Essentials
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17936630-5344-4F18-9970-616129E2A114}_is1" = Dolby Axon - 1.5.0.1
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2687340C-C114-47DC-9F0E-C1BA85FEB001}" = POWERPREP II
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java™ 6 Update 35
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D342F508-9E3B-4247-B163-2599BB79CEA0}" = Bradford Persistent Agent
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA387CD3-3524-43BF-B744-17C9FE27734D}" = SR9USB
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"Debut" = Debut Video Capture Software
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyITLab ActiveX Installer_is1" = MyITLab ActiveX Installer 2, 9, 8, 65535
"oovootb" = ooVoo Toolbar (Remove Toolbar Only)
"PROPLUS" = Microsoft Office Professional Plus 2007
"uTorrent" = µTorrent
"VideoPad" = VideoPad Video Editor
"WinAVI All in One Converter" = WinAVI All in One Converter
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/18/2012 5:23:13 AM | Computer Name = IllWill | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/18/2012 5:23:13 AM | Computer Name = IllWill | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4914

Error - 4/18/2012 5:23:13 AM | Computer Name = IllWill | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4914

Error - 4/18/2012 8:31:25 AM | Computer Name = IllWill | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(00:c6:10:2a:8d:38@fe80::2c6:10ff:fe2a:8d38._apple-mobdev._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 4/18/2012 8:31:25 AM | Computer Name = IllWill | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(28:37:37:d7:16:92@fe80::2a37:37ff:fed7:1692._apple-mobdev._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 4/18/2012 8:31:25 AM | Computer Name = IllWill | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(78:a3:e4:2b:a4:95@fe80::7aa3:e4ff:fe2b:a495._apple-mobdev._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 4/18/2012 5:49:57 PM | Computer Name = IllWill | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/18/2012 5:49:57 PM | Computer Name = IllWill | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 998

Error - 4/18/2012 5:49:57 PM | Computer Name = IllWill | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 998

Error - 4/18/2012 5:49:58 PM | Computer Name = IllWill | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ System Events ]
Error - 11/12/2012 5:59:14 PM | Computer Name = IllWill | Source = BROWSER | ID = 8032
Description =

Error - 11/12/2012 6:49:34 PM | Computer Name = IllWill | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:48:43 PM on ?11/?12/?2012 was unexpected.

Error - 11/13/2012 2:06:19 AM | Computer Name = IllWill | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:05:22 AM on ?11/?13/?2012 was unexpected.

Error - 11/13/2012 2:18:16 AM | Computer Name = IllWill | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:11:08 AM on ?11/?13/?2012 was unexpected.

Error - 11/13/2012 2:38:17 AM | Computer Name = IllWill | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 11/13/2012 2:38:22 AM | Computer Name = IllWill | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 11/13/2012 2:38:27 AM | Computer Name = IllWill | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 11/13/2012 2:38:32 AM | Computer Name = IllWill | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 11/13/2012 2:38:37 AM | Computer Name = IllWill | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 11/13/2012 4:47:34 PM | Computer Name = IllWill | Source = BROWSER | ID = 8032
Description =


< End of report >

OTL Extras logfile created on: 11/13/2012 11:57:15 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\willerz\Downloads\Walk Out Songs
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 46.16% Memory free
5.74 Gb Paging File | 4.14 Gb Available in Paging File | 72.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 79.65 Gb Free Space | 34.21% Space Free | Partition Type: NTFS

Computer Name: ILLWILL | User Name: willerz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2298127317-2982985084-3003126483-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0296D320-27C3-4014-A91F-4C3CEFE1AF92}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{047115ED-EC7A-4146-A9A6-9CA0BF4947E0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{099F5E59-B493-471E-90E6-E91CAD1D0238}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{12AC2762-47D1-4139-9525-EB1610021C49}" = lport=139 | protocol=6 | dir=in | app=system |
"{1588C0F5-C12E-4967-B55D-944CF5EE9306}" = rport=445 | protocol=6 | dir=out | app=system |
"{2C55FD18-AFEB-44A1-90C1-4A906F4F0419}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3ADB8E4E-4BCB-41EF-A7D8-1F743A8028F4}" = rport=139 | protocol=6 | dir=out | app=system |
"{421DDB57-101A-4BDF-9A9E-CA42431DC35F}" = lport=137 | protocol=17 | dir=in | app=system |
"{50263550-BC30-4762-933E-0FB913F5600A}" = rport=137 | protocol=17 | dir=out | app=system |
"{50C7F5B9-A83C-4FBD-A41C-3BA38BFB5BAB}" = lport=138 | protocol=17 | dir=in | app=system |
"{5F4B0A24-1C0B-4BAA-B6D5-E149D8EB98C8}" = lport=445 | protocol=6 | dir=in | app=system |
"{6B82B833-B3A6-4C89-95AA-4FDF5C002FDC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{77F7C2E9-8E86-41C0-AF66-4E9725190727}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{788B1F2E-8D4A-47E1-B417-3A39B2FF9E36}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{859838A8-3976-4091-8EC9-41B367E4C1CF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{97DAB5AB-C5BE-4DC9-B162-24A0E7724B69}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9CF61E49-76B2-48F4-B47C-BBCCA3D404C8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AA734FA7-D5C0-46D0-894B-761AC992E5EA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AD87AF50-3A9F-4DC0-AF81-C62E09578A85}" = rport=138 | protocol=17 | dir=out | app=system |
"{C6CCC6D5-C0ED-4719-91DC-35B7EDA0EBBA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF1B4676-1AF0-4F98-B88A-D6E9FCE56A31}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F541FBCE-CC25-4B01-AC15-EB0711175AAF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FB8418CB-7A73-477B-BD55-B3224EC6DB1B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FBC949A2-01A1-4448-B247-9B953C5EA842}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0222AAB0-F568-4EF0-AB4C-C838A4E5B99B}" = protocol=17 | dir=in | app=c:\program files (x86)\bradford networks\persistent agent\bndaemon.exe |
"{199CF528-7E2A-49DF-AA6B-5617DA5115F9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1E717374-3D72-4AF6-9D58-5109F9353DCB}" = protocol=6 | dir=in | app=c:\program files (x86)\dolbyaxon\axon.exe |
"{22E92672-F261-4ECC-B5E2-21858DCC8AEC}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{27CBFA51-5CFC-496E-B234-1BE5188A5341}" = protocol=6 | dir=in | app=c:\program files (x86)\bradford networks\persistent agent\bndaemon.exe |
"{2B4DDD6A-670F-46B1-B45B-2DFE7F7E2E5F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2D68B2FC-B35F-4622-BDC6-40CDE6101871}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{327D7757-8573-4E6E-BA36-D7B4F49F6F4D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{350B44A4-25B8-4FF0-B865-B0785EBA3486}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4203D87B-0847-4C50-8A06-6EAF2C74CA91}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{43B8E0A3-A7D6-437F-885F-48516E5545E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{46E31051-0A3E-4736-9A46-8318B99B2706}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{494C3943-80F4-465D-BD62-D915010C16DB}" = protocol=17 | dir=in | app=c:\program files (x86)\bradford networks\persistent agent\bndaemon.exe |
"{4D3FFAAB-A669-43BC-8A85-B42BCE57D4FF}" = protocol=17 | dir=in | app=c:\program files (x86)\dolbyaxon\axon.exe |
"{588ECABA-4A5D-4273-B20A-FA5F5B8E86D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{591BF499-A8A0-43FD-8308-0E6D4E39B049}" = protocol=6 | dir=in | app=c:\program files (x86)\bradford networks\persistent agent\bndaemon.exe |
"{5F3A09B0-5BF7-4E16-BD76-42FFDDEFB308}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5F8B80DB-E303-42BA-B6B8-A0B12FFCC73D}" = protocol=17 | dir=in | app=c:\program files (x86)\bradford networks\persistent agent\bndaemon.exe |
"{78CAE0CC-2EAF-401E-A071-8A616A97DBA5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{813DB960-2A31-4077-A903-40396DFCF29D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{85753644-6C39-44CE-8C18-B15C3C52E088}" = protocol=6 | dir=in | app=c:\program files (x86)\bradford networks\persistent agent\bndaemon.exe |
"{883829CF-C551-4FDC-98D0-A3D596841F41}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9476A535-8481-43C1-8B21-D1FA41E9D07C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{95F80589-EC48-4E72-B4A7-7760CA5FB0A8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{96BAA800-9389-4D77-A0F1-393C12C2BD64}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{96D88BA4-2C06-42C9-AA8C-8A114814A06D}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{970C78D0-4BE3-4C93-BAAD-0CB0481E0CAF}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9C3E9194-D2E3-407A-89BB-513DB365FDA8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A28BC49A-937B-4B0D-80B3-5E3FF1CDF4D7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A36893BD-E9D7-4B52-8A50-44A26076BD32}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B4244E97-1B10-403C-9A99-953A146B47BD}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B67CDD90-D0EC-43D5-9B92-560873C0C0B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BBFA804F-5449-4DBB-8755-CBEEB68496E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C29D05B3-9920-4B1B-A6B1-FC1430FC369F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DE4ECB4D-2AAF-4AFB-8699-86DAC91EC804}" = protocol=6 | dir=out | app=system |
"{E3064CB2-77E2-4598-A4B3-AC91F8151796}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E477A541-C882-407D-ABA6-C3EB9952D40F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EC1647B6-3DEA-48D3-8D16-96132B964D52}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F1EC1878-0308-4AA7-9977-60D72AB245D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F5D81A09-4575-4AC6-A9EA-F33B0DE68965}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{1BBD967B-09EC-4ECE-92FE-B224536E11A0}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{A7DB145D-3428-4786-BD2E-395D40BF188A}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"UDP Query User{A0E5EA25-41D6-4283-8BCD-57954A0DEB79}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{AD67A37C-1041-41F3-9D14-923A782FEEE5}C:\program files (x86)\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"EPSON NX410 Series" = EPSON NX410 Series Printer Uninstall
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft Security Client" = Microsoft Security Essentials
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17936630-5344-4F18-9970-616129E2A114}_is1" = Dolby Axon - 1.5.0.1
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2687340C-C114-47DC-9F0E-C1BA85FEB001}" = POWERPREP II
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java™ 6 Update 35
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D342F508-9E3B-4247-B163-2599BB79CEA0}" = Bradford Persistent Agent
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA387CD3-3524-43BF-B744-17C9FE27734D}" = SR9USB
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"Debut" = Debut Video Capture Software
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyITLab ActiveX Installer_is1" = MyITLab ActiveX Installer 2, 9, 8, 65535
"oovootb" = ooVoo Toolbar (Remove Toolbar Only)
"PROPLUS" = Microsoft Office Professional Plus 2007
"uTorrent" = µTorrent
"VideoPad" = VideoPad Video Editor
"WinAVI All in One Converter" = WinAVI All in One Converter
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/18/2012 5:23:13 AM | Computer Name = IllWill | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/18/2012 5:23:13 AM | Computer Name = IllWill | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4914

Error - 4/18/2012 5:23:13 AM | Computer Name = IllWill | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4914

Error - 4/18/2012 8:31:25 AM | Computer Name = IllWill | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(00:c6:10:2a:8d:38@fe80::2c6:10ff:fe2a:8d38._apple-mobdev._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 4/18/2012 8:31:25 AM | Computer Name = IllWill | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(28:37:37:d7:16:92@fe80::2a37:37ff:fed7:1692._apple-mobdev._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 4/18/2012 8:31:25 AM | Computer Name = IllWill | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(78:a3:e4:2b:a4:95@fe80::7aa3:e4ff:fe2b:a495._apple-mobdev._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 4/18/2012 5:49:57 PM | Computer Name = IllWill | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/18/2012 5:49:57 PM | Computer Name = IllWill | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 998

Error - 4/18/2012 5:49:57 PM | Computer Name = IllWill | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 998

Error - 4/18/2012 5:49:58 PM | Computer Name = IllWill | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ System Events ]
Error - 11/12/2012 5:59:14 PM | Computer Name = IllWill | Source = BROWSER | ID = 8032
Description =

Error - 11/12/2012 6:49:34 PM | Computer Name = IllWill | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:48:43 PM on ?11/?12/?2012 was unexpected.

Error - 11/13/2012 2:06:19 AM | Computer Name = IllWill | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:05:22 AM on ?11/?13/?2012 was unexpected.

Error - 11/13/2012 2:18:16 AM | Computer Name = IllWill | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:11:08 AM on ?11/?13/?2012 was unexpected.

Error - 11/13/2012 2:38:17 AM | Computer Name = IllWill | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 11/13/2012 2:38:22 AM | Computer Name = IllWill | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 11/13/2012 2:38:27 AM | Computer Name = IllWill | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 11/13/2012 2:38:32 AM | Computer Name = IllWill | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 11/13/2012 2:38:37 AM | Computer Name = IllWill | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 11/13/2012 4:47:34 PM | Computer Name = IllWill | Source = BROWSER | ID = 8032
Description =


< End of report >

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-13 23:14:19
-----------------------------
23:14:19.849 OS Version: Windows x64 6.1.7601 Service Pack 1
23:14:19.849 Number of processors: 2 586 0x170A
23:14:19.849 ComputerName: ILLWILL UserName: willerz
23:14:20.910 Initialize success
23:33:54.194 AVAST engine defs: 12111301
23:35:04.494 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:35:04.494 Disk 0 Vendor: ST9250315AS 0001SDM1 Size: 238475MB BusType: 11
23:35:04.514 Disk 0 MBR read successfully
23:35:04.514 Disk 0 MBR scan
23:35:04.534 Disk 0 Windows 7 default MBR code
23:35:04.544 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:35:04.564 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
23:35:04.584 Disk 0 scanning C:\Windows\system32\drivers
23:35:20.925 Service scanning
23:35:51.103 Modules scanning
23:35:51.113 Disk 0 trace - called modules:
23:35:51.173 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
23:35:51.183 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800324b700]
23:35:51.533 3 CLASSPNP.SYS[fffff8800192543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002d55680]
23:35:52.533 AVAST engine scan C:\Windows
23:35:56.743 AVAST engine scan C:\Windows\system32
23:40:18.828 AVAST engine scan C:\Windows\system32\drivers
23:40:37.728 AVAST engine scan C:\Users\willerz
23:52:45.509 AVAST engine scan C:\ProgramData
23:55:27.849 Scan finished successfully
23:56:12.839 Disk 0 MBR has been saved successfully to "C:\Users\willerz\Desktop\MBR.dat"
23:56:12.849 The log file has been saved successfully to "C:\Users\willerz\Desktop\aswMBR.txt"

OTL logfile created on: 11/13/2012 11:57:15 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\willerz\Downloads\Walk Out Songs
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 46.16% Memory free
5.74 Gb Paging File | 4.14 Gb Available in Paging File | 72.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 79.65 Gb Free Space | 34.21% Space Free | Partition Type: NTFS

Computer Name: ILLWILL | User Name: willerz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/13 23:56:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\willerz\Downloads\Walk Out Songs\OTL.exe
PRC - [2012/10/27 22:49:04 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/24 10:16:42 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/10/28 15:29:20 | 003,079,960 | ---- | M] (Bradford Networks) -- C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/27 22:48:47 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/10/24 10:16:40 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/27 22:49:03 | 000,115,168 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/24 10:16:42 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/28 15:29:20 | 003,079,960 | ---- | M] (Bradford Networks) [Auto | Running] -- C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe -- (BNPagent)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/29 18:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 08:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/10/05 15:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/13 20:53:50 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/08/03 04:35:54 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2298127317-2982985084-3003126483-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2298127317-2982985084-3003126483-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2298127317-2982985084-3003126483-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA B1 A3 E8 AD FB CA 01 [binary data]
IE - HKU\S-1-5-21-2298127317-2982985084-3003126483-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2298127317-2982985084-3003126483-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2298127317-2982985084-3003126483-1000\..\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3}: "URL" = http://search.yahoo.com/search?ei=utf-8&FR=chr-vmn&type=oovoo2_2yach&q={searchTerms}
IE - HKU\S-1-5-21-2298127317-2982985084-3003126483-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2298127317-2982985084-3003126483-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: buhdrmqtcv@buhdrmqtcv.org:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 22:49:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/18 19:35:49 | 000,000,000 | ---D | M]

[2010/07/15 02:14:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\willerz\AppData\Roaming\mozilla\Extensions
[2010/07/15 02:14:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\willerz\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012/11/09 13:46:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\willerz\AppData\Roaming\mozilla\Firefox\Profiles\h8j0687m.default\extensions
[2010/06/03 21:11:32 | 000,000,000 | ---D | M] (ooVoo Toolbar) -- C:\Users\willerz\AppData\Roaming\mozilla\Firefox\Profiles\h8j0687m.default\extensions\{99E00A4C-D35E-11DD-BA95-9B6A56D89593}
[1832/11/28 23:44:26 | 000,002,095 | ---- | M] () (No name found) -- C:\Users\willerz\AppData\Roaming\mozilla\firefox\profiles\h8j0687m.default\extensions\buhdrmqtcv@buhdrmqtcv.org.xpi
[2012/10/18 19:35:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/14 00:10:58 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/09/21 19:24:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/27 22:49:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/10 20:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/10 20:05:38 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U18 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\willerz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Poppit = C:\Users\willerz\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012/11/11 14:06:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Updater For ooVoo Toolbar) - {442AE524-EBA5-4b17-82F3-888D68BC999A} - C:\Program Files (x86)\oovootb\auxi\oovooAu.dll (Visicom Media)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No CLSID value found.
O2 - BHO: (ooVoo Toolbar) - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files (x86)\oovootb\oovoodx.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files (x86)\oovootb\oovoodx.dll ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2298127317-2982985084-3003126483-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2298127317-2982985084-3003126483-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 152.32.5.230 152.32.5.232
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB987852-3634-40FF-971F-3362C5CD98E5}: DhcpNameServer = 152.32.5.230 152.32.5.232
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/11 23:20:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/11 14:09:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/11 13:58:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/11 13:58:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/11 13:58:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/11 13:56:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/11 13:55:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/10 09:41:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\POWERPREP II
[2012/11/10 09:41:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ETS
[2012/11/07 14:00:58 | 000,000,000 | ---D | C] -- C:\Users\willerz\Desktop\RK_Quarantine
[2012/11/07 13:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/11/05 18:52:26 | 000,000,000 | ---D | C] -- C:\Riot Games
[2012/11/02 12:26:43 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/11/01 21:13:16 | 000,000,000 | ---D | C] -- C:\Users\willerz\Documents\Seminar Presentation
[2012/10/31 17:12:21 | 000,000,000 | ---D | C] -- C:\Users\willerz\AppData\Roaming\Malwarebytes
[2012/10/31 17:10:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/31 17:10:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/31 17:10:45 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/10/31 17:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/10/30 16:51:22 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/10/30 14:13:04 | 000,000,000 | ---D | C] -- C:\Users\willerz\Documents\Graduate Assistantship
[2012/10/24 10:47:03 | 000,000,000 | ---D | C] -- C:\Users\willerz\AppData\Local\Macromedia
[2012/10/24 10:16:41 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/24 10:16:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/10/18 19:36:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/10/18 19:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/10/18 19:20:39 | 000,000,000 | ---D | C] -- C:\Users\willerz\Documents\Jim White Fitness and Nutrition Studios
[2012/10/17 21:02:56 | 000,000,000 | ---D | C] -- C:\Users\willerz\Documents\UNC Chapel Hill Internship
[2012/10/16 19:55:36 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/10/15 06:00:10 | 000,000,000 | ---D | C] -- C:\Users\willerz\Documents\SSPE 450 Papers
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/13 23:56:12 | 000,000,512 | ---- | M] () -- C:\Users\willerz\Desktop\MBR.dat
[2012/11/13 23:35:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/13 23:07:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/13 22:58:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/13 22:29:24 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/13 22:29:24 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/13 14:55:32 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/13 14:55:32 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/13 14:55:32 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/13 14:51:34 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/13 14:50:46 | 2311,348,224 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/11 20:48:37 | 000,000,928 | ---- | M] () -- C:\Users\Public\Desktop\Dolby Axon.lnk
[2012/11/11 14:06:43 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/10 14:08:35 | 000,424,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/10 09:42:41 | 000,001,817 | ---- | M] () -- C:\Users\Public\Desktop\GRE PowerPrep II.lnk
[2012/11/08 14:15:41 | 000,002,378 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/11/06 11:13:29 | 000,000,687 | ---- | M] () -- C:\Users\willerz\Desktop\League of Legends.lnk
[2012/11/01 21:13:27 | 000,067,024 | ---- | M] () -- C:\Users\willerz\Documents\Ward.jpg
[2012/10/31 17:10:59 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/27 22:49:05 | 000,002,048 | ---- | M] () -- C:\Users\willerz\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/10/24 10:16:41 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/24 10:16:41 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/10/18 19:36:22 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/13 23:56:12 | 000,000,512 | ---- | C] () -- C:\Users\willerz\Desktop\MBR.dat
[2012/11/11 13:58:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/11 13:58:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/11 13:58:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/11 13:58:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/11 13:58:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/10 09:42:41 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\GRE PowerPrep II.lnk
[2012/11/06 11:13:29 | 000,000,687 | ---- | C] () -- C:\Users\willerz\Desktop\League of Legends.lnk
[2012/11/01 21:13:26 | 000,067,024 | ---- | C] () -- C:\Users\willerz\Documents\Ward.jpg
[2012/10/31 17:10:59 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/24 10:16:43 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/18 19:36:22 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/14 01:37:07 | 000,000,116 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2011/03/18 20:49:32 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/05/24 23:45:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

OTL Extras logfile created on: 11/13/2012 11:57:15 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\willerz\Downloads\Walk Out Songs
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 46.16% Memory free
5.74 Gb Paging File | 4.14 Gb Available in Paging File | 72.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 79.65 Gb Free Space | 34.21% Space Free | Partition Type: NTFS

Computer Name: ILLWILL | User Name: willerz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2298127317-2982985084-3003126483-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0296D320-27C3-4014-A91F-4C3CEFE1AF92}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{047115ED-EC7A-4146-A9A6-9CA0BF4947E0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{099F5E59-B493-471E-90E6-E91CAD1D0238}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{12AC2762-47D1-4139-9525-EB1610021C49}" = lport=139 | protocol=6 | dir=in | app=system |
"{1588C0F5-C12E-4967-B55D-944CF5EE9306}" = rport=445 | protocol=6 | dir=out | app=system |
"{2C55FD18-AFEB-44A1-90C1-4A906F4F0419}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3ADB8E4E-4BCB-41EF-A7D8-1F743A8028F4}" = rport=139 | protocol=6 | dir=out | app=system |
"{421DDB57-101A-4BDF-9A9E-CA42431DC35F}" = lport=137 | protocol=17 | dir=in | app=system |
"{50263550-BC30-4762-933E-0FB913F5600A}" = rport=137 | protocol=17 | dir=out | app=system |
"{50C7F5B9-A83C-4FBD-A41C-3BA38BFB5BAB}" = lport=138 | protocol=17 | dir=in | app=system |
"{5F4B0A24-1C0B-4BAA-B6D5-E149D8EB98C8}" = lport=445 | protocol=6 | dir=in | app=system |
"{6B82B833-B3A6-4C89-95AA-4FDF5C002FDC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{77F7C2E9-8E86-41C0-AF66-4E9725190727}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{788B1F2E-8D4A-47E1-B417-3A39B2FF9E36}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{859838A8-3976-4091-8EC9-41B367E4C1CF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{97DAB5AB-C5BE-4DC9-B162-24A0E7724B69}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9CF61E49-76B2-48F4-B47C-BBCCA3D404C8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AA734FA7-D5C0-46D0-894B-761AC992E5EA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AD87AF50-3A9F-4DC0-AF81-C62E09578A85}" = rport=138 | protocol=17 | dir=out | app=system |
"{C6CCC6D5-C0ED-4719-91DC-35B7EDA0EBBA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF1B4676-1AF0-4F98-B88A-D6E9FCE56A31}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F541FBCE-CC25-4B01-AC15-EB0711175AAF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FB8418CB-7A73-477B-BD55-B3224EC6DB1B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FBC949A2-01A1-4448-B247-9B953C5EA842}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0222AAB0-F568-4EF0-AB4C-C838A4E5B99B}" = protocol=17 | dir=in | app=c:\program files (x86)\bradford networks\persistent agent\bndaemon.exe |
"{199CF528-7E2A-49DF-AA6B-5617DA5115F9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1E717374-3D72-4AF6-9D58-5109F9353DCB}" = protocol=6 | dir=in | app=c:\program files (x86)\dolbyaxon\axon.exe |
"{22E92672-F261-4ECC-B5E2-21858DCC8AEC}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{27CBFA51-5CFC-496E-B234-1BE5188A5341}" = protocol=6 | dir=in | app=c:\program files (x86)\bradford networks\persistent agent\bndaemon.exe |
"{2B4DDD6A-670F-46B1-B45B-2DFE7F7E2E5F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2D68B2FC-B35F-4622-BDC6-40CDE6101871}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{327D7757-8573-4E6E-BA36-D7B4F49F6F4D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{350B44A4-25B8-4FF0-B865-B0785EBA3486}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4203D87B-0847-4C50-8A06-6EAF2C74CA91}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{43B8E0A3-A7D6-437F-885F-48516E5545E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{46E31051-0A3E-4736-9A46-8318B99B2706}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{494C3943-80F4-465D-BD62-D915010C16DB}" = protocol=17 | dir=in | app=c:\program files (x86)\bradford networks\persistent agent\bndaemon.exe |
"{4D3FFAAB-A669-43BC-8A85-B42BCE57D4FF}" = protocol=17 | dir=in | app=c:\program files (x86)\dolbyaxon\axon.exe |
"{588ECABA-4A5D-4273-B20A-FA5F5B8E86D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{591BF499-A8A0-43FD-8308-0E6D4E39B049}" = protocol=6 | dir=in | app=c:\program files (x86)\bradford networks\persistent agent\bndaemon.exe |
"{5F3A09B0-5BF7-4E16-BD76-42FFDDEFB308}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5F8B80DB-E303-42BA-B6B8-A0B12FFCC73D}" = protocol=17 | dir=in | app=c:\program files (x86)\bradford networks\persistent agent\bndaemon.exe |
"{78CAE0CC-2EAF-401E-A071-8A616A97DBA5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{813DB960-2A31-4077-A903-40396DFCF29D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{85753644-6C39-44CE-8C18-B15C3C52E088}" = protocol=6 | dir=in | app=c:\program files (x86)\bradford networks\persistent agent\bndaemon.exe |
"{883829CF-C551-4FDC-98D0-A3D596841F41}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9476A535-8481-43C1-8B21-D1FA41E9D07C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{95F80589-EC48-4E72-B4A7-7760CA5FB0A8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{96BAA800-9389-4D77-A0F1-393C12C2BD64}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{96D88BA4-2C06-42C9-AA8C-8A114814A06D}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{970C78D0-4BE3-4C93-BAAD-0CB0481E0CAF}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9C3E9194-D2E3-407A-89BB-513DB365FDA8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A28BC49A-937B-4B0D-80B3-5E3FF1CDF4D7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A36893BD-E9D7-4B52-8A50-44A26076BD32}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B4244E97-1B10-403C-9A99-953A146B47BD}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B67CDD90-D0EC-43D5-9B92-560873C0C0B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BBFA804F-5449-4DBB-8755-CBEEB68496E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C29D05B3-9920-4B1B-A6B1-FC1430FC369F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DE4ECB4D-2AAF-4AFB-8699-86DAC91EC804}" = protocol=6 | dir=out | app=system |
"{E3064CB2-77E2-4598-A4B3-AC91F8151796}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E477A541-C882-407D-ABA6-C3EB9952D40F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EC1647B6-3DEA-48D3-8D16-96132B964D52}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F1EC1878-0308-4AA7-9977-60D72AB245D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F5D81A09-4575-4AC6-A9EA-F33B0DE68965}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{1BBD967B-09EC-4ECE-92FE-B224536E11A0}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{A7DB145D-3428-4786-BD2E-395D40BF188A}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"UDP Query User{A0E5EA25-41D6-4283-8BCD-57954A0DEB79}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{AD67A37C-1041-41F3-9D14-923A782FEEE5}C:\program files (x86)\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"EPSON NX410 Series" = EPSON NX410 Series Printer Uninstall
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft Security Client" = Microsoft Security Essentials
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17936630-5344-4F18-9970-616129E2A114}_is1" = Dolby Axon - 1.5.0.1
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2687340C-C114-47DC-9F0E-C1BA85FEB001}" = POWERPREP II
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java™ 6 Update 35
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D342F508-9E3B-4247-B163-2599BB79CEA0}" = Bradford Persistent Agent
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA387CD3-3524-43BF-B744-17C9FE27734D}" = SR9USB
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"Debut" = Debut Video Capture Software
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyITLab ActiveX Installer_is1" = MyITLab ActiveX Installer 2, 9, 8, 65535
"oovootb" = ooVoo Toolbar (Remove Toolbar Only)
"PROPLUS" = Microsoft Office Professional Plus 2007
"uTorrent" = µTorrent
"VideoPad" = VideoPad Video Editor
"WinAVI All in One Converter" = WinAVI All in One Converter
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/18/2012 5:23:13 AM | Computer Name = IllWill | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/18/2012 5:23:13 AM | Computer Name = IllWill | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4914

Error - 4/18/2012 5:23:13 AM | Computer Name = IllWill | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4914

Error - 4/18/2012 8:31:25 AM | Computer Name = IllWill | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(00:c6:10:2a:8d:38@fe80::2c6:10ff:fe2a:8d38._apple-mobdev._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 4/18/2012 8:31:25 AM | Computer Name = IllWill | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(28:37:37:d7:16:92@fe80::2a37:37ff:fed7:1692._apple-mobdev._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 4/18/2012 8:31:25 AM | Computer Name = IllWill | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(78:a3:e4:2b:a4:95@fe80::7aa3:e4ff:fe2b:a495._apple-mobdev._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 4/18/2012 5:49:57 PM | Computer Name = IllWill | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/18/2012 5:49:57 PM | Computer Name = IllWill | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 998

Error - 4/18/2012 5:49:57 PM | Computer Name = IllWill | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 998

Error - 4/18/2012 5:49:58 PM | Computer Name = IllWill | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ System Events ]
Error - 11/12/2012 5:59:14 PM | Computer Name = IllWill | Source = BROWSER | ID = 8032
Description =

Error - 11/12/2012 6:49:34 PM | Computer Name = IllWill | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:48:43 PM on ?11/?12/?2012 was unexpected.

Error - 11/13/2012 2:06:19 AM | Computer Name = IllWill | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:05:22 AM on ?11/?13/?2012 was unexpected.

Error - 11/13/2012 2:18:16 AM | Computer Name = IllWill | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:11:08 AM on ?11/?13/?2012 was unexpected.

Error - 11/13/2012 2:38:17 AM | Computer Name = IllWill | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 11/13/2012 2:38:22 AM | Computer Name = IllWill | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 11/13/2012 2:38:27 AM | Computer Name = IllWill | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 11/13/2012 2:38:32 AM | Computer Name = IllWill | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 11/13/2012 2:38:37 AM | Computer Name = IllWill | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 11/13/2012 4:47:34 PM | Computer Name = IllWill | Source = BROWSER | ID = 8032
Description =


< End of report >

All of the logs are posted.

Thanks!

William Ward

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:53 AM

Posted 14 November 2012 - 11:25 AM

Hi William,

Thanks for posting the information, however there is some requested information missing. I would like you to return to my previous post and run AdwCleaner for me and also post the previous TDSSKiller log.

Which browser(s) are you experiencing the redirects with?


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • AdwCleaner log
  • TDSSKiller log
  • Which browsers?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 PewLazers

PewLazers
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 14 November 2012 - 07:25 PM

I've noticed redirects in Firefox, IE, and Chrome.

# AdwCleaner v2.007 - Logfile created 11/14/2012 at 14:17:22
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : willerz - ILLWILL
# Boot Mode : Normal
# Running from : C:\Users\willerz\Downloads\Walk Out Songs\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\willerz\AppData\Roaming\Mozilla\Firefox\Profiles\h8j0687m.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\willerz\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1058 octets] - [14/11/2012 14:17:11]
AdwCleaner[S1].txt - [1175 octets] - [13/11/2012 01:31:04]
AdwCleaner[S2].txt - [991 octets] - [14/11/2012 14:17:22]

########## EOF - C:\AdwCleaner[S2].txt - [1050 octets] ##########

13:23:36.0539 1956 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:23:36.0648 1956 ============================================================
13:23:36.0648 1956 Current date / time: 2012/11/02 13:23:36.0648
13:23:36.0648 1956 SystemInfo:
13:23:36.0648 1956
13:23:36.0648 1956 OS Version: 6.1.7601 ServicePack: 1.0
13:23:36.0648 1956 Product type: Workstation
13:23:36.0648 1956 ComputerName: ILLWILL
13:23:36.0648 1956 UserName: willerz
13:23:36.0648 1956 Windows directory: C:\Windows
13:23:36.0648 1956 System windows directory: C:\Windows
13:23:36.0648 1956 Running under WOW64
13:23:36.0648 1956 Processor architecture: Intel x64
13:23:36.0648 1956 Number of processors: 2
13:23:36.0648 1956 Page size: 0x1000
13:23:36.0648 1956 Boot type: Safe boot
13:23:36.0648 1956 ============================================================
13:23:38.0364 1956 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:23:38.0380 1956 ============================================================
13:23:38.0380 1956 \Device\Harddisk0\DR0:
13:23:38.0380 1956 MBR partitions:
13:23:38.0380 1956 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:23:38.0380 1956 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
13:23:38.0380 1956 ============================================================
13:23:38.0395 1956 C: <-> \Device\Harddisk0\DR0\Partition2
13:23:38.0395 1956 ============================================================
13:23:38.0395 1956 Initialize success
13:23:38.0395 1956 ============================================================
13:23:56.0023 2032 ============================================================
13:23:56.0023 2032 Scan started
13:23:56.0023 2032 Mode: Manual;
13:23:56.0023 2032 ============================================================
13:23:57.0115 2032 ================ Scan system memory ========================
13:23:57.0115 2032 System memory - ok
13:23:57.0115 2032 ================ Scan services =============================
13:23:57.0287 2032 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:23:57.0287 2032 1394ohci - ok
13:23:57.0365 2032 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:23:57.0365 2032 ACPI - ok
13:23:57.0381 2032 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:23:57.0381 2032 AcpiPmi - ok
13:23:57.0521 2032 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:23:57.0537 2032 AdobeFlashPlayerUpdateSvc - ok
13:23:57.0568 2032 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:23:57.0583 2032 adp94xx - ok
13:23:57.0615 2032 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:23:57.0630 2032 adpahci - ok
13:23:57.0646 2032 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:23:57.0646 2032 adpu320 - ok
13:23:57.0677 2032 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:23:57.0677 2032 AeLookupSvc - ok
13:23:57.0755 2032 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:23:57.0755 2032 AFD - ok
13:23:57.0817 2032 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:23:57.0817 2032 agp440 - ok
13:23:57.0833 2032 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:23:57.0833 2032 ALG - ok
13:23:57.0849 2032 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:23:57.0849 2032 aliide - ok
13:23:57.0864 2032 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:23:57.0864 2032 amdide - ok
13:23:57.0895 2032 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:23:57.0895 2032 AmdK8 - ok
13:23:57.0911 2032 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:23:57.0911 2032 AmdPPM - ok
13:23:57.0958 2032 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:23:57.0958 2032 amdsata - ok
13:23:57.0989 2032 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:23:57.0989 2032 amdsbs - ok
13:23:58.0005 2032 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:23:58.0005 2032 amdxata - ok
13:23:58.0051 2032 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:23:58.0051 2032 AppID - ok
13:23:58.0098 2032 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:23:58.0098 2032 AppIDSvc - ok
13:23:58.0145 2032 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:23:58.0145 2032 Appinfo - ok
13:23:58.0223 2032 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:23:58.0239 2032 Apple Mobile Device - ok
13:23:58.0254 2032 appliandMP - ok
13:23:58.0270 2032 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
13:23:58.0270 2032 AppMgmt - ok
13:23:58.0301 2032 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
13:23:58.0301 2032 arc - ok
13:23:58.0317 2032 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:23:58.0317 2032 arcsas - ok
13:23:58.0363 2032 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:23:58.0363 2032 AsyncMac - ok
13:23:58.0410 2032 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:23:58.0410 2032 atapi - ok
13:23:58.0488 2032 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
13:23:58.0535 2032 athr - ok
13:23:58.0582 2032 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:23:58.0613 2032 AudioEndpointBuilder - ok
13:23:58.0644 2032 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:23:58.0644 2032 AudioSrv - ok
13:23:58.0691 2032 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:23:58.0707 2032 AxInstSV - ok
13:23:58.0738 2032 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:23:58.0753 2032 b06bdrv - ok
13:23:58.0769 2032 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:23:58.0785 2032 b57nd60a - ok
13:23:58.0800 2032 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:23:58.0800 2032 BDESVC - ok
13:23:58.0847 2032 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:23:58.0847 2032 Beep - ok
13:23:58.0909 2032 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:23:58.0925 2032 BFE - ok
13:23:59.0003 2032 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
13:23:59.0034 2032 BITS - ok
13:23:59.0097 2032 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:23:59.0097 2032 blbdrive - ok
13:23:59.0221 2032 [ 10EC619DACA7951F4E5AEFA63158A064 ] BNPagent C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
13:23:59.0315 2032 BNPagent - ok
13:23:59.0393 2032 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:23:59.0393 2032 Bonjour Service - ok
13:23:59.0471 2032 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:23:59.0471 2032 bowser - ok
13:23:59.0471 2032 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:23:59.0471 2032 BrFiltLo - ok
13:23:59.0502 2032 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:23:59.0502 2032 BrFiltUp - ok
13:23:59.0549 2032 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:23:59.0565 2032 Browser - ok
13:23:59.0580 2032 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:23:59.0596 2032 Brserid - ok
13:23:59.0611 2032 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:23:59.0611 2032 BrSerWdm - ok
13:23:59.0627 2032 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:23:59.0643 2032 BrUsbMdm - ok
13:23:59.0643 2032 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:23:59.0643 2032 BrUsbSer - ok
13:23:59.0658 2032 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:23:59.0658 2032 BTHMODEM - ok
13:23:59.0689 2032 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:23:59.0705 2032 bthserv - ok
13:23:59.0736 2032 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:23:59.0736 2032 cdfs - ok
13:23:59.0783 2032 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
13:23:59.0783 2032 cdrom - ok
13:23:59.0845 2032 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:23:59.0845 2032 CertPropSvc - ok
13:23:59.0861 2032 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:23:59.0861 2032 circlass - ok
13:23:59.0892 2032 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:23:59.0908 2032 CLFS - ok
13:23:59.0986 2032 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:23:59.0986 2032 clr_optimization_v2.0.50727_32 - ok
13:24:00.0064 2032 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:24:00.0064 2032 clr_optimization_v2.0.50727_64 - ok
13:24:00.0095 2032 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:24:00.0111 2032 CmBatt - ok
13:24:00.0126 2032 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:24:00.0126 2032 cmdide - ok
13:24:00.0204 2032 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
13:24:00.0204 2032 CNG - ok
13:24:00.0220 2032 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:24:00.0220 2032 Compbatt - ok
13:24:00.0282 2032 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:24:00.0282 2032 CompositeBus - ok
13:24:00.0282 2032 COMSysApp - ok
13:24:00.0329 2032 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:24:00.0329 2032 crcdisk - ok
13:24:00.0376 2032 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:24:00.0391 2032 CryptSvc - ok
13:24:00.0454 2032 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
13:24:00.0469 2032 CSC - ok
13:24:00.0532 2032 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
13:24:00.0563 2032 CscService - ok
13:24:00.0594 2032 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:24:00.0594 2032 DcomLaunch - ok
13:24:00.0625 2032 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:24:00.0641 2032 defragsvc - ok
13:24:00.0703 2032 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:24:00.0703 2032 DfsC - ok
13:24:00.0750 2032 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:24:00.0766 2032 Dhcp - ok
13:24:00.0797 2032 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:24:00.0797 2032 discache - ok
13:24:00.0813 2032 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:24:00.0813 2032 Disk - ok
13:24:00.0859 2032 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:24:00.0875 2032 Dnscache - ok
13:24:00.0922 2032 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:24:00.0922 2032 dot3svc - ok
13:24:00.0937 2032 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:24:00.0953 2032 DPS - ok
13:24:00.0984 2032 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:24:00.0984 2032 drmkaud - ok
13:24:01.0062 2032 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:24:01.0062 2032 DXGKrnl - ok
13:24:01.0093 2032 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:24:01.0093 2032 EapHost - ok
13:24:01.0203 2032 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:24:01.0281 2032 ebdrv - ok
13:24:01.0343 2032 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:24:01.0343 2032 EFS - ok
13:24:01.0405 2032 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:24:01.0421 2032 ehRecvr - ok
13:24:01.0452 2032 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:24:01.0468 2032 ehSched - ok
13:24:01.0499 2032 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:24:01.0515 2032 elxstor - ok
13:24:01.0546 2032 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:24:01.0546 2032 ErrDev - ok
13:24:01.0593 2032 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:24:01.0608 2032 EventSystem - ok
13:24:01.0624 2032 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:24:01.0639 2032 exfat - ok
13:24:01.0655 2032 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:24:01.0655 2032 fastfat - ok
13:24:01.0717 2032 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:24:01.0733 2032 Fax - ok
13:24:01.0764 2032 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:24:01.0764 2032 fdc - ok
13:24:01.0795 2032 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:24:01.0795 2032 fdPHost - ok
13:24:01.0811 2032 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:24:01.0811 2032 FDResPub - ok
13:24:01.0858 2032 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:24:01.0858 2032 FileInfo - ok
13:24:01.0873 2032 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:24:01.0873 2032 Filetrace - ok
13:24:01.0889 2032 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:24:01.0905 2032 flpydisk - ok
13:24:01.0951 2032 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:24:01.0967 2032 FltMgr - ok
13:24:02.0014 2032 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
13:24:02.0045 2032 FontCache - ok
13:24:02.0107 2032 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:24:02.0107 2032 FontCache3.0.0.0 - ok
13:24:02.0139 2032 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:24:02.0139 2032 FsDepends - ok
13:24:02.0201 2032 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:24:02.0217 2032 Fs_Rec - ok
13:24:02.0279 2032 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:24:02.0279 2032 fvevol - ok
13:24:02.0310 2032 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:24:02.0310 2032 gagp30kx - ok
13:24:02.0341 2032 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:24:02.0341 2032 GEARAspiWDM - ok
13:24:02.0388 2032 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:24:02.0419 2032 gpsvc - ok
13:24:02.0482 2032 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1cafbc455ef312a C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:24:02.0482 2032 gupdate1cafbc455ef312a - ok
13:24:02.0497 2032 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:24:02.0497 2032 gupdatem - ok
13:24:02.0529 2032 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:24:02.0529 2032 hcw85cir - ok
13:24:02.0591 2032 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:24:02.0591 2032 HdAudAddService - ok
13:24:02.0622 2032 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:24:02.0622 2032 HDAudBus - ok
13:24:02.0638 2032 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:24:02.0638 2032 HidBatt - ok
13:24:02.0669 2032 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:24:02.0669 2032 HidBth - ok
13:24:02.0685 2032 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:24:02.0685 2032 HidIr - ok
13:24:02.0716 2032 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
13:24:02.0716 2032 hidserv - ok
13:24:02.0747 2032 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:24:02.0747 2032 HidUsb - ok
13:24:02.0794 2032 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:24:02.0794 2032 hkmsvc - ok
13:24:02.0841 2032 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:24:02.0856 2032 HomeGroupListener - ok
13:24:02.0872 2032 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:24:02.0872 2032 HomeGroupProvider - ok
13:24:02.0903 2032 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:24:02.0903 2032 HpSAMD - ok
13:24:02.0965 2032 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:24:02.0981 2032 HTTP - ok
13:24:03.0028 2032 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:24:03.0028 2032 hwpolicy - ok
13:24:03.0090 2032 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:24:03.0090 2032 i8042prt - ok
13:24:03.0137 2032 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:24:03.0137 2032 iaStorV - ok
13:24:03.0215 2032 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:24:03.0277 2032 idsvc - ok
13:24:03.0480 2032 [ 37A65E3D89F6BBF5719FF9585F99EB7D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
13:24:03.0667 2032 igfx - ok
13:24:03.0699 2032 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:24:03.0699 2032 iirsp - ok
13:24:03.0777 2032 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:24:03.0808 2032 IKEEXT - ok
13:24:03.0901 2032 [ 18F7691B18D4A93559D2A998AB2142BD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:24:03.0948 2032 IntcAzAudAddService - ok
13:24:03.0995 2032 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:24:03.0995 2032 intelide - ok
13:24:04.0026 2032 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:24:04.0042 2032 intelppm - ok
13:24:04.0073 2032 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:24:04.0073 2032 IPBusEnum - ok
13:24:04.0135 2032 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:24:04.0135 2032 IpFilterDriver - ok
13:24:04.0151 2032 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:24:04.0182 2032 iphlpsvc - ok
13:24:04.0291 2032 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:24:04.0291 2032 IPMIDRV - ok
13:24:04.0323 2032 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:24:04.0323 2032 IPNAT - ok
13:24:04.0385 2032 [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:24:04.0416 2032 iPod Service - ok
13:24:04.0447 2032 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:24:04.0447 2032 IRENUM - ok
13:24:04.0447 2032 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:24:04.0463 2032 isapnp - ok
13:24:04.0510 2032 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:24:04.0525 2032 iScsiPrt - ok
13:24:04.0541 2032 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:24:04.0541 2032 kbdclass - ok
13:24:04.0557 2032 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:24:04.0557 2032 kbdhid - ok
13:24:04.0572 2032 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:24:04.0572 2032 KeyIso - ok
13:24:04.0635 2032 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:24:04.0635 2032 KSecDD - ok
13:24:04.0697 2032 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:24:04.0697 2032 KSecPkg - ok
13:24:04.0728 2032 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:24:04.0728 2032 ksthunk - ok
13:24:04.0759 2032 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:24:04.0759 2032 KtmRm - ok
13:24:04.0853 2032 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:24:04.0853 2032 LanmanServer - ok
13:24:04.0900 2032 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:24:04.0900 2032 LanmanWorkstation - ok
13:24:04.0962 2032 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:24:04.0962 2032 lltdio - ok
13:24:04.0993 2032 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:24:04.0993 2032 lltdsvc - ok
13:24:05.0025 2032 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:24:05.0025 2032 lmhosts - ok
13:24:05.0056 2032 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:24:05.0056 2032 LSI_FC - ok
13:24:05.0071 2032 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:24:05.0087 2032 LSI_SAS - ok
13:24:05.0103 2032 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:24:05.0103 2032 LSI_SAS2 - ok
13:24:05.0118 2032 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:24:05.0118 2032 LSI_SCSI - ok
13:24:05.0134 2032 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:24:05.0149 2032 luafv - ok
13:24:05.0196 2032 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:24:05.0196 2032 MBAMProtector - ok
13:24:05.0259 2032 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:24:05.0274 2032 MBAMScheduler - ok
13:24:05.0321 2032 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:24:05.0337 2032 MBAMService - ok
13:24:05.0446 2032 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
13:24:05.0461 2032 McComponentHostService - ok
13:24:05.0508 2032 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:24:05.0508 2032 Mcx2Svc - ok
13:24:05.0586 2032 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
13:24:05.0586 2032 MDM - ok
13:24:05.0633 2032 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:24:05.0633 2032 megasas - ok
13:24:05.0649 2032 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:24:05.0664 2032 MegaSR - ok
13:24:05.0695 2032 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:24:05.0695 2032 MMCSS - ok
13:24:05.0711 2032 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:24:05.0711 2032 Modem - ok
13:24:05.0742 2032 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:24:05.0742 2032 monitor - ok
13:24:05.0789 2032 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:24:05.0789 2032 mouclass - ok
13:24:05.0820 2032 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:24:05.0820 2032 mouhid - ok
13:24:05.0883 2032 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:24:05.0883 2032 mountmgr - ok
13:24:05.0929 2032 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:24:05.0929 2032 MozillaMaintenance - ok
13:24:06.0007 2032 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
13:24:06.0007 2032 MpFilter - ok
13:24:06.0070 2032 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:24:06.0070 2032 mpio - ok
13:24:06.0101 2032 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:24:06.0117 2032 mpsdrv - ok
13:24:06.0179 2032 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:24:06.0210 2032 MpsSvc - ok
13:24:06.0273 2032 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:24:06.0273 2032 MRxDAV - ok
13:24:06.0335 2032 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:24:06.0335 2032 mrxsmb - ok
13:24:06.0429 2032 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:24:06.0429 2032 mrxsmb10 - ok
13:24:06.0444 2032 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:24:06.0444 2032 mrxsmb20 - ok
13:24:06.0491 2032 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:24:06.0491 2032 msahci - ok
13:24:06.0507 2032 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:24:06.0522 2032 msdsm - ok
13:24:06.0538 2032 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:24:06.0538 2032 MSDTC - ok
13:24:06.0569 2032 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:24:06.0585 2032 Msfs - ok
13:24:06.0585 2032 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:24:06.0585 2032 mshidkmdf - ok
13:24:06.0631 2032 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:24:06.0647 2032 msisadrv - ok
13:24:06.0663 2032 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:24:06.0678 2032 MSiSCSI - ok
13:24:06.0678 2032 msiserver - ok
13:24:06.0694 2032 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:24:06.0694 2032 MSKSSRV - ok
13:24:06.0787 2032 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:24:06.0787 2032 MsMpSvc - ok
13:24:06.0803 2032 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:24:06.0803 2032 MSPCLOCK - ok
13:24:06.0834 2032 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:24:06.0834 2032 MSPQM - ok
13:24:06.0881 2032 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:24:06.0897 2032 MsRPC - ok
13:24:06.0943 2032 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:24:06.0943 2032 mssmbios - ok
13:24:06.0959 2032 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:24:06.0959 2032 MSTEE - ok
13:24:06.0975 2032 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:24:06.0975 2032 MTConfig - ok
13:24:06.0990 2032 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:24:06.0990 2032 Mup - ok
13:24:07.0053 2032 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:24:07.0053 2032 napagent - ok
13:24:07.0084 2032 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:24:07.0084 2032 NativeWifiP - ok
13:24:07.0131 2032 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
13:24:07.0162 2032 NDIS - ok
13:24:07.0177 2032 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:24:07.0177 2032 NdisCap - ok
13:24:07.0193 2032 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:24:07.0193 2032 NdisTapi - ok
13:24:07.0240 2032 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:24:07.0240 2032 Ndisuio - ok
13:24:07.0287 2032 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:24:07.0287 2032 NdisWan - ok
13:24:07.0349 2032 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:24:07.0349 2032 NDProxy - ok
13:24:07.0380 2032 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:24:07.0380 2032 NetBIOS - ok
13:24:07.0427 2032 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:24:07.0443 2032 NetBT - ok
13:24:07.0443 2032 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:24:07.0458 2032 Netlogon - ok
13:24:07.0489 2032 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:24:07.0489 2032 Netman - ok
13:24:07.0521 2032 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:24:07.0521 2032 netprofm - ok
13:24:07.0614 2032 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:24:07.0614 2032 NetTcpPortSharing - ok
13:24:07.0677 2032 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:24:07.0677 2032 nfrd960 - ok
13:24:07.0723 2032 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:24:07.0739 2032 NisDrv - ok
13:24:07.0817 2032 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
13:24:07.0817 2032 NisSrv - ok
13:24:07.0864 2032 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:24:07.0879 2032 NlaSvc - ok
13:24:07.0895 2032 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:24:07.0895 2032 Npfs - ok
13:24:07.0926 2032 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:24:07.0926 2032 nsi - ok
13:24:07.0989 2032 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:24:07.0989 2032 nsiproxy - ok
13:24:08.0067 2032 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:24:08.0176 2032 Ntfs - ok
13:24:08.0191 2032 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:24:08.0191 2032 Null - ok
13:24:08.0238 2032 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:24:08.0254 2032 nvraid - ok
13:24:08.0254 2032 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:24:08.0269 2032 nvstor - ok
13:24:08.0316 2032 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:24:08.0316 2032 nv_agp - ok
13:24:08.0379 2032 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:24:08.0394 2032 odserv - ok
13:24:08.0441 2032 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:24:08.0441 2032 ohci1394 - ok
13:24:08.0488 2032 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:24:08.0488 2032 ose - ok
13:24:08.0535 2032 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:24:08.0535 2032 p2pimsvc - ok
13:24:08.0566 2032 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:24:08.0581 2032 p2psvc - ok
13:24:08.0597 2032 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:24:08.0613 2032 Parport - ok
13:24:08.0659 2032 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:24:08.0659 2032 partmgr - ok
13:24:08.0769 2032 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:24:08.0769 2032 PcaSvc - ok
13:24:08.0784 2032 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:24:08.0784 2032 pci - ok
13:24:08.0831 2032 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:24:08.0847 2032 pciide - ok
13:24:08.0878 2032 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:24:08.0893 2032 pcmcia - ok
13:24:08.0909 2032 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:24:08.0909 2032 pcw - ok
13:24:08.0956 2032 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:24:08.0956 2032 PEAUTH - ok
13:24:09.0018 2032 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:24:09.0049 2032 PeerDistSvc - ok
13:24:09.0143 2032 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:24:09.0205 2032 PerfHost - ok
13:24:09.0283 2032 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:24:09.0315 2032 pla - ok
13:24:09.0361 2032 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:24:09.0377 2032 PlugPlay - ok
13:24:09.0408 2032 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:24:09.0408 2032 PNRPAutoReg - ok
13:24:09.0439 2032 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:24:09.0439 2032 PNRPsvc - ok
13:24:09.0455 2032 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:24:09.0471 2032 PolicyAgent - ok
13:24:09.0517 2032 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:24:09.0533 2032 Power - ok
13:24:09.0580 2032 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:24:09.0580 2032 PptpMiniport - ok
13:24:09.0611 2032 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:24:09.0611 2032 Processor - ok
13:24:09.0642 2032 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
13:24:09.0642 2032 ProfSvc - ok
13:24:09.0658 2032 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:24:09.0658 2032 ProtectedStorage - ok
13:24:09.0720 2032 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:24:09.0720 2032 Psched - ok
13:24:09.0767 2032 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:24:09.0814 2032 ql2300 - ok
13:24:09.0845 2032 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:24:09.0861 2032 ql40xx - ok
13:24:09.0876 2032 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:24:09.0892 2032 QWAVE - ok
13:24:09.0907 2032 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:24:09.0907 2032 QWAVEdrv - ok
13:24:09.0923 2032 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:24:09.0923 2032 RasAcd - ok
13:24:09.0954 2032 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:24:09.0954 2032 RasAgileVpn - ok
13:24:09.0970 2032 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:24:09.0985 2032 RasAuto - ok
13:24:10.0017 2032 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:24:10.0032 2032 Rasl2tp - ok
13:24:10.0079 2032 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:24:10.0095 2032 RasMan - ok
13:24:10.0110 2032 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:24:10.0110 2032 RasPppoe - ok
13:24:10.0141 2032 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:24:10.0141 2032 RasSstp - ok
13:24:10.0204 2032 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:24:10.0204 2032 rdbss - ok
13:24:10.0235 2032 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:24:10.0235 2032 rdpbus - ok
13:24:10.0251 2032 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:24:10.0251 2032 RDPCDD - ok
13:24:10.0297 2032 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:24:10.0313 2032 RDPDR - ok
13:24:10.0329 2032 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:24:10.0329 2032 RDPENCDD - ok
13:24:10.0344 2032 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:24:10.0344 2032 RDPREFMP - ok
13:24:10.0391 2032 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:24:10.0391 2032 RDPWD - ok
13:24:10.0438 2032 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:24:10.0453 2032 rdyboost - ok
13:24:10.0469 2032 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:24:10.0485 2032 RemoteAccess - ok
13:24:10.0516 2032 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:24:10.0516 2032 RemoteRegistry - ok
13:24:10.0547 2032 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:24:10.0547 2032 RpcEptMapper - ok
13:24:10.0563 2032 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:24:10.0563 2032 RpcLocator - ok
13:24:10.0609 2032 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:24:10.0625 2032 RpcSs - ok
13:24:10.0656 2032 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:24:10.0656 2032 rspndr - ok
13:24:10.0703 2032 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
13:24:10.0703 2032 s3cap - ok
13:24:10.0734 2032 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:24:10.0734 2032 SamSs - ok
13:24:10.0750 2032 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:24:10.0750 2032 sbp2port - ok
13:24:10.0781 2032 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:24:10.0797 2032 SCardSvr - ok
13:24:10.0843 2032 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:24:10.0843 2032 scfilter - ok
13:24:10.0906 2032 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:24:10.0937 2032 Schedule - ok
13:24:10.0984 2032 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:24:10.0984 2032 SCPolicySvc - ok
13:24:11.0031 2032 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
13:24:11.0031 2032 sdbus - ok
13:24:11.0077 2032 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:24:11.0077 2032 SDRSVC - ok
13:24:11.0109 2032 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:24:11.0109 2032 secdrv - ok
13:24:11.0171 2032 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:24:11.0171 2032 seclogon - ok
13:24:11.0202 2032 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
13:24:11.0202 2032 SENS - ok
13:24:11.0233 2032 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:24:11.0233 2032 SensrSvc - ok
13:24:11.0265 2032 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:24:11.0265 2032 Serenum - ok
13:24:11.0280 2032 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:24:11.0296 2032 Serial - ok
13:24:11.0311 2032 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:24:11.0311 2032 sermouse - ok
13:24:11.0389 2032 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:24:11.0389 2032 SessionEnv - ok
13:24:11.0405 2032 [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
13:24:11.0405 2032 SFEP - ok
13:24:11.0452 2032 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:24:11.0467 2032 sffdisk - ok
13:24:11.0483 2032 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:24:11.0483 2032 sffp_mmc - ok
13:24:11.0514 2032 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:24:11.0514 2032 sffp_sd - ok
13:24:11.0545 2032 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:24:11.0545 2032 sfloppy - ok
13:24:11.0577 2032 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:24:11.0592 2032 SharedAccess - ok
13:24:11.0639 2032 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:24:11.0655 2032 ShellHWDetection - ok
13:24:11.0670 2032 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:24:11.0670 2032 SiSRaid2 - ok
13:24:11.0701 2032 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:24:11.0701 2032 SiSRaid4 - ok
13:24:11.0764 2032 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
13:24:11.0764 2032 SkypeUpdate - ok
13:24:11.0795 2032 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:24:11.0795 2032 Smb - ok
13:24:11.0826 2032 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:24:11.0826 2032 SNMPTRAP - ok
13:24:11.0857 2032 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:24:11.0857 2032 spldr - ok
13:24:11.0920 2032 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
13:24:11.0935 2032 Spooler - ok
13:24:12.0029 2032 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:24:12.0123 2032 sppsvc - ok
13:24:12.0154 2032 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:24:12.0154 2032 sppuinotify - ok
13:24:12.0216 2032 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:24:12.0216 2032 srv - ok
13:24:12.0263 2032 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:24:12.0263 2032 srv2 - ok
13:24:12.0325 2032 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
13:24:12.0325 2032 SrvHsfHDA - ok
13:24:12.0388 2032 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
13:24:12.0435 2032 SrvHsfV92 - ok
13:24:12.0481 2032 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
13:24:12.0481 2032 SrvHsfWinac - ok
13:24:12.0544 2032 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:24:12.0544 2032 srvnet - ok
13:24:12.0575 2032 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:24:12.0575 2032 SSDPSRV - ok
13:24:12.0606 2032 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:24:12.0606 2032 SstpSvc - ok
13:24:12.0622 2032 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:24:12.0637 2032 stexstor - ok
13:24:12.0684 2032 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:24:12.0715 2032 stisvc - ok
13:24:12.0778 2032 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
13:24:12.0778 2032 storflt - ok
13:24:12.0793 2032 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
13:24:12.0809 2032 StorSvc - ok
13:24:12.0809 2032 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
13:24:12.0809 2032 storvsc - ok
13:24:12.0825 2032 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
13:24:12.0825 2032 swenum - ok
13:24:12.0871 2032 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:24:12.0871 2032 swprv - ok
13:24:12.0965 2032 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:24:13.0027 2032 SysMain - ok
13:24:13.0074 2032 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:24:13.0090 2032 TabletInputService - ok
13:24:13.0105 2032 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:24:13.0121 2032 TapiSrv - ok
13:24:13.0137 2032 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:24:13.0152 2032 TBS - ok
13:24:13.0246 2032 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:24:13.0308 2032 Tcpip - ok
13:24:13.0371 2032 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:24:13.0386 2032 TCPIP6 - ok
13:24:13.0449 2032 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:24:13.0449 2032 tcpipreg - ok
13:24:13.0495 2032 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:24:13.0495 2032 TDPIPE - ok
13:24:13.0542 2032 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:24:13.0542 2032 TDTCP - ok
13:24:13.0605 2032 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:24:13.0605 2032 tdx - ok
13:24:13.0651 2032 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:24:13.0651 2032 TermDD - ok
13:24:13.0683 2032 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:24:13.0714 2032 TermService - ok
13:24:13.0745 2032 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:24:13.0745 2032 Themes - ok
13:24:13.0776 2032 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:24:13.0776 2032 THREADORDER - ok
13:24:13.0807 2032 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:24:13.0807 2032 TrkWks - ok
13:24:13.0885 2032 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:24:13.0901 2032 TrustedInstaller - ok
13:24:13.0948 2032 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:24:13.0948 2032 tssecsrv - ok
13:24:14.0010 2032 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:24:14.0010 2032 TsUsbFlt - ok
13:24:14.0073 2032 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:24:14.0073 2032 tunnel - ok
13:24:14.0104 2032 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:24:14.0104 2032 uagp35 - ok
13:24:14.0166 2032 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:24:14.0182 2032 udfs - ok
13:24:14.0213 2032 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:24:14.0213 2032 UI0Detect - ok
13:24:14.0229 2032 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:24:14.0244 2032 uliagpkx - ok
13:24:14.0276 2032 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
13:24:14.0276 2032 umbus - ok
13:24:14.0291 2032 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:24:14.0291 2032 UmPass - ok
13:24:14.0322 2032 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
13:24:14.0338 2032 UmRdpService - ok
13:24:14.0354 2032 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:24:14.0369 2032 upnphost - ok
13:24:14.0416 2032 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
13:24:14.0416 2032 USBAAPL64 - ok
13:24:14.0494 2032 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
13:24:14.0494 2032 usbaudio - ok
13:24:14.0525 2032 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:24:14.0525 2032 usbccgp - ok
13:24:14.0541 2032 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:24:14.0541 2032 usbcir - ok
13:24:14.0556 2032 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\drivers\usbehci.sys
13:24:14.0572 2032 usbehci - ok
13:24:14.0588 2032 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\drivers\usbhub.sys
13:24:14.0588 2032 usbhub - ok
13:24:14.0603 2032 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:24:14.0603 2032 usbohci - ok
13:24:14.0634 2032 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:24:14.0634 2032 usbprint - ok
13:24:14.0697 2032 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:24:14.0697 2032 usbscan - ok
13:24:14.0744 2032 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
13:24:14.0744 2032 USBSTOR - ok
13:24:14.0775 2032 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:24:14.0775 2032 usbuhci - ok
13:24:14.0853 2032 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
13:24:14.0853 2032 usbvideo - ok
13:24:14.0884 2032 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:24:14.0884 2032 UxSms - ok
13:24:14.0900 2032 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:24:14.0900 2032 VaultSvc - ok
13:24:14.0915 2032 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:24:14.0915 2032 vdrvroot - ok
13:24:14.0978 2032 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:24:15.0009 2032 vds - ok
13:24:15.0040 2032 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:24:15.0040 2032 vga - ok
13:24:15.0056 2032 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:24:15.0056 2032 VgaSave - ok
13:24:15.0118 2032 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:24:15.0118 2032 vhdmp - ok
13:24:15.0134 2032 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:24:15.0134 2032 viaide - ok
13:24:15.0165 2032 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
13:24:15.0180 2032 vmbus - ok
13:24:15.0196 2032 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
13:24:15.0196 2032 VMBusHID - ok
13:24:15.0212 2032 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:24:15.0212 2032 volmgr - ok
13:24:15.0274 2032 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:24:15.0290 2032 volmgrx - ok
13:24:15.0305 2032 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:24:15.0305 2032 volsnap - ok
13:24:15.0336 2032 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:24:15.0336 2032 vsmraid - ok
13:24:15.0414 2032 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:24:15.0461 2032 VSS - ok
13:24:15.0477 2032 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:24:15.0492 2032 vwifibus - ok
13:24:15.0508 2032 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:24:15.0508 2032 vwififlt - ok
13:24:15.0539 2032 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:24:15.0555 2032 W32Time - ok
13:24:15.0586 2032 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:24:15.0586 2032 WacomPen - ok
13:24:15.0633 2032 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:24:15.0633 2032 WANARP - ok
13:24:15.0648 2032 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:24:15.0648 2032 Wanarpv6 - ok
13:24:15.0711 2032 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:24:15.0742 2032 WatAdminSvc - ok
13:24:15.0820 2032 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:24:15.0867 2032 wbengine - ok
13:24:15.0898 2032 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:24:15.0914 2032 WbioSrvc - ok
13:24:15.0960 2032 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:24:15.0976 2032 wcncsvc - ok
13:24:15.0992 2032 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:24:15.0992 2032 WcsPlugInService - ok
13:24:16.0023 2032 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:24:16.0023 2032 Wd - ok
13:24:16.0054 2032 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:24:16.0070 2032 Wdf01000 - ok
13:24:16.0085 2032 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:24:16.0101 2032 WdiServiceHost - ok
13:24:16.0101 2032 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:24:16.0101 2032 WdiSystemHost - ok
13:24:16.0163 2032 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:24:16.0163 2032 WebClient - ok
13:24:16.0179 2032 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:24:16.0194 2032 Wecsvc - ok
13:24:16.0194 2032 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:24:16.0210 2032 wercplsupport - ok
13:24:16.0226 2032 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:24:16.0226 2032 WerSvc - ok
13:24:16.0241 2032 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:24:16.0241 2032 WfpLwf - ok
13:24:16.0272 2032 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:24:16.0272 2032 WIMMount - ok
13:24:16.0288 2032 WinDefend - ok
13:24:16.0304 2032 WinHttpAutoProxySvc - ok
13:24:16.0382 2032 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:24:16.0397 2032 Winmgmt - ok
13:24:16.0491 2032 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:24:16.0553 2032 WinRM - ok
13:24:16.0631 2032 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:24:16.0631 2032 WinUsb - ok
13:24:16.0678 2032 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:24:16.0709 2032 Wlansvc - ok
13:24:16.0896 2032 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:24:16.0974 2032 wlidsvc - ok
13:24:17.0021 2032 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:24:17.0021 2032 WmiAcpi - ok
13:24:17.0162 2032 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:24:17.0162 2032 wmiApSrv - ok
13:24:17.0208 2032 WMPNetworkSvc - ok
13:24:17.0224 2032 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:24:17.0240 2032 WPCSvc - ok
13:24:17.0271 2032 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:24:17.0286 2032 WPDBusEnum - ok
13:24:17.0302 2032 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:24:17.0318 2032 ws2ifsl - ok
13:24:17.0318 2032 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
13:24:17.0333 2032 wscsvc - ok
13:24:17.0333 2032 WSearch - ok
13:24:17.0458 2032 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:24:17.0552 2032 wuauserv - ok
13:24:17.0598 2032 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:24:17.0598 2032 WudfPf - ok
13:24:17.0614 2032 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:24:17.0614 2032 WUDFRd - ok
13:24:17.0661 2032 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:24:17.0661 2032 wudfsvc - ok
13:24:17.0708 2032 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:24:17.0708 2032 WwanSvc - ok
13:24:17.0754 2032 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
13:24:17.0754 2032 yukonw7 - ok
13:24:17.0770 2032 ================ Scan global ===============================
13:24:17.0817 2032 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:24:17.0864 2032 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:24:17.0864 2032 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:24:17.0895 2032 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:24:17.0942 2032 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:24:17.0957 2032 [Global] - ok
13:24:17.0957 2032 ================ Scan MBR ==================================
13:24:17.0973 2032 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:24:18.0207 2032 \Device\Harddisk0\DR0 - ok
13:24:18.0207 2032 ================ Scan VBR ==================================
13:24:18.0222 2032 [ 5970CD4C7FFAD95F40E11A71C04FD8D3 ] \Device\Harddisk0\DR0\Partition1
13:24:18.0222 2032 \Device\Harddisk0\DR0\Partition1 - ok
13:24:18.0238 2032 [ B86DDDC2375C0AC088505D830683BA38 ] \Device\Harddisk0\DR0\Partition2
13:24:18.0238 2032 \Device\Harddisk0\DR0\Partition2 - ok
13:24:18.0238 2032 ============================================================
13:24:18.0238 2032 Scan finished
13:24:18.0238 2032 ============================================================
13:24:18.0254 2024 Detected object count: 0
13:24:18.0254 2024 Actual detected object count: 0
13:24:33.0058 0152 ============================================================
13:24:33.0058 0152 Scan started
13:24:33.0058 0152 Mode: Manual; SigCheck; TDLFS;
13:24:33.0058 0152 ============================================================
13:24:33.0230 0152 ================ Scan system memory ========================
13:24:33.0230 0152 System memory - ok
13:24:33.0230 0152 ================ Scan services =============================
13:24:33.0401 0152 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:24:33.0822 0152 1394ohci - ok
13:24:33.0869 0152 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:24:33.0900 0152 ACPI - ok
13:24:33.0947 0152 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:24:34.0072 0152 AcpiPmi - ok
13:24:34.0181 0152 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:24:34.0197 0152 AdobeFlashPlayerUpdateSvc - ok
13:24:34.0244 0152 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:24:34.0275 0152 adp94xx - ok
13:24:34.0290 0152 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:24:34.0322 0152 adpahci - ok
13:24:34.0353 0152 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:24:34.0368 0152 adpu320 - ok
13:24:34.0400 0152 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:24:34.0556 0152 AeLookupSvc - ok
13:24:34.0634 0152 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:24:34.0696 0152 AFD - ok
13:24:34.0743 0152 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:24:34.0758 0152 agp440 - ok
13:24:34.0790 0152 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:24:34.0836 0152 ALG - ok
13:24:34.0852 0152 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:24:34.0868 0152 aliide - ok
13:24:34.0899 0152 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:24:34.0914 0152 amdide - ok
13:24:34.0946 0152 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:24:35.0024 0152 AmdK8 - ok
13:24:35.0039 0152 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:24:35.0086 0152 AmdPPM - ok
13:24:35.0148 0152 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:24:35.0180 0152 amdsata - ok
13:24:35.0226 0152 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:24:35.0258 0152 amdsbs - ok
13:24:35.0273 0152 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:24:35.0289 0152 amdxata - ok
13:24:35.0336 0152 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:24:35.0445 0152 AppID - ok
13:24:35.0476 0152 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:24:35.0570 0152 AppIDSvc - ok
13:24:35.0601 0152 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:24:35.0694 0152 Appinfo - ok
13:24:35.0788 0152 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:24:35.0804 0152 Apple Mobile Device - ok
13:24:35.0804 0152 appliandMP - ok
13:24:35.0819 0152 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
13:24:35.0882 0152 AppMgmt - ok
13:24:35.0913 0152 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
13:24:35.0928 0152 arc - ok
13:24:35.0944 0152 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:24:35.0960 0152 arcsas - ok
13:24:35.0975 0152 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:24:36.0053 0152 AsyncMac - ok
13:24:36.0100 0152 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:24:36.0116 0152 atapi - ok
13:24:36.0178 0152 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
13:24:36.0272 0152 athr - ok
13:24:36.0334 0152 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:24:36.0428 0152 AudioEndpointBuilder - ok
13:24:36.0459 0152 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:24:36.0521 0152 AudioSrv - ok
13:24:36.0568 0152 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:24:36.0677 0152 AxInstSV - ok
13:24:36.0708 0152 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:24:36.0771 0152 b06bdrv - ok
13:24:36.0802 0152 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:24:36.0849 0152 b57nd60a - ok
13:24:36.0880 0152 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:24:36.0942 0152 BDESVC - ok
13:24:36.0958 0152 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:24:37.0052 0152 Beep - ok
13:24:37.0098 0152 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:24:37.0176 0152 BFE - ok
13:24:37.0239 0152 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
13:24:37.0332 0152 BITS - ok
13:24:37.0364 0152 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:24:37.0395 0152 blbdrive - ok
13:24:37.0504 0152 [ 10EC619DACA7951F4E5AEFA63158A064 ] BNPagent C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
13:24:37.0598 0152 BNPagent - ok
13:24:37.0660 0152 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:24:37.0691 0152 Bonjour Service - ok
13:24:37.0722 0152 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:24:37.0754 0152 bowser - ok
13:24:37.0754 0152 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:24:37.0832 0152 BrFiltLo - ok
13:24:37.0863 0152 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:24:37.0894 0152 BrFiltUp - ok
13:24:37.0941 0152 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:24:37.0988 0152 Browser - ok
13:24:38.0019 0152 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:24:38.0097 0152 Brserid - ok
13:24:38.0128 0152 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:24:38.0175 0152 BrSerWdm - ok
13:24:38.0206 0152 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:24:38.0268 0152 BrUsbMdm - ok
13:24:38.0284 0152 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:24:38.0331 0152 BrUsbSer - ok
13:24:38.0346 0152 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:24:38.0393 0152 BTHMODEM - ok
13:24:38.0456 0152 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:24:38.0534 0152 bthserv - ok
13:24:38.0565 0152 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:24:38.0643 0152 cdfs - ok
13:24:38.0674 0152 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
13:24:38.0705 0152 cdrom - ok
13:24:38.0752 0152 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:24:38.0830 0152 CertPropSvc - ok
13:24:38.0877 0152 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:24:38.0908 0152 circlass - ok
13:24:38.0955 0152 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:24:38.0986 0152 CLFS - ok
13:24:39.0048 0152 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:24:39.0064 0152 clr_optimization_v2.0.50727_32 - ok
13:24:39.0095 0152 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:24:39.0111 0152 clr_optimization_v2.0.50727_64 - ok
13:24:39.0126 0152 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:24:39.0173 0152 CmBatt - ok
13:24:39.0204 0152 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:24:39.0220 0152 cmdide - ok
13:24:39.0282 0152 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
13:24:39.0345 0152 CNG - ok
13:24:39.0376 0152 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:24:39.0392 0152 Compbatt - ok
13:24:39.0438 0152 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:24:39.0485 0152 CompositeBus - ok
13:24:39.0485 0152 COMSysApp - ok
13:24:39.0516 0152 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:24:39.0532 0152 crcdisk - ok
13:24:39.0594 0152 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:24:39.0641 0152 CryptSvc - ok
13:24:39.0704 0152 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
13:24:39.0766 0152 CSC - ok
13:24:39.0828 0152 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
13:24:39.0906 0152 CscService - ok
13:24:39.0953 0152 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:24:40.0047 0152 DcomLaunch - ok
13:24:40.0078 0152 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:24:40.0172 0152 defragsvc - ok
13:24:40.0203 0152 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:24:40.0281 0152 DfsC - ok
13:24:40.0328 0152 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:24:40.0421 0152 Dhcp - ok
13:24:40.0452 0152 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:24:40.0515 0152 discache - ok
13:24:40.0530 0152 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:24:40.0562 0152 Disk - ok
13:24:40.0608 0152 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:24:40.0671 0152 Dnscache - ok
13:24:40.0718 0152 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:24:40.0796 0152 dot3svc - ok
13:24:40.0842 0152 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:24:40.0936 0152 DPS - ok
13:24:40.0952 0152 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:24:40.0998 0152 drmkaud - ok
13:24:41.0061 0152 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:24:41.0092 0152 DXGKrnl - ok
13:24:41.0123 0152 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:24:41.0201 0152 EapHost - ok
13:24:41.0310 0152 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:24:41.0404 0152 ebdrv - ok
13:24:41.0451 0152 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:24:41.0529 0152 EFS - ok
13:24:41.0576 0152 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:24:41.0654 0152 ehRecvr - ok
13:24:41.0685 0152 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:24:41.0747 0152 ehSched - ok
13:24:41.0778 0152 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:24:41.0810 0152 elxstor - ok
13:24:41.0825 0152 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:24:41.0856 0152 ErrDev - ok
13:24:41.0919 0152 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:24:41.0997 0152 EventSystem - ok
13:24:42.0044 0152 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:24:42.0137 0152 exfat - ok
13:24:42.0153 0152 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:24:42.0246 0152 fastfat - ok
13:24:42.0293 0152 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:24:42.0356 0152 Fax - ok
13:24:42.0402 0152 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:24:42.0434 0152 fdc - ok
13:24:42.0465 0152 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:24:42.0527 0152 fdPHost - ok
13:24:42.0543 0152 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:24:42.0621 0152 FDResPub - ok
13:24:42.0652 0152 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:24:42.0668 0152 FileInfo - ok
13:24:42.0683 0152 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:24:42.0761 0152 Filetrace - ok
13:24:42.0792 0152 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:24:42.0808 0152 flpydisk - ok
13:24:42.0870 0152 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:24:42.0902 0152 FltMgr - ok
13:24:42.0980 0152 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
13:24:43.0058 0152 FontCache - ok
13:24:43.0120 0152 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:24:43.0136 0152 FontCache3.0.0.0 - ok
13:24:43.0151 0152 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:24:43.0182 0152 FsDepends - ok
13:24:43.0214 0152 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:24:43.0245 0152 Fs_Rec - ok
13:24:43.0292 0152 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:24:43.0323 0152 fvevol - ok
13:24:43.0338 0152 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:24:43.0354 0152 gagp30kx - ok
13:24:43.0385 0152 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:24:43.0401 0152 GEARAspiWDM - ok
13:24:43.0432 0152 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:24:43.0510 0152 gpsvc - ok
13:24:43.0557 0152 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1cafbc455ef312a C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:24:43.0572 0152 gupdate1cafbc455ef312a - ok
13:24:43.0588 0152 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:24:43.0604 0152 gupdatem - ok
13:24:43.0635 0152 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:24:43.0650 0152 hcw85cir - ok
13:24:43.0713 0152 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:24:43.0744 0152 HdAudAddService - ok
13:24:43.0775 0152 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:24:43.0806 0152 HDAudBus - ok
13:24:43.0838 0152 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:24:43.0869 0152 HidBatt - ok
13:24:43.0884 0152 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:24:43.0900 0152 HidBth - ok
13:24:43.0931 0152 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:24:43.0962 0152 HidIr - ok
13:24:44.0009 0152 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
13:24:44.0103 0152 hidserv - ok
13:24:44.0134 0152 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:24:44.0150 0152 HidUsb - ok
13:24:44.0196 0152 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:24:44.0274 0152 hkmsvc - ok
13:24:44.0337 0152 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:24:44.0399 0152 HomeGroupListener - ok
13:24:44.0415 0152 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:24:44.0446 0152 HomeGroupProvider - ok
13:24:44.0477 0152 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:24:44.0493 0152 HpSAMD - ok
13:24:44.0555 0152 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:24:44.0618 0152 HTTP - ok
13:24:44.0664 0152 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:24:44.0696 0152 hwpolicy - ok
13:24:44.0742 0152 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:24:44.0758 0152 i8042prt - ok
13:24:44.0789 0152 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:24:44.0820 0152 iaStorV - ok
13:24:44.0883 0152 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:24:44.0930 0152 idsvc - ok
13:24:45.0117 0152 [ 37A65E3D89F6BBF5719FF9585F99EB7D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
13:24:45.0304 0152 igfx - ok
13:24:45.0335 0152 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:24:45.0351 0152 iirsp - ok
13:24:45.0429 0152 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:24:45.0491 0152 IKEEXT - ok
13:24:45.0585 0152 [ 18F7691B18D4A93559D2A998AB2142BD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:24:45.0632 0152 IntcAzAudAddService - ok
13:24:45.0678 0152 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:24:45.0694 0152 intelide - ok
13:24:45.0725 0152 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:24:45.0756 0152 intelppm - ok
13:24:45.0788 0152 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:24:45.0866 0152 IPBusEnum - ok
13:24:45.0897 0152 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:24:45.0975 0152 IpFilterDriver - ok
13:24:46.0037 0152 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:24:46.0100 0152 iphlpsvc - ok
13:24:46.0146 0152 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:24:46.0193 0152 IPMIDRV - ok
13:24:46.0224 0152 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:24:46.0302 0152 IPNAT - ok
13:24:46.0365 0152 [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:24:46.0396 0152 iPod Service - ok
13:24:46.0458 0152 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:24:46.0552 0152 IRENUM - ok
13:24:46.0583 0152 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:24:46.0599 0152 isapnp - ok
13:24:46.0677 0152 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:24:46.0708 0152 iScsiPrt - ok
13:24:46.0724 0152 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:24:46.0739 0152 kbdclass - ok
13:24:46.0817 0152 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:24:46.0864 0152 kbdhid - ok
13:24:46.0895 0152 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:24:46.0911 0152 KeyIso - ok
13:24:46.0958 0152 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:24:46.0973 0152 KSecDD - ok
13:24:47.0020 0152 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:24:47.0051 0152 KSecPkg - ok
13:24:47.0082 0152 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:24:47.0160 0152 ksthunk - ok
13:24:47.0207 0152 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:24:47.0285 0152 KtmRm - ok
13:24:47.0332 0152 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:24:47.0410 0152 LanmanServer - ok
13:24:47.0472 0152 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:24:47.0550 0152 LanmanWorkstation - ok
13:24:47.0582 0152 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:24:47.0660 0152 lltdio - ok
13:24:47.0706 0152 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:24:47.0800 0152 lltdsvc - ok
13:24:47.0816 0152 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:24:47.0878 0152 lmhosts - ok
13:24:47.0909 0152 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:24:47.0925 0152 LSI_FC - ok
13:24:47.0956 0152 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:24:47.0987 0152 LSI_SAS - ok
13:24:48.0003 0152 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:24:48.0018 0152 LSI_SAS2 - ok
13:24:48.0050 0152 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:24:48.0081 0152 LSI_SCSI - ok
13:24:48.0096 0152 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:24:48.0174 0152 luafv - ok
13:24:48.0206 0152 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:24:48.0284 0152 MBAMProtector - ok
13:24:48.0346 0152 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:24:48.0377 0152 MBAMScheduler - ok
13:24:48.0408 0152 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:24:48.0440 0152 MBAMService - ok
13:24:48.0533 0152 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
13:24:48.0549 0152 McComponentHostService - ok
13:24:48.0596 0152 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:24:48.0627 0152 Mcx2Svc - ok
13:24:48.0689 0152 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
13:24:48.0705 0152 MDM ( UnsignedFile.Multi.Generic ) - warning
13:24:48.0705 0152 MDM - detected UnsignedFile.Multi.Generic (1)
13:24:48.0736 0152 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:24:48.0752 0152 megasas - ok
13:24:48.0783 0152 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:24:48.0798 0152 MegaSR - ok
13:24:48.0845 0152 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:24:48.0908 0152 MMCSS - ok
13:24:48.0908 0152 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:24:49.0001 0152 Modem - ok
13:24:49.0017 0152 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:24:49.0048 0152 monitor - ok
13:24:49.0110 0152 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:24:49.0126 0152 mouclass - ok
13:24:49.0157 0152 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:24:49.0188 0152 mouhid - ok
13:24:49.0235 0152 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:24:49.0251 0152 mountmgr - ok
13:24:49.0298 0152 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:24:49.0313 0152 MozillaMaintenance - ok
13:24:49.0376 0152 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
13:24:49.0407 0152 MpFilter - ok
13:24:49.0454 0152 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:24:49.0485 0152 mpio - ok
13:24:49.0516 0152 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:24:49.0578 0152 mpsdrv - ok
13:24:49.0641 0152 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:24:49.0734 0152 MpsSvc - ok
13:24:49.0781 0152 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:24:49.0828 0152 MRxDAV - ok
13:24:49.0875 0152 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:24:49.0890 0152 mrxsmb - ok
13:24:49.0953 0152 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:24:49.0968 0152 mrxsmb10 - ok
13:24:49.0984 0152 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:24:50.0000 0152 mrxsmb20 - ok
13:24:50.0062 0152 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:24:50.0078 0152 msahci - ok
13:24:50.0093 0152 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:24:50.0124 0152 msdsm - ok
13:24:50.0140 0152 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:24:50.0171 0152 MSDTC - ok
13:24:50.0202 0152 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:24:50.0249 0152 Msfs - ok
13:24:50.0280 0152 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:24:50.0358 0152 mshidkmdf - ok
13:24:50.0390 0152 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:24:50.0405 0152 msisadrv - ok
13:24:50.0452 0152 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:24:50.0530 0152 MSiSCSI - ok
13:24:50.0530 0152 msiserver - ok
13:24:50.0577 0152 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:24:50.0639 0152 MSKSSRV - ok
13:24:50.0717 0152 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:24:50.0748 0152 MsMpSvc - ok
13:24:50.0748 0152 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:24:50.0826 0152 MSPCLOCK - ok
13:24:50.0858 0152 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:24:50.0936 0152 MSPQM - ok
13:24:50.0982 0152 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:24:51.0014 0152 MsRPC - ok
13:24:51.0060 0152 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:24:51.0076 0152 mssmbios - ok
13:24:51.0107 0152 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:24:51.0201 0152 MSTEE - ok
13:24:51.0216 0152 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:24:51.0263 0152 MTConfig - ok
13:24:51.0279 0152 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:24:51.0310 0152 Mup - ok
13:24:51.0357 0152 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:24:51.0450 0152 napagent - ok
13:24:51.0482 0152 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:24:51.0528 0152 NativeWifiP - ok
13:24:51.0575 0152 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
13:24:51.0622 0152 NDIS - ok
13:24:51.0638 0152 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:24:51.0700 0152 NdisCap - ok
13:24:51.0716 0152 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:24:51.0778 0152 NdisTapi - ok
13:24:51.0825 0152 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:24:51.0887 0152 Ndisuio - ok
13:24:51.0934 0152 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:24:52.0012 0152 NdisWan - ok
13:24:52.0059 0152 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:24:52.0121 0152 NDProxy - ok
13:24:52.0152 0152 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:24:52.0215 0152 NetBIOS - ok
13:24:52.0277 0152 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:24:52.0340 0152 NetBT - ok
13:24:52.0355 0152 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:24:52.0371 0152 Netlogon - ok
13:24:52.0418 0152 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:24:52.0527 0152 Netman - ok
13:24:52.0558 0152 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:24:52.0636 0152 netprofm - ok
13:24:52.0683 0152 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:24:52.0698 0152 NetTcpPortSharing - ok
13:24:52.0745 0152 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:24:52.0761 0152 nfrd960 - ok
13:24:52.0808 0152 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:24:52.0823 0152 NisDrv - ok
13:24:52.0886 0152 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
13:24:52.0917 0152 NisSrv - ok
13:24:52.0979 0152 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:24:53.0057 0152 NlaSvc - ok
13:24:53.0073 0152 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:24:53.0135 0152 Npfs - ok
13:24:53.0166 0152 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:24:53.0244 0152 nsi - ok
13:24:53.0276 0152 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:24:53.0354 0152 nsiproxy - ok
13:24:53.0432 0152 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:24:53.0494 0152 Ntfs - ok
13:24:53.0510 0152 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:24:53.0588 0152 Null - ok
13:24:53.0619 0152 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:24:53.0650 0152 nvraid - ok
13:24:53.0666 0152 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:24:53.0681 0152 nvstor - ok
13:24:53.0728 0152 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:24:53.0759 0152 nv_agp - ok
13:24:53.0822 0152 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:24:53.0853 0152 odserv - ok
13:24:53.0884 0152 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:24:53.0900 0152 ohci1394 - ok
13:24:53.0946 0152 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:24:53.0962 0152 ose - ok
13:24:53.0993 0152 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:24:54.0056 0152 p2pimsvc - ok
13:24:54.0071 0152 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:24:54.0102 0152 p2psvc - ok
13:24:54.0134 0152 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:24:54.0165 0152 Parport - ok
13:24:54.0212 0152 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:24:54.0227 0152 partmgr - ok
13:24:54.0258 0152 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:24:54.0305 0152 PcaSvc - ok
13:24:54.0336 0152 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:24:54.0352 0152 pci - ok
13:24:54.0399 0152 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:24:54.0430 0152 pciide - ok
13:24:54.0461 0152 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:24:54.0492 0152 pcmcia - ok
13:24:54.0508 0152 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:24:54.0524 0152 pcw - ok
13:24:54.0555 0152 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:24:54.0648 0152 PEAUTH - ok
13:24:54.0695 0152 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:24:54.0773 0152 PeerDistSvc - ok
13:24:54.0851 0152 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:24:54.0882 0152 PerfHost - ok
13:24:54.0976 0152 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:24:55.0054 0152 pla - ok
13:24:55.0116 0152 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:24:55.0179 0152 PlugPlay - ok
13:24:55.0241 0152 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:24:55.0272 0152 PNRPAutoReg - ok
13:24:55.0350 0152 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:24:55.0382 0152 PNRPsvc - ok
13:24:55.0428 0152 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:24:55.0522 0152 PolicyAgent - ok
13:24:55.0569 0152 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:24:55.0647 0152 Power - ok
13:24:55.0694 0152 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:24:55.0772 0152 PptpMiniport - ok
13:24:55.0803 0152 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:24:55.0850 0152 Processor - ok
13:24:55.0865 0152 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
13:24:55.0943 0152 ProfSvc - ok
13:24:55.0974 0152 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:24:55.0990 0152 ProtectedStorage - ok
13:24:56.0037 0152 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:24:56.0099 0152 Psched - ok
13:24:56.0146 0152 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:24:56.0193 0152 ql2300 - ok
13:24:56.0240 0152 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:24:56.0255 0152 ql40xx - ok
13:24:56.0286 0152 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:24:56.0318 0152 QWAVE - ok
13:24:56.0333 0152 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:24:56.0364 0152 QWAVEdrv - ok
13:24:56.0380 0152 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:24:56.0427 0152 RasAcd - ok
13:24:56.0442 0152 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:24:56.0505 0152 RasAgileVpn - ok
13:24:56.0520 0152 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:24:56.0598 0152 RasAuto - ok
13:24:56.0645 0152 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:24:56.0723 0152 Rasl2tp - ok
13:24:56.0770 0152 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:24:56.0832 0152 RasMan - ok
13:24:56.0848 0152 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:24:56.0942 0152 RasPppoe - ok
13:24:56.0957 0152 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:24:57.0035 0152 RasSstp - ok
13:24:57.0066 0152 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:24:57.0144 0152 rdbss - ok
13:24:57.0191 0152 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:24:57.0222 0152 rdpbus - ok
13:24:57.0254 0152 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:24:57.0332 0152 RDPCDD - ok
13:24:57.0363 0152 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:24:57.0394 0152 RDPDR - ok
13:24:57.0425 0152 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:24:57.0503 0152 RDPENCDD - ok
13:24:57.0534 0152 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:24:57.0581 0152 RDPREFMP - ok
13:24:57.0628 0152 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:24:57.0659 0152 RDPWD - ok
13:24:57.0722 0152 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:24:57.0737 0152 rdyboost - ok
13:24:57.0768 0152 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:24:57.0846 0152 RemoteAccess - ok
13:24:57.0893 0152 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:24:57.0956 0152 RemoteRegistry - ok
13:24:57.0987 0152 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:24:58.0080 0152 RpcEptMapper - ok
13:24:58.0112 0152 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:24:58.0143 0152 RpcLocator - ok
13:24:58.0190 0152 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:24:58.0283 0152 RpcSs - ok
13:24:58.0377 0152 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:24:58.0439 0152 rspndr - ok
13:24:58.0502 0152 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
13:24:58.0548 0152 s3cap - ok
13:24:58.0564 0152 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:24:58.0580 0152 SamSs - ok
13:24:58.0595 0152 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:24:58.0626 0152 sbp2port - ok
13:24:58.0642 0152 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:24:58.0736 0152 SCardSvr - ok
13:24:58.0782 0152 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:24:58.0860 0152 scfilter - ok
13:24:58.0923 0152 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:24:59.0016 0152 Schedule - ok
13:24:59.0063 0152 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:24:59.0110 0152 SCPolicySvc - ok
13:24:59.0157 0152 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
13:24:59.0204 0152 sdbus - ok
13:24:59.0235 0152 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:24:59.0297 0152 SDRSVC - ok
13:24:59.0328 0152 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:24:59.0406 0152 secdrv - ok
13:24:59.0438 0152 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:24:59.0516 0152 seclogon - ok
13:24:59.0562 0152 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
13:24:59.0640 0152 SENS - ok
13:24:59.0656 0152 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:24:59.0687 0152 SensrSvc - ok
13:24:59.0718 0152 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:24:59.0765 0152 Serenum - ok
13:24:59.0781 0152 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:24:59.0812 0152 Serial - ok
13:24:59.0828 0152 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:24:59.0859 0152 sermouse - ok
13:24:59.0921 0152 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:24:59.0984 0152 SessionEnv - ok
13:25:00.0015 0152 [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
13:25:00.0062 0152 SFEP - ok
13:25:00.0108 0152 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:25:00.0171 0152 sffdisk - ok
13:25:00.0186 0152 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:25:00.0218 0152 sffp_mmc - ok
13:25:00.0233 0152 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:25:00.0264 0152 sffp_sd - ok
13:25:00.0296 0152 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:25:00.0342 0152 sfloppy - ok
13:25:00.0389 0152 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:25:00.0483 0152 SharedAccess - ok
13:25:00.0545 0152 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:25:00.0639 0152 ShellHWDetection - ok
13:25:00.0670 0152 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:25:00.0686 0152 SiSRaid2 - ok
13:25:00.0717 0152 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:25:00.0732 0152 SiSRaid4 - ok
13:25:00.0764 0152 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
13:25:00.0779 0152 SkypeUpdate - ok
13:25:00.0795 0152 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:25:00.0873 0152 Smb - ok
13:25:00.0904 0152 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:25:00.0951 0152 SNMPTRAP - ok
13:25:00.0982 0152 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:25:00.0998 0152 spldr - ok
13:25:01.0044 0152 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
13:25:01.0122 0152 Spooler - ok
13:25:01.0216 0152 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:25:01.0341 0152 sppsvc - ok
13:25:01.0388 0152 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:25:01.0466 0152 sppuinotify - ok
13:25:01.0512 0152 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:25:01.0559 0152 srv - ok
13:25:01.0590 0152 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:25:01.0622 0152 srv2 - ok
13:25:01.0668 0152 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
13:25:01.0700 0152 SrvHsfHDA - ok
13:25:01.0746 0152 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
13:25:01.0809 0152 SrvHsfV92 - ok
13:25:01.0840 0152 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
13:25:01.0871 0152 SrvHsfWinac - ok
13:25:01.0918 0152 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:25:01.0949 0152 srvnet - ok
13:25:01.0980 0152 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:25:02.0058 0152 SSDPSRV - ok
13:25:02.0090 0152 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:25:02.0152 0152 SstpSvc - ok
13:25:02.0168 0152 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:25:02.0183 0152 stexstor - ok
13:25:02.0246 0152 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:25:02.0308 0152 stisvc - ok
13:25:02.0339 0152 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
13:25:02.0370 0152 storflt - ok
13:25:02.0402 0152 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
13:25:02.0417 0152 StorSvc - ok
13:25:02.0448 0152 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
13:25:02.0464 0152 storvsc - ok
13:25:02.0464 0152 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
13:25:02.0495 0152 swenum - ok
13:25:02.0511 0152 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:25:02.0604 0152 swprv - ok
13:25:02.0698 0152 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:25:02.0776 0152 SysMain - ok
13:25:02.0807 0152 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:25:02.0854 0152 TabletInputService - ok
13:25:02.0901 0152 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:25:02.0994 0152 TapiSrv - ok
13:25:03.0026 0152 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:25:03.0088 0152 TBS - ok
13:25:03.0182 0152 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:25:03.0244 0152 Tcpip - ok
13:25:03.0306 0152 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:25:03.0369 0152 TCPIP6 - ok
13:25:03.0416 0152 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:25:03.0478 0152 tcpipreg - ok
13:25:03.0509 0152 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:25:03.0556 0152 TDPIPE - ok
13:25:03.0603 0152 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:25:03.0634 0152 TDTCP - ok
13:25:03.0681 0152 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:25:03.0743 0152 tdx - ok
13:25:03.0790 0152 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:25:03.0806 0152 TermDD - ok
13:25:03.0868 0152 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:25:03.0962 0152 TermService - ok
13:25:03.0993 0152 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:25:04.0040 0152 Themes - ok
13:25:04.0071 0152 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:25:04.0133 0152 THREADORDER - ok
13:25:04.0149 0152 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:25:04.0227 0152 TrkWks - ok
13:25:04.0320 0152 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:25:04.0398 0152 TrustedInstaller - ok
13:25:04.0445 0152 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:25:04.0523 0152 tssecsrv - ok
13:25:04.0570 0152 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:25:04.0601 0152 TsUsbFlt - ok
13:25:04.0648 0152 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:25:04.0726 0152 tunnel - ok
13:25:04.0773 0152 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:25:04.0788 0152 uagp35 - ok
13:25:04.0835 0152 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:25:04.0913 0152 udfs - ok
13:25:04.0960 0152 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:25:04.0976 0152 UI0Detect - ok
13:25:04.0991 0152 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:25:05.0022 0152 uliagpkx - ok
13:25:05.0054 0152 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
13:25:05.0100 0152 umbus - ok
13:25:05.0132 0152 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:25:05.0178 0152 UmPass - ok
13:25:05.0194 0152 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
13:25:05.0241 0152 UmRdpService - ok
13:25:05.0288 0152 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:25:05.0381 0152 upnphost - ok
13:25:05.0428 0152 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
13:25:05.0475 0152 USBAAPL64 - ok
13:25:05.0522 0152 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
13:25:05.0568 0152 usbaudio - ok
13:25:05.0584 0152 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:25:05.0631 0152 usbccgp - ok
13:25:05.0662 0152 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:25:05.0693 0152 usbcir - ok
13:25:05.0709 0152 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\drivers\usbehci.sys
13:25:05.0740 0152 usbehci - ok
13:25:05.0771 0152 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\drivers\usbhub.sys
13:25:05.0802 0152 usbhub - ok
13:25:05.0834 0152 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:25:05.0849 0152 usbohci - ok
13:25:05.0880 0152 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:25:05.0927 0152 usbprint - ok
13:25:05.0974 0152 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:25:05.0990 0152 usbscan - ok
13:25:06.0052 0152 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
13:25:06.0083 0152 USBSTOR - ok
13:25:06.0114 0152 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:25:06.0146 0152 usbuhci - ok
13:25:06.0192 0152 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
13:25:06.0224 0152 usbvideo - ok
13:25:06.0255 0152 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:25:06.0333 0152 UxSms - ok
13:25:06.0348 0152 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:25:06.0364 0152 VaultSvc - ok
13:25:06.0380 0152 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:25:06.0395 0152 vdrvroot - ok
13:25:06.0473 0152 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:25:06.0536 0152 vds - ok
13:25:06.0567 0152 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:25:06.0598 0152 vga - ok
13:25:06.0614 0152 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:25:06.0676 0152 VgaSave - ok
13:25:06.0723 0152 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:25:06.0754 0152 vhdmp - ok
13:25:06.0801 0152 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:25:06.0816 0152 viaide - ok
13:25:06.0832 0152 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
13:25:06.0863 0152 vmbus - ok
13:25:06.0879 0152 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
13:25:06.0910 0152 VMBusHID - ok
13:25:06.0941 0152 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:25:06.0957 0152 volmgr - ok
13:25:07.0035 0152 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:25:07.0050 0152 volmgrx - ok
13:25:07.0082 0152 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:25:07.0097 0152 volsnap - ok
13:25:07.0128 0152 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:25:07.0160 0152 vsmraid - ok
13:25:07.0238 0152 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:25:07.0347 0152 VSS - ok
13:25:07.0362 0152 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:25:07.0409 0152 vwifibus - ok
13:25:07.0440 0152 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:25:07.0487 0152 vwififlt - ok
13:25:07.0534 0152 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:25:07.0596 0152 W32Time - ok
13:25:07.0674 0152 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:25:07.0706 0152 WacomPen - ok
13:25:07.0752 0152 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:25:07.0830 0152 WANARP - ok
13:25:07.0830 0152 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:25:07.0893 0152 Wanarpv6 - ok
13:25:07.0955 0152 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:25:08.0002 0152 WatAdminSvc - ok
13:25:08.0096 0152 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:25:08.0158 0152 wbengine - ok
13:25:08.0189 0152 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:25:08.0220 0152 WbioSrvc - ok
13:25:08.0283 0152 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:25:08.0314 0152 wcncsvc - ok
13:25:08.0330 0152 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:25:08.0392 0152 WcsPlugInService - ok
13:25:08.0408 0152 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:25:08.0423 0152 Wd - ok
13:25:08.0470 0152 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:25:08.0501 0152 Wdf01000 - ok
13:25:08.0517 0152 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:25:08.0626 0152 WdiServiceHost - ok
13:25:08.0626 0152 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:25:08.0657 0152 WdiSystemHost - ok
13:25:08.0720 0152 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:25:08.0766 0152 WebClient - ok
13:25:08.0798 0152 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:25:08.0876 0152 Wecsvc - ok
13:25:08.0891 0152 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:25:08.0954 0152 wercplsupport - ok
13:25:08.0985 0152 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:25:09.0047 0152 WerSvc - ok
13:25:09.0063 0152 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:25:09.0125 0152 WfpLwf - ok
13:25:09.0141 0152 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:25:09.0156 0152 WIMMount - ok
13:25:09.0172 0152 WinDefend - ok
13:25:09.0188 0152 WinHttpAutoProxySvc - ok
13:25:09.0250 0152 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:25:09.0328 0152 Winmgmt - ok
13:25:09.0422 0152 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:25:09.0515 0152 WinRM - ok
13:25:09.0562 0152 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:25:09.0593 0152 WinUsb - ok
13:25:09.0640 0152 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:25:09.0702 0152 Wlansvc - ok
13:25:09.0874 0152 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:25:09.0952 0152 wlidsvc - ok
13:25:09.0999 0152 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:25:10.0046 0152 WmiAcpi - ok
13:25:10.0092 0152 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:25:10.0124 0152 wmiApSrv - ok
13:25:10.0170 0152 WMPNetworkSvc - ok
13:25:10.0186 0152 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:25:10.0217 0152 WPCSvc - ok
13:25:10.0280 0152 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:25:10.0311 0152 WPDBusEnum - ok
13:25:10.0326 0152 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:25:10.0389 0152 ws2ifsl - ok
13:25:10.0404 0152 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
13:25:10.0467 0152 wscsvc - ok
13:25:10.0467 0152 WSearch - ok
13:25:10.0576 0152 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:25:10.0654 0152 wuauserv - ok
13:25:10.0701 0152 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:25:10.0779 0152 WudfPf - ok
13:25:10.0810 0152 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:25:10.0888 0152 WUDFRd - ok
13:25:10.0919 0152 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:25:10.0982 0152 wudfsvc - ok
13:25:11.0028 0152 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:25:11.0075 0152 WwanSvc - ok
13:25:11.0122 0152 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
13:25:11.0169 0152 yukonw7 - ok
13:25:11.0184 0152 ================ Scan global ===============================
13:25:11.0216 0152 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:25:11.0278 0152 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:25:11.0278 0152 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:25:11.0309 0152 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:25:11.0356 0152 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:25:11.0356 0152 [Global] - ok
13:25:11.0372 0152 ================ Scan MBR ==================================
13:25:11.0387 0152 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:25:11.0715 0152 \Device\Harddisk0\DR0 - ok
13:25:11.0715 0152 ================ Scan VBR ==================================
13:25:11.0730 0152 [ 5970CD4C7FFAD95F40E11A71C04FD8D3 ] \Device\Harddisk0\DR0\Partition1
13:25:11.0730 0152 \Device\Harddisk0\DR0\Partition1 - ok
13:25:11.0762 0152 [ B86DDDC2375C0AC088505D830683BA38 ] \Device\Harddisk0\DR0\Partition2
13:25:11.0762 0152 \Device\Harddisk0\DR0\Partition2 - ok
13:25:11.0762 0152 ============================================================
13:25:11.0762 0152 Scan finished
13:25:11.0762 0152 ============================================================
13:25:11.0777 1032 Detected object count: 1
13:25:11.0777 1032 Actual detected object count: 1
13:26:44.0145 1032 C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe - copied to quarantine
13:26:44.0176 1032 HKLM\SYSTEM\ControlSet001\services\MDM - will be deleted on reboot
13:26:44.0207 1032 HKLM\SYSTEM\ControlSet002\services\MDM - will be deleted on reboot
13:26:44.0239 1032 HKLM\SYSTEM\ControlSet003\services\MDM - will be deleted on reboot
13:26:44.0457 1032 C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe - will be deleted on reboot
13:26:44.0457 1032 MDM ( UnsignedFile.Multi.Generic ) - User select action: Delete
13:27:23.0129 1952 Deinitialize success

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:53 AM

Posted 14 November 2012 - 08:47 PM

Hi William,

Thank you for the information. We need to take a deeper look into your computer. Please do this.


===================================================


GET xPUD MBR Dump

--------------------

For this step you will need a USB device and a blank CD. I have provided step by step instructions for this process in order to simplify the detailed task.

  • Download GETxPUD.exe to the desktop of your clean computer
  • Double click the Posted Image icon
  • Click Run
  • Double click the Posted Image folder which should now be on your desktop
  • Double click on Posted Image
  • The program will download xpud_0.9.2.iso, and when it is finished it will open a BurnCDCC window

    Posted Image
  • Click on Start, insert a blank CD when instructed, then click OK
  • When completed, the CD will eject for removal
  • Remove the CD and insert it and the USB device into the infected computer
  • Boot the infected computer with the CD you just burned
  • As the computer boots up gently tap F12 and choose to boot from the CD by using the keyboard arrow keys to highlight CD/DVD and then hit Enter
  • At the first screen select English
  • A Welcome to xPUD screen will appear
  • Press File
  • Under File System on the left hand side click on the triangle symbol to expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Double click on the folder that represents your USB drive (sdb1 ?).
  • If you do not see it, please remove the USB device, wait about 5 seconds, reinsert it, then click on the Refresh icon to the left of the house icon near the top of your screen. It should be added under mnt
  • On the top bar select Tool then select Open Terminal
  • Now please type the following and press Enter. Makes sure there is a space between the different colors.

    dd if=/dev/sda of=mbr.bin bs=512 count=1
  • After it has finished (within just a few seconds) a file will be located on your USB drive named mbr.bin. Please ensure the file is there
  • Remove the USB drive, insert it back in your working computer
  • Navigate to mbr.bin, zip the file, and attach it to your next reply.

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • mbr.zip

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 PewLazers

PewLazers
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 15 November 2012 - 02:44 AM

The requested file is attached.

William Ward

Attached Files

  • Attached File  mbr.zip   559bytes   2 downloads


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:53 AM

Posted 15 November 2012 - 10:05 AM

Hi William,

Thank you for going through all of that and nice job!

I have a question for you. Your log indicates you are connected directly to a modem and not through a router, is that correct?

Your Master Boot Record comes back clean. There is one file I have my eye on and I would like to pursue determining whether or not it is infected. Please do this for me.


===================================================


Virustotal Online Virus Scanner

--------------------

  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file, double click on it so the file name is populated, then click Scan it!

    c:\windows\system32\DRIVERS\appliand.sys
  • Once completed, highlight the information in the address bar and copy then paste the link in your reply


    Posted Image

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Virustotal link

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 PewLazers

PewLazers
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 15 November 2012 - 01:30 PM

Apparently that file is not on my computer? I did a search for it and everything.

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:53 AM

Posted 15 November 2012 - 01:36 PM

Hi William,

Let's search for it a different way. Please do this for me.


===================================================


SystemLook by jpshortstuff

--------------------

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:

    :filefind
    *appliand*
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • SystemLook log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 PewLazers

PewLazers
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 15 November 2012 - 06:37 PM

Here ya go! :thumbup2:

SystemLook 30.07.11 by jpshortstuff
Log created at 18:33 on 15/11/2012 by willerz
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "*appliand*"
C:\Windows\System32\DriverStore\FileRepository\appliand.inf_amd64_neutral_27d013e6c7cb42a2\appliand.cat --a---- 7819 bytes [18:46 24/06/2010] [18:46 24/06/2010] B6CCA8C8C3037C37896D6400E41F2DB6
C:\Windows\System32\DriverStore\FileRepository\appliand.inf_amd64_neutral_27d013e6c7cb42a2\appliand.inf --a---- 3782 bytes [13:43 01/06/2010] [13:43 01/06/2010] 6BBE3EA7A77D9B9B43371AEF9831C915
C:\Windows\System32\DriverStore\FileRepository\appliand.inf_amd64_neutral_27d013e6c7cb42a2\appliand.PNF --a---- 8544 bytes [19:03 24/11/2011] [19:03 24/11/2011] A0819CC333A5F56D773892CB24D871E7
C:\Windows\System32\DriverStore\FileRepository\appliand.inf_amd64_neutral_27d013e6c7cb42a2\appliand.sys --a---- 33888 bytes [18:46 24/06/2010] [18:46 24/06/2010] 1B1A533F3BE2A540C8F58F14B2886A97
C:\Windows\System32\DriverStore\FileRepository\appliand_m.inf_amd64_neutral_69024d93dfe87435\appliand_m.cat --a---- 7374 bytes [18:46 24/06/2010] [18:46 24/06/2010] D1B2DB7DBA77A454E99DA4BB4C607448
C:\Windows\System32\DriverStore\FileRepository\appliand_m.inf_amd64_neutral_69024d93dfe87435\appliand_m.inf --a---- 1932 bytes [13:45 01/06/2010] [13:45 01/06/2010] FD046F3A128293BD7DC29563AAB0B541
C:\Windows\System32\DriverStore\FileRepository\appliand_m.inf_amd64_neutral_69024d93dfe87435\appliand_m.PNF --a---- 6496 bytes [19:03 24/11/2011] [19:03 24/11/2011] BD97D1DA256BB9FB8EE35C168321C561

-= EOF =-

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:53 AM

Posted 15 November 2012 - 07:08 PM

Hi William,

Good job finding those entries.

Can you tell me if you have ever downloaded or installed programs from Applian Technologies Like Total Recorder or Replay Media Catcher? If so, was it from a reliable source?

There are 2 things I would like you to do please.


===================================================


Task Manager Processes and Services

--------------------

  • Right click on the Taskbar and select Start Task Manager
  • Click on and check both the Processes and Services tab and attempt to identify the presence of the following:

    • Applian/Appliand (or anything similar)
  • Please include what you found in your post

===================================================


Running TDSSKiller with Changed Parameters

--------------------

  • Right click on any TDSSKiller program you may still have and select Delete
  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    Posted Image

  • Check Loaded Modules and Detect TDLFS file system. Do not check Verify file digital signatures
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    Posted Image
  • Click Start Scan and allow the scan process to run


    Posted Image

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    Posted Image

  • Click Reboot computer
  • Please copy and paste the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Do you recognize Applian Technologies?
  • Any Applian entries in Task Manager?
  • TDSSKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users