Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Sirefef Virus!


  • This topic is locked This topic is locked
24 replies to this topic

#1 Skepz

Skepz

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 15 April 2013 - 06:44 AM

Help me! I got the Sirefef virus. Can someone help me remove it? Got this message when accessing google chrome

 

 

The certificate received has been flagged as erroneous. Please see http://support.google.com/chrome/?p=e_malware_Sirefef&hl=en-US for more details.

The certificate received indicates that this computer is infected with Sirefef.gen!C.

Sirefef.gen!C is a computer virus that intercepts secure web connections and can steal passwords and other sensitive data.

Chrome recognises this virus, but it affects all software on the computer. Other browsers and software may continue to work but they are also affected and rendered insecure.

Microsoft Security Essentials can reportedly remove this virus. When the virus is removed, the warnings in Chrome will stop.

Microsoft Security Essentials is freely available from Microsoft at http://windows.microsoft.com/en-US/windows/security-essentials-download

You should not proceed, especially if you have never seen this warning before for this site
 


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:46 PM

Posted 15 April 2013 - 09:22 AM

Hello Skepz! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.


 

  • Please download RogueKiller and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please post it in your next reply.

 

 


 

Regards,
Georgi


cXfZ4wS.png


#3 Skepz

Skepz
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 15 April 2013 - 09:53 AM

Report:

 

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : user [Admin rights]
Mode : Scan -- Date : 04/15/2013 22:53:11
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] ouc.exe -- C:\Users\user\AppData\Roaming\Mobile Partner\ouc.exe [-] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 4 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{C3C62194-199F-467A-990C-A820DD246BD3} : NameServer (202.65.247.31 202.65.244.32) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{C3C62194-199F-467A-990C-A820DD246BD3} : NameServer (202.65.247.31 202.65.244.32) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\Windows\Installer\{a590945f-7933-c107-15da-b86a6a7d7e6e}\@ [-] --> FOUND
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{a590945f-7933-c107-15da-b86a6a7d7e6e}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{a590945f-7933-c107-15da-b86a6a7d7e6e}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini [-] --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini [-] --> FOUND
[Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe [-] --> FOUND
 
¤¤¤ Driver : [NOT LOADED] ¤¤¤
 
¤¤¤ Infection : ZeroAccess ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: SAMSUNG HM320HJ SATA Disk Device +++++
--- User ---
[MBR] 07de31fb7f87cd9ed5cb5c50d2036fe7
[BSP] d2c09b9eee1d16537bdd76470bc133f7 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[1]_S_04152013_02d2253.txt >>
RKreport[1]_S_04152013_02d2253.txt


#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:46 PM

Posted 15 April 2013 - 04:31 PM

Hi,

 

 

 

IMPORTANT NOTE: One or more of the identified infections is related to the rootkit ZeroAccess. Rootkits, backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used be the attacker for malicious purposes. Rootkits are used be Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bepasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:

If your computer was used for online banking, has credit card information or other sensitive data on it, you should stay disconnected from the Internet until your system is fully cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised and change each password using a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:

Although the infection has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:



We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. If you decide to continue please do this:

 

 

 

STEP 1

 

 

Please click Start Menu > All Programs > Accessories, right click on Command Prompt and select "Run as administrator".
Copy/paste the following text at the command prompt and press enter after each line:

sfc.exe /scanfile=c:\windows\system32\services.exe

findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

A txt file named sfcdetails.txt should appear on the desktop.

Attach that file to your next reply.

Reboot the computer in order the changes to take effect
 

 

 

STEP 2

 

 

 

Please re-run RogueKiller.
Wait until Prescan has finished.
Click on Scan.
Now click on the Files tab

Place a checkmark each of these items:

[ZeroAccess][FILE] @ : C:\Windows\Installer\{a590945f-7933-c107-15da-b86a6a7d7e6e}\@ [-] --> FOUND
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{a590945f-7933-c107-15da-b86a6a7d7e6e}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{a590945f-7933-c107-15da-b86a6a7d7e6e}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini [-] --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini [-] --> FOUND 

Now press the Delete button.
If asked to restart the computer, please do so immediately.
When it is finished, there will be a log on your desktop called: RKreport[3].txt
Post the log in your next reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#5 Skepz

Skepz
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 15 April 2013 - 05:58 PM

sfdcetails.txt: 

 

 

2013-04-16 06:44:20, Info                  CSI    00000009 [SR] Verifying 1 components
2013-04-16 06:44:20, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2013-04-16 06:44:20, Info                  CSI    0000000c [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:24{12}]"services.exe" from store
2013-04-16 06:44:21, Info                  CSI    0000000e [SR] Verify complete
2013-04-16 06:44:21, Info                  CSI    0000000f [SR] Repairing 1 components
2013-04-16 06:44:21, Info                  CSI    00000010 [SR] Beginning Verify and Repair transaction
2013-04-16 06:44:21, Info                  CSI    00000012 [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:24{12}]"services.exe" from store
2013-04-16 06:44:21, Info                  CSI    00000014 [SR] Repair complete
2013-04-16 06:44:21, Info                  CSI    00000015 [SR] Committing transaction
2013-04-16 06:44:21, Info                  CSI    00000019 [SR] Unable to complete Verify and Repair transaction because some of the files that need to be repaired are in use. A reboot is required to complete this operation.
2013-04-16 06:44:21, Info                  CSI    0000001a [SR] Repairing 1 components
2013-04-16 06:44:21, Info                  CSI    0000001b [SR] Beginning Verify and Repair transaction
2013-04-16 06:44:21, Info                  CSI    0000001d [SR] Repairing corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:24{12}]"services.exe" from store
2013-04-16 06:44:21, Info                  CSI    0000001f [SR] Repair complete
 
RK Report:
 
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : user [Admin rights]
Mode : Remove -- Date : 04/16/2013 06:56:22
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 4 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{C3C62194-199F-467A-990C-A820DD246BD3} : NameServer (202.65.247.31 202.65.244.32) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{C3C62194-199F-467A-990C-A820DD246BD3} : NameServer (202.65.247.31 202.65.244.32) -> NOT REMOVED, USE DNSFIX
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\Windows\Installer\{a590945f-7933-c107-15da-b86a6a7d7e6e}\@ [-] --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{a590945f-7933-c107-15da-b86a6a7d7e6e}\U\00000004.@ [-] --> REMOVED
[Del.Parent][FILE] 00000008.@ : C:\Windows\Installer\{a590945f-7933-c107-15da-b86a6a7d7e6e}\U\00000008.@ [-] --> REMOVED
[Del.Parent][FILE] 000000cb.@ : C:\Windows\Installer\{a590945f-7933-c107-15da-b86a6a7d7e6e}\U\000000cb.@ [-] --> REMOVED
[Del.Parent][FILE] 80000000.@ : C:\Windows\Installer\{a590945f-7933-c107-15da-b86a6a7d7e6e}\U\80000000.@ [-] --> REMOVED
[Del.Parent][FILE] 80000032.@ : C:\Windows\Installer\{a590945f-7933-c107-15da-b86a6a7d7e6e}\U\80000032.@ [-] --> REMOVED
[Del.Parent][FILE] 80000064.@ : C:\Windows\Installer\{a590945f-7933-c107-15da-b86a6a7d7e6e}\U\80000064.@ [-] --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{a590945f-7933-c107-15da-b86a6a7d7e6e}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{a590945f-7933-c107-15da-b86a6a7d7e6e}\L\00000004.@ [-] --> REMOVED
[Del.Parent][FILE] 00000008.@ : C:\Windows\Installer\{a590945f-7933-c107-15da-b86a6a7d7e6e}\L\00000008.@ [-] --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\Windows\Installer\{a590945f-7933-c107-15da-b86a6a7d7e6e}\L\201d3dde [-] --> REMOVED
[Del.Parent][FILE] 76603ac3 : C:\Windows\Installer\{a590945f-7933-c107-15da-b86a6a7d7e6e}\L\76603ac3 [-] --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{a590945f-7933-c107-15da-b86a6a7d7e6e}\L --> REMOVED
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini [-] --> REMOVED
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini [-] --> REMOVED
 
¤¤¤ Driver : [NOT LOADED] ¤¤¤
 
¤¤¤ Infection : ZeroAccess ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: SAMSUNG HM320HJ SATA Disk Device +++++
--- User ---
[MBR] 07de31fb7f87cd9ed5cb5c50d2036fe7
[BSP] d2c09b9eee1d16537bdd76470bc133f7 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[4]_D_04162013_02d0656.txt >>
RKreport[1]_S_04152013_02d2253.txt ; RKreport[2]_S_04152013_02d2256.txt 
 
 
 


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:46 PM

Posted 15 April 2013 - 06:26 PM

Hi,
 

Nice work! :)


Now please follow the instructions below:

 

  • Please download OTL from the link below:
  • Save it to your desktop/
  • Double click on the otlDesktopIcon.png icon on your desktop.
  • OTL should now start. Change the following settings:
    - Click on Scan All Users checkbox given at the top.46625204.png
    - Under File Scans, change File age to 90
    - Change Standard Registry to All
    - Check the boxes beside LOP Check and Purity Check
  • Copy and Paste the following code into the customFix.png textbox.
  • Don't copy the word "quoted"

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.*
    %USERPROFILE%\*.*
    %USERPROFILE%\temp\*.exe
    %USERPROFILE%\AppData\Local\*.*
    %USERPROFILE%\AppData\Local\*.
    %USERPROFILE%\AppData\Local\temp\*.exe
    %USERPROFILE%\AppData\Roaming\*.*
    %USERPROFILE%\AppData\Roaming\*.
    %Public%\Documents\Fonts\*.exe
    %Public%\Documents\Config\*.exe
    %Public%\Documents\*.*
    %ProgramData%\*.*
    %ProgramData%\*.
    %CommonProgramFiles%\*.*
    %CommonProgramFiles%\ComObjects*.exe
    %commonprogramfiles(x86)%\*.*
    %ProgramFiles(x86)%\*.*
    %ProgramFiles(x86)%\*.
    %programdata%\Microsoft\Windows\DRM\*.tmp
    %programdata%\Microsoft\DRM\*.tmp
    %systemroot%\system32\config\systemprofile\AppData\Local\*.*
    %systemroot%\system32\config\systemprofile\AppData\Roaming\*.*
    %windir%\SysWOW64\config\systemprofile\AppData\Local\*.*
    %windir%\SysWOW64\config\systemprofile\AppData\Roaming\*.*
    %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.tlb
    %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.tlb
    %windir%\temp\*.exe
    %windir%\*.
    %windir%\installer\*.
    %windir%\system32\*.
    %windir%\sysnative\*.
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\syswow64\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\syswow64\drivers\*.sys /90
    %systemroot%\syswow64\drivers\*.sys /lockedfiles
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /rp /s
    %systemroot%\assembly\tmp\*.* /S /MD5
    %systemroot%\assembly\temp\*.* /S /MD5
    %systemroot%\assembly\GAC\*.ini
    %systemroot%\assembly\GAC_32\*.ini
    %systemroot%\assembly\GAC_64\*.ini
    %SystemRoot%\assembly\GAC_MSIL\*.ini
    wsSystemRoot|l,n,u,@;True;False;True;$,{ /fn
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
    HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
    HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
    HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
    HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
    HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
    HKEY_CURRENT_USER\Software\Classes\clsid\{12d0253a-7c96-815c-11e0-3034bbd97cc0}] /s
    HKEY_CLASSES_ROOT\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\Directory\Shellex\CopyHookHandlers\MSCopy /s
    HKEY_CURRENT_USER\Software\MSOLoad /s
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    consrv.dll
    services.exe
    explorer.exe
    lsass.exe
    svchost.exe
    wininit.exe
    winlogon.exe
    userinit.exe
    atapi.sys
    iaStor.sys
    serial.sys
    volsnap.sys
    disk.sys
    redbook.sys
    i8042prt.sys
    afd.sys
    netbt.sys
    csc.sys
    tcpip.sys
    dfsc.sys
    hlp.dat
    str.sys
    crexv.ocx
    /md5stop

  • Push the runscanbutton.png button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


Regards,
Georgi
 

 


cXfZ4wS.png


#7 Skepz

Skepz
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 16 April 2013 - 05:03 AM

OTL.txt:

 

 

OTL logfile created on: 16/4/2013 5:14:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy
 
3.47 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 63.15% Memory free
52.30 Gb Paging File | 50.81 Gb Available in Paging File | 97.16% Paging File free
Paging file location(s): c:\pagefile.sys 50000 50000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 170.57 Gb Free Space | 57.24% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/04/16 17:13:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2013/04/09 16:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/03/22 10:40:26 | 004,270,640 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2013/03/08 14:51:00 | 000,435,848 | ---- | M] (Funshion) -- C:\Users\user\funshion\funshiontools\FSPAP.exe
PRC - [2013/01/15 18:47:28 | 000,703,808 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
PRC - [2013/01/15 18:47:12 | 000,491,840 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
PRC - [2013/01/15 18:47:10 | 000,465,216 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2012/12/25 17:35:10 | 004,474,832 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
PRC - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2010/11/16 21:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2009/07/27 16:54:14 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\user\AppData\Roaming\Mobile Partner\ouc.exe
PRC - [2009/03/30 15:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/04/09 16:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 16:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 16:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013/04/09 16:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013/04/09 16:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013/03/22 10:40:26 | 004,270,640 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2013/01/24 19:16:54 | 001,050,112 | ---- | M] () -- c:\Program Files (x86)\BrowseToSave\sprotector.dll
MOD - [2013/01/15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madexcept_.bpl
MOD - [2013/01/15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\maddisAsm_.bpl
MOD - [2013/01/15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madbasic_.bpl
MOD - [2013/01/15 18:47:56 | 000,893,248 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\webres.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011/11/14 13:40:52 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/07/07 06:44:50 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/02/15 12:26:42 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/14 09:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/03/30 03:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/03/14 15:37:21 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/08 14:50:32 | 000,078,472 | ---- | M] () [Auto | Running] -- C:\Users\user\funshion\funshiontools\FunshionSvr.dll -- (FunshionSvr)
SRV - [2013/03/07 22:30:44 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/21 04:32:00 | 005,017,816 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2013/01/15 18:47:10 | 000,465,216 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2013/01/08 15:19:46 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/17 12:01:54 | 002,365,792 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/07/28 04:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2010/11/16 21:38:16 | 000,339,456 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/11/16 19:03:35 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/11/16 19:03:35 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/10/22 15:44:07 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/24 15:56:56 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/01/05 07:01:54 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/11/14 14:24:02 | 010,208,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/11/14 13:03:30 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/16 14:08:26 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/06/16 14:08:24 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/06/06 18:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/03/17 20:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/03/17 20:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/03/09 19:29:46 | 000,421,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV:64bit: - [2011/03/09 19:29:46 | 000,221,312 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2011/03/09 19:29:46 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2011/03/09 19:29:46 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2011/02/16 06:45:16 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011/01/24 13:41:24 | 002,700,288 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/12/29 03:45:54 | 000,412,776 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/26 18:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 09:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (1394hub)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2013/03/21 11:23:20 | 000,082,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Game\SoftnyxGame\WolfTeamIS\avital\wolf64.sys -- (wolf)
DRV - [2012/08/28 15:22:34 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2012/07/05 13:53:22 | 000,021,904 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2012/07/05 13:53:18 | 000,033,224 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2012/01/05 18:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2010/11/01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-169332278-487244520-735265740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-169332278-487244520-735265740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-169332278-487244520-735265740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ewts.tes-amm.co.uk/sg/login.aspx?ReturnUrl=%2fsg%2fwelcome.aspx
IE - HKU\S-1-5-21-169332278-487244520-735265740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-169332278-487244520-735265740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-sg
IE - HKU\S-1-5-21-169332278-487244520-735265740-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 13 C1 C0 9D A0 81 CB 01  [binary data]
IE - HKU\S-1-5-21-169332278-487244520-735265740-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-169332278-487244520-735265740-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-169332278-487244520-735265740-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-169332278-487244520-735265740-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-169332278-487244520-735265740-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..browser.startup.homepage: "http://www.hao123.com"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nhncorp.com/npNHNSetup,version=2.0.0.12: C:\Windows\Downloaded Program Files\npNHNSetup.dll (NHN Corp.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\daplinkchecker@speedbit.com: C:\Program Files (x86)\DAP\daplinkchecker [2012/10/21 14:12:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/28 17:09:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/28 17:09:52 | 000,000,000 | ---D | M]
 
[2013/03/28 16:34:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2013/04/15 18:57:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\d35fpdqh.default\extensions
[2013/04/15 19:01:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\d35fpdqh.default\extensions\staged
[2013/03/11 23:45:22 | 000,679,123 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\d35fpdqh.default\extensions\mp3rocketdownloader@mp3rocket.me.xpi
[2013/03/28 16:33:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/28 16:33:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/03/07 22:31:00 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll
[2013/03/28 17:09:47 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2013/03/28 17:09:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2013/03/28 17:09:49 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2013/03/28 17:09:50 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2013/03/28 17:09:51 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2013/03/28 17:09:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2013/03/28 17:09:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2013/03/07 22:30:20 | 000,001,607 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2013/03/07 22:30:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/07 22:30:20 | 000,001,453 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2013/03/07 22:30:20 | 000,002,669 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2013/03/07 22:30:20 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2013/03/07 22:30:20 | 000,001,391 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2013/03/07 22:30:20 | 000,001,309 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodfdknjhecmadheclfjkhhiofeagdbh\1.0.1.2_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.10_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfimfliilbabfohebppnfomgjljicpdm\1.0_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibabcfllpcehkmdeaomeefkdachleacj\1\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnbmfbdgfnlgljeeinflhfijbaeocghi\1\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
 
O1 HOSTS File: ([2009/06/11 05:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (·çÐÐÊÓƵ²¥·Å¼°ÏÂÔØ×é¼þ) - {4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA} - C:\Users\user\funshion\funshiontools\FunshionHelper.dll (北京风行在线技术有限公司
 
)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (BBrowusse22savve) - {8A663F47-7F04-4822-4ADA-E38B91BBF15D} - C:\ProgramData\BBrowusse22savve\516bdd1b03964.dll ()
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (EbbookBrowsse) - {94409433-0FA3-FCBE-0165-30E1E2158833} - C:\ProgramData\EbbookBrowsse\516bde039a661.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (MP3 Rocket Downloader) - {c5e9c0b3-8b18-4b1b-ad67-c1a063ab2b34} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O2 - BHO: (SpeedBit Link Verification Helper) - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files (x86)\DAP\LinkVerifier.dll (Speedbit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-169332278-487244520-735265740-1000..\Run: [Advanced SystemCare 6] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-169332278-487244520-735265740-1000..\Run: [HW_OPENEYE_OUC_Mobile Partner] C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKU\S-1-5-21-169332278-487244520-735265740-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-169332278-487244520-735265740-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8:64bit: - Extra context menu item: &Verify with DAP - C:\Program Files (x86)\DAP\dapverify.htm ()
O8:64bit: - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()
O8 - Extra context menu item: &Verify with DAP - C:\Program Files (x86)\DAP\dapverify.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{636D4201-3D1D-4E86-95C1-7FC9FF107E24}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3C62194-199F-467A-990C-A820DD246BD3}: NameServer = 202.65.247.31 202.65.244.32
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\sprote~1.dll) - c:\Program Files (x86)\BrowseToSave\sprotector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{38bdbf01-1c9b-11e2-ba7a-14feb59f37a6}\Shell - "" = AutoRun
O33 - MountPoints2\{38bdbf01-1c9b-11e2-ba7a-14feb59f37a6}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{f43831ce-e5cd-11df-b4f7-90004e7c17d7}\Shell - "" = AutoRun
O33 - MountPoints2\{f43831ce-e5cd-11df-b4f7-90004e7c17d7}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f43831d9-e5cd-11df-b4f7-90004e7c17d7}\Shell - "" = AutoRun
O33 - MountPoints2\{f43831d9-e5cd-11df-b4f7-90004e7c17d7}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: IMFservice - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: BFE - Service
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MPSSvc - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()
 
========== Files/Folders - Created Within 90 Days ==========
 
[2013/04/16 17:13:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/04/15 22:51:35 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\RK_Quarantine
[2013/04/15 19:07:16 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2013/04/15 19:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftSafe
[2013/04/15 19:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EbbookBrowsse
[2013/04/15 19:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\EbbookBrowsse
[2013/04/15 18:58:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrowseToSave
[2013/04/15 18:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BBrowusse22savve
[2013/04/15 18:57:49 | 000,000,000 | ---D | C] -- C:\ProgramData\BBrowusse22savve
[2013/04/15 18:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/04/15 18:54:31 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\DownBook
[2013/04/15 18:54:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\WideSearch
[2013/04/14 15:54:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion
[2013/04/14 15:52:43 | 006,422,712 | ---- | C] (Funshion Online Technologies Ltd.) -- C:\Users\user\Desktop\FunshionInstall2.8.5.24.exe
[2013/04/05 17:10:48 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\New folder (2)
[2013/04/01 15:37:47 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Adobe_Systems_Incorporate
[2013/04/01 15:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2013/04/01 15:37:13 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\My Digital Editions
[2013/03/30 18:19:42 | 000,000,000 | -HSD | C] -- C:\found.000
[2013/03/30 18:02:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\vlc
[2013/03/30 18:02:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/03/30 18:01:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013/03/28 17:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/03/28 17:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/03/28 16:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/03/28 16:47:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MP3 Rocket Downloader
[2013/03/28 16:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Rocket
[2013/03/28 16:47:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MP3 Rocket
[2013/03/28 16:34:20 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Mozilla
[2013/03/28 16:34:20 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Mozilla
[2013/03/28 16:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/03/28 16:33:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/03/28 16:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/28 16:30:08 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screamer Radio
[2013/03/28 16:30:05 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Screamer Radio
[2013/03/23 10:39:50 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\DragonNest
[2013/03/23 10:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cherry De Games
[2013/03/23 10:30:27 | 000,000,000 | ---D | C] -- C:\CherryDeGames
[2013/03/23 10:02:55 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\New folder
[2013/03/22 11:54:27 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Work
[2013/03/22 11:05:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Xfire
[2013/03/22 11:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire
[2013/03/22 11:04:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2013/03/22 11:04:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xfire
[2013/03/22 11:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SealOnline Eternal Destiny
[2013/03/22 09:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamesCampus
[2013/03/22 09:37:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GamesCampus
[2013/03/21 19:24:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu!
[2013/03/21 19:23:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\osu!
[2013/03/21 19:22:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Downloaded Installations
[2013/03/21 11:18:48 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Programs
[2013/03/21 11:05:50 | 000,000,000 | ---D | C] -- C:\Game
[2013/03/21 10:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/03/21 10:26:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013/03/21 10:21:12 | 000,000,000 | ---D | C] -- C:\NetmarbleGlobal
[2013/03/21 10:12:19 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\PMB Files
[2013/03/21 10:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013/03/21 10:11:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013/03/21 10:11:46 | 000,000,000 | ---D | C] -- C:\Users\user\.swt
[2013/03/21 10:02:21 | 002,441,448 | ---- | C] (NHN) -- C:\Windows\SysWow64\NHNSetup.exe
[2013/03/17 17:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
[2013/03/17 17:29:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2013/03/09 13:57:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/03/09 13:57:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/03/07 16:03:12 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\AxedMS
[2013/02/12 11:44:59 | 005,017,816 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2013/02/12 11:44:39 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys
[2013/02/12 11:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2013/02/12 10:09:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garena Plus
[2013/02/12 10:00:17 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Garena
[2013/02/05 17:18:22 | 000,000,000 | ---D | C] -- C:\Windows\en
[2013/02/05 17:17:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013/02/05 17:16:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013/02/05 17:12:54 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll
[2013/02/05 17:12:54 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll
[2013/02/05 17:12:53 | 003,860,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll
[2013/02/05 17:12:53 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll
[2013/02/05 17:06:28 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Windows Live
[2013/02/05 17:06:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013/02/04 16:07:24 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/02/04 16:07:24 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/02/04 16:07:24 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/02/04 16:07:24 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/02/04 16:07:24 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/02/04 16:07:24 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/02/04 16:07:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/02/04 16:07:24 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/02/04 16:07:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/02/04 16:07:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/02/04 16:07:24 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/02/04 16:07:24 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/02/04 16:07:24 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/02/04 16:07:24 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/02/04 16:07:24 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/02/04 16:07:24 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/02/04 16:07:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/02/04 16:07:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/02/04 16:07:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/02/04 16:07:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/02/04 16:07:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/02/04 16:07:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/02/04 16:07:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/02/04 16:07:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/02/04 16:07:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/02/04 16:07:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/02/04 16:07:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/02/04 16:07:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/02/04 16:07:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/02/04 16:07:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/02/04 16:05:28 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/02/04 16:04:32 | 002,745,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/02/04 16:04:32 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/02/04 16:04:32 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/02/04 16:04:32 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/02/04 16:04:32 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/02/04 16:04:32 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/02/04 16:04:32 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/02/04 16:04:32 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/02/04 16:04:32 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/02/04 16:04:32 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/02/04 16:04:32 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/02/04 16:04:32 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/02/04 16:04:32 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/02/04 16:04:32 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/02/04 16:04:32 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/02/04 16:04:32 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/02/04 16:04:32 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/02/04 16:04:32 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/02/04 16:04:32 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/02/04 16:04:32 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/02/04 16:04:32 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/02/04 16:04:32 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/02/04 16:04:32 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/02/04 16:04:32 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/02/04 16:04:32 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/02/04 16:04:32 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/02/04 16:04:32 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/02/04 16:04:32 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/02/04 16:04:32 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/02/04 16:04:32 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/02/04 16:04:32 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/02/04 16:04:32 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/02/04 16:02:53 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/02/04 16:02:53 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/02/04 16:02:13 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/29 18:14:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/01/29 18:14:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/01/29 18:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/01/29 18:13:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/01/29 18:13:59 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/01/29 18:00:41 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Apple Computer
[2013/01/29 17:59:56 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2013/01/29 17:59:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013/01/29 17:57:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/01/29 17:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/01/29 17:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/01/29 06:28:09 | 000,515,272 | ---- | C] (Ask Partner Network) -- C:\Users\user\Documents\APNSetup.exe
[2013/01/27 11:27:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2013/04/16 17:22:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/16 17:13:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/04/16 17:13:43 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013/04/16 17:11:20 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/16 17:11:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/16 17:11:05 | 2798,211,072 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/15 22:51:16 | 000,816,128 | ---- | M] () -- C:\Users\user\Desktop\RogueKiller.exe
[2013/04/15 21:37:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/15 20:38:42 | 000,020,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/15 20:38:42 | 000,020,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/15 19:04:46 | 000,002,324 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/04/14 17:39:29 | 000,002,241 | ---- | M] () -- C:\Users\user\FunShion.ini
[2013/04/14 15:55:55 | 000,000,911 | ---- | M] () -- C:\Users\user\AppData\Roaming\coreavc.ini
[2013/04/14 15:54:46 | 000,001,120 | ---- | M] () -- C:\Windows\SysWow64\funshion.ini
[2013/04/14 15:54:41 | 000,002,229 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Funshion.lnk
[2013/04/14 15:54:09 | 006,422,712 | ---- | M] (Funshion Online Technologies Ltd.) -- C:\Users\user\Desktop\FunshionInstall2.8.5.24.exe
[2013/04/03 19:13:54 | 000,002,224 | ---- | M] () -- C:\Users\user\Desktop\Adobe Digital Editions 2.0.lnk
[2013/03/30 18:02:21 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/03/28 20:10:43 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_wpdcomp_01_09_00.Wdf
[2013/03/28 16:47:23 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\MP3 Rocket 6.3.5.lnk
[2013/03/28 16:47:23 | 000,001,126 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\MP3 Rocket 6.3.5.lnk
[2013/03/28 16:33:49 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/03/24 19:23:39 | 000,897,435 | ---- | M] () -- C:\Users\user\Desktop\Swordmaster Skillbuild.png
[2013/03/23 10:38:33 | 000,001,679 | ---- | M] () -- C:\Users\Public\Desktop\Dragon Nest.lnk
[2013/03/22 10:22:29 | 000,000,024 | ---- | M] () -- C:\Users\user\random.dat
[2013/03/22 10:22:11 | 000,000,043 | ---- | M] () -- C:\Users\user\jagex_cl_runescape_LIVE.dat
[2013/03/22 10:21:29 | 000,000,037 | ---- | M] () -- C:\Users\user\jagex_runescape_preferences.dat
[2013/03/21 19:24:04 | 000,000,885 | ---- | M] () -- C:\Users\Public\Desktop\osu!.lnk
[2013/03/21 10:26:54 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/03/14 15:37:20 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/14 15:37:20 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/08 06:36:49 | 000,419,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\systemcpl.dll
[2013/03/07 14:52:25 | 000,001,801 | ---- | M] () -- C:\Users\user\Desktop\MapleStory.lnk
[2013/02/08 13:32:50 | 000,003,907 | ---- | M] () -- C:\Users\user\AppData\Local\recently-used.xbel
[2013/02/04 19:45:55 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2013/02/04 19:37:32 | 000,414,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/04 16:07:24 | 001,161,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/02/04 16:07:24 | 000,424,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/02/04 16:07:24 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/02/04 16:07:24 | 000,338,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/02/04 16:07:24 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/02/04 16:07:24 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/02/04 16:07:24 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/02/04 16:07:24 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/02/04 16:07:24 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/02/04 16:07:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/02/04 16:07:24 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/02/04 16:07:24 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/02/04 16:07:24 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/02/04 16:07:24 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/02/04 16:07:24 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/02/04 16:07:24 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/02/04 16:07:24 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/02/04 16:07:24 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/02/04 16:07:24 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/02/04 16:07:24 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/02/04 16:07:24 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/02/04 16:07:24 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/02/04 16:07:24 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/02/04 16:07:24 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/02/04 16:07:24 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/02/04 16:07:24 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/02/04 16:07:24 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/02/04 16:07:24 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/02/04 16:07:24 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/02/04 16:07:24 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/02/04 16:07:24 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/02/04 16:05:28 | 000,801,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/02/04 16:04:32 | 002,745,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/02/04 16:04:32 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/02/04 16:04:32 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/02/04 16:04:32 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/02/04 16:04:32 | 000,055,296 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/02/04 16:04:32 | 000,055,296 | ---- | M] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/02/04 16:04:32 | 000,051,712 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/02/04 16:04:32 | 000,051,712 | ---- | M] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/02/04 16:04:32 | 000,046,592 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/02/04 16:04:32 | 000,046,592 | ---- | M] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/02/04 16:04:32 | 000,045,568 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/02/04 16:04:32 | 000,045,568 | ---- | M] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/02/04 16:04:32 | 000,044,544 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/02/04 16:04:32 | 000,044,544 | ---- | M] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/02/04 16:04:32 | 000,043,520 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/02/04 16:04:32 | 000,043,520 | ---- | M] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/02/04 16:04:32 | 000,040,960 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/02/04 16:04:32 | 000,040,960 | ---- | M] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/02/04 16:04:32 | 000,030,720 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/02/04 16:04:32 | 000,030,720 | ---- | M] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/02/04 16:04:32 | 000,023,552 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/02/04 16:04:32 | 000,023,552 | ---- | M] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/02/04 16:04:32 | 000,021,504 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/02/04 16:04:32 | 000,021,504 | ---- | M] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/02/04 16:04:32 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/02/04 16:04:32 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/02/04 16:04:32 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/02/04 16:04:32 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/02/04 16:04:32 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/02/04 16:04:32 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/02/04 16:04:32 | 000,015,360 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/02/04 16:04:32 | 000,015,360 | ---- | M] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/02/04 16:02:53 | 000,751,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/02/04 16:02:53 | 000,492,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/02/04 16:02:13 | 000,307,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/29 18:14:31 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/29 06:28:09 | 000,515,272 | ---- | M] (Ask Partner Network) -- C:\Users\user\Documents\APNSetup.exe
[2013/01/27 11:27:16 | 000,000,572 | ---- | M] () -- C:\Users\Public\Desktop\Fraps.lnk
[2013/01/21 04:32:00 | 005,017,816 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/04/15 22:51:27 | 000,816,128 | ---- | C] () -- C:\Users\user\Desktop\RogueKiller.exe
[2013/04/15 19:04:46 | 000,002,324 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/04/14 15:54:41 | 000,002,229 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Funshion.lnk
[2013/04/03 19:13:54 | 000,002,224 | ---- | C] () -- C:\Users\user\Desktop\Adobe Digital Editions 2.0.lnk
[2013/04/01 15:37:22 | 000,002,224 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 2.0.lnk
[2013/03/30 18:02:21 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/03/28 20:10:43 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_wpdcomp_01_09_00.Wdf
[2013/03/28 16:47:23 | 000,001,986 | ---- | C] () -- C:\Users\Public\Desktop\MP3 Rocket 6.3.5.lnk
[2013/03/28 16:47:23 | 000,001,126 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\MP3 Rocket 6.3.5.lnk
[2013/03/28 16:33:49 | 000,001,143 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/03/24 19:23:37 | 000,897,435 | ---- | C] () -- C:\Users\user\Desktop\Swordmaster Skillbuild.png
[2013/03/23 10:38:33 | 000,001,679 | ---- | C] () -- C:\Users\Public\Desktop\Dragon Nest.lnk
[2013/03/21 19:24:04 | 000,000,885 | ---- | C] () -- C:\Users\Public\Desktop\osu!.lnk
[2013/03/21 10:26:54 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/03/17 17:31:05 | 000,017,720 | ---- | C] () -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys
[2013/02/12 11:44:38 | 000,005,174 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd
[2013/02/08 13:32:50 | 000,003,907 | ---- | C] () -- C:\Users\user\AppData\Local\recently-used.xbel
[2013/02/05 17:18:14 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013/02/05 17:18:00 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013/01/29 18:14:31 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/27 11:27:16 | 000,000,572 | ---- | C] () -- C:\Users\Public\Desktop\Fraps.lnk
[2012/12/16 20:28:50 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/12/16 20:28:50 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012/10/24 20:05:05 | 000,000,911 | ---- | C] () -- C:\Users\user\AppData\Roaming\coreavc.ini
[2012/10/24 20:04:06 | 000,002,241 | ---- | C] () -- C:\Users\user\FunShion.ini
[2012/10/21 15:49:57 | 000,000,037 | ---- | C] () -- C:\Users\user\jagex_runescape_preferences.dat
[2012/10/21 14:27:36 | 000,000,043 | ---- | C] () -- C:\Users\user\jagex_cl_runescape_LIVE.dat
[2012/10/21 14:27:36 | 000,000,024 | ---- | C] () -- C:\Users\user\random.dat
[2012/10/21 14:12:05 | 000,109,256 | ---- | C] () -- C:\Windows\SysWow64\EasyHook64.dll
[2012/10/21 14:12:05 | 000,090,824 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2012/08/01 10:18:40 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\funshion.ini
[2011/11/14 14:18:20 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/07/07 07:14:54 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/11/16 18:32:44 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/11/16 18:32:44 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 09:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/03/21 19:22:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Downloaded Installations
[2012/10/21 16:09:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\driveridentifier
[2013/01/30 20:16:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ftblauncher
[2012/09/26 12:04:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Go PDF Reader
[2013/03/17 17:31:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\IObit
[2012/09/26 16:29:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mobile Partner
[2013/04/13 10:44:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MP3Rocket
[2012/10/22 16:47:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TuneUp Software
[2013/04/15 14:38:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2013/04/16 17:11:05 | 2798,211,072 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2013/04/16 17:11:07 | 889,192,436 | -HS- | M] () -- C:\pagefile.sys
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
 
< %USERPROFILE%\*.* >
[2013/04/14 17:39:29 | 000,002,241 | ---- | M] () -- C:\Users\user\FunShion.ini
[2013/03/22 10:22:11 | 000,000,043 | ---- | M] () -- C:\Users\user\jagex_cl_runescape_LIVE.dat
[2013/03/22 10:21:29 | 000,000,037 | ---- | M] () -- C:\Users\user\jagex_runescape_preferences.dat
[2013/04/16 17:31:31 | 002,621,440 | ---- | M] () -- C:\Users\user\NTUSER.DAT
[2013/04/03 18:47:48 | 002,551,808 | ---- | M] () -- C:\Users\user\NTUSER.DAT.iobit
[2013/04/16 17:31:31 | 000,262,144 | -HS- | M] () -- C:\Users\user\ntuser.dat.LOG1
[2013/01/30 19:56:52 | 000,262,144 | -HS- | M] () -- C:\Users\user\ntuser.dat.LOG2
[2012/10/23 17:25:23 | 000,000,000 | -HS- | M] () -- C:\Users\user\NTUSER.DAT_tureg_new.LOG1
[2012/10/23 17:25:23 | 000,000,000 | -HS- | M] () -- C:\Users\user\NTUSER.DAT_tureg_new.LOG2
[2012/10/23 17:25:24 | 001,835,008 | ---- | M] () -- C:\Users\user\NTUSER.DAT_tureg_old
[2010/10/24 18:23:24 | 000,065,536 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/10/24 18:23:24 | 000,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/10/24 18:23:24 | 000,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2013/01/30 19:56:52 | 001,048,576 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{ecf1b90b-1cf2-11e2-91af-806e6f6e6963}.TxR.0.regtrans-ms
[2013/01/30 19:56:52 | 001,048,576 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{ecf1b90b-1cf2-11e2-91af-806e6f6e6963}.TxR.1.regtrans-ms
[2013/01/30 19:56:52 | 001,048,576 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{ecf1b90b-1cf2-11e2-91af-806e6f6e6963}.TxR.2.regtrans-ms
[2013/01/30 19:56:52 | 000,065,536 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{ecf1b90b-1cf2-11e2-91af-806e6f6e6963}.TxR.blf
[2012/10/23 17:26:01 | 000,065,536 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{ecf1b90c-1cf2-11e2-91af-806e6f6e6963}.TM.blf
[2012/10/23 17:26:01 | 000,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{ecf1b90c-1cf2-11e2-91af-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2012/10/23 17:26:01 | 000,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{ecf1b90c-1cf2-11e2-91af-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010/10/24 18:19:46 | 000,000,020 | -HS- | M] () -- C:\Users\user\ntuser.ini
[2013/03/22 10:22:29 | 000,000,024 | ---- | M] () -- C:\Users\user\random.dat
[2012/12/16 20:36:34 | 000,000,000 | ---- | M] () -- C:\Users\user\Sti_Trace.log
 
< %USERPROFILE%\temp\*.exe >
 
< %USERPROFILE%\AppData\Local\*.* >
[2012/12/22 10:16:29 | 000,108,840 | ---- | M] () -- C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
[2013/04/16 06:55:17 | 000,941,516 | -H-- | M] () -- C:\Users\user\AppData\Local\IconCache.db
[2013/02/08 13:32:50 | 000,003,907 | ---- | M] () -- C:\Users\user\AppData\Local\recently-used.xbel
 
< %USERPROFILE%\AppData\Local\*. >
[2012/09/26 18:14:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Local\Adobe
[2013/04/01 15:37:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Local\Adobe_Systems_Incorporate
[2010/10/28 20:57:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Local\AMD
[2012/11/20 11:01:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Local\APN
[2012/09/26 18:19:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Local\Apple
[2013/01/29 18:00:41 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Local\Apple Computer
[2010/10/24 18:19:46 | 000,000,000 | -HSD | M] -- C:\Users\user\AppData\Local\Application Data
[2012/10/21 14:07:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Local\Apps
[2010/10/28 20:57:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Local\ATI
[2010/10/28 20:45:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Local\BVRP Software
[2012/11/25 19:25:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Local\Demiurge Studios
[2012/10/21 14:07:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Local\Deployment
[2013/03/21 10:34:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Local\Diagnostics
[2013/04/15 18:54:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Local\DownBook
[2012/11/23 15:13:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Local\FLT
[2012/12/15 09:09:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Local\fontconfig
[2013/02/12 10:00:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Local\Garena
[2012/12/15 09:09:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Local\gegl-0.2
[2012/10/21 14:07:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Local\Google
[2010/10/24 18:19:46 | 000,000,000 | -HSD | M] -- C:\Users\user\AppData\Local\History
[2013/03/28 20:10:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Local\Microsoft
[2012/12/17 19:29:48 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Local\Microsoft Help
[2013/03/28 16:34:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Local\Mozilla
[2013/04/16 17:31:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Local\PMB Files
[2013/03/21 11:18:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Local\Programs
[2013/03/28 16:30:13 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Local\Screamer Radio
[2012/11/25 19:01:41 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Local\SKIDROW
[2013/04/16 17:31:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Local\Temp
[2010/10/24 18:19:46 | 000,000,000 | -HSD | M] -- C:\Users\user\AppData\Local\Temporary Internet Files
[2013/03/22 11:35:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Local\VirtualStore
[2013/04/15 18:54:48 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Local\WideSearch
[2013/03/07 15:06:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Local\Windows Live
 
< %USERPROFILE%\AppData\Local\temp\*.exe >
[2013/04/15 19:00:25 | 000,089,248 | -HS- | M] (Adobe Systems, Inc.) -- C:\Users\user\AppData\Local\temp\InstallFlashPlayer.exe
[2013/04/15 18:54:22 | 001,199,819 | ---- | M] (Greenshot.ORG                                               ) -- C:\Users\user\AppData\Local\temp\Pendragon-Book-One-The-Merchant-of-Death Downloader.exe
[460 C:\Users\user\AppData\Local\temp\*.tmp files -> C:\Users\user\AppData\Local\temp\*.tmp -> ]
 
< %USERPROFILE%\AppData\Roaming\*.* >
[2013/04/14 15:55:55 | 000,000,911 | ---- | M] () -- C:\Users\user\AppData\Roaming\coreavc.ini
[2013/01/30 20:08:49 | 000,004,547 | ---- | M] () -- C:\Users\user\AppData\Roaming\FTBLauncherLog.txt
[2013/01/30 20:08:49 | 000,002,295 | ---- | M] () -- C:\Users\user\AppData\Roaming\MinecraftLog.txt
 
< %USERPROFILE%\AppData\Roaming\*. >
[2012/09/26 18:14:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Adobe
[2013/01/29 18:00:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Apple Computer
[2010/10/28 20:57:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ATI
[2012/12/16 20:40:32 | 000,000,000 | R--D | M] -- C:\Users\user\AppData\Roaming\Brother
[2013/03/21 19:22:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Downloaded Installations
[2012/10/21 16:09:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\driveridentifier
[2013/01/30 20:16:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ftblauncher
[2012/09/26 12:04:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Go PDF Reader
[2010/10/24 18:20:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Identities
[2012/12/16 20:30:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\InstallShield
[2013/03/17 17:31:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\IObit
[2010/11/01 23:49:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Macromedia
[2009/07/14 15:45:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Media Center Programs
[2012/12/17 20:05:16 | 000,000,000 | --SD | M] -- C:\Users\user\AppData\Roaming\Microsoft
[2012/09/26 16:29:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mobile Partner
[2013/03/28 16:34:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mozilla
[2013/04/13 10:44:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MP3Rocket
[2013/04/02 16:44:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Skype
[2012/10/22 16:47:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TuneUp Software
[2013/04/15 14:38:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent
[2013/03/30 18:05:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\vlc
[2012/10/22 16:51:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WinRAR
[2013/03/22 11:05:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Xfire
 
< %Public%\Documents\Fonts\*.exe >
 
< %Public%\Documents\Config\*.exe >
 
< %Public%\Documents\*.* >
[2009/07/14 12:54:24 | 000,000,278 | -HS- | M] () -- C:\Users\Public\Documents\desktop.ini
 
< %ProgramData%\*.* >
 
< %ProgramData%\*. >
[2013/01/29 18:14:30 | 000,000,000 | ---D | M] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/10/04 10:16:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2010/10/28 20:42:07 | 000,000,000 | ---D | M] -- C:\ProgramData\AMD
[2013/03/28 16:47:49 | 000,000,000 | ---D | M] -- C:\ProgramData\APN
[2013/01/29 17:57:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple
[2013/01/29 18:13:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer
[2009/07/14 13:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/11/20 11:01:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Ask
[2010/10/28 20:57:45 | 000,000,000 | ---D | M] -- C:\ProgramData\ATI
[2013/04/15 18:57:50 | 000,000,000 | ---D | M] -- C:\ProgramData\BBrowusse22savve
[2012/12/16 20:25:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Brother
[2012/10/22 16:46:09 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2010/11/01 23:40:14 | 000,000,000 | ---D | M] -- C:\ProgramData\DatacardService
[2010/10/28 20:44:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Dell
[2009/07/14 13:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 13:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2013/04/15 19:01:41 | 000,000,000 | ---D | M] -- C:\ProgramData\EbbookBrowsse
[2009/07/14 13:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2013/04/15 19:01:43 | 000,000,000 | ---D | M] -- C:\ProgramData\InstallMate
[2013/03/17 17:28:42 | 000,000,000 | ---D | M] -- C:\ProgramData\IObit
[2013/04/15 19:04:29 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
[2012/12/18 09:28:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help
[2013/03/28 16:33:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla
[2012/10/21 15:00:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Nexon
[2012/10/21 15:00:15 | 000,000,000 | ---D | M] -- C:\ProgramData\NexonUS
[2013/03/22 10:40:12 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files
[2012/11/25 19:24:43 | 000,000,000 | ---D | M] -- C:\ProgramData\RELOADED
[2013/03/09 13:58:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Skype
[2013/04/15 19:01:41 | 000,000,000 | ---D | M] -- C:\ProgramData\SoftSafe
[2012/10/21 14:12:08 | 000,000,000 | ---D | M] -- C:\ProgramData\SpeedBit
[2009/07/14 13:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/11/01 23:48:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun
[2013/03/05 15:40:34 | 000,000,000 | ---D | M] -- C:\ProgramData\SwiftKit
[2013/04/14 15:52:37 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2009/07/14 13:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012/10/22 16:47:01 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2013/03/22 11:05:00 | 000,000,000 | ---D | M] -- C:\ProgramData\Xfire
[2012/10/22 17:31:16 | 000,000,000 | -HSD | M] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
 
< %CommonProgramFiles%\*.* >
 
< %CommonProgramFiles%\ComObjects*.exe >
 
< %commonprogramfiles(x86)%\*.* >
 
< %ProgramFiles(x86)%\*.* >
[2009/07/14 12:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %ProgramFiles(x86)%\*. >
[2012/11/25 13:22:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\2K Games
[2013/04/01 15:37:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2012/10/21 16:19:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AMD APP
[2012/09/26 18:19:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2010/10/28 20:41:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies
[2013/01/29 17:57:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2012/12/16 20:31:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Brother
[2013/04/15 18:58:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BrowseToSave
[2013/03/09 13:57:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2013/03/17 16:52:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Counter-Strike 1.6
[2012/10/21 14:12:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DAP
[2010/10/28 20:44:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Wireless
[2012/10/24 20:04:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Funshion Online
[2013/03/22 11:39:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GamesCampus
[2013/03/05 20:38:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Garena Plus
[2012/10/21 14:08:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2013/03/23 10:30:27 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/12/19 09:14:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2013/03/17 17:31:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\IObit
[2013/01/29 18:14:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2012/10/21 14:11:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2012/12/17 19:30:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/10/24 19:33:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games
[2012/12/17 19:35:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2013/02/05 17:17:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012/12/17 19:35:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2010/11/01 23:40:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mobile Partner
[2013/03/28 16:36:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/28 16:33:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/03/28 16:48:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MP3 Rocket
[2013/03/28 16:47:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MP3 Rocket Downloader
[2009/07/14 13:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2013/03/17 16:55:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MurGee Auto Mouse Click
[2010/10/28 20:45:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Netwaiting
[2013/03/22 17:21:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\osu!
[2013/03/21 10:11:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Pando Networks
[2012/11/25 18:50:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PowerISO
[2013/03/28 17:09:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2010/10/28 20:35:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/14 13:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2013/03/05 15:40:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Shoot Many Robots
[2013/03/09 13:57:58 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2013/04/16 17:12:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam
[2013/03/05 15:40:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SwiftKit
[2013/03/05 15:41:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Torchlight II
[2012/10/22 17:13:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TuneUp Utilities 2013
[2009/07/14 12:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2012/11/20 10:30:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\uTorrent
[2013/03/30 18:01:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2009/07/14 13:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2013/02/05 17:17:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2012/12/22 10:00:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2012/12/22 10:00:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 13:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2012/12/22 10:00:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2012/12/22 10:00:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2012/12/22 10:00:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2013/03/22 11:52:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Xfire
 
< %programdata%\Microsoft\Windows\DRM\*.tmp >
 
< %programdata%\Microsoft\DRM\*.tmp >
 
< %systemroot%\system32\config\systemprofile\AppData\Local\*.* >
 
< %systemroot%\system32\config\systemprofile\AppData\Roaming\*.* >
 
< %windir%\SysWOW64\config\systemprofile\AppData\Local\*.* >
 
< %windir%\SysWOW64\config\systemprofile\AppData\Roaming\*.* >
 
< %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.tlb >
 
< %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.tlb >
 
< %windir%\temp\*.exe >
[2013/04/15 19:01:25 | 004,041,624 | ---- | M] (PC Utilities Pro                                            ) -- C:\Windows\temp\RegistryOptimizer.exe
[2 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ]
 
< %windir%\*. >
[2009/07/14 13:32:39 | 000,000,000 | ---D | M] -- C:\Windows\addins
[2009/07/14 11:20:08 | 000,000,000 | ---D | M] -- C:\Windows\AppCompat
[2013/02/04 19:30:02 | 000,000,000 | ---D | M] -- C:\Windows\AppPatch
[2013/02/10 18:45:13 | 000,000,000 | R-SD | M] -- C:\Windows\assembly
[2012/12/18 08:36:20 | 000,000,000 | ---D | M] -- C:\Windows\AutoKMS
[2012/12/22 10:00:07 | 000,000,000 | -HSD | M] -- C:\Windows\BitLockerDiscoveryVolumeContents
[2009/07/14 13:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Boot
[2009/07/14 13:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Branding
[2010/10/24 17:14:54 | 000,000,000 | ---D | M] -- C:\Windows\CSC
[2009/07/14 13:32:39 | 000,000,000 | ---D | M] -- C:\Windows\Cursors
[2013/04/14 09:48:28 | 000,000,000 | ---D | M] -- C:\Windows\debug
[2009/07/14 13:32:38 | 000,000,000 | ---D | M] -- C:\Windows\diagnostics
[2009/07/14 13:37:46 | 000,000,000 | ---D | M] -- C:\Windows\DigitalLocker
[2013/03/21 10:02:22 | 000,000,000 | ---D | M] -- C:\Windows\Downloaded Program Files
[2012/12/22 10:00:08 | 000,000,000 | ---D | M] -- C:\Windows\ehome
[2013/02/05 17:18:22 | 000,000,000 | ---D | M] -- C:\Windows\en
[2009/07/14 13:37:46 | 000,000,000 | ---D | M] -- C:\Windows\en-US
[2012/12/22 09:59:58 | 000,000,000 | R-SD | M] -- C:\Windows\Fonts
[2009/07/14 15:50:14 | 000,000,000 | ---D | M] -- C:\Windows\Globalization
[2009/07/14 13:37:44 | 000,000,000 | ---D | M] -- C:\Windows\Help
[2009/07/14 13:37:46 | 000,000,000 | ---D | M] -- C:\Windows\IME
[2013/04/13 10:14:17 | 000,000,000 | ---D | M] -- C:\Windows\inf
[2013/04/15 19:01:00 | 000,000,000 | -HSD | M] -- C:\Windows\Installer
[2009/07/14 13:32:39 | 000,000,000 | ---D | M] -- C:\Windows\L2Schemas
[2009/07/14 10:34:24 | 000,000,000 | ---D | M] -- C:\Windows\LiveKernelReports
[2012/12/18 16:46:48 | 000,000,000 | ---D | M] -- C:\Windows\Logs
[2009/07/14 13:32:40 | 000,000,000 | R-SD | M] -- C:\Windows\Media
[2013/02/10 18:45:16 | 000,000,000 | ---D | M] -- C:\Windows\Microsoft.NET
[2013/01/30 19:56:49 | 000,000,000 | ---D | M] -- C:\Windows\Minidump
[2009/07/14 10:34:34 | 000,000,000 | ---D | M] -- C:\Windows\ModemLogs
[2013/03/21 11:33:09 | 000,000,000 | -H-D | M] -- C:\Windows\msdownld.tmp
[2009/07/14 13:32:40 | 000,000,000 | ---D | M] -- C:\Windows\Offline Web Pages
[2010/10/24 17:17:47 | 000,000,000 | ---D | M] -- C:\Windows\Panther
[2012/12/17 19:35:37 | 000,000,000 | ---D | M] -- C:\Windows\PCHEALTH
[2009/07/14 13:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Performance
[2009/07/14 11:20:10 | 000,000,000 | ---D | M] -- C:\Windows\PLA
[2012/12/22 10:00:03 | 000,000,000 | ---D | M] -- C:\Windows\PolicyDefinitions
[2013/04/05 14:58:53 | 000,000,000 | ---D | M] -- C:\Windows\Prefetch
[2009/07/14 11:20:11 | 000,000,000 | ---D | M] -- C:\Windows\Registration
[2009/07/14 15:46:13 | 000,000,000 | ---D | M] -- C:\Windows\RemotePackages
[2013/02/17 10:07:59 | 000,000,000 | ---D | M] -- C:\Windows\rescache
[2009/07/14 13:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Resources
[2009/07/14 10:35:47 | 000,000,000 | ---D | M] -- C:\Windows\SchCache
[2009/07/14 13:32:38 | 000,000,000 | ---D | M] -- C:\Windows\schemas
[2009/07/14 15:46:13 | 000,000,000 | ---D | M] -- C:\Windows\security
[2009/07/14 12:45:47 | 000,000,000 | ---D | M] -- C:\Windows\ServiceProfiles
[2012/12/22 10:00:08 | 000,000,000 | ---D | M] -- C:\Windows\servicing
[2010/10/25 09:13:21 | 000,000,000 | ---D | M] -- C:\Windows\Setup
[2012/12/17 19:36:25 | 000,000,000 | ---D | M] -- C:\Windows\ShellNew
[2012/12/18 09:12:35 | 000,000,000 | ---D | M] -- C:\Windows\SoftwareDistribution
[2009/07/14 13:37:44 | 000,000,000 | ---D | M] -- C:\Windows\Speech
[2012/11/25 13:50:15 | 000,000,000 | ---D | M] -- C:\Windows\Sun
[2009/07/14 10:36:55 | 000,000,000 | ---D | M] -- C:\Windows\system
[2013/04/16 06:46:04 | 000,000,000 | ---D | M] -- C:\Windows\System32
[2013/04/15 19:07:16 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64
[2009/07/14 12:57:13 | 000,000,000 | ---D | M] -- C:\Windows\TAPI
[2013/04/16 17:13:42 | 000,000,000 | ---D | M] -- C:\Windows\Tasks
[2013/04/16 17:15:15 | 000,000,000 | ---D | M] -- C:\Windows\Temp
[2009/07/14 10:34:33 | 000,000,000 | ---D | M] -- C:\Windows\tracing
[2012/12/16 20:28:33 | 000,000,000 | ---D | M] -- C:\Windows\twain_32
[2009/07/14 11:20:14 | 000,000,000 | ---D | M] -- C:\Windows\Vss
[2009/07/14 13:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Web
[2013/04/16 06:46:21 | 000,000,000 | ---D | M] -- C:\Windows\winsxs


#8 Skepz

Skepz
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 16 April 2013 - 05:05 AM

OTL.txt(continued):

 

 

< %windir%\installer\*. >
[2010/10/29 20:09:49 | 000,000,000 | -HSD | M] -- C:\Windows\installer\$PatchCache$
[2013/03/21 10:26:51 | 000,000,000 | ---D | M] -- C:\Windows\installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}
[2012/10/21 16:19:30 | 000,000,000 | ---D | M] -- C:\Windows\installer\{0B525D47-E9F7-CC81-529D-8FB681372FBE}
[2013/01/29 18:14:31 | 000,000,000 | ---D | M] -- C:\Windows\installer\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}
[2013/03/28 17:15:07 | 000,000,000 | ---D | M] -- C:\Windows\installer\{0E64B098-8018-4256-BA23-C316A43AD9B0}
[2010/10/28 20:42:37 | 000,000,000 | ---D | M] -- C:\Windows\installer\{138C901D-3DE6-E476-FBF9-950E7269EA3F}
[2010/10/28 20:42:29 | 000,000,000 | ---D | M] -- C:\Windows\installer\{2514E473-E5DC-0492-724D-60A863F23EA2}
[2010/10/28 20:42:22 | 000,000,000 | ---D | M] -- C:\Windows\installer\{277A1681-57CB-CF9B-AA3C-D73FC300F589}
[2010/10/28 20:42:13 | 000,000,000 | ---D | M] -- C:\Windows\installer\{30BBB40A-F0A4-D25F-1424-989D7E730D2F}
[2010/10/28 20:42:51 | 000,000,000 | ---D | M] -- C:\Windows\installer\{347018CA-A00A-A7D5-3741-5DACDCF31437}
[2010/10/28 20:42:31 | 000,000,000 | ---D | M] -- C:\Windows\installer\{352B31EE-A602-812C-6989-B70A8F182AAD}
[2012/10/21 16:17:31 | 000,000,000 | ---D | M] -- C:\Windows\installer\{3DAA454A-89A6-7238-82D1-C4037EF68559}
[2010/10/28 20:42:46 | 000,000,000 | ---D | M] -- C:\Windows\installer\{4163CBB7-9EBD-1944-EFB9-9DB422C5C2BF}
[2010/10/29 20:09:50 | 000,000,000 | ---D | M] -- C:\Windows\installer\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}
[2013/03/28 16:48:11 | 000,000,000 | ---D | M] -- C:\Windows\installer\{4D503352-5636-006A-76A7-A758B70B0701}
[2013/03/09 13:57:58 | 000,000,000 | ---D | M] -- C:\Windows\installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
[2012/10/21 16:19:36 | 000,000,000 | ---D | M] -- C:\Windows\installer\{503F672D-6C84-448A-8F8F-4BC35AC83441}
[2010/10/28 20:42:18 | 000,000,000 | ---D | M] -- C:\Windows\installer\{5A402DDD-53F3-1EE3-A592-A6B903C907F7}
[2010/10/28 20:42:44 | 000,000,000 | ---D | M] -- C:\Windows\installer\{5F3359FE-2A2B-7617-3C07-F18E091616FF}
[2010/10/28 20:42:41 | 000,000,000 | ---D | M] -- C:\Windows\installer\{6C24543B-A912-BF79-C1C1-6EE385515E98}
[2013/01/29 17:57:19 | 000,000,000 | ---D | M] -- C:\Windows\installer\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
[2012/09/26 18:19:35 | 000,000,000 | ---D | M] -- C:\Windows\installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
[2010/10/28 20:42:19 | 000,000,000 | ---D | M] -- C:\Windows\installer\{8A25E08C-18F9-809D-D88E-9D560A489061}
[2010/10/28 20:42:47 | 000,000,000 | ---D | M] -- C:\Windows\installer\{8E415C5A-FE73-02AB-B19D-2172D96572F2}
[2012/12/17 19:32:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{90140000-002A-0000-1000-0000000FF1CE}
[2012/12/18 09:28:18 | 000,000,000 | ---D | M] -- C:\Windows\installer\{90140000-003D-0000-0000-0000000FF1CE}
[2012/12/17 20:26:48 | 000,000,000 | ---D | M] -- C:\Windows\installer\{90140000-006E-0409-0000-0000000FF1CE}
[2010/10/28 20:42:36 | 000,000,000 | ---D | M] -- C:\Windows\installer\{9851A2E3-3336-5691-218B-AE730CC1F7B8}
[2010/10/28 20:42:35 | 000,000,000 | ---D | M] -- C:\Windows\installer\{9BD19404-47A6-782E-DE7B-CB0BAFB1DB36}
[2010/10/28 20:42:21 | 000,000,000 | ---D | M] -- C:\Windows\installer\{A3328DF3-287C-2E46-F3B2-871AD0BDBF5F}
[2010/10/28 20:42:10 | 000,000,000 | ---D | M] -- C:\Windows\installer\{A54CA78B-F62B-4FB5-8097-E4A51D1751BA}
[2013/04/16 06:55:18 | 000,000,000 | -HSD | M] -- C:\Windows\installer\{a590945f-7933-c107-15da-b86a6a7d7e6e}
[2010/10/28 20:42:17 | 000,000,000 | ---D | M] -- C:\Windows\installer\{A6D62ACB-5F65-16F9-8235-E95387FA6617}
[2010/10/28 20:42:24 | 000,000,000 | ---D | M] -- C:\Windows\installer\{A9035D4D-0107-6D67-F576-ED11420FCE23}
[2012/10/21 16:17:34 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AC533436-FB59-38E0-9EF6-D80A904CBB46}
[2012/09/26 18:13:26 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}
[2013/03/28 17:08:41 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}
[2010/10/28 20:42:25 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AF72C469-F924-43C6-E271-F7AD755C9670}
[2010/10/28 20:42:05 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AFEA7544-6B97-4867-A94D-1C39BA61B64F}
[2010/10/28 20:42:59 | 000,000,000 | ---D | M] -- C:\Windows\installer\{B84A9DD0-B1BF-B57B-7950-E76BC868F03A}
[2013/03/21 19:24:04 | 000,000,000 | ---D | M] -- C:\Windows\installer\{C3592426-531E-4110-911D-BFECE2CE284C}
[2010/10/28 20:42:32 | 000,000,000 | ---D | M] -- C:\Windows\installer\{C8D7DBD4-79DC-BDF9-AAAD-E62F212CE892}
[2013/01/29 18:10:50 | 000,000,000 | ---D | M] -- C:\Windows\installer\{CCE825DB-347A-4004-A186-5F4A6FDD8547}
[2010/10/28 20:42:43 | 000,000,000 | ---D | M] -- C:\Windows\installer\{CECE9E80-150E-9219-F96D-4F09AB1C59BA}
[2010/10/28 20:42:39 | 000,000,000 | ---D | M] -- C:\Windows\installer\{CFA0FE8E-BD58-A435-012B-56E1EDD27CBD}
[2013/01/29 18:11:19 | 000,000,000 | ---D | M] -- C:\Windows\installer\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}
[2010/10/28 20:42:26 | 000,000,000 | ---D | M] -- C:\Windows\installer\{DB69B223-FE80-7485-0DE4-CC410DBE8B54}
[2010/10/28 20:42:28 | 000,000,000 | ---D | M] -- C:\Windows\installer\{DF5A148F-D6D8-4F04-ED5A-8DD04ECD3C1B}
[2010/10/28 20:42:07 | 000,000,000 | ---D | M] -- C:\Windows\installer\{E599EC9F-CEA5-7C4F-3366-958B6CC1EBBC}
[2010/10/28 20:42:15 | 000,000,000 | ---D | M] -- C:\Windows\installer\{E7F67B2A-856F-03EB-5354-997C789D5BBA}
[2012/12/02 15:28:10 | 000,000,000 | ---D | M] -- C:\Windows\installer\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}
[2012/10/23 17:39:11 | 000,000,000 | ---D | M] -- C:\Windows\installer\{EE0AEC31-DAE0-6F50-FFD8-58F08CC74F07}
[2010/10/28 20:42:40 | 000,000,000 | ---D | M] -- C:\Windows\installer\{EED4033D-8EE2-0C7C-B2EE-21FD6E722514}
[2010/10/28 20:42:33 | 000,000,000 | ---D | M] -- C:\Windows\installer\{EFB71029-49B2-5DD9-3061-F13D52EC2507}
[2013/02/05 17:17:54 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
 
< %windir%\system32\*. >
[2013/04/15 19:07:16 | 000,000,000 | -HSD | M] -- C:\Windows\system32\%APPDATA%
[2009/07/14 13:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\0409
[2012/12/22 10:00:06 | 000,000,000 | ---D | M] -- C:\Windows\system32\AdvancedInstallers
[2009/07/14 11:20:16 | 000,000,000 | ---D | M] -- C:\Windows\system32\ar-SA
[2009/07/14 11:20:16 | 000,000,000 | ---D | M] -- C:\Windows\system32\bg-BG
[2009/07/14 10:35:36 | 000,000,000 | ---D | M] -- C:\Windows\system32\catroot
[2009/07/14 10:35:36 | 000,000,000 | ---D | M] -- C:\Windows\system32\catroot2
[2009/07/14 13:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\com
[2009/07/14 11:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\config
[2012/12/22 10:00:06 | 000,000,000 | ---D | M] -- C:\Windows\system32\cs-CZ
[2012/12/22 10:00:07 | 000,000,000 | ---D | M] -- C:\Windows\system32\da-DK
[2009/07/14 11:20:16 | 000,000,000 | ---D | M] -- C:\Windows\system32\de-DE
[2013/03/21 11:34:05 | 000,000,000 | ---D | M] -- C:\Windows\system32\directx
[2012/12/22 10:00:06 | 000,000,000 | ---D | M] -- C:\Windows\system32\Dism
[2009/07/14 13:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\drivers
[2009/07/14 13:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\DriverStore
[2009/07/14 11:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\el-GR
[2012/12/22 10:00:06 | 000,000,000 | ---D | M] -- C:\Windows\system32\en
[2013/02/04 19:30:03 | 000,000,000 | ---D | M] -- C:\Windows\system32\en-US
[2012/12/22 10:00:06 | 000,000,000 | ---D | M] -- C:\Windows\system32\es-ES
[2009/07/14 11:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\et-EE
[2009/07/14 11:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\fi-FI
[2009/07/14 11:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\fr-FR
[2009/07/14 13:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\FxsTmp
[2009/07/14 10:34:27 | 000,000,000 | ---D | M] -- C:\Windows\system32\GroupPolicy
[2009/07/14 10:34:27 | 000,000,000 | ---D | M] -- C:\Windows\system32\GroupPolicyUsers
[2009/07/14 11:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\he-IL
[2009/07/14 11:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\hr-HR
[2009/07/14 11:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\hu-HU
[2009/07/14 11:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\icsxml
[2009/07/14 11:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\IME
[2009/07/14 10:36:55 | 000,000,000 | ---D | M] -- C:\Windows\system32\inetsrv
[2009/07/14 11:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\InstallShield
[2009/07/14 11:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\it-IT
[2009/07/14 11:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\ja-JP
[2009/07/14 11:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\ko-KR
[2009/07/14 13:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\LogFiles
[2009/07/14 11:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\lt-LT
[2009/07/14 11:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\lv-LV
[2010/11/01 23:49:29 | 000,000,000 | ---D | M] -- C:\Windows\system32\Macromed
[2012/12/22 10:00:06 | 000,000,000 | ---D | M] -- C:\Windows\system32\manifeststore
[2012/12/22 10:00:06 | 000,000,000 | ---D | M] -- C:\Windows\system32\migration
[2012/12/22 10:00:06 | 000,000,000 | ---D | M] -- C:\Windows\system32\migwiz
[2009/07/14 11:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\Msdtc
[2009/07/14 13:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\MUI
[2009/07/14 11:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\nb-NO
[2009/07/14 10:34:31 | 000,000,000 | ---D | M] -- C:\Windows\system32\NDF
[2009/07/14 11:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\NetworkList
[2009/07/14 11:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\nl-NL
[2012/12/22 10:00:06 | 000,000,000 | ---D | M] -- C:\Windows\system32\oobe
[2009/07/14 11:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\pl-PL
[2009/07/14 13:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\Printing_Admin_Scripts
[2009/07/14 11:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\pt-BR
[2009/07/14 11:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\pt-PT
[2009/07/14 11:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\ras
[2009/07/14 11:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\Recovery
[2009/07/14 13:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\restore
[2009/07/14 11:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\ro-RO
[2009/07/14 11:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\ru-RU
[2012/12/22 10:00:06 | 000,000,000 | ---D | M] -- C:\Windows\system32\Setup
[2009/07/14 11:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\sk-SK
[2009/07/14 11:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\sl-SI
[2009/07/14 13:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\slmgr
[2009/07/14 13:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\Speech
[2009/07/14 11:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\spp
[2012/12/22 10:00:06 | 000,000,000 | ---D | M] -- C:\Windows\system32\sppui
[2009/07/14 11:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\sr-Latn-CS
[2009/07/14 11:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\sv-SE
[2009/07/14 13:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\sysprep
[2009/07/14 11:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\Tasks
[2009/07/14 11:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\th-TH
[2009/07/14 11:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\tr-TR
[2009/07/14 11:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\uk-UA
[2012/10/22 16:27:45 | 000,000,000 | ---D | M] -- C:\Windows\system32\Wat
[2012/12/22 10:00:06 | 000,000,000 | ---D | M] -- C:\Windows\system32\wbem
[2009/07/14 13:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\WCN
[2009/07/14 11:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\wdi
[2009/07/14 13:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\WindowsPowerShell
[2009/07/14 13:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\winrm
[2009/07/14 11:20:20 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-CN
[2009/07/14 11:20:20 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-HK
[2009/07/14 11:20:20 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-TW
 
< %windir%\sysnative\*. >
[2009/07/14 13:37:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\0409
[2012/12/22 10:00:01 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\AdvancedInstallers
[2009/07/14 11:20:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ar-SA
[2009/07/14 11:20:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\bg-BG
[2012/12/22 09:59:54 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Boot
[2013/04/04 06:55:49 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\catroot
[2013/04/03 18:55:23 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\catroot2
[2010/10/24 17:28:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\CodeIntegrity
[2009/07/14 13:37:45 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\com
[2013/04/16 06:46:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\config
[2012/12/22 10:00:01 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\cs-CZ
[2012/12/22 10:00:03 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\da-DK
[2009/07/14 11:20:13 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\de-DE
[2012/12/22 10:00:01 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Dism
[2013/04/13 10:14:17 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\drivers
[2013/01/29 18:11:18 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\DriverStore
[2013/01/29 17:59:56 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\DRVSTORE
[2009/07/14 11:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\el-GR
[2009/07/14 13:37:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\en
[2013/02/04 19:30:02 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\en-US
[2012/12/22 10:00:01 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\es-ES
[2009/07/14 11:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\et-EE
[2012/12/21 17:40:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\EventProviders
[2009/07/14 11:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\fi-FI
[2009/07/14 11:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\fr-FR
[2009/07/14 13:09:04 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\FxsTmp
[2009/07/14 10:34:27 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\GroupPolicy
[2009/07/14 10:34:27 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\GroupPolicyUsers
[2009/07/14 11:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\he-IL
[2009/07/14 11:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\hr-HR
[2009/07/14 11:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\hu-HU
[2009/07/14 11:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ias
[2009/07/14 11:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\icsxml
[2009/07/14 11:20:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\IME
[2009/07/14 10:36:55 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\inetsrv
[2009/07/14 11:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\it-IT
[2009/07/14 11:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ja-JP
[2009/07/14 11:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ko-KR
[2013/02/05 11:32:33 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\LogFiles
[2009/07/14 11:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\lt-LT
[2009/07/14 11:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\lv-LV
[2010/11/01 23:49:27 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Macromed
[2012/12/22 10:00:01 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\manifeststore
[2010/10/29 20:10:02 | 000,000,000 | --SD | M] -- C:\Windows\sysnative\Microsoft
[2012/12/22 10:00:01 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\migration
[2012/12/22 10:00:01 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\migwiz
[2009/07/14 11:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Msdtc
[2009/07/14 13:37:45 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\MUI
[2009/07/14 11:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\nb-NO
[2013/03/21 10:46:57 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\NDF
[2009/07/14 11:20:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\NetworkList
[2009/07/14 11:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\nl-NL
[2012/12/22 10:00:01 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\oobe
[2009/07/14 11:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\pl-PL
[2009/07/14 13:37:45 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Printing_Admin_Scripts
[2009/07/14 11:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\pt-BR
[2009/07/14 11:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\pt-PT
[2009/07/14 11:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ras
[2009/07/14 15:12:54 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Recovery
[2010/10/24 21:12:04 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\restore
[2009/07/14 11:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ro-RO
[2009/07/14 11:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ru-RU
[2012/12/22 10:00:01 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Setup
[2009/07/14 11:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sk-SK
[2009/07/14 11:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sl-SI
[2009/07/14 13:37:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\slmgr
[2009/07/14 11:20:13 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\SMI
[2009/07/14 13:32:38 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Speech
[2013/01/13 18:06:06 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\spool
[2009/07/14 11:20:13 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\spp
[2012/12/22 10:00:01 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sppui
[2012/12/21 17:41:58 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\SPReview
[2009/07/14 11:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sr-Latn-CS
[2009/07/14 11:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sv-SE
[2010/10/24 17:17:00 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sysprep
[2013/04/15 22:52:24 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Tasks
[2009/07/14 11:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\th-TH
[2009/07/14 11:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\tr-TR
[2009/07/14 11:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\uk-UA
[2012/10/22 16:27:45 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Wat
[2012/12/22 10:00:01 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\wbem
[2009/07/14 13:37:45 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WCN
[2012/12/22 09:59:26 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\wdi
[2009/07/14 13:09:49 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\wfp
[2009/07/14 13:32:38 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WinBioDatabase
[2009/07/14 13:37:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WinBioPlugIns
[2009/07/14 13:32:38 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WindowsPowerShell
[2009/07/14 11:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\winevt
[2009/07/14 13:37:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\winrm
[2009/07/14 11:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\zh-CN
[2009/07/14 11:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\zh-HK
[2009/07/14 11:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\zh-TW
 
< %Temp%\smtmp\1\*.* >
 
< %Temp%\smtmp\2\*.* >
 
< %Temp%\smtmp\3\*.* >
 
< %Temp%\smtmp\4\*.* >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2013/02/04 16:07:24 | 001,114,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\kernel32.dll
[2012/10/22 15:30:27 | 001,292,592 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ntdll.dll
[8 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %systemroot%\syswow64\*.dll /lockedfiles >
[8 C:\Windows\syswow64\*.tmp files -> C:\Windows\syswow64\*.tmp -> ]
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\system32\drivers\*.sys /90 >
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\syswow64\drivers\*.sys /90 >
 
< %systemroot%\syswow64\drivers\*.sys /lockedfiles >
 
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
 
< %systemroot%\*. /rp /s >
 
< %systemroot%\assembly\tmp\*.* /S /MD5 >
 
< %systemroot%\assembly\temp\*.* /S /MD5 >
 
< %systemroot%\assembly\GAC\*.ini >
 
< %systemroot%\assembly\GAC_32\*.ini >
 
< %systemroot%\assembly\GAC_64\*.ini >
 
< %SystemRoot%\assembly\GAC_MSIL\*.ini >
 
< wsSystemRoot|l,n,u,@;True;False;True;$,{ /fn >
 
< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
 
< HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s >
"" = PSFactoryBuffer
[HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemsvc.dll -- [2009/07/14 09:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
< HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >
 
< HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >
"" = MruPidlList
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/11/16 18:32:44 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s >
"" = Start Menu Pin
"ImplementsVerbs" = startpin;startunpin
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/11/16 18:32:44 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s >
"" = PSFactoryBuffer
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemsvc.dll -- [2009/07/14 09:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
< HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s >
"" = Microsoft WBEM _WbemFetchRefresherMgr Proxy Helper
[HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 09:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
< HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s >
"" = ShellFolder for CD Burning
[HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/11/16 18:32:44 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\MergedFolder]
"Attributes" = 0x0
"AttributeMask" = 0xffffffff
"Location" = @shell32.dll,-12591 -- [2012/11/16 18:32:44 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ConflictOverlayIcon" = %SystemRoot%\system32\imageres.dll,-169 -- [2009/07/14 09:06:03 | 020,268,032 | ---- | M] (Microsoft Corporation)
 
< HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s >
"" = Microsoft WBEM _WbemFetchRefresherMgr Proxy Helper
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 09:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
< HKEY_CURRENT_USER\Software\Classes\clsid\{12d0253a-7c96-815c-11e0-3034bbd97cc0}] /s >
 
< HKEY_CLASSES_ROOT\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887} /s >
 
< HKEY_CLASSES_ROOT\Directory\Shellex\CopyHookHandlers\MSCopy /s >
 
< HKEY_CURRENT_USER\Software\MSOLoad /s >
 
< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7600
Copyright © 1999-2008 Microsoft Corporation.
On computer: USER-PC
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
  Volume 0     D                       DVD-ROM         0 B  No Media           
  Volume 1         System Rese  NTFS   Partition    100 MB  Healthy    System  
  Volume 2     C                NTFS   Partition    297 GB  Healthy    Boot    
  Volume 3     F                       Removable       0 B  No Media           
 
< MD5 for: AFD.SYS  >
[2012/10/22 15:34:57 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2012/10/22 15:34:57 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2009/07/14 07:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2012/10/22 15:34:57 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=CCA39961E76B491DDF44B1E90FC8971D -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys
[2010/11/20 17:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2012/10/22 15:34:57 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\SysNative\drivers\afd.sys
[2012/10/22 15:34:57 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 09:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 09:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 09:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 09:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 09:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 09:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 09:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 09:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: CSC.SYS  >
[2009/07/14 07:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) MD5=4A6173C2279B498CD8F57CAE504564CB -- C:\Windows\SysNative\drivers\csc.sys
[2009/07/14 07:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) MD5=4A6173C2279B498CD8F57CAE504564CB -- C:\Windows\winsxs\amd64_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7600.16385_none_fa3d3a8e759850bd\csc.sys
[2010/11/20 17:27:13 | 000,514,560 | ---- | M] (Microsoft Corporation) MD5=54DA3DFD29ED9F1619B6F53F3CE55E49 -- C:\Windows\winsxs\amd64_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7601.17514_none_fc6e4e567286d457\csc.sys
 
< MD5 for: DFSC.SYS  >
[2009/07/14 07:23:44 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=3F1DC527070ACB87E40AFE46EF6DA749 -- C:\Windows\winsxs\amd64_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.16385_none_e38f1f84ffcceb85\dfsc.sys
[2012/10/22 14:42:40 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=59E1C75E5DDBB70BF5A9C6A34D31B4AC -- C:\Windows\winsxs\amd64_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.20953_none_e43734fe18d3f691\dfsc.sys
[2010/11/20 17:26:32 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=9BB2EF44EAA163B29C4A4587887A0FE4 -- C:\Windows\winsxs\amd64_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7601.17514_none_e5c0334cfcbb6f1f\dfsc.sys
[2012/10/22 14:42:40 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=9C253CE7311CA60FC11C774692A13208 -- C:\Windows\SysNative\drivers\dfsc.sys
[2012/10/22 14:42:40 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=9C253CE7311CA60FC11C774692A13208 -- C:\Windows\winsxs\amd64_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7600.16804_none_e3e4a818ff8ce469\dfsc.sys
 
< MD5 for: DISK.SYS  >
[2009/07/14 09:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys
[2009/07/14 09:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/14 09:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys
 
< MD5 for: EXPLORER.EXE  >
[2012/10/22 14:31:17 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2012/10/22 14:31:17 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2012/10/22 14:31:17 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 09:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2012/10/22 14:31:17 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2012/10/22 13:41:33 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2012/10/22 14:31:17 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2012/10/22 14:31:17 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2012/10/22 14:31:17 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2012/10/22 14:31:17 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 20:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2012/10/22 13:40:16 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2012/10/22 14:31:17 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2012/10/22 13:41:33 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2012/10/22 13:40:16 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 21:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2012/10/22 13:41:33 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2012/10/22 13:40:16 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 09:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2012/10/22 13:41:33 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2012/10/22 14:31:17 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2012/10/22 13:40:16 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: I8042PRT.SYS  >
[2009/07/14 07:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\drivers\i8042prt.sys
[2009/07/14 07:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_neutral_423c286802951189\i8042prt.sys
[2009/07/14 07:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\i8042prt.sys
[2009/07/14 07:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7600.16385_none_f3435f7ff2a9f325\i8042prt.sys
[2009/07/14 07:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\i8042prt.sys
[2009/07/14 07:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\i8042prt.sys
 
< MD5 for: LSASS.EXE  >
[2009/07/14 09:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009/07/14 09:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009/07/14 09:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe
[2009/07/14 09:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[2012/10/22 15:28:10 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[2012/10/22 15:28:10 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=156F6159457D0AA7E59B62681B56EB90 -- C:\Windows\SysNative\lsass.exe
[2012/10/22 15:28:10 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=156F6159457D0AA7E59B62681B56EB90 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_028b374176436a30\lsass.exe
[2012/10/22 15:28:10 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=156F6159457D0AA7E59B62681B56EB90 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.17035_none_02756f8b7653d554\lsass.exe
[2012/11/16 18:33:45 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=79C908CAA6F43021EB05F4C733A927D1 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279c\lsass.exe
[2012/11/16 18:33:45 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=BF63CE11A25F3509129888710D5111FC -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21225_none_0309de288f695654\lsass.exe
[2012/10/22 15:28:10 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[2012/10/22 15:28:10 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e\lsass.exe
[2012/10/22 15:28:10 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=D21BD47E528CD62E79311FB5DF0150E6 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_02bb2a0a8fa4d398\lsass.exe
 
< MD5 for: NETBT.SYS  >
[2010/11/20 17:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys
[2009/07/14 07:21:29 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=9162B273A44AB9DCE5B44362731D062A -- C:\Windows\SysNative\drivers\netbt.sys
[2009/07/14 07:21:29 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=9162B273A44AB9DCE5B44362731D062A -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_bc59ba0910f52e0c\netbt.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 09:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009/07/14 09:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 21:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 20:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 09:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 09:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 09:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 09:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 09:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009/07/14 09:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 20:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 21:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: SERIAL.SYS  >
[2009/07/14 08:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\SysNative\drivers\serial.sys
[2009/07/14 08:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\SysNative\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys
[2009/07/14 08:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys
 
< MD5 for: SERVICES.EXE  >
[2009/07/14 09:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 09:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SVCHOST.EXE  >
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 09:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 09:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: TCPIP.SYS  >
[2010/11/20 21:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2012/10/22 15:58:45 | 001,877,872 | ---- | M] (Microsoft Corporation) MD5=5EFD096DEF47F8B88EF591DA92143440 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys
[2012/10/22 15:58:45 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\SysNative\drivers\tcpip.sys
[2012/10/22 15:58:45 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys
[2012/10/22 15:58:45 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2009/07/14 09:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2012/10/22 15:58:45 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 20:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 09:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 09:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 09:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 09:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 21:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: VOLSNAP.SYS  >
[2010/11/20 21:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[2012/09/07 04:08:56 | 000,296,304 | ---- | M] (Microsoft Corporation) MD5=523E3C704BEE5326A502BA235D0938D6 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.21320_none_72710b5b2eb7975f\volsnap.sys
[2009/07/14 09:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_1b1a512d99c5b72c\volsnap.sys
[2009/07/14 09:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys
[2012/09/07 01:38:18 | 000,295,792 | ---- | M] (Microsoft Corporation) MD5=9E425AC5C9A5A973273D169F43B4F5E1 -- C:\Windows\SysNative\drivers\volsnap.sys
[2012/09/07 01:38:18 | 000,295,792 | ---- | M] (Microsoft Corporation) MD5=9E425AC5C9A5A973273D169F43B4F5E1 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_2509122af013a38e\volsnap.sys
[2012/09/07 01:38:18 | 000,295,792 | ---- | M] (Microsoft Corporation) MD5=9E425AC5C9A5A973273D169F43B4F5E1 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.17122_none_71e96d3e15982d1c\volsnap.sys
 
< MD5 for: WININIT.EXE  >
[2009/07/14 09:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 09:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 09:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 09:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 21:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 09:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/10/22 13:41:33 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2012/10/22 13:41:33 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2012/10/22 13:41:33 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:56E2E879
 
< End of report >

Extra.txt:

 

 

OTL Extras logfile created on: 16/4/2013 5:14:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy
 
3.47 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 63.15% Memory free
52.30 Gb Paging File | 50.81 Gb Available in Paging File | 97.16% Paging File free
Paging file location(s): c:\pagefile.sys 50000 50000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 170.57 Gb Free Space | 57.24% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-169332278-487244520-735265740-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B525D47-E9F7-CC81-529D-8FB681372FBE}" = AMD AVIVO64 Codecs
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8E415C5A-FE73-02AB-B19D-2172D96572F2}" = ccc-utility64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B84A9DD0-B1BF-B57B-7950-E76BC868F03A}" = AMD Media Foundation Decoders
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E599EC9F-CEA5-7C4F-3366-958B6CC1EBBC}" = AMD Fuel
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR 4.20 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{138C901D-3DE6-E476-FBF9-950E7269EA3F}" = CCC Help Swedish
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2514E473-E5DC-0492-724D-60A863F23EA2}" = CCC Help Korean
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{277A1681-57CB-CF9B-AA3C-D73FC300F589}" = CCC Help Finnish
"{30BBB40A-F0A4-D25F-1424-989D7E730D2F}" = CCC Help Czech
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{347018CA-A00A-A7D5-3741-5DACDCF31437}" = AMD VISION Engine Control Center
"{352B31EE-A602-812C-6989-B70A8F182AAD}" = CCC Help Dutch
"{3566D7DB-EA10-49DE-A95B-F4AB41FC0A93}" = Dragon Nest SEA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Netwaiting
"{4163CBB7-9EBD-1944-EFB9-9DB422C5C2BF}" = Catalyst Control Center Profiles Mobile
"{451517F1-7E41-400B-AA36-FB7E2563526D}" = Dell Wireless Driver Installation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5A402DDD-53F3-1EE3-A592-A6B903C907F7}" = CCC Help Greek
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5F3359FE-2A2B-7617-3C07-F18E091616FF}" = Catalyst Control Center Localization All
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6C24543B-A912-BF79-C1C1-6EE385515E98}" = CCC Help Chinese Standard
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A25E08C-18F9-809D-D88E-9D560A489061}" = CCC Help English
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9851A2E3-3336-5691-218B-AE730CC1F7B8}" = CCC Help Russian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD19404-47A6-782E-DE7B-CB0BAFB1DB36}" = CCC Help Portuguese
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3328DF3-287C-2E46-F3B2-871AD0BDBF5F}" = CCC Help Spanish
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite DCP-135C
"{A54CA78B-F62B-4FB5-8097-E4A51D1751BA}" = Catalyst Control Center Graphics Previews Common
"{A6D62ACB-5F65-16F9-8235-E95387FA6617}" = CCC Help German
"{A9035D4D-0107-6D67-F576-ED11420FCE23}" = CCC Help French
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC533436-FB59-38E0-9EF6-D80A904CBB46}" = Catalyst Control Center InstallProxy
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF72C469-F924-43C6-E271-F7AD755C9670}" = CCC Help Hungarian
"{AFEA7544-6B97-4867-A94D-1C39BA61B64F}" = Catalyst Control Center - Branding
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}" = BBrowusse22savve
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C8D7DBD4-79DC-BDF9-AAAD-E62F212CE892}" = CCC Help Norwegian
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CECE9E80-150E-9219-F96D-4F09AB1C59BA}" = CCC Help Chinese Traditional
"{CFA0FE8E-BD58-A435-012B-56E1EDD27CBD}" = CCC Help Thai
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DB69B223-FE80-7485-0DE4-CC410DBE8B54}" = CCC Help Italian
"{DF5A148F-D6D8-4F04-ED5A-8DD04ECD3C1B}" = CCC Help Japanese
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B7E1B4-21FC-6765-A3D7-BA0416DC6AF7}" = EbbookBrowsse
"{E7F67B2A-856F-03EB-5354-997C789D5BBA}" = CCC Help Danish
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EED4033D-8EE2-0C7C-B2EE-21FD6E722514}" = CCC Help Turkish
"{EFB71029-49B2-5DD9-3061-F13D52EC2507}" = CCC Help Polish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F3ED01FE-B62F-4CA4-BACA-822369BC0FB7}" = TuneUp Utilities Language Pack (en-GB)
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"Fraps" = Fraps (remove only)
"Funshion" = Funshion
"Game Booster_is1" = Game Booster 3
"Google Chrome" = Google Chrome
"IObit Malware Fighter_is1" = IObit Malware Fighter
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP3 Rocket" = MP3 Rocket
"Office14.SingleImage" = Microsoft Office Professional 2010
"PowerISO" = PowerISO
"Smart Defrag 2_is1" = Smart Defrag 2
"SP_f2a323db" = BrowseToSave 1.74
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
"Xfire" = Xfire (remove only)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15/4/2013 7:04:48 AM | Computer Name = user-PC | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF66 Description:Windows did not pass genuine validation.
 You may be a victim of software counterfeiting.. Security Essentials is available
 for use on genuine licensed Windows PCs.  To complete installation of Security 
Essentials, click Go online and resolve now and get genuine Windows.  After validating
 your system, run the Security Essentials Installation Wizard.   <a id=link1>Go 
online and resolve now</a> Error code:0x8004FF66.
 
Error - 15/4/2013 9:26:52 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Users\user\downloads\AFO_P2P_V1017.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 15/4/2013 9:27:02 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Users\user\downloads\AFO_P2P_V1017.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 15/4/2013 9:27:22 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Users\user\downloads\AFO_P2P_V1017.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 15/4/2013 9:27:27 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Users\user\downloads\AFO_P2P_V1017.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 15/4/2013 9:27:35 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Users\user\downloads\AFO_P2P_V1017.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 15/4/2013 9:27:38 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Users\user\downloads\AFO_P2P_V1017.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error - 15/4/2013 10:49:15 AM | Computer Name = user-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 15/4/2013 6:41:54 PM | Computer Name = user-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 15/4/2013 6:46:16 PM | Computer Name = user-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 16/4/2013 5:11:16 AM | Computer Name = user-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
[ System Events ]
Error - 25/2/2013 2:46:32 AM | Computer Name = user-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:03:52 PM on ?24/?2/?2013 was unexpected.
 
Error - 25/2/2013 2:46:26 AM | Computer Name = user-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
 will not be used. The driver has been unloaded.
 
Error - 25/2/2013 2:47:04 AM | Computer Name = user-PC | Source = NetBT | ID = 4321
Description = The name "WORKGROUP      :1d" could not be registered on the interface
 with IP address 192.168.1.3.  The computer with the IP address 192.168.1.4 did not
 allow the name to be claimed by  this computer.
 
Error - 25/2/2013 3:16:57 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
 error:   %%5
 
Error - 25/2/2013 4:16:58 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
 error:   %%5
 
Error - 25/2/2013 5:16:57 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
 error:   %%5
 
Error - 25/2/2013 6:44:22 PM | Computer Name = user-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:03:32 PM on ?25/?2/?2013 was unexpected.
 
Error - 25/2/2013 6:44:24 PM | Computer Name = user-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
 will not be used. The driver has been unloaded.
 
Error - 26/2/2013 4:02:05 AM | Computer Name = user-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:55:23 AM on ?26/?2/?2013 was unexpected.
 
Error - 26/2/2013 4:01:59 AM | Computer Name = user-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
 will not be used. The driver has been unloaded.
 
 
< End of report >


#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:46 PM

Posted 17 April 2013 - 09:02 AM

Hi,


I am really sorry about the delay but yesterday my LAN card  had burnt out. I ordered a new one and when I get it we can continue with the cleaning process. I expect to receive it tomorrow.
I am really sorry about the entire situation.


Regards,
Georgi


cXfZ4wS.png


#10 Skepz

Skepz
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 17 April 2013 - 09:43 AM

Ok. :)

#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:46 PM

Posted 18 April 2013 - 06:27 AM

Hi,

 

 

I am here and ready for action. :)

 

 

 

No wonder your computer was so severly infected. You use a lot of cracks. This is playing with fire though.

Avoid using cracks and unknown programs from sources you don't trust. There are MANY alternative open-source applications.

Malware writers just love cracks and keygens, and will often attach malicious code into them. By using cracks and/or keygens, you are asking for problems.

So my advice is - stay away from them!

 

 

 

I suggest you to uninstall uTorrent.


Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Libre Office or GIMP."


Also, please take a look here:

How cyber criminals infect victims via P2P with pirated software

 

 

 

Registry Editor / Cleaner Warning !!


The following is referring to TuneUp Utilities 2013 and Advanced SystemCare 6
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:

  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.

This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.


For more information about why you should avoid using a such programs please take a look here => Registry Cleaners and System Tweaking Tools
 

 

 

I suggest you to uninstall Iobit Malware Fighter because of this issue => IOBit Steals Malwarebytes' Intellectual Property

 

 

 

Next click on Start Menu > type in appwiz.cpl in the search box and press Enter
Uninstall the following unwanted programs:

 

BBrowusse22savve => Description: Affiliate downloader, detected by ESET's Nod32 antivirus as "Win32/Adware.MultiPlug.E" - a variant of what Microsoft identifies as Adware.Win32.FastSaveApp
EbbookBrowsse => the same as above
Funshion => click here for more information

 

 

 

Upgrading Java:


javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

 

  • Download the latest version of Java SE 7
  • Click the Java SE 7u21 "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 7 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-7u21-windows-x64.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel > Programs, click on Uninstall a program and remove all older versions of Java:
    Java 7 Update 9
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version. (Vista/Windows 7 users, right click on the jre-7u21-windows-x64.exe and select "Run as an Administrator.")


Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader 11.0.02 to your PC's desktop.
 

  • Uninstall Adobe Reader X (10.1.4) via Start => Control Panel > Uninstall a program
  • Install the new downloaded updated software.

Note that the McAfee Security scan is prechecked. You may wish to uncheck it before downloading.
mcafee-ssp.jpg
 

 

 

 

Your Mozilla Firefox is out of date!
Download and install the latest version Mozilla Firefox 20.0.1 Final for Windows
Do a backup of your existing profile using Mozbackup or FEBE before you proceed with the update.

 

 

 

We need to run an OTL Fix


 

  • Please reopen otlDesktopIcon.png on your desktop.
  • Copy and Paste the following code into the customFix.png textbox. Do not include the word "Quote"

    :OTL
    SRV - [2013/03/08 14:50:32 | 000,078,472 | ---- | M] () [Auto | Running] -- C:\Users\user\funshion\funshiontools\FunshionSvr.dll -- (FunshionSvr)
    CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfimfliilbabfohebppnfomgjljicpdm\1.0_0\
    CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibabcfllpcehkmdeaomeefkdachleacj\1\
    CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnbmfbdgfnlgljeeinflhfijbaeocghi\1\
    O2 - BHO: (·çÐÐÊÓƵ²¥·Å¼°ÏÂÔØ×é¼þ) - {4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA} - C:\Users\user\funshion\funshiontools\FunshionHelper.dll (北京风行在线技术有限公司)
    O2 - BHO: (BBrowusse22savve) - {8A663F47-7F04-4822-4ADA-E38B91BBF15D} - C:\ProgramData\BBrowusse22savve\516bdd1b03964.dll ()
    O2 - BHO: (EbbookBrowsse) - {94409433-0FA3-FCBE-0165-30E1E2158833} - C:\ProgramData\EbbookBrowsse\516bde039a661.dll ()
    O20 - AppInit_DLLs: (c:\progra~2\browse~1\sprote~1.dll) - c:\Program Files (x86)\BrowseToSave\sprotector.dll ()
    [2013/04/15 19:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftSafe
    [2013/04/15 19:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EbbookBrowsse
    [2013/04/15 19:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\EbbookBrowsse
    [2013/04/15 18:58:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrowseToSave
    [2013/04/15 18:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BBrowusse22savve
    [2013/04/15 18:57:49 | 000,000,000 | ---D | C] -- C:\ProgramData\BBrowusse22savve
    [2013/04/15 18:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
    [2013/04/15 18:54:31 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\DownBook
    [2013/04/15 18:54:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\WideSearch
    [2013/04/14 15:54:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion
    [2013/04/14 17:39:29 | 000,002,241 | ---- | M] () -- C:\Users\user\FunShion.ini
    [2013/04/14 15:55:55 | 000,000,911 | ---- | M] () -- C:\Users\user\AppData\Roaming\coreavc.ini
    [2013/04/14 15:54:46 | 000,001,120 | ---- | M] () -- C:\Windows\SysWow64\funshion.ini
    [2013/04/14 15:54:41 | 000,002,229 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Funshion.lnk
    [2013/04/14 15:54:09 | 006,422,712 | ---- | M] (Funshion Online Technologies Ltd.) -- C:\Users\user\Desktop\FunshionInstall2.8.5.24.exe
    [2013/01/29 06:28:09 | 000,515,272 | ---- | M] (Ask Partner Network) -- C:\Users\user\Documents\APNSetup.exe
    [2012/11/20 11:01:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Local\APN
    [2012/11/20 11:01:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Ask
    [2012/10/24 20:04:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Funshion Online
    [2013/04/16 06:55:18 | 000,000,000 | -HSD | M] -- C:\Windows\installer\{a590945f-7933-c107-15da-b86a6a7d7e6e}
    [2013/04/15 19:07:16 | 000,000,000 | -HSD | M] -- C:\Windows\system32\%APPDATA%
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:56E2E879
    :files
    C:\Users\user\funshion\funshiontools
    C:\Windows\temp\RegistryOptimizer.exe

     

    netsh winsock reset catalog /c
    ipconfig /flushdns /c
    :commands
    [emptytemp]

  • Push runFixbutton.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click btnOK.png.
  • A report will open. Copy and Paste that report in your next reply.
  • If a report is not shown please navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present.
  • Copy/paste the content of the log back here in your next post.

 

 

 


Download the adwCleaner

  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the option
    Run%20as%20admin.png
  • Select the Delete button.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically.
  • A text file will open after the restart. Please post the content of that log file in your reply.

 

 

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


That's for now. :)

 

 

 

 

Regards,

Georgi


cXfZ4wS.png


#12 Skepz

Skepz
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 19 April 2013 - 04:37 AM

OTL.txt:

 

 

All processes killed
========== OTL ==========
Service FunshionSvr stopped successfully!
Service FunshionSvr deleted successfully!
C:\Users\user\funshion\funshiontools\FunshionSvr.dll moved successfully.
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfimfliilbabfohebppnfomgjljicpdm\1.0_0\Source\Resources folder moved successfully.
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfimfliilbabfohebppnfomgjljicpdm\1.0_0\Source folder moved successfully.
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfimfliilbabfohebppnfomgjljicpdm\1.0_0\Library folder moved successfully.
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfimfliilbabfohebppnfomgjljicpdm\1.0_0 folder moved successfully.
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibabcfllpcehkmdeaomeefkdachleacj\1 folder moved successfully.
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnbmfbdgfnlgljeeinflhfijbaeocghi\1 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA}\ deleted successfully.
C:\Users\user\funshion\funshiontools\FunshionHelper.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A663F47-7F04-4822-4ADA-E38B91BBF15D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A663F47-7F04-4822-4ADA-E38B91BBF15D}\ not found.
C:\ProgramData\BBrowusse22savve\516bdd1b03964.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94409433-0FA3-FCBE-0165-30E1E2158833}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94409433-0FA3-FCBE-0165-30E1E2158833}\ not found.
File C:\ProgramData\EbbookBrowsse\516bde039a661.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\browse~1\sprote~1.dll deleted successfully.
File c:\Program Files (x86)\BrowseToSave\sprotector.dll not found.
C:\ProgramData\SoftSafe\Setup folder moved successfully.
C:\ProgramData\SoftSafe folder moved successfully.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EbbookBrowsse\ not found.
Folder C:\ProgramData\EbbookBrowsse\ not found.
C:\Program Files (x86)\BrowseToSave folder moved successfully.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BBrowusse22savve\ not found.
C:\ProgramData\BBrowusse22savve folder moved successfully.
C:\ProgramData\InstallMate\{19FA5DE7-4235-4EEF-AC04-0A17C2197F11} folder moved successfully.
C:\ProgramData\InstallMate folder moved successfully.
C:\Users\user\AppData\Local\DownBook folder moved successfully.
C:\Users\user\AppData\Local\WideSearch folder moved successfully.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funshion\ not found.
C:\Users\user\FunShion.ini moved successfully.
C:\Users\user\AppData\Roaming\coreavc.ini moved successfully.
C:\Windows\SysWOW64\funshion.ini moved successfully.
File C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Funshion.lnk not found.
File C:\Users\user\Desktop\FunshionInstall2.8.5.24.exe not found.
C:\Users\user\Documents\APNSetup.exe moved successfully.
C:\Users\user\AppData\Local\APN\GoogleCRXs folder moved successfully.
C:\Users\user\AppData\Local\APN folder moved successfully.
C:\ProgramData\Ask\APN-Stub folder moved successfully.
C:\ProgramData\Ask folder moved successfully.
C:\Program Files (x86)\Funshion Online\Funshion\skin1 folder moved successfully.
C:\Program Files (x86)\Funshion Online\Funshion\icon folder moved successfully.
C:\Program Files (x86)\Funshion Online\Funshion folder moved successfully.
C:\Program Files (x86)\Funshion Online folder moved successfully.
C:\Windows\installer\{a590945f-7933-c107-15da-b86a6a7d7e6e} folder moved successfully.
C:\Windows\SysWow64\%APPDATA%\Microsoft\Windows\IETldCache folder moved successfully.
C:\Windows\SysWow64\%APPDATA%\Microsoft\Windows folder moved successfully.
C:\Windows\SysWow64\%APPDATA%\Microsoft folder moved successfully.
C:\Windows\SysWow64\%APPDATA% folder moved successfully.
ADS C:\ProgramData\TEMP:56E2E879 deleted successfully.
========== FILES ==========
C:\Users\user\funshion\funshiontools\FunshionSync folder moved successfully.
C:\Users\user\funshion\funshiontools folder moved successfully.
C:\Windows\temp\RegistryOptimizer.exe moved successfully.
< netsh winsock reset catalog /c >
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
C:\Users\user\Desktop\cmd.bat deleted successfully.
C:\Users\user\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\user\Desktop\cmd.bat deleted successfully.
C:\Users\user\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: user
->Temp folder emptied: 22659157 bytes
->Temporary Internet Files folder emptied: 25322494 bytes
->Java cache emptied: 121901162 bytes
->FireFox cache emptied: 2727494 bytes
->Google Chrome cache emptied: 344803205 bytes
->Flash cache emptied: 2268 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 27378688 bytes
%systemroot%\System32 (64bit) .tmp files removed: 6025728 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18536468 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36139531 bytes
RecycleBin emptied: 6426819 bytes
 
Total Files Cleaned = 584.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04192013_170223
 
Files\Folders moved on Reboot...
C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 

AdwCleaner:

 

 

# AdwCleaner v2.200 - Logfile created 04/19/2013 at 17:08:03
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Ultimate  (64 bits)
# User : user - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\user\Desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Folder Deleted : C:\Program Files (x86)\Common Files\Speedbit
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\Speedbit
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SpeedBit
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SpeedBit
Key Deleted : HKLM\Software\SProtector
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16457
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v20.0.1 (en-US)
 
-\\ Google Chrome v26.0.1410.64
 
*************************
 
AdwCleaner[S1].txt - [1505 octets] - [19/04/2013 17:08:03]
 
########## EOF - C:\AdwCleaner[S1].txt - [1565 octets] ##########
 

JRT:

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.5 (04.17.2013:1)
OS: Windows 7 Ultimate x64
Ran by user on Fri 19/04/2013 at 17:11:56.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] hkey_local_machine\software\systweak
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\d35fpdqh.default\user.js
Successfully deleted: [Folder] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\d35fpdqh.default\extensions\staged
Successfully deleted the following from C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\d35fpdqh.default\prefs.js
 
 
user_pref("browser.startup.homepage", "hxxp://www.hao123.com");
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 19/04/2013 at 17:33:44.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:46 PM

Posted 20 April 2013 - 07:20 AM

Hi,



Let's check for leftovers.
The most of them should take no more than 5 minutes each.
Eset could take up to an hour or two depending on the size of your hard drive and the speed of your computer.
You can run these scans at night when you are not there and the computer is idle.

Also we need to repair some of the Windows services like Windows Update, Windows Firewall, Security Center etc. which are probably broken by the rootkit.
And then I'll give you my final recommendations.



STEP 1

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.


STEP 2



Please download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    JtwHB.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


STEP 3




  • Please download the newest version of Malwarebytes' Anti-Malware and install it.
  • Please start the application by double-click on it's icon.
  • Once the program has loaded go to the UPDATE tab and check for updates.
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Click Save log and save it to your desktop, and post that log in your next reply for review (do not select Remove Selected) for now.

 

 

 

STEP 4



I'd like us to scan your machine with ESET OnlineScan

 

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Run ESET Online Scanner button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is  checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png


STEP 5
 

 

 

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure that all options are checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


STEP 6





  • Please download MiniToolBox.exe by Farbar save it to your desktop and run it.
  • Checkmark all boxes.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed!



STEP 7



Download Security Check by screen317 from here.


  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Regards,
Georgi

 


cXfZ4wS.png


#14 Skepz

Skepz
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 21 April 2013 - 01:29 AM

Rkill:

 

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 04/20/2013 08:35:13 PM in x64 mode.
Windows Version: Windows 7 Ultimate 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\ProgramData\DatacardService\HWDeviceService64.exe (PID: 1192) [AU-HEUR]
 * C:\ProgramData\DatacardService\DCSHelper.exe (PID: 2120) [AU-HEUR]
 * C:\Users\user\AppData\Roaming\Mobile Partner\ouc.exe (PID: 2944) [UP-HEUR]
 * C:\Users\user\Desktop\AxedMS\AxedMS.exe (PID: 4304) [UP-HEUR]
 
4 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]
 
Backup Registry file created at:
 C:\Users\user\Desktop\rkill\rkill-04-20-2013-08-35-30.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual
 
 * BFE [Missing Service]
 * BITS [Missing Service]
 * iphlpsvc [Missing Service]
 * MpsSvc [Missing Service]
 * WinDefend [Missing Service]
 * wscsvc [Missing Service]
 * wuauserv [Missing Service]
 
 * SharedAccess [Missing ImagePath]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 04/20/2013 08:35:47 PM
Execution time: 0 hours(s), 0 minute(s), and 34 seconds(s)


#15 Skepz

Skepz
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 21 April 2013 - 01:33 AM

TDDSKiller:

 

 

20:38:32.0342 1928  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:38:33.0388 1928  ============================================================
20:38:33.0388 1928  Current date / time: 2013/04/20 20:38:33.0388
20:38:33.0388 1928  SystemInfo:
20:38:33.0388 1928  
20:38:33.0388 1928  OS Version: 6.1.7600 ServicePack: 0.0
20:38:33.0388 1928  Product type: Workstation
20:38:33.0388 1928  ComputerName: USER-PC
20:38:33.0388 1928  UserName: user
20:38:33.0388 1928  Windows directory: C:\Windows
20:38:33.0388 1928  System windows directory: C:\Windows
20:38:33.0388 1928  Running under WOW64
20:38:33.0388 1928  Processor architecture: Intel x64
20:38:33.0388 1928  Number of processors: 4
20:38:33.0388 1928  Page size: 0x1000
20:38:33.0388 1928  Boot type: Normal boot
20:38:33.0388 1928  ============================================================
20:40:14.0425 1928  BG loaded
20:40:17.0857 1928  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:40:18.0060 1928  ============================================================
20:40:18.0060 1928  \Device\Harddisk0\DR0:
20:40:18.0169 1928  MBR partitions:
20:40:18.0169 1928  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:40:18.0169 1928  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
20:40:18.0169 1928  ============================================================
20:40:19.0464 1928  C: <-> \Device\Harddisk0\DR0\Partition2
20:40:19.0464 1928  ============================================================
20:40:19.0464 1928  Initialize success
20:40:19.0464 1928  ============================================================
20:40:38.0658 2220  ============================================================
20:40:38.0658 2220  Scan started
20:40:38.0658 2220  Mode: Manual; SigCheck; TDLFS; 
20:40:38.0658 2220  ============================================================
20:40:39.0111 2220  ================ Scan system memory ========================
20:40:39.0111 2220  System memory - ok
20:40:39.0113 2220  ================ Scan services =============================
20:40:40.0130 2220  1394hub - ok
20:40:40.0332 2220  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:40:41.0470 2220  1394ohci - ok
20:40:41.0518 2220  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:40:41.0576 2220  ACPI - ok
20:40:41.0626 2220  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:40:41.0994 2220  AcpiPmi - ok
20:40:42.0166 2220  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:40:42.0201 2220  AdobeARMservice - ok
20:40:42.0661 2220  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:40:42.0737 2220  AdobeFlashPlayerUpdateSvc - ok
20:40:42.0824 2220  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:40:42.0972 2220  adp94xx - ok
20:40:43.0512 2220  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:40:43.0565 2220  adpahci - ok
20:40:43.0615 2220  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:40:43.0718 2220  adpu320 - ok
20:40:43.0816 2220  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:40:44.0216 2220  AeLookupSvc - ok
20:40:44.0273 2220  [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD             C:\Windows\system32\drivers\afd.sys
20:40:44.0397 2220  AFD - ok
20:40:44.0455 2220  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:40:44.0516 2220  agp440 - ok
20:40:44.0646 2220  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
20:40:45.0055 2220  ALG - ok
20:40:45.0093 2220  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:40:45.0139 2220  aliide - ok
20:40:45.0189 2220  [ 1CC62947DD66D0A1A795750BDC95A588 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:40:46.0133 2220  AMD External Events Utility - ok
20:40:46.0275 2220  AMD FUEL Service - ok
20:40:46.0335 2220  [ 30BFEEE0DFFD5BD79D29157CF080DEED ] amdhub30        C:\Windows\system32\DRIVERS\amdhub30.sys
20:40:46.0376 2220  amdhub30 - ok
20:40:46.0435 2220  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:40:46.0469 2220  amdide - ok
20:40:46.0503 2220  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
20:40:46.0532 2220  amdiox64 - ok
20:40:46.0580 2220  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:40:46.0668 2220  AmdK8 - ok
20:40:47.0077 2220  [ 470AB364338024C81B357C2E365AD45E ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:40:47.0470 2220  amdkmdag - ok
20:40:47.0521 2220  [ 890CACABDA80BC1A1668C7FD52D7F867 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
20:40:47.0617 2220  amdkmdap - ok
20:40:47.0643 2220  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:40:47.0711 2220  AmdPPM - ok
20:40:47.0757 2220  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:40:47.0809 2220  amdsata - ok
20:40:47.0859 2220  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:40:47.0915 2220  amdsbs - ok
20:40:47.0981 2220  [ DB27766102C7BF7E95140A2AA81D042E ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:40:48.0020 2220  amdxata - ok
20:40:48.0047 2220  [ 321533578132C811EC834A1B741C994C ] amdxhc          C:\Windows\system32\DRIVERS\amdxhc.sys
20:40:48.0079 2220  amdxhc - ok
20:40:48.0130 2220  [ BB4FE7889DB9CBBE61A308E99697F53C ] amd_sata        C:\Windows\system32\DRIVERS\amd_sata.sys
20:40:48.0159 2220  amd_sata - ok
20:40:48.0180 2220  [ 5631CBA53F1CBEA3F9E88348E6723391 ] amd_xata        C:\Windows\system32\DRIVERS\amd_xata.sys
20:40:48.0211 2220  amd_xata - ok
20:40:48.0233 2220  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
20:40:48.0347 2220  AppID - ok
20:40:48.0390 2220  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:40:48.0501 2220  AppIDSvc - ok
20:40:48.0521 2220  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
20:40:48.0585 2220  Appinfo - ok
20:40:48.0687 2220  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:40:48.0716 2220  Apple Mobile Device - ok
20:40:48.0757 2220  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
20:40:48.0807 2220  AppMgmt - ok
20:40:48.0844 2220  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:40:48.0884 2220  arc - ok
20:40:48.0910 2220  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:40:48.0948 2220  arcsas - ok
20:40:48.0965 2220  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:40:49.0078 2220  AsyncMac - ok
20:40:49.0137 2220  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
20:40:49.0170 2220  atapi - ok
20:40:49.0335 2220  [ 80D6820DDB5427363A9D3F2137441C83 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
20:40:49.0468 2220  athr - ok
20:40:49.0525 2220  [ DBB487D09F56C674430AC454FD8BCAB9 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
20:40:49.0571 2220  AtiHDAudioService - ok
20:40:49.0671 2220  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:40:49.0822 2220  AudioEndpointBuilder - ok
20:40:49.0845 2220  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:40:49.0975 2220  AudioSrv - ok
20:40:50.0007 2220  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:40:50.0145 2220  AxInstSV - ok
20:40:50.0185 2220  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
20:40:50.0260 2220  b06bdrv - ok
20:40:50.0286 2220  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:40:50.0349 2220  b57nd60a - ok
20:40:50.0375 2220  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:40:50.0429 2220  BDESVC - ok
20:40:50.0455 2220  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:40:50.0569 2220  Beep - ok
20:40:50.0597 2220  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:40:50.0642 2220  blbdrive - ok
20:40:50.0679 2220  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:40:50.0725 2220  Bonjour Service - ok
20:40:50.0787 2220  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:40:50.0849 2220  bowser - ok
20:40:50.0876 2220  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:40:50.0918 2220  BrFiltLo - ok
20:40:50.0932 2220  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:40:50.0985 2220  BrFiltUp - ok
20:40:51.0042 2220  [ 6B054C67AAA87843504E8E3C09102009 ] Browser         C:\Windows\System32\browser.dll
20:40:51.0135 2220  Browser - ok
20:40:51.0171 2220  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:40:51.0249 2220  Brserid - ok
20:40:51.0282 2220  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:40:51.0338 2220  BrSerWdm - ok
20:40:51.0360 2220  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:40:51.0403 2220  BrUsbMdm - ok
20:40:51.0415 2220  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:40:51.0455 2220  BrUsbSer - ok
20:40:51.0470 2220  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:40:51.0519 2220  BTHMODEM - ok
20:40:51.0564 2220  [ D59773C7FDD3D795D6FE402EEEA8D71E ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
20:40:51.0686 2220  BTHPORT - ok
20:40:51.0721 2220  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
20:40:51.0876 2220  bthserv - ok
20:40:51.0921 2220  [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
20:40:51.0973 2220  BTHUSB - ok
20:40:52.0032 2220  [ A0DFB69ADE3444C78B17636FCF28E898 ] BTWAMPFL        C:\Windows\system32\DRIVERS\btwampfl.sys
20:40:52.0075 2220  BTWAMPFL - ok
20:40:52.0140 2220  [ 3D5E7FB2CB69A6186C7954C0859173F4 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
20:40:52.0206 2220  btwdins - ok
20:40:52.0239 2220  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:40:52.0383 2220  cdfs - ok
20:40:52.0428 2220  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\drivers\cdrom.sys
20:40:52.0474 2220  cdrom - ok
20:40:52.0505 2220  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
20:40:52.0630 2220  CertPropSvc - ok
20:40:52.0677 2220  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:40:52.0739 2220  circlass - ok
20:40:52.0770 2220  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
20:40:52.0864 2220  CLFS - ok
20:40:52.0989 2220  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:40:53.0020 2220  clr_optimization_v2.0.50727_32 - ok
20:40:53.0082 2220  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:40:53.0113 2220  clr_optimization_v2.0.50727_64 - ok
20:40:53.0191 2220  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:40:53.0285 2220  clr_optimization_v4.0.30319_32 - ok
20:40:53.0301 2220  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:40:53.0347 2220  clr_optimization_v4.0.30319_64 - ok
20:40:53.0379 2220  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:40:53.0425 2220  CmBatt - ok
20:40:53.0457 2220  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:40:53.0488 2220  cmdide - ok
20:40:53.0581 2220  [ CA7720B73446FDDEC5C69519C1174C98 ] CNG             C:\Windows\system32\Drivers\cng.sys
20:40:53.0675 2220  CNG - ok
20:40:53.0691 2220  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:40:53.0737 2220  Compbatt - ok
20:40:53.0940 2220  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:40:54.0003 2220  CompositeBus - ok
20:40:54.0018 2220  COMSysApp - ok
20:40:54.0127 2220  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:40:54.0377 2220  crcdisk - ok
20:40:54.0439 2220  [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:40:54.0533 2220  CryptSvc - ok
20:40:54.0580 2220  [ 4A6173C2279B498CD8F57CAE504564CB ] CSC             C:\Windows\system32\drivers\csc.sys
20:40:54.0658 2220  CSC - ok
20:40:54.0705 2220  [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService      C:\Windows\System32\cscsvc.dll
20:40:54.0845 2220  CscService - ok
20:40:54.0892 2220  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:40:55.0032 2220  DcomLaunch - ok
20:40:55.0079 2220  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
20:40:55.0251 2220  defragsvc - ok
20:40:55.0469 2220  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:40:55.0547 2220  DfsC - ok
20:40:55.0578 2220  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:40:55.0672 2220  Dhcp - ok
20:40:55.0719 2220  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
20:40:55.0828 2220  discache - ok
20:40:55.0859 2220  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:40:55.0906 2220  Disk - ok
20:40:55.0937 2220  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:40:55.0984 2220  Dnscache - ok
20:40:56.0093 2220  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
20:40:56.0249 2220  dot3svc - ok
20:40:56.0355 2220  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
20:40:56.0468 2220  DPS - ok
20:40:56.0531 2220  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:40:56.0609 2220  drmkaud - ok
20:40:56.0671 2220  [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:40:56.0749 2220  DXGKrnl - ok
20:40:56.0827 2220  EagleX64 - ok
20:40:56.0874 2220  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
20:40:57.0000 2220  EapHost - ok
20:40:57.0218 2220  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
20:40:57.0483 2220  ebdrv - ok
20:40:57.0514 2220  [ 156F6159457D0AA7E59B62681B56EB90 ] EFS             C:\Windows\System32\lsass.exe
20:40:57.0577 2220  EFS - ok
20:40:57.0795 2220  [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:40:57.0904 2220  ehRecvr - ok
20:40:57.0936 2220  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
20:40:58.0076 2220  ehSched - ok
20:40:58.0107 2220  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:40:58.0185 2220  elxstor - ok
20:40:58.0232 2220  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:40:58.0310 2220  ErrDev - ok
20:40:58.0372 2220  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
20:40:58.0513 2220  EventSystem - ok
20:40:58.0560 2220  [ 334C907536E815E56CD13108A6D5FB9D ] ewusbmbb        C:\Windows\system32\DRIVERS\ewusbwwan.sys
20:40:58.0622 2220  ewusbmbb - ok
20:40:58.0653 2220  [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev     C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
20:40:58.0747 2220  ew_hwusbdev - ok
20:40:58.0778 2220  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
20:40:58.0903 2220  exfat - ok
20:40:58.0950 2220  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:40:59.0074 2220  fastfat - ok
20:40:59.0121 2220  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
20:40:59.0199 2220  Fax - ok
20:40:59.0230 2220  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:40:59.0262 2220  fdc - ok
20:40:59.0293 2220  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:40:59.0418 2220  fdPHost - ok
20:40:59.0449 2220  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:40:59.0558 2220  FDResPub - ok
20:40:59.0589 2220  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:40:59.0636 2220  FileInfo - ok
20:40:59.0667 2220  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:40:59.0776 2220  Filetrace - ok
20:40:59.0808 2220  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:40:59.0870 2220  flpydisk - ok
20:40:59.0886 2220  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:40:59.0932 2220  FltMgr - ok
20:40:59.0995 2220  [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache       C:\Windows\system32\FntCache.dll
20:41:00.0120 2220  FontCache - ok
20:41:00.0198 2220  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:41:00.0229 2220  FontCache3.0.0.0 - ok
20:41:00.0244 2220  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:41:00.0276 2220  FsDepends - ok
20:41:00.0369 2220  [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:41:00.0416 2220  Fs_Rec - ok
20:41:00.0463 2220  [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:41:00.0525 2220  fvevol - ok
20:41:00.0572 2220  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:41:00.0666 2220  gagp30kx - ok
20:41:00.0697 2220  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:41:00.0712 2220  GEARAspiWDM - ok
20:41:00.0837 2220  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
20:41:00.0931 2220  gpsvc - ok
20:41:01.0009 2220  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:41:01.0040 2220  gupdate - ok
20:41:01.0040 2220  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:41:01.0071 2220  gupdatem - ok
20:41:01.0134 2220  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
20:41:01.0180 2220  hamachi - ok
20:41:01.0243 2220  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:41:01.0336 2220  hcw85cir - ok
20:41:01.0383 2220  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:41:01.0446 2220  HdAudAddService - ok
20:41:01.0492 2220  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:41:01.0555 2220  HDAudBus - ok
20:41:01.0570 2220  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:41:01.0617 2220  HidBatt - ok
20:41:01.0633 2220  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:41:01.0695 2220  HidBth - ok
20:41:01.0711 2220  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:41:01.0758 2220  HidIr - ok
20:41:01.0804 2220  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
20:41:01.0914 2220  hidserv - ok
20:41:01.0945 2220  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
20:41:02.0023 2220  HidUsb - ok
20:41:02.0054 2220  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:41:02.0179 2220  hkmsvc - ok
20:41:02.0257 2220  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:41:02.0319 2220  HomeGroupListener - ok
20:41:02.0366 2220  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:41:02.0413 2220  HomeGroupProvider - ok
20:41:02.0475 2220  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:41:02.0506 2220  HpSAMD - ok
20:41:02.0569 2220  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:41:02.0740 2220  HTTP - ok
20:41:02.0834 2220  [ 1642C62F1FD5E1FF44608283994A7BB8 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
20:41:02.0912 2220  huawei_enumerator - ok
20:41:02.0959 2220  [ 04D1DE1E8ACE40CA396502C90524E945 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
20:41:03.0021 2220  hwdatacard - ok
20:41:03.0068 2220  HWDeviceService64.exe - ok
20:41:03.0162 2220  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:41:03.0208 2220  hwpolicy - ok
20:41:03.0255 2220  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:41:03.0286 2220  i8042prt - ok
20:41:03.0333 2220  [ B75E45C564E944A2657167D197AB29DA ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:41:03.0396 2220  iaStorV - ok
20:41:03.0489 2220  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:41:03.0598 2220  idsvc - ok
20:41:03.0630 2220  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:41:03.0676 2220  iirsp - ok
20:41:03.0723 2220  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
20:41:03.0895 2220  IKEEXT - ok
20:41:03.0942 2220  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
20:41:03.0973 2220  intelide - ok
20:41:04.0004 2220  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:41:04.0035 2220  intelppm - ok
20:41:04.0066 2220  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:41:04.0191 2220  IPBusEnum - ok
20:41:04.0207 2220  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:41:04.0316 2220  IpFilterDriver - ok
20:41:04.0363 2220  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:41:04.0441 2220  IPMIDRV - ok
20:41:04.0456 2220  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:41:04.0581 2220  IPNAT - ok
20:41:04.0612 2220  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:41:04.0675 2220  iPod Service - ok
20:41:04.0706 2220  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:41:04.0753 2220  IRENUM - ok
20:41:04.0768 2220  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:41:04.0800 2220  isapnp - ok
20:41:04.0831 2220  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:41:04.0878 2220  iScsiPrt - ok
20:41:04.0909 2220  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
20:41:04.0940 2220  kbdclass - ok
20:41:04.0987 2220  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
20:41:05.0065 2220  kbdhid - ok
20:41:05.0080 2220  [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso          C:\Windows\system32\lsass.exe
20:41:05.0127 2220  KeyIso - ok
20:41:05.0143 2220  [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:41:05.0174 2220  KSecDD - ok
20:41:05.0205 2220  [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:41:05.0252 2220  KSecPkg - ok
20:41:05.0283 2220  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:41:05.0392 2220  ksthunk - ok
20:41:05.0455 2220  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:41:05.0642 2220  KtmRm - ok
20:41:05.0673 2220  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:41:05.0736 2220  LanmanServer - ok
20:41:05.0782 2220  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:41:05.0954 2220  LanmanWorkstation - ok
20:41:05.0970 2220  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:41:06.0094 2220  lltdio - ok
20:41:06.0126 2220  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:41:06.0250 2220  lltdsvc - ok
20:41:06.0282 2220  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:41:06.0391 2220  lmhosts - ok
20:41:06.0422 2220  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:41:06.0469 2220  LSI_FC - ok
20:41:06.0484 2220  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:41:06.0531 2220  LSI_SAS - ok
20:41:06.0547 2220  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:41:06.0594 2220  LSI_SAS2 - ok
20:41:06.0609 2220  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:41:06.0656 2220  LSI_SCSI - ok
20:41:06.0672 2220  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:41:06.0796 2220  luafv - ok
20:41:06.0843 2220  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:41:06.0890 2220  Mcx2Svc - ok
20:41:06.0906 2220  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:41:06.0952 2220  megasas - ok
20:41:06.0968 2220  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:41:07.0015 2220  MegaSR - ok
20:41:07.0046 2220  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
20:41:07.0171 2220  MMCSS - ok
20:41:07.0233 2220  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
20:41:07.0389 2220  Modem - ok
20:41:07.0420 2220  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:41:07.0483 2220  monitor - ok
20:41:07.0514 2220  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
20:41:07.0545 2220  mouclass - ok
20:41:07.0592 2220  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:41:07.0639 2220  mouhid - ok
20:41:07.0654 2220  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:41:07.0701 2220  mountmgr - ok
20:41:07.0810 2220  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:41:07.0873 2220  MozillaMaintenance - ok
20:41:07.0888 2220  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\drivers\mpio.sys
20:41:07.0966 2220  mpio - ok
20:41:07.0982 2220  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:41:08.0138 2220  mpsdrv - ok
20:41:08.0185 2220  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:41:08.0263 2220  MRxDAV - ok
20:41:08.0310 2220  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:41:08.0388 2220  mrxsmb - ok
20:41:08.0419 2220  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:41:08.0481 2220  mrxsmb10 - ok
20:41:08.0497 2220  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:41:08.0544 2220  mrxsmb20 - ok
20:41:08.0559 2220  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:41:08.0606 2220  msahci - ok
20:41:08.0653 2220  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:41:08.0700 2220  msdsm - ok
20:41:08.0746 2220  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
20:41:08.0809 2220  MSDTC - ok
20:41:08.0856 2220  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:41:08.0949 2220  Msfs - ok
20:41:09.0012 2220  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:41:09.0121 2220  mshidkmdf - ok
20:41:09.0136 2220  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:41:09.0168 2220  msisadrv - ok
20:41:09.0230 2220  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:41:09.0370 2220  MSiSCSI - ok
20:41:09.0386 2220  msiserver - ok
20:41:09.0417 2220  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:41:09.0542 2220  MSKSSRV - ok
20:41:09.0573 2220  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:41:09.0698 2220  MSPCLOCK - ok
20:41:09.0714 2220  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:41:09.0838 2220  MSPQM - ok
20:41:09.0870 2220  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:41:09.0932 2220  MsRPC - ok
20:41:09.0963 2220  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:41:09.0994 2220  mssmbios - ok
20:41:10.0026 2220  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:41:10.0150 2220  MSTEE - ok
20:41:10.0182 2220  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:41:10.0260 2220  MTConfig - ok
20:41:10.0275 2220  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:41:10.0306 2220  Mup - ok
20:41:10.0353 2220  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
20:41:10.0478 2220  napagent - ok
20:41:10.0525 2220  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:41:10.0587 2220  NativeWifiP - ok
20:41:10.0634 2220  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:41:10.0728 2220  NDIS - ok
20:41:10.0759 2220  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:41:10.0868 2220  NdisCap - ok
20:41:10.0899 2220  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:41:11.0040 2220  NdisTapi - ok
20:41:11.0102 2220  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:41:11.0211 2220  Ndisuio - ok
20:41:11.0258 2220  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:41:11.0367 2220  NdisWan - ok
20:41:11.0414 2220  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:41:11.0523 2220  NDProxy - ok
20:41:11.0554 2220  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:41:11.0664 2220  NetBIOS - ok
20:41:11.0726 2220  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:41:11.0851 2220  NetBT - ok
20:41:11.0882 2220  [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon        C:\Windows\system32\lsass.exe
20:41:11.0913 2220  Netlogon - ok
20:41:11.0960 2220  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
20:41:12.0085 2220  Netman - ok
20:41:12.0116 2220  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
20:41:12.0256 2220  netprofm - ok
20:41:12.0319 2220  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:41:12.0350 2220  NetTcpPortSharing - ok
20:41:12.0366 2220  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:41:12.0428 2220  nfrd960 - ok
20:41:12.0444 2220  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:41:12.0568 2220  NlaSvc - ok
20:41:12.0584 2220  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:41:12.0709 2220  Npfs - ok
20:41:12.0740 2220  npggsvc - ok
20:41:12.0771 2220  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
20:41:12.0880 2220  nsi - ok
20:41:12.0912 2220  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:41:13.0052 2220  nsiproxy - ok
20:41:13.0146 2220  [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:41:13.0270 2220  Ntfs - ok
20:41:13.0317 2220  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
20:41:13.0442 2220  Null - ok
20:41:13.0489 2220  [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:41:13.0536 2220  nvraid - ok
20:41:13.0567 2220  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:41:13.0629 2220  nvstor - ok
20:41:13.0660 2220  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:41:13.0692 2220  nv_agp - ok
20:41:13.0723 2220  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:41:13.0785 2220  ohci1394 - ok
20:41:13.0848 2220  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:41:13.0879 2220  ose - ok
20:41:14.0113 2220  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:41:14.0362 2220  osppsvc - ok
20:41:14.0425 2220  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:41:14.0487 2220  p2pimsvc - ok
20:41:14.0518 2220  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:41:14.0565 2220  p2psvc - ok
20:41:14.0596 2220  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:41:14.0628 2220  Parport - ok
20:41:14.0659 2220  [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:41:14.0690 2220  partmgr - ok
20:41:14.0721 2220  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:41:14.0784 2220  PcaSvc - ok
20:41:14.0799 2220  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\drivers\pci.sys
20:41:14.0846 2220  pci - ok
20:41:14.0877 2220  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
20:41:14.0908 2220  pciide - ok
20:41:14.0955 2220  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:41:14.0986 2220  pcmcia - ok
20:41:15.0002 2220  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:41:15.0049 2220  pcw - ok
20:41:15.0080 2220  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:41:15.0220 2220  PEAUTH - ok
20:41:15.0298 2220  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
20:41:15.0423 2220  PeerDistSvc - ok
20:41:15.0517 2220  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:41:15.0579 2220  PerfHost - ok
20:41:15.0657 2220  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
20:41:15.0829 2220  pla - ok
20:41:15.0876 2220  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:41:15.0985 2220  PlugPlay - ok
20:41:16.0016 2220  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:41:16.0078 2220  PNRPAutoReg - ok
20:41:16.0110 2220  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:41:16.0141 2220  PNRPsvc - ok
20:41:16.0188 2220  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:41:16.0375 2220  PolicyAgent - ok
20:41:16.0453 2220  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
20:41:16.0593 2220  Power - ok
20:41:16.0656 2220  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:41:16.0765 2220  PptpMiniport - ok
20:41:16.0780 2220  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:41:16.0843 2220  Processor - ok
20:41:16.0874 2220  [ 97293447431311C06703368AD0F6C4BE ] ProfSvc         C:\Windows\system32\profsvc.dll
20:41:16.0921 2220  ProfSvc - ok
20:41:16.0936 2220  [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:41:16.0968 2220  ProtectedStorage - ok
20:41:16.0999 2220  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:41:17.0108 2220  Psched - ok
20:41:17.0170 2220  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:41:17.0280 2220  ql2300 - ok
20:41:17.0326 2220  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:41:17.0358 2220  ql40xx - ok
20:41:17.0420 2220  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
20:41:17.0482 2220  QWAVE - ok
20:41:17.0514 2220  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:41:17.0592 2220  QWAVEdrv - ok
20:41:17.0623 2220  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:41:17.0716 2220  RasAcd - ok
20:41:17.0794 2220  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:41:17.0904 2220  RasAgileVpn - ok
20:41:17.0950 2220  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
20:41:18.0075 2220  RasAuto - ok
20:41:18.0106 2220  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:41:18.0231 2220  Rasl2tp - ok
20:41:18.0278 2220  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
20:41:18.0403 2220  RasMan - ok
20:41:18.0418 2220  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:41:18.0559 2220  RasPppoe - ok
20:41:18.0606 2220  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:41:18.0715 2220  RasSstp - ok
20:41:18.0762 2220  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:41:18.0886 2220  rdbss - ok
20:41:18.0902 2220  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:41:18.0964 2220  rdpbus - ok
20:41:18.0980 2220  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:41:19.0089 2220  RDPCDD - ok
20:41:19.0136 2220  [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
20:41:19.0183 2220  RDPDR - ok
20:41:19.0198 2220  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:41:19.0323 2220  RDPENCDD - ok
20:41:19.0339 2220  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:41:19.0448 2220  RDPREFMP - ok
20:41:19.0495 2220  [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:41:19.0542 2220  RDPWD - ok
20:41:19.0573 2220  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:41:19.0620 2220  rdyboost - ok
20:41:19.0651 2220  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:41:19.0791 2220  RemoteAccess - ok
20:41:19.0822 2220  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:41:19.0947 2220  RemoteRegistry - ok
20:41:19.0978 2220  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:41:20.0103 2220  RpcEptMapper - ok
20:41:20.0119 2220  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
20:41:20.0166 2220  RpcLocator - ok
20:41:20.0197 2220  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
20:41:20.0322 2220  RpcSs - ok
20:41:20.0337 2220  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:41:20.0446 2220  rspndr - ok
20:41:20.0493 2220  [ AFC12DFA4C7B089673AD67402CA19EDB ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
20:41:20.0540 2220  RTL8167 - ok
20:41:20.0571 2220  [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
20:41:20.0649 2220  s3cap - ok
20:41:20.0680 2220  [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs           C:\Windows\system32\lsass.exe
20:41:20.0712 2220  SamSs - ok
20:41:20.0727 2220  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:41:20.0774 2220  sbp2port - ok
20:41:20.0790 2220  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:41:20.0914 2220  SCardSvr - ok
20:41:20.0946 2220  [ 3A09F31454DFEFBB124BAF378F90B636 ] SCDEmu          C:\Windows\system32\drivers\SCDEmu.sys
20:41:20.0977 2220  SCDEmu - ok
20:41:21.0008 2220  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:41:21.0117 2220  scfilter - ok
20:41:21.0226 2220  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
20:41:21.0336 2220  Schedule - ok
20:41:21.0367 2220  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:41:21.0476 2220  SCPolicySvc - ok
20:41:21.0492 2220  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:41:21.0538 2220  SDRSVC - ok
20:41:21.0570 2220  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:41:21.0679 2220  secdrv - ok
20:41:21.0694 2220  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
20:41:21.0819 2220  seclogon - ok
20:41:21.0850 2220  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
20:41:21.0960 2220  SENS - ok
20:41:21.0975 2220  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:41:22.0038 2220  SensrSvc - ok
20:41:22.0053 2220  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:41:22.0100 2220  Serenum - ok
20:41:22.0116 2220  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:41:22.0162 2220  Serial - ok
20:41:22.0178 2220  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:41:22.0209 2220  sermouse - ok
20:41:22.0256 2220  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
20:41:22.0381 2220  SessionEnv - ok
20:41:22.0412 2220  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:41:22.0459 2220  sffdisk - ok
20:41:22.0490 2220  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:41:22.0537 2220  sffp_mmc - ok
20:41:22.0552 2220  [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:41:22.0584 2220  sffp_sd - ok
20:41:22.0599 2220  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:41:22.0630 2220  sfloppy - ok
20:41:22.0677 2220  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:41:22.0755 2220  ShellHWDetection - ok
20:41:22.0771 2220  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:41:22.0802 2220  SiSRaid2 - ok
20:41:22.0833 2220  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:41:22.0864 2220  SiSRaid4 - ok
20:41:22.0896 2220  [ 0F575481EAD4CDD41AA82ED38BC8F6B3 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:41:22.0927 2220  SkypeUpdate - ok
20:41:22.0958 2220  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:41:23.0067 2220  Smb - ok
20:41:23.0130 2220  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:41:23.0176 2220  SNMPTRAP - ok
20:41:23.0208 2220  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:41:23.0239 2220  spldr - ok
20:41:23.0286 2220  [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler         C:\Windows\System32\spoolsv.exe
20:41:23.0379 2220  Spooler - ok
20:41:23.0488 2220  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
20:41:23.0660 2220  sppsvc - ok
20:41:23.0691 2220  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:41:23.0816 2220  sppuinotify - ok
20:41:23.0847 2220  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:41:23.0910 2220  srv - ok
20:41:23.0941 2220  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:41:24.0003 2220  srv2 - ok
20:41:24.0019 2220  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:41:24.0050 2220  srvnet - ok
20:41:24.0097 2220  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:41:24.0222 2220  SSDPSRV - ok
20:41:24.0222 2220  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:41:24.0346 2220  SstpSvc - ok
20:41:24.0409 2220  Steam Client Service - ok
20:41:24.0424 2220  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:41:24.0456 2220  stexstor - ok
20:41:24.0534 2220  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
20:41:24.0612 2220  stisvc - ok
20:41:24.0627 2220  [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
20:41:24.0658 2220  storflt - ok
20:41:24.0690 2220  [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc         C:\Windows\system32\drivers\storvsc.sys
20:41:24.0721 2220  storvsc - ok
20:41:24.0752 2220  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:41:24.0783 2220  swenum - ok
20:41:24.0814 2220  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
20:41:24.0939 2220  swprv - ok
20:41:25.0017 2220  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
20:41:25.0126 2220  SysMain - ok
20:41:25.0142 2220  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:41:25.0204 2220  TabletInputService - ok
20:41:25.0236 2220  [ F33FDC72298DF4BF9813A55D21F4EB31 ] taphss          C:\Windows\system32\DRIVERS\taphss.sys
20:41:25.0267 2220  taphss - ok
20:41:25.0298 2220  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:41:25.0423 2220  TapiSrv - ok
20:41:25.0470 2220  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
20:41:25.0579 2220  TBS - ok
20:41:25.0641 2220  [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:41:25.0766 2220  Tcpip - ok
20:41:25.0828 2220  [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:41:25.0953 2220  TCPIP6 - ok
20:41:25.0984 2220  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:41:26.0094 2220  tcpipreg - ok
20:41:26.0109 2220  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:41:26.0172 2220  TDPIPE - ok
20:41:26.0218 2220  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:41:26.0281 2220  TDTCP - ok
20:41:26.0312 2220  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:41:26.0421 2220  tdx - ok
20:41:26.0484 2220  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:41:26.0515 2220  TermDD - ok
20:41:26.0546 2220  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
20:41:26.0686 2220  TermService - ok
20:41:26.0718 2220  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
20:41:26.0764 2220  Themes - ok
20:41:26.0780 2220  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
20:41:26.0889 2220  THREADORDER - ok
20:41:26.0905 2220  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
20:41:27.0014 2220  TrkWks - ok
20:41:27.0076 2220  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:41:27.0108 2220  TrustedInstaller - ok
20:41:27.0139 2220  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:41:27.0248 2220  tssecsrv - ok
20:41:27.0279 2220  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:41:27.0373 2220  tunnel - ok
20:41:27.0404 2220  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:41:27.0435 2220  uagp35 - ok
20:41:27.0466 2220  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:41:27.0591 2220  udfs - ok
20:41:27.0638 2220  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:41:27.0685 2220  UI0Detect - ok
20:41:27.0700 2220  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:41:27.0732 2220  uliagpkx - ok
20:41:27.0763 2220  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\drivers\umbus.sys
20:41:27.0810 2220  umbus - ok
20:41:27.0841 2220  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:41:27.0872 2220  UmPass - ok
20:41:27.0903 2220  [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService    C:\Windows\System32\umrdp.dll
20:41:27.0950 2220  UmRdpService - ok
20:41:27.0981 2220  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
20:41:28.0106 2220  upnphost - ok
20:41:28.0153 2220  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
20:41:28.0215 2220  USBAAPL64 - ok
20:41:28.0231 2220  [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:41:28.0293 2220  usbccgp - ok
20:41:28.0309 2220  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:41:28.0371 2220  usbcir - ok
20:41:28.0402 2220  [ 92969BA5AC44E229C55A332864F79677 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:41:28.0434 2220  usbehci - ok
20:41:28.0449 2220  [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:41:28.0496 2220  usbhub - ok
20:41:28.0512 2220  [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
20:41:28.0558 2220  usbohci - ok
20:41:28.0590 2220  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:41:28.0636 2220  usbprint - ok
20:41:28.0668 2220  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:41:28.0730 2220  usbscan - ok
20:41:28.0761 2220  [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:41:28.0824 2220  USBSTOR - ok
20:41:28.0839 2220  [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:41:28.0870 2220  usbuhci - ok
20:41:28.0902 2220  [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
20:41:28.0964 2220  usbvideo - ok
20:41:28.0980 2220  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
20:41:29.0104 2220  UxSms - ok
20:41:29.0120 2220  [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc        C:\Windows\system32\lsass.exe
20:41:29.0151 2220  VaultSvc - ok
20:41:29.0167 2220  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:41:29.0214 2220  vdrvroot - ok
20:41:29.0245 2220  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
20:41:29.0307 2220  vds - ok
20:41:29.0323 2220  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:41:29.0370 2220  vga - ok
20:41:29.0401 2220  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:41:29.0510 2220  VgaSave - ok
20:41:29.0541 2220  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:41:29.0588 2220  vhdmp - ok
20:41:29.0619 2220  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:41:29.0650 2220  viaide - ok
20:41:29.0682 2220  [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
20:41:29.0728 2220  vmbus - ok
20:41:29.0760 2220  [ AE10C35761889E65A6F7176937C5592C ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
20:41:29.0806 2220  VMBusHID - ok
20:41:29.0806 2220  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:41:29.0853 2220  volmgr - ok
20:41:29.0869 2220  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:41:29.0916 2220  volmgrx - ok
20:41:29.0947 2220  [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:41:29.0994 2220  volsnap - ok
20:41:30.0025 2220  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:41:30.0056 2220  vsmraid - ok
20:41:30.0118 2220  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
20:41:30.0228 2220  VSS - ok
20:41:30.0259 2220  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:41:30.0306 2220  vwifibus - ok
20:41:30.0352 2220  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:41:30.0399 2220  vwififlt - ok
20:41:30.0430 2220  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
20:41:30.0555 2220  W32Time - ok
20:41:30.0586 2220  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:41:30.0633 2220  WacomPen - ok
20:41:30.0649 2220  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:41:30.0820 2220  WANARP - ok
20:41:30.0836 2220  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:41:30.0945 2220  Wanarpv6 - ok
20:41:31.0008 2220  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
20:41:31.0008 2220  Suspicious file (NoAccess): C:\Windows\system32\Wat\WatAdminSvc.exe. md5: 3CEC96DE223E49EAAE3651FCF8FAEA6C
20:41:31.0023 2220  WatAdminSvc ( LockedFile.Multi.Generic ) - warning
20:41:31.0023 2220  WatAdminSvc - detected LockedFile.Multi.Generic (1)
20:41:31.0101 2220  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
20:41:31.0226 2220  wbengine - ok
20:41:31.0257 2220  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:41:31.0320 2220  WbioSrvc - ok
20:41:31.0351 2220  [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:41:31.0444 2220  wcncsvc - ok
20:41:31.0460 2220  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:41:31.0522 2220  WcsPlugInService - ok
20:41:31.0569 2220  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:41:31.0616 2220  Wd - ok
20:41:31.0663 2220  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:41:31.0741 2220  Wdf01000 - ok
20:41:31.0788 2220  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:41:31.0850 2220  WdiServiceHost - ok
20:41:31.0850 2220  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:41:31.0912 2220  WdiSystemHost - ok
20:41:31.0959 2220  [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient       C:\Windows\System32\webclnt.dll
20:41:32.0022 2220  WebClient - ok
20:41:32.0068 2220  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:41:32.0224 2220  Wecsvc - ok
20:41:32.0271 2220  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:41:32.0412 2220  wercplsupport - ok
20:41:32.0443 2220  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:41:32.0552 2220  WerSvc - ok
20:41:32.0583 2220  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:41:32.0708 2220  WfpLwf - ok
20:41:32.0724 2220  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:41:32.0770 2220  WIMMount - ok
20:41:32.0786 2220  WinHttpAutoProxySvc - ok
20:41:32.0848 2220  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:41:32.0958 2220  Winmgmt - ok
20:41:33.0036 2220  [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0  C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys
20:41:33.0082 2220  WinRing0_1_2_0 - ok
20:41:33.0160 2220  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
20:41:33.0348 2220  WinRM - ok
20:41:33.0379 2220  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:41:33.0441 2220  WinUsb - ok
20:41:33.0472 2220  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:41:33.0566 2220  Wlansvc - ok
20:41:33.0722 2220  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:41:33.0862 2220  wlidsvc - ok
20:41:33.0894 2220  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:41:33.0925 2220  WmiAcpi - ok
20:41:33.0972 2220  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:41:34.0018 2220  wmiApSrv - ok
20:41:34.0034 2220  WMPNetworkSvc - ok
20:41:34.0174 2220  [ 722662D798C82859D52BDAEAB391C821 ] wolf            C:\Game\SoftnyxGame\WolfTeamIS\avital\wolf64.sys
20:41:34.0237 2220  wolf - ok
20:41:34.0252 2220  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:41:34.0299 2220  WPCSvc - ok
20:41:34.0330 2220  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:41:34.0377 2220  WPDBusEnum - ok
20:41:34.0408 2220  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:41:34.0533 2220  ws2ifsl - ok
20:41:34.0549 2220  WSearch - ok
20:41:34.0580 2220  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:41:34.0627 2220  WudfPf - ok
20:41:34.0658 2220  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:41:34.0705 2220  WUDFRd - ok
20:41:34.0720 2220  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:41:34.0767 2220  wudfsvc - ok
20:41:34.0798 2220  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:41:34.0861 2220  WwanSvc - ok
20:41:34.0876 2220  ================ Scan global ===============================
20:41:34.0923 2220  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:41:34.0954 2220  [ C4C551E6AB333C0EB812A3A4672E89DB ] C:\Windows\system32\winsrv.dll
20:41:34.0970 2220  [ C4C551E6AB333C0EB812A3A4672E89DB ] C:\Windows\system32\winsrv.dll
20:41:35.0001 2220  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:41:35.0048 2220  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:41:35.0048 2220  [Global] - ok
20:41:35.0048 2220  ================ Scan MBR ==================================
20:41:35.0079 2220  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:41:35.0407 2220  \Device\Harddisk0\DR0 - ok
20:41:35.0407 2220  ================ Scan VBR ==================================
20:41:35.0422 2220  [ 90C3364EBD84F1D0FC70EB87FA4016E7 ] \Device\Harddisk0\DR0\Partition1
20:41:35.0422 2220  \Device\Harddisk0\DR0\Partition1 - ok
20:41:35.0454 2220  [ B8CC203C025F5E41BC40BB7062295BFF ] \Device\Harddisk0\DR0\Partition2
20:41:35.0469 2220  \Device\Harddisk0\DR0\Partition2 - ok
20:41:35.0469 2220  ================ Scan active images ========================
20:41:35.0469 2220  [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
20:41:35.0469 2220  C:\Windows\System32\drivers\crashdmp.sys - ok
20:41:35.0485 2220  [ BB4FE7889DB9CBBE61A308E99697F53C ] C:\Windows\System32\drivers\amd_sata.sys
20:41:35.0485 2220  C:\Windows\System32\drivers\amd_sata.sys - ok
20:41:35.0500 2220  [ 20080512F61D3210E449A1256F66A7FD ] C:\Windows\System32\drivers\Diskdump.sys
20:41:35.0500 2220  C:\Windows\System32\drivers\Diskdump.sys - ok
20:41:35.0516 2220  [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
20:41:35.0516 2220  C:\Windows\System32\drivers\dumpfve.sys - ok
20:41:35.0532 2220  [ 83D2D75E1EFB81B3450C18131443F7DB ] C:\Windows\System32\drivers\cdrom.sys
20:41:35.0532 2220  C:\Windows\System32\drivers\cdrom.sys - ok
20:41:35.0532 2220  [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
20:41:35.0547 2220  C:\Windows\System32\drivers\null.sys - ok
20:41:35.0547 2220  [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
20:41:35.0547 2220  C:\Windows\System32\drivers\beep.sys - ok
20:41:35.0563 2220  [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
20:41:35.0563 2220  C:\Windows\System32\drivers\watchdog.sys - ok
20:41:35.0578 2220  [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys
20:41:35.0578 2220  C:\Windows\System32\drivers\RDPCDD.sys - ok
20:41:35.0594 2220  [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
20:41:35.0594 2220  C:\Windows\System32\drivers\vga.sys - ok
20:41:35.0610 2220  [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
20:41:35.0610 2220  C:\Windows\System32\drivers\videoprt.sys - ok
20:41:35.0625 2220  [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
20:41:35.0625 2220  C:\Windows\System32\drivers\RDPENCDD.sys - ok
20:41:35.0641 2220  [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys
20:41:35.0641 2220  C:\Windows\System32\drivers\RDPREFMP.sys - ok
20:41:35.0641 2220  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
20:41:35.0641 2220  C:\Windows\System32\drivers\msfs.sys - ok
20:41:35.0656 2220  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
20:41:35.0656 2220  C:\Windows\System32\drivers\npfs.sys - ok
20:41:35.0672 2220  [ 0CA6FE26ACC7FFEE1BD0463F40835F32 ] C:\Windows\System32\drivers\tdi.sys
20:41:35.0672 2220  C:\Windows\System32\drivers\tdi.sys - ok
20:41:35.0688 2220  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] C:\Windows\System32\drivers\tdx.sys
20:41:35.0688 2220  C:\Windows\System32\drivers\tdx.sys - ok
20:41:35.0703 2220  [ DB9D6C6B2CD95A9CA414D045B627422E ] C:\Windows\System32\drivers\afd.sys
20:41:35.0703 2220  C:\Windows\System32\drivers\afd.sys - ok
20:41:35.0719 2220  [ 9162B273A44AB9DCE5B44362731D062A ] C:\Windows\System32\drivers\netbt.sys
20:41:35.0719 2220  C:\Windows\System32\drivers\netbt.sys - ok
20:41:35.0734 2220  [ EE992183BD8EAEFD9973F352E587A299 ] C:\Windows\System32\drivers\pacer.sys
20:41:35.0734 2220  C:\Windows\System32\drivers\pacer.sys - ok
20:41:35.0750 2220  [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
20:41:35.0750 2220  C:\Windows\System32\drivers\wfplwf.sys - ok
20:41:35.0766 2220  [ 6A3D66263414FF0D6FA754C646612F3F ] C:\Windows\System32\drivers\vwififlt.sys
20:41:35.0766 2220  C:\Windows\System32\drivers\vwififlt.sys - ok
20:41:35.0766 2220  [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
20:41:35.0766 2220  C:\Windows\System32\drivers\netbios.sys - ok
20:41:35.0781 2220  [ 47CA49400643EFFD3F1C9A27E1D69324 ] C:\Windows\System32\drivers\wanarp.sys
20:41:35.0781 2220  C:\Windows\System32\drivers\wanarp.sys - ok
20:41:35.0797 2220  [ C448651339196C0E869A355171875522 ] C:\Windows\System32\drivers\termdd.sys
20:41:35.0797 2220  C:\Windows\System32\drivers\termdd.sys - ok
20:41:35.0812 2220  [ 3A09F31454DFEFBB124BAF378F90B636 ] C:\Windows\System32\drivers\scdemu.sys
20:41:35.0812 2220  C:\Windows\System32\drivers\scdemu.sys - ok
20:41:35.0828 2220  [ 3BAC8142102C15D59A87757C1D41DCE5 ] C:\Windows\System32\drivers\rdbss.sys
20:41:35.0828 2220  C:\Windows\System32\drivers\rdbss.sys - ok
20:41:35.0828 2220  [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
20:41:35.0844 2220  C:\Windows\System32\drivers\nsiproxy.sys - ok
20:41:35.0844 2220  [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys
20:41:35.0844 2220  C:\Windows\System32\drivers\discache.sys - ok
20:41:35.0859 2220  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
20:41:35.0859 2220  C:\Windows\System32\drivers\mssmbios.sys - ok
20:41:35.0875 2220  [ 4A6173C2279B498CD8F57CAE504564CB ] C:\Windows\System32\drivers\csc.sys
20:41:35.0875 2220  C:\Windows\System32\drivers\csc.sys - ok
20:41:35.0890 2220  [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
20:41:35.0890 2220  C:\Windows\System32\drivers\blbdrive.sys - ok
20:41:35.0906 2220  [ 9C253CE7311CA60FC11C774692A13208 ] C:\Windows\System32\drivers\dfsc.sys
20:41:35.0906 2220  C:\Windows\System32\drivers\dfsc.sys - ok
20:41:35.0922 2220  [ 3836171A2CDF3AF8EF10856DB9835A70 ] C:\Windows\System32\drivers\tunnel.sys
20:41:35.0922 2220  C:\Windows\System32\drivers\tunnel.sys - ok
20:41:35.0937 2220  [ 1E56388B3FE0D031C44144EB8C4D6217 ] C:\Windows\System32\drivers\amdppm.sys
20:41:35.0937 2220  C:\Windows\System32\drivers\amdppm.sys - ok
20:41:35.0937 2220  [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe
20:41:35.0937 2220  C:\Windows\System32\smss.exe - ok
20:41:35.0953 2220  [ F6FF8944478594D0E414D3F048F0D778 ] C:\Windows\System32\drivers\wmiacpi.sys
20:41:35.0953 2220  C:\Windows\System32\drivers\wmiacpi.sys - ok
20:41:35.0968 2220  [ 68DB778AC4FD7896CE2F153353BA15C8 ] C:\Windows\System32\ntdll.dll
20:41:35.0968 2220  C:\Windows\System32\ntdll.dll - ok
20:41:35.0984 2220  [ 890CACABDA80BC1A1668C7FD52D7F867 ] C:\Windows\System32\drivers\atikmpag.sys
20:41:35.0984 2220  C:\Windows\System32\drivers\atikmpag.sys - ok
20:41:36.0000 2220  [ 8B7F8E882A649D81CEA1EDE9BBB68FFF ] C:\Windows\System32\autochk.exe
20:41:36.0000 2220  C:\Windows\System32\autochk.exe - ok
20:41:36.0015 2220  [ 470AB364338024C81B357C2E365AD45E ] C:\Windows\System32\drivers\atikmdag.sys
20:41:36.0015 2220  C:\Windows\System32\drivers\atikmdag.sys - ok
20:41:36.0031 2220  [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
20:41:36.0031 2220  C:\Windows\System32\sechost.dll - ok
20:41:36.0031 2220  [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
20:41:36.0031 2220  C:\Windows\System32\normaliz.dll - ok
20:41:36.0046 2220  [ 1633B9ABF52784A1331476397A48CBEF ] C:\Windows\System32\drivers\dxgkrnl.sys
20:41:36.0046 2220  C:\Windows\System32\drivers\dxgkrnl.sys - ok
20:41:36.0062 2220  [ BD5153969C41F697E23B9A43EF9228CE ] C:\Windows\System32\usp10.dll
20:41:36.0062 2220  C:\Windows\System32\usp10.dll - ok
20:41:36.0078 2220  [ 3238B9078E0766AB5E62DC737A809ADB ] C:\Windows\System32\drivers\dxgmms1.sys
20:41:36.0078 2220  C:\Windows\System32\drivers\dxgmms1.sys - ok
20:41:36.0093 2220  [ 0A49913402747A0B67DE940FB42CBDBB ] C:\Windows\System32\drivers\hdaudbus.sys
20:41:36.0093 2220  C:\Windows\System32\drivers\hdaudbus.sys - ok
20:41:36.0093 2220  [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
20:41:36.0093 2220  C:\Windows\System32\lpk.dll - ok
20:41:36.0109 2220  [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
20:41:36.0109 2220  C:\Windows\System32\imm32.dll - ok
20:41:36.0124 2220  [ AFC12DFA4C7B089673AD67402CA19EDB ] C:\Windows\System32\drivers\Rt64win7.sys
20:41:36.0124 2220  C:\Windows\System32\drivers\Rt64win7.sys - ok
20:41:36.0140 2220  [ 72D7B3EA16946E8F0CF7458150031CC6 ] C:\Windows\System32\user32.dll
20:41:36.0140 2220  C:\Windows\System32\user32.dll - ok
20:41:36.0156 2220  [ E5CBF5F8623BBD1DB7B8148A66F6EBA4 ] C:\Windows\System32\Wldap32.dll
20:41:36.0156 2220  C:\Windows\System32\Wldap32.dll - ok
20:41:36.0171 2220  [ 48C903068B6BDAB5EF650B9CBEE85295 ] C:\Windows\System32\rpcrt4.dll
20:41:36.0171 2220  C:\Windows\System32\rpcrt4.dll - ok
20:41:36.0171 2220  [ 579F6AFC6A6561951FA2202EFC3FE485 ] C:\Windows\System32\msvcrt.dll
20:41:36.0187 2220  C:\Windows\System32\msvcrt.dll - ok
20:41:36.0187 2220  [ 80D6820DDB5427363A9D3F2137441C83 ] C:\Windows\System32\drivers\athrx.sys
20:41:36.0187 2220  C:\Windows\System32\drivers\athrx.sys - ok
20:41:36.0202 2220  [ 7083F463788CB34FCC42F565D56F89E8 ] C:\Windows\System32\ws2_32.dll
20:41:36.0202 2220  C:\Windows\System32\ws2_32.dll - ok
20:41:36.0218 2220  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] C:\Windows\System32\drivers\vwifibus.sys
20:41:36.0218 2220  C:\Windows\System32\drivers\vwifibus.sys - ok
20:41:36.0234 2220  [ E3BC37881D92EB59EE0BA3B854A54D1E ] C:\Windows\System32\kernel32.dll
20:41:36.0234 2220  C:\Windows\System32\kernel32.dll - ok
20:41:36.0249 2220  [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
20:41:36.0249 2220  C:\Windows\System32\msctf.dll - ok
20:41:36.0265 2220  [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
20:41:36.0265 2220  C:\Windows\System32\psapi.dll - ok
20:41:36.0280 2220  [ 5121DB613E10A46A3C5085B479026AA7 ] C:\Windows\System32\wininet.dll
20:41:36.0280 2220  C:\Windows\System32\wininet.dll - ok
20:41:36.0280 2220  [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
20:41:36.0280 2220  C:\Windows\System32\difxapi.dll - ok
20:41:36.0296 2220  [ 48CC125A6AB6C72A13E3D3E9C39AD9D9 ] C:\Windows\System32\shell32.dll
20:41:36.0296 2220  C:\Windows\System32\shell32.dll - ok
20:41:36.0312 2220  [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
20:41:36.0312 2220  C:\Windows\System32\advapi32.dll - ok
20:41:36.0327 2220  [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
20:41:36.0327 2220  C:\Windows\System32\nsi.dll - ok
20:41:36.0343 2220  [ 2A46451EE42BCD2C842D8AA4923FAC16 ] C:\Windows\System32\oleaut32.dll
20:41:36.0343 2220  C:\Windows\System32\oleaut32.dll - ok
20:41:36.0343 2220  [ 15BDC173EB5FA4F92B67D9FFB269A6EA ] C:\Windows\System32\shlwapi.dll
20:41:36.0343 2220  C:\Windows\System32\shlwapi.dll - ok
20:41:36.0358 2220  [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
20:41:36.0358 2220  C:\Windows\System32\clbcatq.dll - ok
20:41:36.0374 2220  [ 6A4EA4C29FBF78112AE20013FB71E9C1 ] C:\Windows\System32\setupapi.dll
20:41:36.0374 2220  C:\Windows\System32\setupapi.dll - ok
20:41:36.0390 2220  [ E1B1255D3A4B3367FE4E9C71E62E3B5A ] C:\Windows\System32\gdi32.dll
20:41:36.0390 2220  C:\Windows\System32\gdi32.dll - ok
20:41:36.0405 2220  [ A0F52880DDD164F968BE903C1FECD27E ] C:\Windows\System32\iertutil.dll
20:41:36.0405 2220  C:\Windows\System32\iertutil.dll - ok
20:41:36.0421 2220  [ F94B8644F3AFE040EC6E1B6FBC9EFAA9 ] C:\Windows\System32\comdlg32.dll
20:41:36.0421 2220  C:\Windows\System32\comdlg32.dll - ok
20:41:36.0436 2220  [ 15A54626213EBF003F7D4C9D8380A656 ] C:\Windows\System32\imagehlp.dll
20:41:36.0436 2220  C:\Windows\System32\imagehlp.dll - ok
20:41:36.0452 2220  [ AC8F79017C5C1FB316930EDEAD0AF517 ] C:\Windows\System32\ole32.dll
20:41:36.0452 2220  C:\Windows\System32\ole32.dll - ok
20:41:36.0452 2220  [ 1DBA462CF92D890D8F8E6472E7E8B4B4 ] C:\Windows\System32\urlmon.dll
20:41:36.0452 2220  C:\Windows\System32\urlmon.dll - ok
20:41:36.0468 2220  [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
20:41:36.0468 2220  C:\Windows\System32\devobj.dll - ok
20:41:36.0483 2220  [ BC052EFAD10ACA1AD69545B629F50D99 ] C:\Windows\System32\comctl32.dll
20:41:36.0483 2220  C:\Windows\System32\comctl32.dll - ok
20:41:36.0499 2220  [ 6657128E165146058C94E33FB497BB50 ] C:\Windows\System32\KernelBase.dll
20:41:36.0499 2220  C:\Windows\System32\KernelBase.dll - ok
20:41:36.0514 2220  [ D05E03C1B2824236531F5E37334B6A8A ] C:\Windows\System32\cfgmgr32.dll
20:41:36.0514 2220  C:\Windows\System32\cfgmgr32.dll - ok
20:41:36.0530 2220  [ 987508ED06FC097E754A91BA8A8AAD0E ] C:\Windows\System32\wintrust.dll
20:41:36.0530 2220  C:\Windows\System32\wintrust.dll - ok
20:41:36.0546 2220  [ D256EB74BF77026FC9A3D7193861C7AD ] C:\Windows\System32\crypt32.dll
20:41:36.0546 2220  C:\Windows\System32\crypt32.dll - ok
20:41:36.0546 2220  [ 98FB7DD3B28A92E3C0E5B4BD9D63EF01 ] C:\Windows\System32\msasn1.dll
20:41:36.0546 2220  C:\Windows\System32\msasn1.dll - ok
20:41:36.0561 2220  [ 321533578132C811EC834A1B741C994C ] C:\Windows\System32\drivers\amdxhc.sys
20:41:36.0561 2220  C:\Windows\System32\drivers\amdxhc.sys - ok
20:41:36.0577 2220  [ 70B5A5A7E0DDD5EBAF6E35B7257A6B9D ] C:\Windows\System32\drivers\usbd.sys
20:41:36.0577 2220  C:\Windows\System32\drivers\usbd.sys - ok
20:41:36.0592 2220  [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
20:41:36.0592 2220  C:\Windows\SysWOW64\normaliz.dll - ok
20:41:36.0592 2220  [ 8E98D21EE06192492A5671A6144D092F ] C:\Windows\System32\drivers\GEARAspiWDM.sys
20:41:36.0608 2220  C:\Windows\System32\drivers\GEARAspiWDM.sys - ok
20:41:36.0608 2220  [ BBF36EB7117F6B976975C9D8D877DF18 ] C:\Windows\System32\drivers\usbport.sys
20:41:36.0608 2220  C:\Windows\System32\drivers\usbport.sys - ok
20:41:36.0624 2220  [ 92969BA5AC44E229C55A332864F79677 ] C:\Windows\System32\drivers\usbehci.sys
20:41:36.0624 2220  C:\Windows\System32\drivers\usbehci.sys - ok
20:41:36.0639 2220  [ F1BB1E55F1E7A65C5839CCC7B36D773E ] C:\Windows\System32\drivers\usbohci.sys
20:41:36.0639 2220  C:\Windows\System32\drivers\usbohci.sys - ok
20:41:36.0655 2220  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] C:\Windows\System32\drivers\i8042prt.sys
20:41:36.0655 2220  C:\Windows\System32\drivers\i8042prt.sys - ok
20:41:36.0670 2220  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
20:41:36.0670 2220  C:\Windows\System32\drivers\kbdclass.sys - ok
20:41:36.0686 2220  [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
20:41:36.0686 2220  C:\Windows\System32\drivers\mouclass.sys - ok
20:41:36.0702 2220  [ 0840155D0BDDF1190F84A663C284BD33 ] C:\Windows\System32\drivers\CmBatt.sys
20:41:36.0702 2220  C:\Windows\System32\drivers\CmBatt.sys - ok
20:41:36.0717 2220  [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
20:41:36.0717 2220  C:\Windows\System32\drivers\agilevpn.sys - ok
20:41:36.0717 2220  [ F26B3A86F6FA87CA360B879581AB4123 ] C:\Windows\System32\drivers\CompositeBus.sys
20:41:36.0717 2220  C:\Windows\System32\drivers\CompositeBus.sys - ok
20:41:36.0733 2220  [ 87A6E852A22991580D6D39ADC4790463 ] C:\Windows\System32\drivers\rasl2tp.sys
20:41:36.0733 2220  C:\Windows\System32\drivers\rasl2tp.sys - ok
20:41:36.0748 2220  [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
20:41:36.0748 2220  C:\Windows\System32\drivers\ndistapi.sys - ok
20:41:36.0764 2220  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] C:\Windows\System32\drivers\ndiswan.sys
20:41:36.0764 2220  C:\Windows\System32\drivers\ndiswan.sys - ok
20:41:36.0780 2220  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
20:41:36.0780 2220  C:\Windows\System32\drivers\raspppoe.sys - ok
20:41:36.0795 2220  [ 27CC19E81BA5E3403C48302127BDA717 ] C:\Windows\System32\drivers\raspptp.sys
20:41:36.0795 2220  C:\Windows\System32\drivers\raspptp.sys - ok
20:41:36.0811 2220  [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
20:41:36.0811 2220  C:\Windows\System32\drivers\rassstp.sys - ok
20:41:36.0811 2220  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] C:\Windows\System32\drivers\rdpbus.sys
20:41:36.0811 2220  C:\Windows\System32\drivers\rdpbus.sys - ok
20:41:36.0826 2220  [ 5C7AF4A20F5BF67042B2E613D123D111 ] C:\Windows\System32\drivers\ks.sys
20:41:36.0826 2220  C:\Windows\System32\drivers\ks.sys - ok
20:41:36.0842 2220  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] C:\Windows\System32\drivers\amdiox64.sys
20:41:36.0842 2220  C:\Windows\System32\drivers\amdiox64.sys - ok
20:41:36.0858 2220  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
20:41:36.0858 2220  C:\Windows\System32\drivers\swenum.sys - ok
20:41:36.0873 2220  [ 1642C62F1FD5E1FF44608283994A7BB8 ] C:\Windows\System32\drivers\ew_jubusenum.sys
20:41:36.0873 2220  C:\Windows\System32\drivers\ew_jubusenum.sys - ok
20:41:36.0873 2220  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] C:\Windows\System32\drivers\umbus.sys
20:41:36.0873 2220  C:\Windows\System32\drivers\umbus.sys - ok
20:41:36.0889 2220  [ 30BFEEE0DFFD5BD79D29157CF080DEED ] C:\Windows\System32\drivers\amdhub30.sys
20:41:36.0889 2220  C:\Windows\System32\drivers\amdhub30.sys - ok
20:41:36.0904 2220  [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] C:\Windows\System32\drivers\usbhub.sys
20:41:36.0904 2220  C:\Windows\System32\drivers\usbhub.sys - ok
20:41:36.0920 2220  [ 659B74FB74B86228D6338D643CD3E3CF ] C:\Windows\System32\drivers\ndproxy.sys
20:41:36.0920 2220  C:\Windows\System32\drivers\ndproxy.sys - ok
20:41:36.0936 2220  [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys
20:41:36.0936 2220  C:\Windows\System32\drivers\drmk.sys - ok
20:41:36.0951 2220  [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys
20:41:36.0951 2220  C:\Windows\System32\drivers\portcls.sys - ok
20:41:36.0967 2220  [ DBB487D09F56C674430AC454FD8BCAB9 ] C:\Windows\System32\drivers\AtihdW76.sys
20:41:36.0967 2220  C:\Windows\System32\drivers\AtihdW76.sys - ok
20:41:36.0982 2220  [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys
20:41:36.0982 2220  C:\Windows\System32\drivers\ksthunk.sys - ok
20:41:36.0998 2220  [ 6410F6F415B2A5A9037224C41DA8BF12 ] C:\Windows\System32\drivers\HdAudio.sys
20:41:36.0998 2220  C:\Windows\System32\drivers\HdAudio.sys - ok
20:41:37.0014 2220  [ 49EE2E52E6CD03947DAD72F65367BE06 ] C:\Windows\System32\drivers\hidparse.sys
20:41:37.0014 2220  C:\Windows\System32\drivers\hidparse.sys - ok
20:41:37.0029 2220  [ 685FEC2407FC121EB937CB658B3C0F35 ] C:\Windows\System32\drivers\hidclass.sys
20:41:37.0029 2220  C:\Windows\System32\drivers\hidclass.sys - ok
20:41:37.0045 2220  [ B3BF6B5B50006DEF50B66306D99FCF6F ] C:\Windows\System32\drivers\hidusb.sys
20:41:37.0045 2220  C:\Windows\System32\drivers\hidusb.sys - ok
20:41:37.0060 2220  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] C:\Windows\System32\drivers\mouhid.sys
20:41:37.0060 2220  C:\Windows\System32\drivers\mouhid.sys - ok
20:41:37.0076 2220  [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
20:41:37.0076 2220  C:\Windows\System32\drivers\dxapi.sys - ok
20:41:37.0092 2220  [ 298CC3E47CB19627639BFA84F424BDD4 ] C:\Windows\System32\win32k.sys
20:41:37.0092 2220  C:\Windows\System32\win32k.sys - ok
20:41:37.0107 2220  [ E730EADB8F176DB06A378435BEB2E823 ] C:\Windows\System32\csrsrv.dll
20:41:37.0107 2220  C:\Windows\System32\csrsrv.dll - ok
20:41:37.0123 2220  [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
20:41:37.0123 2220  C:\Windows\System32\csrss.exe - ok
20:41:37.0138 2220  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
20:41:37.0138 2220  C:\Windows\System32\basesrv.dll - ok
20:41:37.0154 2220  [ C4C551E6AB333C0EB812A3A4672E89DB ] C:\Windows\System32\winsrv.dll
20:41:37.0154 2220  C:\Windows\System32\winsrv.dll - ok
20:41:37.0170 2220  [ F39983647BC1F3E6100778DDFE9DCE29 ] C:\Windows\System32\drivers\USBSTOR.SYS
20:41:37.0170 2220  C:\Windows\System32\drivers\USBSTOR.SYS - ok
20:41:37.0185 2220  [ A0DFB69ADE3444C78B17636FCF28E898 ] C:\Windows\System32\drivers\btwampfl.sys
20:41:37.0185 2220  C:\Windows\System32\drivers\btwampfl.sys - ok
20:41:37.0201 2220  [ D59773C7FDD3D795D6FE402EEEA8D71E ] C:\Windows\System32\drivers\bthport.sys
20:41:37.0201 2220  C:\Windows\System32\drivers\bthport.sys - ok
20:41:37.0216 2220  [ 8504842634DD144C075B6B0C982CCEC4 ] C:\Windows\System32\drivers\BTHUSB.SYS
20:41:37.0216 2220  C:\Windows\System32\drivers\BTHUSB.SYS - ok
20:41:37.0232 2220  [ 7B6A127C93EE590E4D79A5F2A76FE46F ] C:\Windows\System32\drivers\usbccgp.sys
20:41:37.0232 2220  C:\Windows\System32\drivers\usbccgp.sys - ok
20:41:37.0248 2220  [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] C:\Windows\System32\drivers\usbvideo.sys
20:41:37.0248 2220  C:\Windows\System32\drivers\usbvideo.sys - ok
20:41:37.0263 2220  [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys
20:41:37.0263 2220  C:\Windows\System32\drivers\monitor.sys - ok
20:41:37.0279 2220  [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
20:41:37.0279 2220  C:\Windows\System32\tsddd.dll - ok
20:41:37.0294 2220  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
20:41:37.0294 2220  C:\Windows\System32\sxssrv.dll - ok
20:41:37.0310 2220  [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
20:41:37.0310 2220  C:\Windows\System32\wininit.exe - ok
20:41:37.0326 2220  [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
20:41:37.0326 2220  C:\Windows\System32\profapi.dll - ok
20:41:37.0341 2220  [ B9A047D231D32FDF5AF2F281E4326A9D ] C:\Windows\System32\KBDUS.DLL
20:41:37.0341 2220  C:\Windows\System32\KBDUS.DLL - ok
20:41:37.0357 2220  [ F4389DA7DBDA2E7D292D360CF8E400C7 ] C:\Windows\System32\RpcRtRemote.dll
20:41:37.0357 2220  C:\Windows\System32\RpcRtRemote.dll - ok
20:41:37.0372 2220  [ 100BDF2F89D6056CEE900BB6156DA737 ] C:\Windows\System32\cdd.dll
20:41:37.0372 2220  C:\Windows\System32\cdd.dll - ok
20:41:37.0388 2220  [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
20:41:37.0388 2220  C:\Windows\System32\WlS0WndH.dll - ok
20:41:37.0404 2220  [ 456C92A9D8DB51B9938A6234BBC65FC9 ] C:\Windows\System32\sxs.dll
20:41:37.0404 2220  C:\Windows\System32\sxs.dll - ok
20:41:37.0419 2220  [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
20:41:37.0419 2220  C:\Windows\System32\cryptbase.dll - ok
20:41:37.0435 2220  [ 01A465AC251BCCF6037DF2EF28AA4292 ] C:\Windows\System32\apphelp.dll
20:41:37.0435 2220  C:\Windows\System32\apphelp.dll - ok
20:41:37.0450 2220  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
20:41:37.0450 2220  C:\Windows\System32\services.exe - ok
20:41:37.0466 2220  [ 156F6159457D0AA7E59B62681B56EB90 ] C:\Windows\System32\lsass.exe
20:41:37.0466 2220  C:\Windows\System32\lsass.exe - ok
20:41:37.0497 2220  [ 04FCA22B77A2E37332CC8226187AF87B ] C:\Windows\System32\lsm.exe
20:41:37.0497 2220  C:\Windows\System32\lsm.exe - ok
20:41:37.0513 2220  [ 68EA2513CA68AD8F741FF4F5B8D8590C ] C:\Windows\System32\sspisrv.dll
20:41:37.0513 2220  C:\Windows\System32\sspisrv.dll - ok
20:41:37.0528 2220  [ BFA69408620587AFDEC2E8C12CA60492 ] C:\Windows\System32\lsasrv.dll
20:41:37.0528 2220  C:\Windows\System32\lsasrv.dll - ok
20:41:37.0544 2220  [ 1F582C6C84D5243692F9C3E04D0A663F ] C:\Windows\System32\sspicli.dll
20:41:37.0544 2220  C:\Windows\System32\sspicli.dll - ok
20:41:37.0560 2220  [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
20:41:37.0560 2220  C:\Windows\System32\sysntfy.dll - ok
20:41:37.0560 2220  [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
20:41:37.0560 2220  C:\Windows\System32\wmsgapi.dll - ok
20:41:37.0575 2220  [ B160ADAEFC76031D92C4FBAC0918B033 ] C:\Windows\System32\samsrv.dll
20:41:37.0575 2220  C:\Windows\System32\samsrv.dll - ok
20:41:37.0591 2220  [ 941AF3C8B0DE1B359BE22DD3288A8C8E ] C:\Windows\System32\scesrv.dll
20:41:37.0591 2220  C:\Windows\System32\scesrv.dll - ok
20:41:37.0606 2220  [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
20:41:37.0606 2220  C:\Windows\System32\scext.dll - ok
20:41:37.0622 2220  [ 74A0871810BF0F2AA3EB6681E9BECDD3 ] C:\Windows\System32\secur32.dll
20:41:37.0622 2220  C:\Windows\System32\secur32.dll - ok
20:41:37.0638 2220  [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
20:41:37.0638 2220  C:\Windows\System32\cryptdll.dll - ok
20:41:37.0638 2220  [ D23371AB9607651937C7641A38CD52BC ] C:\Windows\System32\srvcli.dll
20:41:37.0638 2220  C:\Windows\System32\srvcli.dll - ok
20:41:37.0653 2220  [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
20:41:37.0653 2220  C:\Windows\System32\wevtapi.dll - ok
20:41:37.0669 2220  [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
20:41:37.0669 2220  C:\Windows\System32\authz.dll - ok
20:41:37.0684 2220  [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
20:41:37.0684 2220  C:\Windows\System32\cngaudit.dll - ok
20:41:37.0700 2220  [ E2D60E901428A72BB47931C938A1ED95 ] C:\Windows\System32\ncrypt.dll
20:41:37.0700 2220  C:\Windows\System32\ncrypt.dll - ok
20:41:37.0716 2220  [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
20:41:37.0716 2220  C:\Windows\System32\bcrypt.dll - ok
20:41:37.0716 2220  [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
20:41:37.0716 2220  C:\Windows\System32\msprivs.dll - ok
20:41:37.0731 2220  [ B561B451320B0B40908A8BFD81705262 ] C:\Windows\System32\netjoin.dll
20:41:37.0731 2220  C:\Windows\System32\netjoin.dll - ok
20:41:37.0747 2220  [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
20:41:37.0747 2220  C:\Windows\System32\negoexts.dll - ok
20:41:37.0762 2220  [ 00B40A10E3DB79E4D3E127B9C2233A6B ] C:\Windows\System32\kerberos.dll
20:41:37.0762 2220  C:\Windows\System32\kerberos.dll - ok
20:41:37.0778 2220  [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
20:41:37.0778 2220  C:\Windows\System32\cryptsp.dll - ok
20:41:37.0794 2220  [ FC76FE3C1E1FDB761244D4F74EF560FD ] C:\Windows\System32\mswsock.dll
20:41:37.0794 2220  C:\Windows\System32\mswsock.dll - ok
20:41:37.0809 2220  [ FA4DB05923DDDEDE3196ABD09AE0F1E9 ] C:\Windows\System32\msv1_0.dll
20:41:37.0809 2220  C:\Windows\System32\msv1_0.dll - ok
20:41:37.0809 2220  [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
20:41:37.0809 2220  C:\Windows\System32\wship6.dll - ok
20:41:37.0825 2220  [ 956D030D375F207B22FB111E06EF9C35 ] C:\Windows\System32\netlogon.dll
20:41:37.0825 2220  C:\Windows\System32\netlogon.dll - ok
20:41:37.0840 2220  [ E247E7DEB20C0CF0801A8AC39E9CE1DF ] C:\Windows\System32\dnsapi.dll
20:41:37.0840 2220  C:\Windows\System32\dnsapi.dll - ok
20:41:37.0856 2220  [ 8CE22E63F08613036DF8C7B00FBDF36B ] C:\Windows\System32\logoncli.dll
20:41:37.0856 2220  C:\Windows\System32\logoncli.dll - ok
20:41:37.0872 2220  [ 90B780886BD813882CB382FF3E90E092 ] C:\Windows\System32\schannel.dll
20:41:37.0872 2220  C:\Windows\System32\schannel.dll - ok
20:41:37.0887 2220  [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
20:41:37.0887 2220  C:\Windows\System32\wdigest.dll - ok
20:41:37.0903 2220  [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
20:41:37.0903 2220  C:\Windows\System32\rsaenh.dll - ok
20:41:37.0918 2220  [ 0DEFD5FBF801DD8F83BC0ED09861A8EC ] C:\Windows\System32\TSpkg.dll
20:41:37.0918 2220  C:\Windows\System32\TSpkg.dll - ok
20:41:37.0934 2220  [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
20:41:37.0934 2220  C:\Windows\System32\pku2u.dll - ok
20:41:37.0950 2220  [ 94AA2DFFF94DF789AAA0081333A6CADA ] C:\Windows\System32\LIVESSP.DLL
20:41:37.0950 2220  C:\Windows\System32\LIVESSP.DLL - ok
20:41:37.0965 2220  [ DA090E97E57DCB48888015B5D3C749CD ] C:\Windows\System32\bcryptprimitives.dll
20:41:37.0965 2220  C:\Windows\System32\bcryptprimitives.dll - ok
20:41:37.0981 2220  [ 9301B8810B2DA4EB6AD55DB75FC1E339 ] C:\Windows\System32\credssp.dll
20:41:37.0981 2220  C:\Windows\System32\credssp.dll - ok
20:41:37.0996 2220  [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
20:41:37.0996 2220  C:\Windows\System32\efslsaext.dll - ok
20:41:38.0012 2220  [ 398712DDDAEFB85EDF61DF6A07B65C79 ] C:\Windows\System32\scecli.dll
20:41:38.0012 2220  C:\Windows\System32\scecli.dll - ok
20:41:38.0012 2220  [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
20:41:38.0012 2220  C:\Windows\System32\ubpm.dll - ok
20:41:38.0028 2220  [ D8C88512BA9544AE1CC2034F50ECFA12 ] C:\Windows\System32\winsta.dll





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users