Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Account hijacked, partly fixed still issues with Msinstaller


  • This topic is locked This topic is locked
21 replies to this topic

#1 GattSandy

GattSandy

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 07 May 2013 - 06:12 AM

Hi guys, hoping we can get some help here. Laptop with 2 accounts, one admin, one standard user started having issues few days ago. The admin account suddenly became somewhat locked with a screen overlay something to do with Australian Federal Police and further down asking for $100 to be unlocked, ctrl-alt-delete would not bring up task manager to start explorer.exe, and often the system would just shutdown when trying to do anything. When logging into the Standard User account this problem didn't occur.

 

So we were stuck with only being able to access standard account, and from there multiple attempts in normals and safe mode did not help, we tried to get MalwareBytes on there but being standard account couldn't install anything. Tried unlocking the admin account via "net user admin /active:yes" only returned an Error 5. So out came the hard drive to plug into another PC and runs some scans, cleaned a few things off then we could finally get into the Admin account. 

 

So now in Admin account we start trying to get some cleanup software on, but everytime we download off the net the pop-up says this "suchandsuch.exe contained a virus and was deleted". This applys to 4 things we tried to download, Java, MalwareBytes, AVG Free and Advanced SystemCare, would probably happen for anything. So I got the install files transferred in and ran everything we could including those, Gmer, combofix (jumping the gun but hey we wanna try rather than sit for 5 days). 

 

So we managed to get rid of the screen hijack but still have issues, i can post some screenshots of the "contained a virus and was deleted" messages if you like. I also saved the logs from Gmer and Combofix.

 

Thanks



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:55 AM

Posted 07 May 2013 - 06:38 AM

Hi GattSandy,

 

Welcome to the forum.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 



#3 GattSandy

GattSandy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 11 May 2013 - 12:21 AM

Hi thanks Farbar, had trouble downloading and initially running that from the problem account, so did it on the second account (which by the way we set to administrator). So we did a scan from it, went back to the main problem account, went through the directory to find the program and ran it from that account also. The attached files are therefore FRST and Addition from the second account, and FRST2 from the problem account at later date.

Attached File  FRST.txt   72.74KB   13 downloadsAttached File  FRST2.txt   50.31KB   16 downloadsAttached File  Addition.txt   20.24KB   8 downloads

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-05-2013 01
Ran by Sandra (administrator) on 11-05-2013 15:06:04
Running from C:\Users\Madison\Documents
Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================

(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TEco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(IncrediMail, Ltd.) C:\Program Files\IncrediMail\Bin\IncMail.exe
(IncrediMail, Ltd.) C:\Program Files\IncrediMail\Bin\ImApp.exe
(AMD) C:\windows\system32\atieclxx.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TEco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\odscanui.exe
(TeamViewer GmbH) c:\program files\teamviewer\version8\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\windows\system32\prevhost.exe
(Farbar) C:\Users\Madison\Documents\FRST (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL [352256 2009-07-10] (TOSHIBA CORPORATION)
HKLM\...\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP [425984 2009-06-03] (TOSHIBA Electronics, Inc.)
HKLM\...\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-14] (TOSHIBA CORPORATION)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [476512 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [55160 2009-03-10] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [460088 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-29] (Realtek Semiconductor)
HKLM\...\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2446648 2009-08-12] (TOSHIBA CORPORATION.)
HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-07-30] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1324384 2009-08-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [611672 2009-08-07] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [466792 2009-08-07] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [29528 2009-08-07] (TOSHIBA Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1821576 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1611784 2013-04-24] (Bitdefender)
HKLM\...\Winlogon: [System]
HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-05-26] (Google Inc.)
HKCU\...\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart [491840 2013-04-18] (IObit)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
URLSearchHook: (No Name) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} -  No File
SearchScopes: HKLM - {23088cf8-eaf8-4bb3-a251-9ba61557ac75} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Z1xdm038YYau&ptb=CD2706A1-19E4-4C0C-B3A0-B071C6DA0207&psa=&ind=2011070900&ptnrS=Z1xdm038YYau&si=CJe_6bTa8akCFcYNHAodhT34rg&st=sb&n=77de81b4&searchfor={searchTerms}
SearchScopes: HKLM - {50c8223c-bc63-44f3-b041-ba45ac812386} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YVxdm004YYau&ptb=DB70AA68-873D-47D7-A1EF-0BC330C827DE&ind=2011091505&ptnrS=YVxdm004YYau&si=translateye&n=77ded231&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {8b0d31e7-0331-43cc-87cd-a472317f1305} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNyyyyyyYYau&ptb=6E8E4EE0-1CC6-4582-BB05-BAF6D9D9E494&psa=&ind=2011030209&ptnrS=ZNyyyyyyYYau&si=&st=sb&n=77dde2c1&searchfor={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
SearchScopes: HKLM - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm016YYau&ptb=886A30D6-176A-4BEA-8D9C-4D9B04C8C114&psa=&ind=2011100119&ptnrS=XPxdm016YYau&si=CI_ynLOhxKsCFUhU4godkEUV2Q&st=sb&n=77def3d7&searchfor={searchTerms}
SearchScopes: HKCU - {23088cf8-eaf8-4bb3-a251-9ba61557ac75} URL =
SearchScopes: HKCU - {50c8223c-bc63-44f3-b041-ba45ac812386} URL =
SearchScopes: HKCU - {732639A2-0DD4-48CF-8EA5-BE44777D139B} URL = http://au.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {8b0d31e7-0331-43cc-87cd-a472317f1305} URL =
SearchScopes: HKCU - {91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} URL = playbryte/search/redirect/?type=default&user_id=ac72beb0-a589-4f5a-a6e0-9638002e6255&query={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
SearchScopes: HKCU - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL =
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://au.search.yahoo.com/search?fr=mcafee&p={searchTerms}
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -  No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\ADVANC~1\BROWER~1\ASCPLU~1.DLL (IObit)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM - No Name - !{8dcb7100-df86-4384-8842-8fa844297b3f} -  No File
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -No Name - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} -  No File
PDF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
PDF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
PDF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
Handler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [65024] (Microsoft Corporation)
Winsock: Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [65024] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

Chrome:
=======
CHR HomePage: hxxp://search.bearshare.net
CHR RestoreOnStartup: "hxxp://search.bearshare.net"
CHR DefaultSearchURL: (McAfee) - http://au.search.yahoo.com/search?fr=mcafee&p={searchTerms}
CHR DefaultSuggestURL: (McAfee) -     "suggest_url": ""
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Madison\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Madison\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\Madison\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.140.8) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U14) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (Entanglement) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0
CHR Extension: (SiteAdvisor) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0
CHR Extension: (Torch Share) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof\1.0.0.3158_0
CHR Extension: (Poppit) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AdvancedSystemCareService6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit)
S4 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-28] (LSI Corporation)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [62688 2013-02-26] (Bitdefender)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-11] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-11] (TOSHIBA CORPORATION)
S3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 RSELSVC; C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe [62832 2009-07-08] (TOSHIBA Corporation)
S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-08-18] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-08-12] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-08-04] (TOSHIBA Corporation)
R3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2009-08-07] (TOSHIBA Corporation)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [55984 2013-02-26] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1345008 2013-04-24] (Bitdefender)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] ()
S2 0214201367900640mcinstcleanup; C:\Users\Sandra\AppData\Local\Temp\021420~1.EXE -cleanup -nolog [x]
S2 RadioRage_4jService; C:\PROGRA~1\RADIOR~2\bar\1.bin\4jbarsvc.exe [x]

==================== Drivers (Whitelisted) ====================

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [633344 2013-04-17] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [486536 2013-04-17] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [78144 2013-02-22] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [90704 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\windows\system32\drivers\bdsandbox.sys [66392 2012-11-12] (BitDefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys [134136 2012-10-02] (BitDefender LLC)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [162976 2012-10-04] (BitDefender LLC)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-03] (COMPAL ELECTRONIC INC.)
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-08-01] (Microsoft Corporation)
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-23] (TOSHIBA Corporation)
R3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [333824 2008-08-22] (Realtek Semiconductor Corporation                           )
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [343456 2012-10-31] (BitDefender S.R.L.)
R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-20] (TOSHIBA Corporation)
S3 catchme; \??\C:\Users\Sandra\AppData\Local\Temp\catchme.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-11 14:48 - 2013-05-11 14:45 - 01314927 ____A (Farbar) C:\Users\Madison\Documents\FRST (1).exe
2013-05-11 14:37 - 2013-05-11 14:37 - 00001095 ____A C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-05-11 14:37 - 2013-05-11 14:37 - 00000000 ____D C:\Program Files\TeamViewer
2013-05-11 14:35 - 2013-05-11 14:19 - 04870608 ____A (TeamViewer GmbH) C:\Users\Madison\Documents\TeamViewer_Setup_en.exe
2013-05-11 14:34 - 2013-05-11 14:34 - 00000000 ____D C:\Users\Madison\AppData\Roaming\Bitdefender
2013-05-11 14:33 - 2013-05-11 14:19 - 04870608 ____A (TeamViewer GmbH) C:\Users\Sandra\Desktop\TeamViewer_Setup_en.exe
2013-05-11 12:43 - 2013-05-11 12:43 - 00000056 ____A C:\Windows\setupact.log
2013-05-11 12:43 - 2013-05-11 12:43 - 00000000 ____A C:\Windows\setuperr.log
2013-05-11 12:42 - 2013-05-11 12:42 - 00000338 ____A C:\Windows\PFRO.log
2013-05-11 12:41 - 2013-05-11 12:41 - 00000000 ____D C:\Windows\System32\config\RCCBakup
2013-05-11 12:17 - 2013-05-11 12:17 - 00001783 ____A C:\Users\Sandra\Desktop\Check PC For Errors.lnk
2013-05-11 12:17 - 2013-05-11 12:17 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\Sammsoft
2013-05-11 12:17 - 2013-05-11 12:17 - 00000000 ____D C:\Program Files\ARO 2013
2013-05-11 08:52 - 2013-05-11 08:52 - 00000000 ____D C:\Users\Sandra\AppData\Local\BearShare
2013-05-09 13:20 - 2013-05-09 13:20 - 00072704 ____A (BitDefender) C:\Windows\System32\Drivers\bdvedisk.sys
2013-05-09 12:56 - 2013-05-09 12:56 - 00000385 ____A C:\Users\Sandra\AppData\Roaminguser_gensett.xml
2013-05-09 06:54 - 2013-05-09 06:54 - 00477245 ____A C:\ProgramData\1368046026.bdinstall.bin
2013-05-09 06:52 - 2013-05-09 06:52 - 00000385 ____A C:\Windows\System32\user_gensett.xml
2013-05-09 06:52 - 2013-05-09 06:52 - 00000308 ___AH C:\bdr-cf01
2013-05-09 06:51 - 2013-05-09 06:51 - 00002097 ____A C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk
2013-05-09 06:51 - 2013-05-09 06:51 - 00002049 ____A C:\Users\Public\Desktop\Bitdefender Safepay.lnk
2013-05-09 06:51 - 2013-05-09 06:51 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_avchv_01009.Wdf
2013-05-09 06:51 - 2013-05-09 06:51 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\Bitdefender
2013-05-09 06:51 - 2013-05-09 06:51 - 00000000 ____D C:\ProgramData\BDLogging
2013-05-09 06:51 - 2013-04-17 14:59 - 00633344 ____A (BitDefender) C:\Windows\System32\Drivers\avc3.sys
2013-05-09 06:51 - 2013-04-17 14:59 - 00486536 ____A (BitDefender) C:\Windows\System32\Drivers\avckf.sys
2013-05-09 06:51 - 2013-02-22 19:46 - 00078144 ____A (BitDefender LLC) C:\Windows\System32\Drivers\BdfNdisf6.sys
2013-05-09 06:51 - 2012-11-12 18:11 - 00066392 ____A (BitDefender SRL) C:\Windows\System32\Drivers\bdsandbox.sys
2013-05-09 06:51 - 2012-11-02 14:17 - 00242504 ____A (BitDefender) C:\Windows\System32\Drivers\avchv.sys
2013-05-09 06:51 - 2007-04-11 11:11 - 00511328 ____A (Microsoft Corporation) C:\Windows\capicom.dll
2013-05-09 06:50 - 2013-05-09 06:52 - 00253404 ___AH C:\bdr-ld01
2013-05-09 06:50 - 2013-05-09 06:52 - 00009216 ___AH C:\bdr-ld01.mbr
2013-05-09 06:50 - 2013-05-09 06:52 - 00000000 ____D C:\ProgramData\Bitdefender
2013-05-09 06:50 - 2012-12-12 17:38 - 36573121 ___AH C:\bdr-im01.gz
2013-05-09 06:50 - 2012-08-15 15:28 - 02294848 ___AH C:\bdr-bz01
2013-05-09 06:49 - 2013-05-09 06:49 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\QuickScan
2013-05-09 06:47 - 2013-05-09 06:47 - 00000000 ____D C:\Program Files\Bitdefender
2013-05-09 06:47 - 2012-10-31 13:13 - 00343456 ____A (BitDefender S.R.L.) C:\Windows\System32\Drivers\trufos.sys
2013-05-09 06:47 - 2012-10-04 14:30 - 00162976 ____A (BitDefender LLC) C:\Windows\System32\Drivers\gzflt.sys
2013-05-09 06:42 - 2013-05-09 06:43 - 00000000 ____D C:\Users\Sandra\AppData\Local\Avg2013
2013-05-09 06:39 - 2013-05-09 06:47 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-05-08 15:24 - 2013-05-08 15:26 - 00000000 ____D C:\Users\Sandra\Desktop\RK_Quarantine
2013-05-08 15:21 - 2013-05-08 15:21 - 00001118 ____A C:\AdwCleaner[S2].txt
2013-05-08 15:20 - 2013-05-08 15:20 - 00001057 ____A C:\AdwCleaner[R3].txt
2013-05-08 14:45 - 2013-05-08 14:45 - 00010690 ____A C:\AdwCleaner[S1].txt
2013-05-08 14:44 - 2013-05-08 14:44 - 00012074 ____A C:\AdwCleaner[R2].txt
2013-05-08 14:43 - 2013-05-08 14:43 - 00012013 ____A C:\AdwCleaner[R1].txt
2013-05-08 14:39 - 2013-05-08 14:39 - 00000000 ____A C:\Windows\ToDisc.INI
2013-05-08 11:39 - 2013-05-08 11:39 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\DriverCure
2013-05-08 10:30 - 2013-05-08 11:36 - 00000000 ____D C:\Windows\D8167CA8236B4334B77DF388F494EE18.TMP
2013-05-08 10:30 - 2013-05-08 10:30 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-05-08 09:29 - 2013-05-08 09:29 - 00000000 ____D C:\FRST
2013-05-08 01:26 - 2013-05-08 01:26 - 00000000 ____D C:\Users\Sandra\AppData\Local\{9604DA9E-A1E6-40D3-A4AC-7480FD41BBA6}
2013-05-08 00:47 - 2013-05-08 00:47 - 00666528 ____A C:\Users\Madison\Downloads\(no subject) - willgoodwin55@gmail.com - Gmail.htm
2013-05-08 00:47 - 2013-05-08 00:47 - 00000000 ____D C:\Users\Madison\Downloads\(no subject) - willgoodwin55@gmail.com - Gmail_files
2013-05-08 00:41 - 2013-05-08 00:41 - 00000000 ____D C:\Users\Madison\AppData\Local\{77945662-69A2-4F50-B0FD-B35CF3AD3F30}
2013-05-08 00:39 - 2013-05-08 00:39 - 00000000 ____D C:\Users\Madison\AppData\Roaming\IObit
2013-05-07 22:00 - 2013-05-07 22:00 - 00000000 ____D C:\Program Files\ESET
2013-05-07 20:18 - 2013-05-05 10:32 - 04446832 ____A (AVG Technologies) C:\Users\Sandra\Desktop\avg_free_stb_all_2013_3272_cnet.exe
2013-05-07 20:18 - 2013-05-05 10:32 - 00000000 ____A C:\Users\Madison\Desktop\avg_free_stb_all_2013_3272_cnet.exe
2013-05-07 20:13 - 2013-05-11 15:06 - 00000000 ____D C:\Users\Sandra\Desktop\Virus folder
2013-05-07 17:00 - 2013-05-07 17:00 - 04916224 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-05-07 17:00 - 2013-05-07 17:00 - 02739712 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2013-05-07 17:00 - 2013-05-07 17:00 - 01048064 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-05-07 17:00 - 2013-05-07 17:00 - 00317440 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2013-05-07 17:00 - 2013-05-07 17:00 - 00269312 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-05-07 17:00 - 2013-05-07 17:00 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2013-05-07 17:00 - 2013-05-07 17:00 - 00192000 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2013-05-07 17:00 - 2013-05-07 17:00 - 00056320 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2013-05-07 17:00 - 2013-05-07 17:00 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2013-05-07 17:00 - 2013-05-07 17:00 - 00046592 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2013-05-07 17:00 - 2013-05-07 17:00 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-05-07 17:00 - 2013-05-07 17:00 - 00032768 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-05-07 17:00 - 2013-05-07 17:00 - 00016896 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2013-05-07 17:00 - 2013-05-07 17:00 - 00014848 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2013-05-07 17:00 - 2013-05-07 17:00 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-05-07 17:00 - 2013-05-07 17:00 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-05-07 17:00 - 2013-05-07 17:00 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-05-07 16:57 - 2013-05-07 16:57 - 01039360 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-05-07 16:57 - 2013-05-07 16:57 - 00369856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-05-07 16:57 - 2013-05-07 16:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-05-07 16:57 - 2013-05-07 16:57 - 00136560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-05-07 16:55 - 2013-05-07 16:55 - 00514560 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2013-05-07 16:44 - 2013-05-08 11:56 - 58372096 ____A C:\Windows\System32\config\SOFTWARE.iobit
2013-05-07 16:44 - 2013-05-08 11:56 - 00262144 ____A C:\Windows\System32\config\DEFAULT.iobit
2013-05-07 16:44 - 2013-05-08 11:56 - 00176128 ____A C:\Windows\System32\config\SAM.iobit
2013-05-07 16:44 - 2013-05-08 11:56 - 00032768 ____A C:\Windows\System32\config\SECURITY.iobit
2013-05-07 16:29 - 2013-05-07 16:29 - 00000000 ____D C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-05-07 16:28 - 2013-05-07 16:32 - 00000000 ____D C:\ProgramData\IObit
2013-05-07 16:28 - 2013-05-07 16:29 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\IObit
2013-05-07 16:28 - 2013-05-07 16:28 - 00001154 ____A C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
2013-05-07 16:28 - 2013-05-07 16:28 - 00000000 ____D C:\Program Files\IObit
2013-05-07 14:20 - 2013-05-07 14:20 - 00001042 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-07 14:20 - 2013-05-07 14:20 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-05-07 14:20 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-05-07 13:45 - 2011-06-26 16:45 - 00256000 ____A C:\Windows\PEV.exe
2013-05-07 13:45 - 2010-11-08 03:20 - 00208896 ____A C:\Windows\MBR.exe
2013-05-07 13:45 - 2009-04-20 14:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-05-07 13:45 - 2000-08-31 10:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-05-07 13:45 - 2000-08-31 10:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-05-07 13:45 - 2000-08-31 10:00 - 00098816 ____A C:\Windows\sed.exe
2013-05-07 13:45 - 2000-08-31 10:00 - 00080412 ____A C:\Windows\grep.exe
2013-05-07 13:45 - 2000-08-31 10:00 - 00068096 ____A C:\Windows\zip.exe
2013-05-07 13:41 - 2013-05-07 14:11 - 00000000 ____D C:\Windows\ERDNT
2013-05-07 13:41 - 2013-05-07 13:42 - 05067710 ____R (Swearware) C:\Users\Madison\Desktop\ComboFix.exe
2013-05-07 13:29 - 2013-05-07 17:13 - 00000000 ____D C:\Qoobox
2013-05-07 12:37 - 2013-05-07 12:37 - 00000000 ____D C:\Users\Madison\AppData\Local\{83112296-3541-4479-BE05-D8997B07B43C}
2013-05-07 12:23 - 2013-05-07 12:23 - 00000000 ____D C:\Users\Madison\AppData\Local\{749F9649-E37E-439D-9A49-F225D8E837AD}
2013-05-06 19:09 - 2013-05-06 19:09 - 00000000 ____D C:\Users\Madison\AppData\Local\{FDF542CF-2867-4F95-BAD0-6AB2C5E2E5A1}
2013-05-06 15:19 - 2013-05-06 15:19 - 00000000 __SHD C:\$$PendingFiles
2013-05-05 19:28 - 2013-05-05 19:28 - 00001428 ____A C:\Users\Madison\Desktop\Internet Explorer.lnk
2013-05-05 18:43 - 2013-05-05 18:43 - 00000000 ____D C:\Users\Madison\AppData\Local\{1CDB5218-A2BD-4E7D-AE2E-8D2182D4A380}
2013-05-05 14:46 - 2013-05-06 19:07 - 00000004 ____A C:\Users\Sandra\AppData\Roaming\skype.ini
2013-05-05 14:42 - 2013-05-05 14:49 - 00000000 ____D C:\ProgramData\E6F455D760B4B9FD0000E6F36EE9BFCB
2013-05-05 14:27 - 2013-05-05 14:27 - 00000000 ____D C:\Users\Sandra\AppData\Local\{2F1EBEBA-9B06-4377-AC0D-87B2678D3D82}
2013-05-04 22:11 - 2013-05-04 22:11 - 00000000 ____D C:\Users\Madison\AppData\Local\{1BD2003F-E29C-4CDB-B55B-5B59E61300F6}
2013-04-29 04:48 - 2013-04-29 04:48 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\dvdcss
2013-04-24 05:17 - 2013-04-12 23:45 - 01211752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-21 18:46 - 2013-04-21 18:46 - 00000000 ____D C:\Users\Sandra\AppData\Local\{88C97AF3-A758-40B5-AD8B-231929C97BA2}
2013-04-20 05:01 - 2013-04-20 05:02 - 00000000 ____D C:\Users\Madison\AppData\Local\{691F5D3A-A260-4C4D-AF80-692BB72D76A4}
2013-04-17 06:50 - 2013-04-17 06:50 - 00000000 ____D C:\Users\Sandra\AppData\Local\{A014EAD2-3BE3-4442-AF67-564F7DCEC96F}
2013-04-16 14:07 - 2013-04-16 14:07 - 00000000 ____D C:\Users\Madison\AppData\Local\{AC59F80B-D584-4ADD-AD3F-06B3C2A30EBF}
2013-04-13 07:45 - 2013-04-13 07:45 - 00000000 ____D C:\ProgramData\1D53
2013-04-11 05:17 - 2013-02-22 14:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-11 05:17 - 2013-02-22 13:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-11 05:17 - 2013-02-22 13:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-11 05:17 - 2013-02-22 13:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-11 05:17 - 2013-02-22 13:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-11 05:17 - 2013-02-22 13:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-11 05:17 - 2013-02-22 13:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-11 05:17 - 2013-02-22 13:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-11 05:17 - 2013-02-22 13:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-11 05:17 - 2013-02-22 13:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-11 05:17 - 2013-02-22 13:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-11 05:17 - 2013-02-22 13:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-11 05:17 - 2013-02-22 13:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-11 05:17 - 2013-02-22 13:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-11 05:17 - 2013-02-22 13:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-11 05:17 - 2013-02-22 13:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

==================== One Month Modified Files and Folders ========

2013-05-11 15:06 - 2013-05-07 20:13 - 00000000 ____D C:\Users\Sandra\Desktop\Virus folder
2013-05-11 14:54 - 2010-07-08 18:19 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-11 14:53 - 2012-09-06 08:30 - 00000340 ____A C:\Windows\Tasks\HP Photo Creations Communicator.job
2013-05-11 14:53 - 2009-07-14 14:52 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-05-11 14:52 - 2009-08-21 17:07 - 00867028 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-11 14:48 - 2012-06-15 23:16 - 00000936 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2185555844-1417842684-1531017658-1005UA.job
2013-05-11 14:46 - 2010-04-22 19:08 - 01510127 ____A C:\Windows\WindowsUpdate.log
2013-05-11 14:45 - 2013-05-11 14:48 - 01314927 ____A (Farbar) C:\Users\Madison\Documents\FRST (1).exe
2013-05-11 14:37 - 2013-05-11 14:37 - 00001095 ____A C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-05-11 14:37 - 2013-05-11 14:37 - 00000000 ____D C:\Program Files\TeamViewer
2013-05-11 14:34 - 2013-05-11 14:34 - 00000000 ____D C:\Users\Madison\AppData\Roaming\Bitdefender
2013-05-11 14:34 - 2010-07-08 18:19 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-11 14:19 - 2013-05-11 14:35 - 04870608 ____A (TeamViewer GmbH) C:\Users\Madison\Documents\TeamViewer_Setup_en.exe
2013-05-11 14:19 - 2013-05-11 14:33 - 04870608 ____A (TeamViewer GmbH) C:\Users\Sandra\Desktop\TeamViewer_Setup_en.exe
2013-05-11 14:09 - 2012-04-04 18:21 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-11 13:55 - 2009-07-14 14:34 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-11 13:55 - 2009-07-14 14:34 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-11 12:43 - 2013-05-11 12:43 - 00000056 ____A C:\Windows\setupact.log
2013-05-11 12:43 - 2013-05-11 12:43 - 00000000 ____A C:\Windows\setuperr.log
2013-05-11 12:43 - 2010-07-02 15:56 - 00000000 ____D C:\users\Sandra
2013-05-11 12:43 - 2009-07-14 14:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-11 12:42 - 2013-05-11 12:42 - 00000338 ____A C:\Windows\PFRO.log
2013-05-11 12:41 - 2013-05-11 12:41 - 00000000 ____D C:\Windows\System32\config\RCCBakup
2013-05-11 12:40 - 2009-08-22 09:07 - 00000000 ____D C:\Windows\Panther
2013-05-11 12:40 - 2009-07-14 12:37 - 00000000 ____D C:\Windows\System32\Msdtc
2013-05-11 12:17 - 2013-05-11 12:17 - 00001783 ____A C:\Users\Sandra\Desktop\Check PC For Errors.lnk
2013-05-11 12:17 - 2013-05-11 12:17 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\Sammsoft
2013-05-11 12:17 - 2013-05-11 12:17 - 00000000 ____D C:\Program Files\ARO 2013
2013-05-11 08:52 - 2013-05-11 08:52 - 00000000 ____D C:\Users\Sandra\AppData\Local\BearShare
2013-05-11 08:48 - 2012-06-15 23:15 - 00000914 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2185555844-1417842684-1531017658-1005Core.job
2013-05-09 13:20 - 2013-05-09 13:20 - 00072704 ____A (BitDefender) C:\Windows\System32\Drivers\bdvedisk.sys
2013-05-09 12:56 - 2013-05-09 12:56 - 00000385 ____A C:\Users\Sandra\AppData\Roaminguser_gensett.xml
2013-05-09 06:54 - 2013-05-09 06:54 - 00477245 ____A C:\ProgramData\1368046026.bdinstall.bin
2013-05-09 06:52 - 2013-05-09 06:52 - 00000385 ____A C:\Windows\System32\user_gensett.xml
2013-05-09 06:52 - 2013-05-09 06:52 - 00000308 ___AH C:\bdr-cf01
2013-05-09 06:52 - 2013-05-09 06:50 - 00253404 ___AH C:\bdr-ld01
2013-05-09 06:52 - 2013-05-09 06:50 - 00009216 ___AH C:\bdr-ld01.mbr
2013-05-09 06:52 - 2013-05-09 06:50 - 00000000 ____D C:\ProgramData\Bitdefender
2013-05-09 06:51 - 2013-05-09 06:51 - 00002097 ____A C:\Users\Public\Desktop\Bitdefender Internet Security 2013.lnk
2013-05-09 06:51 - 2013-05-09 06:51 - 00002049 ____A C:\Users\Public\Desktop\Bitdefender Safepay.lnk
2013-05-09 06:51 - 2013-05-09 06:51 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_avchv_01009.Wdf
2013-05-09 06:51 - 2013-05-09 06:51 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\Bitdefender
2013-05-09 06:51 - 2013-05-09 06:51 - 00000000 ____D C:\ProgramData\BDLogging
2013-05-09 06:51 - 2009-07-14 12:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-05-09 06:49 - 2013-05-09 06:49 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\QuickScan
2013-05-09 06:47 - 2013-05-09 06:47 - 00000000 ____D C:\Program Files\Bitdefender
2013-05-09 06:47 - 2013-05-09 06:39 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-05-09 06:43 - 2013-05-09 06:42 - 00000000 ____D C:\Users\Sandra\AppData\Local\Avg2013
2013-05-09 06:43 - 2011-06-26 10:13 - 00000000 ____D C:\ProgramData\MFAData
2013-05-08 15:26 - 2013-05-08 15:24 - 00000000 ____D C:\Users\Sandra\Desktop\RK_Quarantine
2013-05-08 15:21 - 2013-05-08 15:21 - 00001118 ____A C:\AdwCleaner[S2].txt
2013-05-08 15:20 - 2013-05-08 15:20 - 00001057 ____A C:\AdwCleaner[R3].txt
2013-05-08 14:45 - 2013-05-08 14:45 - 00010690 ____A C:\AdwCleaner[S1].txt
2013-05-08 14:44 - 2013-05-08 14:44 - 00012074 ____A C:\AdwCleaner[R2].txt
2013-05-08 14:43 - 2013-05-08 14:43 - 00012013 ____A C:\AdwCleaner[R1].txt
2013-05-08 14:39 - 2013-05-08 14:39 - 00000000 ____A C:\Windows\ToDisc.INI
2013-05-08 11:58 - 2012-06-19 17:52 - 00000000 ____D C:\Users\Sandra\Documents\SelfMV
2013-05-08 11:58 - 2012-04-01 14:35 - 00000000 ____D C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2013-05-08 11:58 - 2011-11-14 11:29 - 00000000 ____D C:\Users\Madison\AppData\Roaming\IMVU
2013-05-08 11:58 - 2011-08-10 22:36 - 00000000 ____D C:\Users\Sandra\AppData\Local\JetBingo
2013-05-08 11:58 - 2011-07-10 16:19 - 00000000 ____D C:\Users\Madison\AppData\Roaming\TeamViewer
2013-05-08 11:58 - 2011-05-12 15:37 - 00000000 ____D C:\Users\Sandra\AppData\Local\CrashDumps
2013-05-08 11:58 - 2011-02-17 14:49 - 00000000 ____D C:\Users\Sandra\AppData\Local\Windows Live Writer
2013-05-08 11:58 - 2010-10-15 18:09 - 00000000 ____D C:\Users\Madison\AppData\Local\Windows Live Writer
2013-05-08 11:58 - 2010-09-14 17:18 - 00000000 ____D C:\Users\Madison\AppData\Local\CrashDumps
2013-05-08 11:58 - 2009-07-14 12:37 - 00000000 __RHD C:\users\Default
2013-05-08 11:56 - 2013-05-07 16:44 - 58372096 ____A C:\Windows\System32\config\SOFTWARE.iobit
2013-05-08 11:56 - 2013-05-07 16:44 - 00262144 ____A C:\Windows\System32\config\DEFAULT.iobit
2013-05-08 11:56 - 2013-05-07 16:44 - 00176128 ____A C:\Windows\System32\config\SAM.iobit
2013-05-08 11:56 - 2013-05-07 16:44 - 00032768 ____A C:\Windows\System32\config\SECURITY.iobit
2013-05-08 11:39 - 2013-05-08 11:39 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\DriverCure
2013-05-08 11:36 - 2013-05-08 10:30 - 00000000 ____D C:\Windows\D8167CA8236B4334B77DF388F494EE18.TMP
2013-05-08 10:30 - 2013-05-08 10:30 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-05-08 10:27 - 2010-04-22 20:17 - 00000000 ____D C:\ProgramData\Norton
2013-05-08 10:23 - 2009-07-14 14:52 - 00000000 ____D C:\Windows\twain_32
2013-05-08 10:19 - 2009-07-14 14:53 - 00032586 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-08 09:29 - 2013-05-08 09:29 - 00000000 ____D C:\FRST
2013-05-08 01:26 - 2013-05-08 01:26 - 00000000 ____D C:\Users\Sandra\AppData\Local\{9604DA9E-A1E6-40D3-A4AC-7480FD41BBA6}
2013-05-08 01:25 - 2010-07-05 20:32 - 00000000 ____D C:\users\Madison
2013-05-08 00:47 - 2013-05-08 00:47 - 00666528 ____A C:\Users\Madison\Downloads\(no subject) - willgoodwin55@gmail.com - Gmail.htm
2013-05-08 00:47 - 2013-05-08 00:47 - 00000000 ____D C:\Users\Madison\Downloads\(no subject) - willgoodwin55@gmail.com - Gmail_files
2013-05-08 00:45 - 2012-04-01 14:42 - 00000000 ____D C:\Windows\pss
2013-05-08 00:41 - 2013-05-08 00:41 - 00000000 ____D C:\Users\Madison\AppData\Local\{77945662-69A2-4F50-B0FD-B35CF3AD3F30}
2013-05-08 00:41 - 2010-07-05 20:32 - 00001236 _RASH C:\Users\Madison\ntuser.pol
2013-05-08 00:39 - 2013-05-08 00:39 - 00000000 ____D C:\Users\Madison\AppData\Roaming\IObit
2013-05-07 23:06 - 2011-12-19 22:15 - 00003820 ____A C:\Users\Sandra\Documents\rob.txt
2013-05-07 22:00 - 2013-05-07 22:00 - 00000000 ____D C:\Program Files\ESET
2013-05-07 19:06 - 2009-07-14 12:37 - 00000000 ____D C:\Windows\rescache
2013-05-07 17:13 - 2013-05-07 13:29 - 00000000 ____D C:\Qoobox
2013-05-07 17:00 - 2013-05-07 17:00 - 04916224 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-05-07 17:00 - 2013-05-07 17:00 - 02739712 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2013-05-07 17:00 - 2013-05-07 17:00 - 01048064 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-05-07 17:00 - 2013-05-07 17:00 - 00317440 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2013-05-07 17:00 - 2013-05-07 17:00 - 00269312 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-05-07 17:00 - 2013-05-07 17:00 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2013-05-07 17:00 - 2013-05-07 17:00 - 00192000 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2013-05-07 17:00 - 2013-05-07 17:00 - 00056320 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2013-05-07 17:00 - 2013-05-07 17:00 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2013-05-07 17:00 - 2013-05-07 17:00 - 00046592 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2013-05-07 17:00 - 2013-05-07 17:00 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-05-07 17:00 - 2013-05-07 17:00 - 00032768 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-05-07 17:00 - 2013-05-07 17:00 - 00016896 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2013-05-07 17:00 - 2013-05-07 17:00 - 00014848 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2013-05-07 17:00 - 2013-05-07 17:00 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-05-07 17:00 - 2013-05-07 17:00 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-05-07 17:00 - 2013-05-07 17:00 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-05-07 16:57 - 2013-05-07 16:57 - 01039360 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-05-07 16:57 - 2013-05-07 16:57 - 00369856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-05-07 16:57 - 2013-05-07 16:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-05-07 16:57 - 2013-05-07 16:57 - 00136560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-05-07 16:55 - 2013-05-07 16:55 - 00514560 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2013-05-07 16:50 - 2011-03-05 21:01 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\Skype
2013-05-07 16:32 - 2013-05-07 16:28 - 00000000 ____D C:\ProgramData\IObit
2013-05-07 16:29 - 2013-05-07 16:29 - 00000000 ____D C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-05-07 16:29 - 2013-05-07 16:28 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\IObit
2013-05-07 16:28 - 2013-05-07 16:28 - 00001154 ____A C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
2013-05-07 16:28 - 2013-05-07 16:28 - 00000000 ____D C:\Program Files\IObit
2013-05-07 16:28 - 2012-01-18 10:49 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\Apple Computer
2013-05-07 14:20 - 2013-05-07 14:20 - 00001042 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-07 14:20 - 2013-05-07 14:20 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-05-07 14:12 - 2009-07-14 12:37 - 00000000 ___RD C:\users\Public
2013-05-07 14:11 - 2013-05-07 13:41 - 00000000 ____D C:\Windows\ERDNT
2013-05-07 14:05 - 2009-07-14 12:04 - 00000215 ____A C:\Windows\system.ini
2013-05-07 14:02 - 2009-07-14 12:03 - 58720256 ____A C:\Windows\System32\config\SOFTWARE.bak
2013-05-07 14:02 - 2009-07-14 12:03 - 16252928 ____A C:\Windows\System32\config\SYSTEM.bak
2013-05-07 14:02 - 2009-07-14 12:03 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2013-05-07 14:02 - 2009-07-14 12:03 - 00262144 ____A C:\Windows\System32\config\SAM.bak
2013-05-07 14:02 - 2009-07-14 12:03 - 00262144 ____A C:\Windows\System32\config\DEFAULT.bak
2013-05-07 13:42 - 2013-05-07 13:41 - 05067710 ____R (Swearware) C:\Users\Madison\Desktop\ComboFix.exe
2013-05-07 13:08 - 2010-07-05 14:35 - 00000000 ____D C:\Users\Sandra\AppData\Local\Google
2013-05-07 13:07 - 2013-03-29 07:42 - 00002227 ____A C:\Users\Sandra\Desktop\Torch.lnk
2013-05-07 13:07 - 2013-03-29 07:41 - 00000000 ____D C:\Users\Sandra\AppData\Local\Torch
2013-05-07 12:37 - 2013-05-07 12:37 - 00000000 ____D C:\Users\Madison\AppData\Local\{83112296-3541-4479-BE05-D8997B07B43C}
2013-05-07 12:23 - 2013-05-07 12:23 - 00000000 ____D C:\Users\Madison\AppData\Local\{749F9649-E37E-439D-9A49-F225D8E837AD}
2013-05-06 19:09 - 2013-05-06 19:09 - 00000000 ____D C:\Users\Madison\AppData\Local\{FDF542CF-2867-4F95-BAD0-6AB2C5E2E5A1}
2013-05-06 19:07 - 2013-05-05 14:46 - 00000004 ____A C:\Users\Sandra\AppData\Roaming\skype.ini
2013-05-06 15:19 - 2013-05-06 15:19 - 00000000 __SHD C:\$$PendingFiles
2013-05-05 19:28 - 2013-05-05 19:28 - 00001428 ____A C:\Users\Madison\Desktop\Internet Explorer.lnk
2013-05-05 19:09 - 2010-08-12 20:23 - 00000000 ____D C:\Users\Madison\AppData\Roaming\vlc
2013-05-05 18:43 - 2013-05-05 18:43 - 00000000 ____D C:\Users\Madison\AppData\Local\{1CDB5218-A2BD-4E7D-AE2E-8D2182D4A380}
2013-05-05 14:49 - 2013-05-05 14:42 - 00000000 ____D C:\ProgramData\E6F455D760B4B9FD0000E6F36EE9BFCB
2013-05-05 14:27 - 2013-05-05 14:27 - 00000000 ____D C:\Users\Sandra\AppData\Local\{2F1EBEBA-9B06-4377-AC0D-87B2678D3D82}
2013-05-05 10:32 - 2013-05-07 20:18 - 04446832 ____A (AVG Technologies) C:\Users\Sandra\Desktop\avg_free_stb_all_2013_3272_cnet.exe
2013-05-05 10:32 - 2013-05-07 20:18 - 00000000 ____A C:\Users\Madison\Desktop\avg_free_stb_all_2013_3272_cnet.exe
2013-05-04 22:11 - 2013-05-04 22:11 - 00000000 ____D C:\Users\Madison\AppData\Local\{1BD2003F-E29C-4CDB-B55B-5B59E61300F6}
2013-04-29 04:48 - 2013-04-29 04:48 - 00000000 ____D C:\Users\Sandra\AppData\Roaming\dvdcss
2013-04-21 18:46 - 2013-04-21 18:46 - 00000000 ____D C:\Users\Sandra\AppData\Local\{88C97AF3-A758-40B5-AD8B-231929C97BA2}
2013-04-20 05:02 - 2013-04-20 05:01 - 00000000 ____D C:\Users\Madison\AppData\Local\{691F5D3A-A260-4C4D-AF80-692BB72D76A4}
2013-04-17 14:59 - 2013-05-09 06:51 - 00633344 ____A (BitDefender) C:\Windows\System32\Drivers\avc3.sys
2013-04-17 14:59 - 2013-05-09 06:51 - 00486536 ____A (BitDefender) C:\Windows\System32\Drivers\avckf.sys
2013-04-17 06:50 - 2013-04-17 06:50 - 00000000 ____D C:\Users\Sandra\AppData\Local\{A014EAD2-3BE3-4442-AF67-564F7DCEC96F}
2013-04-16 14:07 - 2013-04-16 14:07 - 00000000 ____D C:\Users\Madison\AppData\Local\{AC59F80B-D584-4ADD-AD3F-06B3C2A30EBF}
2013-04-13 20:07 - 2009-08-21 16:35 - 00000000 ____D C:\ProgramData\Adobe
2013-04-13 19:37 - 2012-04-04 18:21 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-04-13 19:37 - 2011-05-18 20:16 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-04-13 07:45 - 2013-04-13 07:45 - 00000000 ____D C:\ProgramData\1D53
2013-04-12 23:45 - 2013-04-24 05:17 - 01211752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-11 06:01 - 2009-07-14 14:33 - 00445400 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-11 05:50 - 2011-03-05 21:03 - 00002100 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-04-11 05:19 - 2010-04-22 19:58 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-04-11 05:13 - 2011-05-16 16:19 - 70490256 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

Other Malware:
===========
C:\Users\Sandra\AppData\Roaming\skype.ini
C:\Users\Sandra\Application Data\skype.ini
C:\ProgramData\ezsidmv.dat

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

Last Boot: 2013-05-07 18:40

==================== End Of Log ============================


Edited by Farbar, 12 May 2013 - 09:31 AM.
Opened the log


#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:55 AM

Posted 11 May 2013 - 03:16 AM

It doesn't matter from which account you do this one.

 

Please run FRST.
Type the following in the edit box after "Search:".

mpsvc.dll

Click Search File(s) button and post the log it makes (Search.txt) to your reply.



#5 GattSandy

GattSandy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 11 May 2013 - 04:29 AM

Thanks

 

Farbar Recovery Scan Tool (x86) Version: 10-05-2013 01
Ran by Sandra at 2013-05-11 19:24:41
Running from C:\Users\Sandra\Desktop
Boot Mode: Normal

================== Search: "mpsvc.dll" ===================

C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MpSvc.dll
[2009-07-14 09:37] - [2009-07-14 11:15] - 0680960 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpSvc.dll
[2009-07-14 09:37] - [2009-07-14 11:15] - 0680960 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Program Files\Windows Defender\MpSvc.dll
[2009-07-14 09:37] - [2009-07-14 11:15] - 0680960 ____A () D41D8CD98F00B204E9800998ECF8427E

=== End Of Search ===


Edited by Farbar, 11 May 2013 - 04:41 AM.


#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:55 AM

Posted 11 May 2013 - 04:51 AM

Please copy and paste the logs unless otherwise requested. Thank you.
 

The fix should be run from the problem account.

 

  1. Please delete your copy of FRST and download the latest  Farbar Recovery Scan Tool
    Note that you can download FRST to a flash drive and run it from there. It doesn't matter where FRST is saved.
     
  2. Please uninstall Advances System Care 6.
     
  3. Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Attached Files



#7 GattSandy

GattSandy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 12 May 2013 - 03:08 AM

As requested:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-05-2013 01
Ran by Sandra at 2013-05-12 18:06:43 Run:1
Running from C:\Users\Sandra\Desktop
Boot Mode: Normal

==============================================

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\swg => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 6 => Value not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} => Value deleted successfully.
HKCR\CLSID\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{23088cf8-eaf8-4bb3-a251-9ba61557ac75} => Key deleted successfully.
HKCR\CLSID\{23088cf8-eaf8-4bb3-a251-9ba61557ac75} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{50c8223c-bc63-44f3-b041-ba45ac812386} => Key deleted successfully.
HKCR\CLSID\{50c8223c-bc63-44f3-b041-ba45ac812386} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8b0d31e7-0331-43cc-87cd-a472317f1305} => Key deleted successfully.
HKCR\CLSID\{8b0d31e7-0331-43cc-87cd-a472317f1305} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf} => Key deleted successfully.
HKCR\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{23088cf8-eaf8-4bb3-a251-9ba61557ac75} => Key deleted successfully.
HKCR\CLSID\{23088cf8-eaf8-4bb3-a251-9ba61557ac75} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{50c8223c-bc63-44f3-b041-ba45ac812386} => Key deleted successfully.
HKCR\CLSID\{50c8223c-bc63-44f3-b041-ba45ac812386} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8b0d31e7-0331-43cc-87cd-a472317f1305} => Key deleted successfully.
HKCR\CLSID\{8b0d31e7-0331-43cc-87cd-a472317f1305} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} => Key deleted successfully.
HKCR\CLSID\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf} => Key deleted successfully.
HKCR\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} => Key not found.
HKCR\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{8dcb7100-df86-4384-8842-8fa844297b3f} => Value deleted successfully.
HKCR\CLSID\!{8dcb7100-df86-4384-8842-8fa844297b3f} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} => Value deleted successfully.
HKCR\CLSID\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} => Key not found.
C:\Users\Madison\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll not found.
C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd => Moved successfully.
AdvancedSystemCareService6 => Service not found.
0214201367900640mcinstcleanup => Service deleted successfully.
RadioRage_4jService => Service deleted successfully.
catchme => Service deleted successfully.
esgiguard => Service deleted successfully.
C:\Users\Sandra\AppData\Roaming\skype.ini => Moved successfully.
C:\Users\Sandra\Application Data\skype.ini => File/Directory not found.
C:\ProgramData\ezsidmv.dat => Moved successfully.
WinDefend service was disabled
permissions for C:\Program Files\Windows Defender\mpsvc.dll were reset successfully
C:\Program Files\Windows Defender\mpsvc.dll => Moved successfully.
permissions for C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MpSvc.dll were reset successfully
permissions for C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpSvc.dll were reset successfully
C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpSvc.dll => Moved successfully.

========================= File: C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MpSvc.dll ========================

MD5: D41D8CD98F00B204E9800998ECF8427E
Creation and modification date: 2009-07-14 09:37 - 2009-07-14 11:15
Size: 0680960
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product Name:
Description:
File Version:
Product Version:
Copyright:

====== End Of File: ======

==== End of Fixlog ====



#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:55 AM

Posted 12 May 2013 - 06:25 AM

  1. This small application you may want to keep and use to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar or any other program uncheck the box next to it.
    • Run CCleaner. Under Application tab all the boxes should be checked except any option to remove saved passwords.
    • Click Run Cleaner.
    • Close CCleaner.
  2. Open your Malwarebytes' Anti-Malware.
    • First update it, to do that under the Update tab press "Check for Updates".
    • Under Scanner tab select "Perform Quick Scan", then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

     
  3. Please update me on the current condition of the problem account.


#9 GattSandy

GattSandy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 12 May 2013 - 07:31 AM

Hi, Mbam log to follow. CCleaner was run as directed. Still can't seem to get past downloading>installing stage, anything will download but then the virus message pops up and file is "deleted". These pics might help.

 

Internet explorer:

2who61f.jpg

 

Chrome:

adols7.jpg

 

 

Here is Mbam log, all clean apparently:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.12.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Sandra :: SANDRA-PC [administrator]

12/05/2013 9:58:05 PM
mbam-log-2013-05-12 (21-58-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240495
Time elapsed: 13 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:55 AM

Posted 12 May 2013 - 09:11 AM

Thanks for the screenshot. Let's make sure before cumming back to this issue.

 

Please download TDSSKiller.zip and and extract it.

  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

 



#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,722 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:55 AM

Posted 12 May 2013 - 05:23 PM

To speed up the troubleshooting please in addition to the last post do the following:

 

  1. Please tell me if you have access to another computer with Windows 7 (x86) installed on it. We need to take a Windows Defender file from it and copy it to this computer.
     
  2. Please download MiniRegTool.zip and unzip it.
    • Run the tool on the problem account.
    • Copy and paste the following into the edit box:

      HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies
      HKEY_CURRENT_USER\Software\Policies

       

    • Check Export keys radio button.

    • Press Go button and post the result or save it as Result1.txt.
  3. After posting the log or saving the log in previous step run the tool on the working account.
    Copy and paste the following into the edit box:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies
    HKEY_CURRENT_USER\Software\Policies


    Check Export keys radio button.
    Press Go button and post the result.

You may attach the logs.


Edited by Farbar, 12 May 2013 - 05:58 PM.


#12 GattSandy

GattSandy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 13 May 2013 - 07:41 PM

Thanks for your help and patience Farbar, bit more info here: I am the nephew of the laptop owner and am working on this remotely through Teamviewer (from a different state), my machine is Windows 7 x86 so in answer to (1.) yes. Since the problem machine has trouble with the downloads I'm doing them on my remote machine then uploading the setup/exe files to it. Wasn't too sure if you meant me to do step 3 on the working account of the problem laptop or from a separate computer so have done both.

 

Following is the rootkit report, followed by in order result1 from the problem account, result2 from the working account on the problem laptop, and result3 from my seperate remote PC, each in a separate reply for ease of navigation

 

TDSS (reported no issues by the way):

 

10:14:16.0079 24064  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:14:18.0108 24064  ============================================================
10:14:18.0108 24064  Current date / time: 2013/05/14 10:14:18.0108
10:14:18.0108 24064  SystemInfo:
10:14:18.0108 24064 
10:14:18.0108 24064  OS Version: 6.1.7601 ServicePack: 1.0
10:14:18.0108 24064  Product type: Workstation
10:14:18.0108 24064  ComputerName: SANDRA-PC
10:14:18.0108 24064  UserName: Sandra
10:14:18.0108 24064  Windows directory: C:\windows
10:14:18.0108 24064  System windows directory: C:\windows
10:14:18.0108 24064  Processor architecture: Intel x86
10:14:18.0108 24064  Number of processors: 2
10:14:18.0108 24064  Page size: 0x1000
10:14:18.0108 24064  Boot type: Normal boot
10:14:18.0108 24064  ============================================================
10:14:19.0890 24064  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:14:19.0920 24064  ============================================================
10:14:19.0920 24064  \Device\Harddisk0\DR0:
10:14:19.0920 24064  MBR partitions:
10:14:19.0920 24064  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23CD6000
10:14:19.0920 24064  ============================================================
10:14:19.0980 24064  C: <-> \Device\Harddisk0\DR0\Partition1
10:14:19.0980 24064  ============================================================
10:14:19.0980 24064  Initialize success
10:14:19.0980 24064  ============================================================
10:15:03.0201 24296  ============================================================
10:15:03.0201 24296  Scan started
10:15:03.0201 24296  Mode: Manual;
10:15:03.0201 24296  ============================================================
10:15:06.0151 24296  ================ Scan system memory ========================
10:15:06.0151 24296  System memory - ok
10:15:06.0151 24296  ================ Scan services =============================
10:15:06.0511 24296  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
10:15:06.0516 24296  1394ohci - ok
10:15:06.0646 24296  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
10:15:06.0651 24296  ACDaemon - ok
10:15:06.0696 24296  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\windows\system32\drivers\ACPI.sys
10:15:06.0706 24296  ACPI - ok
10:15:06.0756 24296  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
10:15:06.0756 24296  AcpiPmi - ok
10:15:06.0836 24296  [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:15:06.0841 24296  AdobeFlashPlayerUpdateSvc - ok
10:15:06.0896 24296  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
10:15:06.0906 24296  adp94xx - ok
10:15:06.0931 24296  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
10:15:06.0936 24296  adpahci - ok
10:15:06.0981 24296  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
10:15:06.0986 24296  adpu320 - ok
10:15:07.0021 24296  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
10:15:07.0026 24296  AeLookupSvc - ok
10:15:07.0071 24296  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\windows\system32\drivers\afd.sys
10:15:07.0081 24296  AFD - ok
10:15:07.0136 24296  [ 6416F9B6B220F0A890525C38235AFAD7 ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe
10:15:07.0141 24296  AgereModemAudio - ok
10:15:07.0176 24296  [ 07758C2196A62F207F77556311E7459A ] AgereSoftModem  C:\windows\system32\DRIVERS\AGRSM.sys
10:15:07.0196 24296  AgereSoftModem - ok
10:15:07.0236 24296  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\windows\system32\drivers\agp440.sys
10:15:07.0241 24296  agp440 - ok
10:15:07.0271 24296  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\windows\system32\DRIVERS\djsvs.sys
10:15:07.0276 24296  aic78xx - ok
10:15:07.0316 24296  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\windows\System32\alg.exe
10:15:07.0321 24296  ALG - ok
10:15:07.0361 24296  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\windows\system32\drivers\aliide.sys
10:15:07.0366 24296  aliide - ok
10:15:07.0396 24296  [ 0BC6704F6FB4C63CDCB85401E8263A1B ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
10:15:07.0401 24296  AMD External Events Utility - ok
10:15:07.0441 24296  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\windows\system32\drivers\amdagp.sys
10:15:07.0441 24296  amdagp - ok
10:15:07.0461 24296  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\windows\system32\drivers\amdide.sys
10:15:07.0461 24296  amdide - ok
10:15:07.0496 24296  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
10:15:07.0501 24296  AmdK8 - ok
10:15:07.0521 24296  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
10:15:07.0526 24296  AmdPPM - ok
10:15:07.0561 24296  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\windows\system32\drivers\amdsata.sys
10:15:07.0566 24296  amdsata - ok
10:15:07.0611 24296  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
10:15:07.0616 24296  amdsbs - ok
10:15:07.0631 24296  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\windows\system32\drivers\amdxata.sys
10:15:07.0641 24296  amdxata - ok
10:15:07.0681 24296  [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb      C:\windows\system32\Drivers\ssadadb.sys
10:15:07.0721 24296  androidusb - ok
10:15:07.0771 24296  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\windows\system32\drivers\appid.sys
10:15:07.0776 24296  AppID - ok
10:15:07.0816 24296  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\windows\System32\appidsvc.dll
10:15:07.0821 24296  AppIDSvc - ok
10:15:07.0871 24296  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\windows\System32\appinfo.dll
10:15:07.0871 24296  Appinfo - ok
10:15:07.0931 24296  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\windows\system32\DRIVERS\arc.sys
10:15:07.0931 24296  arc - ok
10:15:07.0951 24296  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
10:15:07.0956 24296  arcsas - ok
10:15:07.0981 24296  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
10:15:07.0986 24296  AsyncMac - ok
10:15:08.0031 24296  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\windows\system32\drivers\atapi.sys
10:15:08.0031 24296  atapi - ok
10:15:08.0201 24296  [ C97BE8350FBCB1960B22FAD2E6C2B514 ] atikmdag        C:\windows\system32\DRIVERS\atikmdag.sys
10:15:08.0351 24296  atikmdag - ok
10:15:08.0376 24296  [ B73C832088DD54B55E04FF6F9646AD8C ] AtiPcie         C:\windows\system32\DRIVERS\AtiPcie.sys
10:15:08.0391 24296  AtiPcie - ok
10:15:08.0446 24296  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
10:15:08.0466 24296  AudioEndpointBuilder - ok
10:15:08.0481 24296  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\windows\System32\Audiosrv.dll
10:15:08.0481 24296  Audiosrv - ok
10:15:08.0546 24296  [ B5B8FC2C4D520F1F1EED52A980ED5091 ] avc3            C:\windows\system32\DRIVERS\avc3.sys
10:15:08.0551 24296  avc3 - ok
10:15:08.0586 24296  [ 7F9B99B564E7C9FBB6729ED95B5BBB24 ] avchv           C:\windows\system32\DRIVERS\avchv.sys
10:15:08.0591 24296  avchv - ok
10:15:08.0621 24296  [ 818E7E029DB594DCB8D6218A7D6FA575 ] avckf           C:\windows\system32\DRIVERS\avckf.sys
10:15:08.0626 24296  avckf - ok
10:15:08.0686 24296  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\windows\System32\AxInstSV.dll
10:15:08.0691 24296  AxInstSV - ok
10:15:08.0736 24296  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\windows\system32\DRIVERS\bxvbdx.sys
10:15:08.0746 24296  b06bdrv - ok
10:15:08.0776 24296  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\windows\system32\DRIVERS\b57nd60x.sys
10:15:08.0781 24296  b57nd60x - ok
10:15:08.0851 24296  [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
10:15:08.0856 24296  BcmSqlStartupSvc - ok
10:15:08.0931 24296  [ A624841BECEE1B0FCAB28BF2E4CB317A ] BdDesktopParental C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe
10:15:08.0931 24296  BdDesktopParental - ok
10:15:08.0961 24296  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\windows\System32\bdesvc.dll
10:15:08.0966 24296  BDESVC - ok
10:15:09.0051 24296  [ 6743A3C33E8B3BFC2D9B55E15500BB13 ] BdfNdisf        c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
10:15:09.0051 24296  BdfNdisf - ok
10:15:09.0101 24296  [ 2F66C9DF34134419928BAC00E21E2679 ] bdfwfpf         C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
10:15:09.0101 24296  bdfwfpf - ok
10:15:09.0126 24296  [ B6CBFC9D825BB2D955620CD4D8EF07F9 ] BDSandBox       C:\windows\system32\drivers\bdsandbox.sys
10:15:09.0126 24296  BDSandBox - ok
10:15:09.0166 24296  [ A7478F77584F8DB6AD74B2BBE1144886 ] bdselfpr        C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys
10:15:09.0171 24296  bdselfpr - ok
10:15:09.0201 24296  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\windows\system32\drivers\Beep.sys
10:15:09.0206 24296  Beep - ok
10:15:09.0271 24296  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\windows\System32\bfe.dll
10:15:09.0281 24296  BFE - ok
10:15:09.0331 24296  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\windows\System32\qmgr.dll
10:15:09.0406 24296  BITS - ok
10:15:09.0440 24296  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
10:15:09.0442 24296  blbdrive - ok
10:15:09.0478 24296  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
10:15:09.0483 24296  bowser - ok
10:15:09.0517 24296  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
10:15:09.0519 24296  BrFiltLo - ok
10:15:09.0535 24296  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
10:15:09.0535 24296  BrFiltUp - ok
10:15:09.0565 24296  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
10:15:09.0585 24296  BridgeMP - ok
10:15:09.0630 24296  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\windows\System32\browser.dll
10:15:09.0640 24296  Browser - ok
10:15:09.0660 24296  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\windows\System32\Drivers\Brserid.sys
10:15:09.0665 24296  Brserid - ok
10:15:09.0700 24296  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
10:15:09.0705 24296  BrSerWdm - ok
10:15:09.0720 24296  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
10:15:09.0720 24296  BrUsbMdm - ok
10:15:09.0730 24296  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
10:15:09.0730 24296  BrUsbSer - ok
10:15:09.0750 24296  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
10:15:09.0755 24296  BTHMODEM - ok
10:15:09.0795 24296  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\windows\system32\bthserv.dll
10:15:09.0795 24296  bthserv - ok
10:15:09.0825 24296  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
10:15:09.0825 24296  cdfs - ok
10:15:09.0880 24296  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\windows\system32\drivers\cdrom.sys
10:15:09.0885 24296  cdrom - ok
10:15:09.0930 24296  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\windows\System32\certprop.dll
10:15:09.0930 24296  CertPropSvc - ok
10:15:10.0000 24296  [ 1F8A319D29394F9CE1B7AE020DF2EBBF ] cfWiMAXService  C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
10:15:10.0005 24296  cfWiMAXService - ok
10:15:10.0030 24296  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
10:15:10.0030 24296  circlass - ok
10:15:10.0060 24296  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\windows\system32\CLFS.sys
10:15:10.0065 24296  CLFS - ok
10:15:10.0135 24296  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:15:10.0145 24296  clr_optimization_v2.0.50727_32 - ok
10:15:10.0240 24296  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:15:10.0290 24296  clr_optimization_v4.0.30319_32 - ok
10:15:10.0315 24296  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
10:15:10.0320 24296  CmBatt - ok
10:15:10.0335 24296  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\windows\system32\drivers\cmdide.sys
10:15:10.0340 24296  cmdide - ok
10:15:10.0370 24296  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG             C:\windows\system32\Drivers\cng.sys
10:15:10.0380 24296  CNG - ok
10:15:10.0415 24296  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
10:15:10.0415 24296  Compbatt - ok
10:15:10.0460 24296  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
10:15:10.0460 24296  CompositeBus - ok
10:15:10.0480 24296  COMSysApp - ok
10:15:10.0510 24296  [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
10:15:10.0510 24296  ConfigFree Service - ok
10:15:10.0540 24296  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
10:15:10.0545 24296  crcdisk - ok
10:15:10.0595 24296  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\windows\system32\cryptsvc.dll
10:15:10.0600 24296  CryptSvc - ok
10:15:10.0670 24296  [ 7CAAF4AF453EF3582FEF65DD72CAA0AA ] dc3d            C:\windows\system32\DRIVERS\dc3d.sys
10:15:10.0670 24296  dc3d - ok
10:15:10.0760 24296  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\windows\system32\rpcss.dll
10:15:10.0785 24296  DcomLaunch - ok
10:15:10.0810 24296  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\windows\System32\defragsvc.dll
10:15:10.0815 24296  defragsvc - ok
10:15:10.0860 24296  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
10:15:10.0860 24296  DfsC - ok
10:15:10.0900 24296  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\windows\system32\dhcpcore.dll
10:15:10.0905 24296  Dhcp - ok
10:15:10.0930 24296  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\windows\system32\drivers\discache.sys
10:15:10.0930 24296  discache - ok
10:15:10.0980 24296  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\windows\system32\DRIVERS\disk.sys
10:15:10.0990 24296  Disk - ok
10:15:11.0035 24296  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\windows\System32\dnsrslvr.dll
10:15:11.0040 24296  Dnscache - ok
10:15:11.0075 24296  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\windows\System32\dot3svc.dll
10:15:11.0080 24296  dot3svc - ok
10:15:11.0115 24296  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\windows\system32\dps.dll
10:15:11.0120 24296  DPS - ok
10:15:11.0155 24296  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
10:15:11.0155 24296  drmkaud - ok
10:15:11.0215 24296  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
10:15:11.0240 24296  DXGKrnl - ok
10:15:11.0280 24296  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\windows\System32\eapsvc.dll
10:15:11.0280 24296  EapHost - ok
10:15:11.0390 24296  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\windows\system32\DRIVERS\evbdx.sys
10:15:11.0470 24296  ebdrv - ok
10:15:11.0510 24296  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\windows\System32\lsass.exe
10:15:11.0550 24296  EFS - ok
10:15:11.0695 24296  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
10:15:11.0720 24296  ehRecvr - ok
10:15:11.0745 24296  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\windows\ehome\ehsched.exe
10:15:11.0750 24296  ehSched - ok
10:15:11.0795 24296  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
10:15:11.0805 24296  elxstor - ok
10:15:11.0840 24296  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\windows\system32\drivers\errdev.sys
10:15:11.0845 24296  ErrDev - ok
10:15:11.0900 24296  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\windows\system32\es.dll
10:15:11.0905 24296  EventSystem - ok
10:15:11.0925 24296  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\windows\system32\drivers\exfat.sys
10:15:11.0930 24296  exfat - ok
10:15:11.0970 24296  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\windows\system32\drivers\fastfat.sys
10:15:11.0975 24296  fastfat - ok
10:15:12.0035 24296  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\windows\system32\fxssvc.exe
10:15:12.0060 24296  Fax - ok
10:15:12.0085 24296  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\windows\system32\DRIVERS\fdc.sys
10:15:12.0090 24296  fdc - ok
10:15:12.0120 24296  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\windows\system32\fdPHost.dll
10:15:12.0120 24296  fdPHost - ok
10:15:12.0140 24296  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\windows\system32\fdrespub.dll
10:15:12.0140 24296  FDResPub - ok
10:15:12.0160 24296  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
10:15:12.0165 24296  FileInfo - ok
10:15:12.0185 24296  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
10:15:12.0195 24296  Filetrace - ok
10:15:12.0210 24296  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
10:15:12.0215 24296  flpydisk - ok
10:15:12.0235 24296  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
10:15:12.0240 24296  FltMgr - ok
10:15:12.0315 24296  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\windows\system32\FntCache.dll
10:15:12.0335 24296  FontCache - ok
10:15:12.0400 24296  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:15:12.0430 24296  FontCache3.0.0.0 - ok
10:15:12.0455 24296  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
10:15:12.0455 24296  FsDepends - ok
10:15:12.0490 24296  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
10:15:12.0490 24296  Fs_Rec - ok
10:15:12.0535 24296  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
10:15:12.0540 24296  fvevol - ok
10:15:12.0590 24296  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
10:15:12.0595 24296  gagp30kx - ok
10:15:12.0645 24296  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\windows\System32\gpsvc.dll
10:15:12.0660 24296  gpsvc - ok
10:15:12.0765 24296  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
10:15:12.0770 24296  gupdate - ok
10:15:12.0795 24296  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
10:15:12.0800 24296  gupdatem - ok
10:15:12.0870 24296  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:15:12.0875 24296  gusvc - ok
10:15:12.0910 24296  [ 9C1E3F5A672EDB0831AAF3E36B6876A6 ] gzflt           C:\windows\system32\DRIVERS\gzflt.sys
10:15:12.0915 24296  gzflt - ok
10:15:12.0940 24296  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
10:15:12.0945 24296  hcw85cir - ok
10:15:12.0990 24296  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
10:15:13.0005 24296  HdAudAddService - ok
10:15:13.0060 24296  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
10:15:13.0065 24296  HDAudBus - ok
10:15:13.0090 24296  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
10:15:13.0090 24296  HidBatt - ok
10:15:13.0115 24296  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
10:15:13.0115 24296  HidBth - ok
10:15:13.0150 24296  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
10:15:13.0165 24296  HidIr - ok
10:15:13.0180 24296  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\windows\System32\hidserv.dll
10:15:13.0185 24296  hidserv - ok
10:15:13.0230 24296  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
10:15:13.0235 24296  HidUsb - ok
10:15:13.0275 24296  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\windows\system32\kmsvc.dll
10:15:13.0280 24296  hkmsvc - ok
10:15:13.0320 24296  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
10:15:13.0325 24296  HomeGroupListener - ok
10:15:13.0360 24296  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
10:15:13.0365 24296  HomeGroupProvider - ok
10:15:13.0420 24296  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
10:15:13.0425 24296  HpSAMD - ok
10:15:13.0480 24296  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\windows\system32\drivers\HTTP.sys
10:15:13.0505 24296  HTTP - ok
10:15:13.0520 24296  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
10:15:13.0525 24296  hwpolicy - ok
10:15:13.0575 24296  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
10:15:13.0580 24296  i8042prt - ok
10:15:13.0620 24296  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
10:15:13.0630 24296  iaStorV - ok
10:15:13.0770 24296  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
10:15:13.0775 24296  IDriverT - ok
10:15:13.0835 24296  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:15:13.0855 24296  idsvc - ok
10:15:13.0890 24296  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
10:15:13.0890 24296  iirsp - ok
10:15:13.0935 24296  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\windows\System32\ikeext.dll
10:15:13.0960 24296  IKEEXT - ok
10:15:14.0050 24296  [ E4A2E810CB2607C9C159C0DFB0BD4C88 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
10:15:14.0105 24296  IntcAzAudAddService - ok
10:15:14.0150 24296  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\windows\system32\drivers\intelide.sys
10:15:14.0150 24296  intelide - ok
10:15:14.0185 24296  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
10:15:14.0185 24296  intelppm - ok
10:15:14.0205 24296  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\windows\system32\ipbusenum.dll
10:15:14.0210 24296  IPBusEnum - ok
10:15:14.0230 24296  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
10:15:14.0235 24296  IpFilterDriver - ok
10:15:14.0285 24296  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
10:15:14.0300 24296  iphlpsvc - ok
10:15:14.0340 24296  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
10:15:14.0345 24296  IPMIDRV - ok
10:15:14.0385 24296  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\windows\system32\drivers\ipnat.sys
10:15:14.0385 24296  IPNAT - ok
10:15:14.0410 24296  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\windows\system32\drivers\irenum.sys
10:15:14.0415 24296  IRENUM - ok
10:15:14.0435 24296  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\windows\system32\drivers\isapnp.sys
10:15:14.0435 24296  isapnp - ok
10:15:14.0460 24296  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
10:15:14.0485 24296  iScsiPrt - ok
10:15:14.0520 24296  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
10:15:14.0520 24296  kbdclass - ok
10:15:14.0545 24296  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
10:15:14.0550 24296  kbdhid - ok
10:15:14.0565 24296  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\windows\system32\lsass.exe
10:15:14.0570 24296  KeyIso - ok
10:15:14.0600 24296  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
10:15:14.0605 24296  KSecDD - ok
10:15:14.0650 24296  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
10:15:14.0655 24296  KSecPkg - ok
10:15:14.0695 24296  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\windows\system32\msdtckrm.dll
10:15:14.0705 24296  KtmRm - ok
10:15:14.0740 24296  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\windows\System32\srvsvc.dll
10:15:14.0745 24296  LanmanServer - ok
10:15:14.0780 24296  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
10:15:14.0785 24296  LanmanWorkstation - ok
10:15:14.0820 24296  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
10:15:14.0820 24296  lltdio - ok
10:15:14.0850 24296  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\windows\System32\lltdsvc.dll
10:15:14.0855 24296  lltdsvc - ok
10:15:14.0875 24296  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\windows\System32\lmhsvc.dll
10:15:14.0880 24296  lmhosts - ok
10:15:14.0920 24296  [ 6E3D3816749E107883EEC5734CE44493 ] LPCFilter       C:\windows\system32\DRIVERS\LPCFilter.sys
10:15:14.0920 24296  LPCFilter - ok
10:15:14.0965 24296  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
10:15:14.0970 24296  LSI_FC - ok
10:15:14.0985 24296  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
10:15:14.0985 24296  LSI_SAS - ok
10:15:15.0005 24296  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
10:15:15.0010 24296  LSI_SAS2 - ok
10:15:15.0020 24296  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
10:15:15.0025 24296  LSI_SCSI - ok
10:15:15.0050 24296  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\windows\system32\drivers\luafv.sys
10:15:15.0055 24296  luafv - ok
10:15:15.0080 24296  [ 6490FE1B088C7199A9B6CE0E04A98A8B ] massfilter      C:\windows\system32\drivers\massfilter.sys
10:15:15.0080 24296  massfilter - ok
10:15:15.0125 24296  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
10:15:15.0125 24296  Mcx2Svc - ok
10:15:15.0150 24296  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
10:15:15.0155 24296  megasas - ok
10:15:15.0180 24296  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
10:15:15.0190 24296  MegaSR - ok
10:15:15.0226 24296  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\windows\system32\mmcss.dll
10:15:15.0229 24296  MMCSS - ok
10:15:15.0247 24296  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\windows\system32\drivers\modem.sys
10:15:15.0247 24296  Modem - ok
10:15:15.0282 24296  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
10:15:15.0282 24296  monitor - ok
10:15:15.0337 24296  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
10:15:15.0337 24296  mouclass - ok
10:15:15.0382 24296  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
10:15:15.0382 24296  mouhid - ok
10:15:15.0412 24296  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
10:15:15.0417 24296  mountmgr - ok
10:15:15.0457 24296  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\windows\system32\drivers\mpio.sys
10:15:15.0462 24296  mpio - ok
10:15:15.0482 24296  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
10:15:15.0482 24296  mpsdrv - ok
10:15:15.0557 24296  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\windows\system32\mpssvc.dll
10:15:15.0600 24296  MpsSvc - ok
10:15:15.0629 24296  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
10:15:15.0654 24296  MRxDAV - ok
10:15:15.0694 24296  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
10:15:15.0709 24296  mrxsmb - ok
10:15:15.0759 24296  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
10:15:15.0764 24296  mrxsmb10 - ok
10:15:15.0834 24296  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
10:15:15.0839 24296  mrxsmb20 - ok
10:15:15.0874 24296  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\windows\system32\drivers\msahci.sys
10:15:15.0879 24296  msahci - ok
10:15:15.0894 24296  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\windows\system32\drivers\msdsm.sys
10:15:15.0899 24296  msdsm - ok
10:15:15.0919 24296  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\windows\System32\msdtc.exe
10:15:15.0919 24296  MSDTC - ok
10:15:15.0959 24296  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\windows\system32\drivers\Msfs.sys
10:15:15.0964 24296  Msfs - ok
10:15:15.0984 24296  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
10:15:15.0984 24296  mshidkmdf - ok
10:15:16.0019 24296  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
10:15:16.0024 24296  msisadrv - ok
10:15:16.0054 24296  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
10:15:16.0074 24296  MSiSCSI - ok
10:15:16.0084 24296  msiserver - ok
10:15:16.0139 24296  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
10:15:16.0144 24296  MSKSSRV - ok
10:15:16.0169 24296  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
10:15:16.0169 24296  MSPCLOCK - ok
10:15:16.0184 24296  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
10:15:16.0189 24296  MSPQM - ok
10:15:16.0204 24296  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
10:15:16.0204 24296  MsRPC - ok
10:15:16.0254 24296  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
10:15:16.0259 24296  mssmbios - ok
10:15:16.0309 24296  MSSQL$MSSMLBIZ - ok
10:15:16.0354 24296  MSSQL$SQLEXPRESS - ok
10:15:16.0389 24296  [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
10:15:16.0394 24296  MSSQLServerADHelper - ok
10:15:16.0419 24296  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
10:15:16.0419 24296  MSTEE - ok
10:15:16.0429 24296  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
10:15:16.0434 24296  MTConfig - ok
10:15:16.0449 24296  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\windows\system32\Drivers\mup.sys
10:15:16.0454 24296  Mup - ok
10:15:16.0489 24296  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\windows\system32\qagentRT.dll
10:15:16.0504 24296  napagent - ok
10:15:16.0559 24296  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
10:15:16.0584 24296  NativeWifiP - ok
10:15:16.0639 24296  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\windows\system32\drivers\ndis.sys
10:15:16.0654 24296  NDIS - ok
10:15:16.0704 24296  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
10:15:16.0704 24296  NdisCap - ok
10:15:16.0734 24296  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
10:15:16.0734 24296  NdisTapi - ok
10:15:16.0774 24296  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
10:15:16.0774 24296  Ndisuio - ok
10:15:16.0814 24296  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
10:15:16.0819 24296  NdisWan - ok
10:15:16.0849 24296  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
10:15:16.0849 24296  NDProxy - ok
10:15:16.0884 24296  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
10:15:16.0884 24296  NetBIOS - ok
10:15:16.0934 24296  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
10:15:16.0939 24296  NetBT - ok
10:15:16.0959 24296  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\windows\system32\lsass.exe
10:15:16.0959 24296  Netlogon - ok
10:15:17.0004 24296  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\windows\System32\netman.dll
10:15:17.0009 24296  Netman - ok
10:15:17.0024 24296  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\windows\System32\netprofm.dll
10:15:17.0034 24296  netprofm - ok
10:15:17.0069 24296  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:15:17.0074 24296  NetTcpPortSharing - ok
10:15:17.0109 24296  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
10:15:17.0114 24296  nfrd960 - ok
10:15:17.0154 24296  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\windows\System32\nlasvc.dll
10:15:17.0159 24296  NlaSvc - ok
10:15:17.0179 24296  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\windows\system32\drivers\Npfs.sys
10:15:17.0179 24296  Npfs - ok
10:15:17.0209 24296  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\windows\system32\nsisvc.dll
10:15:17.0214 24296  nsi - ok
10:15:17.0244 24296  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
10:15:17.0244 24296  nsiproxy - ok
10:15:17.0309 24296  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
10:15:17.0344 24296  Ntfs - ok
10:15:17.0389 24296  [ 37BE10FF10A92031FC5A01E8363925CC ] NuidFltr        C:\windows\system32\DRIVERS\NuidFltr.sys
10:15:17.0389 24296  NuidFltr - ok
10:15:17.0419 24296  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\windows\system32\drivers\Null.sys
10:15:17.0419 24296  Null - ok
10:15:17.0459 24296  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\windows\system32\drivers\nvraid.sys
10:15:17.0459 24296  nvraid - ok
10:15:17.0479 24296  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\windows\system32\drivers\nvstor.sys
10:15:17.0479 24296  nvstor - ok
10:15:17.0504 24296  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
10:15:17.0504 24296  nv_agp - ok
10:15:17.0604 24296  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:15:17.0614 24296  odserv - ok
10:15:17.0669 24296  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
10:15:17.0669 24296  ohci1394 - ok
10:15:17.0714 24296  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:15:17.0719 24296  ose - ok
10:15:17.0754 24296  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
10:15:17.0764 24296  p2pimsvc - ok
10:15:17.0784 24296  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\windows\system32\p2psvc.dll
10:15:17.0794 24296  p2psvc - ok
10:15:17.0814 24296  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\windows\system32\DRIVERS\parport.sys
10:15:17.0819 24296  Parport - ok
10:15:17.0859 24296  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\windows\system32\drivers\partmgr.sys
10:15:17.0859 24296  partmgr - ok
10:15:17.0879 24296  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\windows\system32\DRIVERS\parvdm.sys
10:15:17.0889 24296  Parvdm - ok
10:15:17.0929 24296  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\windows\System32\pcasvc.dll
10:15:17.0934 24296  PcaSvc - ok
10:15:17.0974 24296  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\windows\system32\drivers\pci.sys
10:15:17.0979 24296  pci - ok
10:15:17.0994 24296  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\windows\system32\drivers\pciide.sys
10:15:17.0999 24296  pciide - ok
10:15:18.0024 24296  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
10:15:18.0029 24296  pcmcia - ok
10:15:18.0049 24296  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\windows\system32\drivers\pcw.sys
10:15:18.0049 24296  pcw - ok
10:15:18.0074 24296  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\windows\system32\drivers\peauth.sys
10:15:18.0094 24296  PEAUTH - ok
10:15:18.0189 24296  [ 1B5011DD8D57F53AED31FF0F7D635802 ] PGEffect        C:\windows\system32\DRIVERS\pgeffect.sys
10:15:18.0194 24296  PGEffect - ok
10:15:18.0254 24296  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\windows\system32\pla.dll
10:15:18.0289 24296  pla - ok
10:15:18.0339 24296  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\windows\system32\umpnpmgr.dll
10:15:18.0364 24296  PlugPlay - ok
10:15:18.0389 24296  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
10:15:18.0389 24296  PNRPAutoReg - ok
10:15:18.0414 24296  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
10:15:18.0419 24296  PNRPsvc - ok
10:15:18.0474 24296  [ 896D916DE06F5502D301E8C4DC442AE8 ] Point32         C:\windows\system32\DRIVERS\point32.sys
10:15:18.0474 24296  Point32 - ok
10:15:18.0529 24296  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
10:15:18.0534 24296  PolicyAgent - ok
10:15:18.0574 24296  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\windows\system32\umpo.dll
10:15:18.0579 24296  Power - ok
10:15:18.0609 24296  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
10:15:18.0614 24296  PptpMiniport - ok
10:15:18.0634 24296  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\windows\system32\DRIVERS\processr.sys
10:15:18.0639 24296  Processor - ok
10:15:18.0714 24296  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\windows\system32\profsvc.dll
10:15:18.0739 24296  ProfSvc - ok
10:15:18.0759 24296  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
10:15:18.0759 24296  ProtectedStorage - ok
10:15:18.0789 24296  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\windows\system32\DRIVERS\pacer.sys
10:15:18.0794 24296  Psched - ok
10:15:18.0864 24296  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
10:15:18.0899 24296  ql2300 - ok
10:15:18.0919 24296  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
10:15:18.0919 24296  ql40xx - ok
10:15:18.0944 24296  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\windows\system32\qwave.dll
10:15:18.0954 24296  QWAVE - ok
10:15:18.0979 24296  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
10:15:18.0979 24296  QWAVEdrv - ok
10:15:19.0004 24296  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
10:15:19.0009 24296  RasAcd - ok
10:15:19.0039 24296  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
10:15:19.0044 24296  RasAgileVpn - ok
10:15:19.0064 24296  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\windows\System32\rasauto.dll
10:15:19.0069 24296  RasAuto - ok
10:15:19.0084 24296  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
10:15:19.0089 24296  Rasl2tp - ok
10:15:19.0139 24296  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\windows\System32\rasmans.dll
10:15:19.0149 24296  RasMan - ok
10:15:19.0164 24296  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
10:15:19.0169 24296  RasPppoe - ok
10:15:19.0199 24296  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
10:15:19.0204 24296  RasSstp - ok
10:15:19.0244 24296  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
10:15:19.0249 24296  rdbss - ok
10:15:19.0259 24296  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
10:15:19.0264 24296  rdpbus - ok
10:15:19.0314 24296  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
10:15:19.0314 24296  RDPCDD - ok
10:15:19.0349 24296  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
10:15:19.0349 24296  RDPENCDD - ok
10:15:19.0364 24296  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
10:15:19.0364 24296  RDPREFMP - ok
10:15:19.0434 24296  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
10:15:19.0439 24296  RdpVideoMiniport - ok
10:15:19.0474 24296  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
10:15:19.0479 24296  RDPWD - ok
10:15:19.0529 24296  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
10:15:19.0534 24296  rdyboost - ok
10:15:19.0559 24296  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\windows\System32\mprdim.dll
10:15:19.0564 24296  RemoteAccess - ok
10:15:19.0589 24296  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\windows\system32\regsvc.dll
10:15:19.0604 24296  RemoteRegistry - ok
10:15:19.0619 24296  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
10:15:19.0619 24296  RpcEptMapper - ok
10:15:19.0659 24296  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\windows\system32\locator.exe
10:15:19.0659 24296  RpcLocator - ok
10:15:19.0684 24296  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\windows\system32\rpcss.dll
10:15:19.0689 24296  RpcSs - ok
10:15:19.0719 24296  RSELSVC - ok
10:15:19.0769 24296  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
10:15:19.0774 24296  rspndr - ok
10:15:19.0844 24296  [ EF8B2AFC3C0751C5E5A59983C8893260 ] RSUSBSTOR       C:\windows\system32\Drivers\RtsUStor.sys
10:15:19.0844 24296  RSUSBSTOR - ok
10:15:19.0874 24296  [ 26A9D6227D12B9D9DA5A81BB9B55D810 ] RTL8167         C:\windows\system32\DRIVERS\Rt86win7.sys
10:15:19.0879 24296  RTL8167 - ok
10:15:19.0929 24296  [ E48DAF453D773A89A44134CE4BA9AF44 ] RTL8187Se       C:\windows\system32\DRIVERS\RTL8187Se.sys
10:15:19.0954 24296  RTL8187Se - ok
10:15:19.0969 24296  RtsUIR - ok
10:15:19.0989 24296  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\windows\system32\lsass.exe
10:15:19.0994 24296  SamSs - ok
10:15:20.0039 24296  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
10:15:20.0039 24296  sbp2port - ok
10:15:20.0074 24296  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\windows\System32\SCardSvr.dll
10:15:20.0079 24296  SCardSvr - ok
10:15:20.0094 24296  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
10:15:20.0094 24296  scfilter - ok
10:15:20.0149 24296  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\windows\system32\schedsvc.dll
10:15:20.0169 24296  Schedule - ok
10:15:20.0189 24296  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\windows\System32\certprop.dll
10:15:20.0189 24296  SCPolicySvc - ok
10:15:20.0224 24296  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\windows\System32\SDRSVC.dll
10:15:20.0229 24296  SDRSVC - ok
10:15:20.0269 24296  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\windows\system32\drivers\secdrv.sys
10:15:20.0269 24296  secdrv - ok
10:15:20.0289 24296  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\windows\system32\seclogon.dll
10:15:20.0289 24296  seclogon - ok
10:15:20.0309 24296  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\windows\system32\sens.dll
10:15:20.0314 24296  SENS - ok
10:15:20.0329 24296  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\windows\system32\sensrsvc.dll
10:15:20.0334 24296  SensrSvc - ok
10:15:20.0349 24296  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
10:15:20.0354 24296  Serenum - ok
10:15:20.0379 24296  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\windows\system32\DRIVERS\serial.sys
10:15:20.0379 24296  Serial - ok
10:15:20.0409 24296  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
10:15:20.0409 24296  sermouse - ok
10:15:20.0454 24296  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\windows\system32\sessenv.dll
10:15:20.0459 24296  SessionEnv - ok
10:15:20.0489 24296  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
10:15:20.0489 24296  sffdisk - ok
10:15:20.0509 24296  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
10:15:20.0509 24296  sffp_mmc - ok
10:15:20.0524 24296  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
10:15:20.0529 24296  sffp_sd - ok
10:15:20.0554 24296  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
10:15:20.0554 24296  sfloppy - ok
10:15:20.0599 24296  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\windows\System32\ipnathlp.dll
10:15:20.0614 24296  SharedAccess - ok
10:15:20.0679 24296  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
10:15:20.0694 24296  ShellHWDetection - ok
10:15:20.0724 24296  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\windows\system32\drivers\sisagp.sys
10:15:20.0729 24296  sisagp - ok
10:15:20.0779 24296  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
10:15:20.0779 24296  SiSRaid2 - ok
10:15:20.0789 24296  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
10:15:20.0794 24296  SiSRaid4 - ok
10:15:20.0854 24296  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
10:15:20.0909 24296  SkypeUpdate - ok
10:15:20.0944 24296  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\windows\system32\DRIVERS\smb.sys
10:15:20.0949 24296  Smb - ok
10:15:20.0979 24296  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
10:15:20.0984 24296  SNMPTRAP - ok
10:15:21.0009 24296  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\windows\system32\drivers\spldr.sys
10:15:21.0009 24296  spldr - ok
10:15:21.0094 24296  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\windows\System32\spoolsv.exe
10:15:21.0114 24296  Spooler - ok
10:15:21.0194 24296  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\windows\system32\sppsvc.exe
10:15:21.0304 24296  sppsvc - ok
10:15:21.0346 24296  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\windows\system32\sppuinotify.dll
10:15:21.0351 24296  sppuinotify - ok
10:15:21.0391 24296  [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser      c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
10:15:21.0396 24296  SQLBrowser - ok
10:15:21.0436 24296  [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
10:15:21.0441 24296  SQLWriter - ok
10:15:21.0486 24296  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\windows\system32\DRIVERS\srv.sys
10:15:21.0511 24296  srv - ok
10:15:21.0536 24296  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\windows\system32\DRIVERS\srv2.sys
10:15:21.0551 24296  srv2 - ok
10:15:21.0571 24296  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
10:15:21.0571 24296  srvnet - ok
10:15:21.0636 24296  [ 48F44A1BE434830B7C90FB730745F65A ] ssadbus         C:\windows\system32\DRIVERS\ssadbus.sys
10:15:21.0646 24296  ssadbus - ok
10:15:21.0701 24296  [ 9630B486B62CC0ADB0A89152ED0218D7 ] ssadmdfl        C:\windows\system32\DRIVERS\ssadmdfl.sys
10:15:21.0706 24296  ssadmdfl - ok
10:15:21.0731 24296  [ 9AFAA23421622C392B55508FA9613949 ] ssadmdm         C:\windows\system32\DRIVERS\ssadmdm.sys
10:15:21.0736 24296  ssadmdm - ok
10:15:21.0776 24296  [ 1CAC71D756CE00AE0681F9028DDE874B ] ssadserd        C:\windows\system32\DRIVERS\ssadserd.sys
10:15:21.0776 24296  ssadserd - ok
10:15:21.0811 24296  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
10:15:21.0816 24296  SSDPSRV - ok
10:15:21.0831 24296  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\windows\system32\sstpsvc.dll
10:15:21.0836 24296  SstpSvc - ok
10:15:21.0871 24296  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
10:15:21.0876 24296  stexstor - ok
10:15:21.0931 24296  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\windows\System32\wiaservc.dll
10:15:21.0951 24296  StiSvc - ok
10:15:21.0981 24296  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\windows\system32\drivers\swenum.sys
10:15:21.0981 24296  swenum - ok
10:15:22.0016 24296  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\windows\System32\swprv.dll
10:15:22.0026 24296  swprv - ok
10:15:22.0061 24296  [ 8BD10DC8809DC69A1C5A795CB10ADD76 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
10:15:22.0066 24296  SynTP - ok
10:15:22.0141 24296  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\windows\system32\sysmain.dll
10:15:22.0181 24296  SysMain - ok
10:15:22.0226 24296  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
10:15:22.0231 24296  TabletInputService - ok
10:15:22.0281 24296  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\windows\System32\tapisrv.dll
10:15:22.0291 24296  TapiSrv - ok
10:15:22.0321 24296  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\windows\System32\tbssvc.dll
10:15:22.0326 24296  TBS - ok
10:15:22.0381 24296  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
10:15:22.0416 24296  Tcpip - ok
10:15:22.0471 24296  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
10:15:22.0476 24296  TCPIP6 - ok
10:15:22.0521 24296  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
10:15:22.0526 24296  tcpipreg - ok
10:15:22.0551 24296  [ 4084EA00D50C858D6F9038F86AE2E2D0 ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys
10:15:22.0556 24296  tdcmdpst - ok
10:15:22.0601 24296  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
10:15:22.0601 24296  TDPIPE - ok
10:15:22.0641 24296  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
10:15:22.0641 24296  TDTCP - ok
10:15:22.0676 24296  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
10:15:22.0676 24296  tdx - ok
10:15:22.0806 24296  [ 7C8DD5576695B3362202EF09B20C425E ] TeamViewer8     C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
10:15:22.0906 24296  TeamViewer8 - ok
10:15:22.0956 24296  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\windows\system32\drivers\termdd.sys
10:15:22.0961 24296  TermDD - ok
10:15:23.0011 24296  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\windows\System32\termsrv.dll
10:15:23.0036 24296  TermService - ok
10:15:23.0061 24296  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\windows\system32\themeservice.dll
10:15:23.0066 24296  Themes - ok
10:15:23.0081 24296  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\windows\system32\mmcss.dll
10:15:23.0081 24296  THREADORDER - ok
10:15:23.0116 24296  [ 32577B987AE5401038451BB392CB8D89 ] TMachInfo       C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
10:15:23.0136 24296  TMachInfo - ok
10:15:23.0171 24296  [ FE65D33B7D4FF07DD1D29526A48DF810 ] TODDSrv         C:\windows\system32\TODDSrv.exe
10:15:23.0176 24296  TODDSrv - ok
10:15:23.0236 24296  [ 451B09BA1A0D019BA0B5A27229559D55 ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
10:15:23.0246 24296  TosCoSrv - ok
10:15:23.0291 24296  [ 0B5FA26E0C8A8E07A6DF3DF4E5711DA8 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
10:15:23.0301 24296  TOSHIBA eco Utility Service - ok
10:15:23.0346 24296  [ 94ECABE1BA3559214FE6C3CE6C9677EB ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
10:15:23.0351 24296  TOSHIBA HDD SSD Alert Service - ok
10:15:23.0396 24296  [ 969377943FE7284609BABBAB4E06B93C ] tos_sps32       C:\windows\system32\DRIVERS\tos_sps32.sys
10:15:23.0406 24296  tos_sps32 - ok
10:15:23.0461 24296  [ 31D2881B0647F2B09B118B9B50C02888 ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
10:15:23.0486 24296  TPCHSrv - ok
10:15:23.0506 24296  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\windows\System32\trkwks.dll
10:15:23.0511 24296  TrkWks - ok
10:15:23.0551 24296  [ F2AEE22231046CAD8D2F94D2C0F9BEFB ] trufos          C:\windows\system32\DRIVERS\trufos.sys
10:15:23.0556 24296  trufos - ok
10:15:23.0611 24296  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
10:15:23.0611 24296  TrustedInstaller - ok
10:15:23.0641 24296  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
10:15:23.0651 24296  tssecsrv - ok
10:15:23.0691 24296  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
10:15:23.0696 24296  TsUsbFlt - ok
10:15:23.0746 24296  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
10:15:23.0746 24296  tunnel - ok
10:15:23.0771 24296  [ FC24015B4052600C324C43E3A79C0664 ] TVALZ           C:\windows\system32\DRIVERS\TVALZ_O.SYS
10:15:23.0771 24296  TVALZ - ok
10:15:23.0796 24296  [ 866462F5AE3F375EF83EF9DCE436031C ] TVALZFL         C:\windows\system32\DRIVERS\TVALZFL.sys
10:15:23.0801 24296  TVALZFL - ok
10:15:23.0821 24296  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
10:15:23.0826 24296  uagp35 - ok
10:15:23.0871 24296  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\windows\system32\DRIVERS\udfs.sys
10:15:23.0876 24296  udfs - ok
10:15:23.0906 24296  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\windows\system32\UI0Detect.exe
10:15:23.0906 24296  UI0Detect - ok
10:15:23.0936 24296  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
10:15:23.0941 24296  uliagpkx - ok
10:15:23.0996 24296  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\windows\system32\drivers\umbus.sys
10:15:23.0996 24296  umbus - ok
10:15:24.0026 24296  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
10:15:24.0026 24296  UmPass - ok
10:15:24.0091 24296  [ 1C5835420F2A8F6D683FD6BDFFA2FFDD ] UPDATESRV       C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
10:15:24.0091 24296  UPDATESRV - ok
10:15:24.0126 24296  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\windows\System32\upnphost.dll
10:15:24.0136 24296  upnphost - ok
10:15:24.0171 24296  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
10:15:24.0171 24296  usbccgp - ok
10:15:24.0181 24296  USBCCID - ok
10:15:24.0201 24296  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\windows\system32\drivers\usbcir.sys
10:15:24.0206 24296  usbcir - ok
10:15:24.0221 24296  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
10:15:24.0221 24296  usbehci - ok
10:15:24.0286 24296  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
10:15:24.0296 24296  usbhub - ok
10:15:24.0311 24296  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\windows\system32\DRIVERS\usbohci.sys
10:15:24.0311 24296  usbohci - ok
10:15:24.0396 24296  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
10:15:24.0401 24296  usbprint - ok
10:15:24.0446 24296  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
10:15:24.0446 24296  usbscan - ok
10:15:24.0491 24296  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
10:15:24.0491 24296  USBSTOR - ok
10:15:24.0506 24296  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
10:15:24.0506 24296  usbuhci - ok
10:15:24.0531 24296  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
10:15:24.0536 24296  usbvideo - ok
10:15:24.0566 24296  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\windows\System32\uxsms.dll
10:15:24.0571 24296  UxSms - ok
10:15:24.0601 24296  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\windows\system32\lsass.exe
10:15:24.0606 24296  VaultSvc - ok
10:15:24.0651 24296  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
10:15:24.0651 24296  vdrvroot - ok
10:15:24.0701 24296  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\windows\System32\vds.exe
10:15:24.0756 24296  vds - ok
10:15:24.0801 24296  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
10:15:24.0806 24296  vga - ok
10:15:24.0831 24296  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\windows\System32\drivers\vga.sys
10:15:24.0831 24296  VgaSave - ok
10:15:24.0871 24296  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
10:15:24.0876 24296  vhdmp - ok
10:15:24.0906 24296  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\windows\system32\drivers\viaagp.sys
10:15:24.0911 24296  viaagp - ok
10:15:24.0941 24296  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\windows\system32\DRIVERS\viac7.sys
10:15:24.0941 24296  ViaC7 - ok
10:15:24.0956 24296  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\windows\system32\drivers\viaide.sys
10:15:24.0956 24296  viaide - ok
10:15:24.0976 24296  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\windows\system32\drivers\volmgr.sys
10:15:24.0981 24296  volmgr - ok
10:15:25.0001 24296  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
10:15:25.0011 24296  volmgrx - ok
10:15:25.0051 24296  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\windows\system32\drivers\volsnap.sys
10:15:25.0056 24296  volsnap - ok
10:15:25.0096 24296  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
10:15:25.0101 24296  vsmraid - ok
10:15:25.0161 24296  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\windows\system32\vssvc.exe
10:15:25.0206 24296  VSS - ok
10:15:25.0256 24296  [ F92F8B40FA98A631ADAA772ABA7FA7EE ] VSSERV          C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
10:15:25.0266 24296  VSSERV - ok
10:15:25.0281 24296  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
10:15:25.0281 24296  vwifibus - ok
10:15:25.0296 24296  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
10:15:25.0301 24296  vwififlt - ok
10:15:25.0346 24296  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
10:15:25.0346 24296  vwifimp - ok
10:15:25.0386 24296  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\windows\system32\w32time.dll
10:15:25.0391 24296  W32Time - ok
10:15:25.0411 24296  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
10:15:25.0416 24296  WacomPen - ok
10:15:25.0471 24296  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
10:15:25.0476 24296  WANARP - ok
10:15:25.0491 24296  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
10:15:25.0496 24296  Wanarpv6 - ok
10:15:25.0561 24296  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
10:15:25.0606 24296  WatAdminSvc - ok
10:15:25.0681 24296  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\windows\system32\wbengine.exe
10:15:25.0716 24296  wbengine - ok
10:15:25.0746 24296  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
10:15:25.0756 24296  WbioSrvc - ok
10:15:25.0791 24296  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\windows\System32\wcncsvc.dll
10:15:25.0801 24296  wcncsvc - ok
10:15:25.0821 24296  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
10:15:25.0826 24296  WcsPlugInService - ok
10:15:25.0861 24296  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\windows\system32\DRIVERS\wd.sys
10:15:25.0861 24296  Wd - ok
10:15:25.0916 24296  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
10:15:25.0936 24296  Wdf01000 - ok
10:15:25.0971 24296  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\windows\system32\wdi.dll
10:15:25.0976 24296  WdiServiceHost - ok
10:15:25.0981 24296  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\windows\system32\wdi.dll
10:15:25.0986 24296  WdiSystemHost - ok
10:15:26.0026 24296  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\windows\System32\webclnt.dll
10:15:26.0031 24296  WebClient - ok
10:15:26.0051 24296  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\windows\system32\wecsvc.dll
10:15:26.0071 24296  Wecsvc - ok
10:15:26.0081 24296  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\windows\System32\wercplsupport.dll
10:15:26.0086 24296  wercplsupport - ok
10:15:26.0106 24296  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\windows\System32\WerSvc.dll
10:15:26.0111 24296  WerSvc - ok
10:15:26.0136 24296  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
10:15:26.0136 24296  WfpLwf - ok
10:15:26.0156 24296  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\windows\system32\drivers\wimmount.sys
10:15:26.0161 24296  WIMMount - ok
10:15:26.0206 24296  WinDefend - ok
10:15:26.0216 24296  WinHttpAutoProxySvc - ok
10:15:26.0276 24296  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
10:15:26.0281 24296  Winmgmt - ok
10:15:26.0341 24296  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\windows\system32\WsmSvc.dll
10:15:26.0371 24296  WinRM - ok
10:15:26.0436 24296  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
10:15:26.0441 24296  WinUsb - ok
10:15:26.0476 24296  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\windows\System32\wlansvc.dll
10:15:26.0496 24296  Wlansvc - ok
10:15:26.0621 24296  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:15:26.0661 24296  wlidsvc - ok
10:15:26.0696 24296  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
10:15:26.0701 24296  WmiAcpi - ok
10:15:26.0721 24296  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
10:15:26.0726 24296  wmiApSrv - ok
10:15:26.0811 24296  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
10:15:26.0846 24296  WMPNetworkSvc - ok
10:15:26.0866 24296  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\windows\System32\wpcsvc.dll
10:15:26.0871 24296  WPCSvc - ok
10:15:26.0911 24296  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
10:15:26.0916 24296  WPDBusEnum - ok
10:15:26.0936 24296  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
10:15:26.0936 24296  ws2ifsl - ok
10:15:26.0966 24296  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\windows\system32\wscsvc.dll
10:15:26.0966 24296  wscsvc - ok
10:15:26.0976 24296  WSearch - ok
10:15:27.0076 24296  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\windows\system32\wuaueng.dll
10:15:27.0136 24296  wuauserv - ok
10:15:27.0176 24296  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
10:15:27.0176 24296  WudfPf - ok
10:15:27.0201 24296  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
10:15:27.0206 24296  WUDFRd - ok
10:15:27.0246 24296  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
10:15:27.0251 24296  wudfsvc - ok
10:15:27.0286 24296  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\windows\System32\wwansvc.dll
10:15:27.0306 24296  WwanSvc - ok
10:15:27.0341 24296  [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbmdm6k     C:\windows\system32\DRIVERS\ZTEusbmdm6k.sys
10:15:27.0346 24296  ZTEusbmdm6k - ok
10:15:27.0376 24296  [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbnmea      C:\windows\system32\DRIVERS\ZTEusbnmea.sys
10:15:27.0391 24296  ZTEusbnmea - ok
10:15:27.0416 24296  [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbser6k     C:\windows\system32\DRIVERS\ZTEusbser6k.sys
10:15:27.0421 24296  ZTEusbser6k - ok
10:15:27.0446 24296  ================ Scan global ===============================
10:15:27.0486 24296  [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
10:15:27.0526 24296  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\windows\system32\winsrv.dll
10:15:27.0551 24296  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\windows\system32\winsrv.dll
10:15:27.0576 24296  [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
10:15:27.0591 24296  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
10:15:27.0601 24296  [Global] - ok
10:15:27.0601 24296  ================ Scan MBR ==================================
10:15:27.0616 24296  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
10:15:27.0971 24296  \Device\Harddisk0\DR0 - ok
10:15:27.0976 24296  ================ Scan VBR ==================================
10:15:28.0026 24296  [ FE2709E968E42D5CCBB7CDFCE56D8F47 ] \Device\Harddisk0\DR0\Partition1
10:15:28.0031 24296  \Device\Harddisk0\DR0\Partition1 - ok
10:15:28.0031 24296  ============================================================
10:15:28.0031 24296  Scan finished
10:15:28.0031 24296  ============================================================
10:15:28.0061 24288  Detected object count: 0
10:15:28.0061 24288  Actual detected object count: 0
10:17:19.0619 24052  Deinitialize success
 


Edited by GattSandy, 13 May 2013 - 07:45 PM.


#13 GattSandy

GattSandy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 13 May 2013 - 07:45 PM

Result1 (Laptop, problem account):

 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments]
"ScanWithAntiVirus"=dword:00000003

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDrives"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"=dword:00000001
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}"=dword:40000021
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"=dword:00000020

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ratings]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000001
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000001
"EnableSecureUIAPaths"=dword:00000001
"EnableUIADesktopToggle"=dword:00000000
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000000
"ValidateAdminCodeSignatures"=dword:00000000
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"scforceoption"=dword:00000000
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"FilterAdministratorToken"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=dword:00000001
"CF_BITMAP"=dword:00000002
"CF_OEMTEXT"=dword:00000007
"CF_DIB"=dword:00000008
"CF_PALETTE"=dword:00000009
"CF_UNICODETEXT"=dword:0000000d
"CF_DIBV5"=dword:00000011

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoDrives"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\9.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\9.0\FeatureLockDown]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\9.0\FeatureLockDown\cDefaultExecMenuItems]
"tWhiteList"="Close|GeneralInfo|Quit|FirstPage|PrevPage|NextPage|LastPage|ActualSize|FitPage|FitWidth|FitHeight|SinglePage|OneColumn|TwoPages|TwoColumns|ZoomViewIn|ZoomViewOut|ShowHideBookmarks|ShowHideThumbnails|Print|GoToPage|ZoomTo|GeneralPrefs|SaveAs|FullScreen|OpenOrganizer|Scan|Web2PDF:OpnURL|AcroSendMail:SendMail|Spelling:Check Spelling|PageSetup|Find|FindSearch|GoBack|GoForward|FitVisible|ShowHideToolbarEditing|ShowHideToolbarCommenting|ShowHideToolbarEdit|ShowHideToolbarFile|ShowHideToolbarFind|ShowHideToolbarForms|ShowHideToolbarMeasuring|ShowHideToolbarData|ShowHideToolbarPageDisplay|ShowHideToolbarNavigation|ShowHideToolbarPrintProduction|ShowHideToolbarRedaction|ShowHideToolbarBasicTools|ShowHideToolbarTasks|ShowHideToolbarTypewriter|PropertyToolbar|ShowHideArticles|ShowHideFileAttachment|ShowHideAnnotManager|ShowHideFields|ShowHideOptCont|ShowHideModelTree|ShowHideSignatures|InsertPages|ExtractPages|ReplacePages|DeletePages|CropPages|RotatePages|AddFileAttachment|FindCurrentBookmark|BookmarkShowLocation|GoBackDoc|GoForward|DocHelpUserGuide|HelpReader|rolReadPage|HandMenuItem|ZoomDragMenuItem|Annots:Tool:InkMenuItem|CollectionHome|CollectionDetails|CollectionPreview|CollectionShowRoot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\9.0\FeatureLockDown\cDefaultLaunchAttachmentPerms]
"tBuiltInPermList"="version:1|.ade:3|.adp:3|.app:3|.arc:3|.arj:3|.asp:3|.bas:3|.bat:3|.bz:3|.bz2:3|.cab:3|.chm:3|.class:3|.cmd:3|.com:3|.command:3|.cpl:3|.crt:3|.csh:3|.desktop:3|.dll:3|.exe:3|.fxp:3|.gz:3|.hex:3|.hlp:3|.hqx:3|.hta:3|.inf:3|.ini:3|.ins:3|.isp:3|.its:3|.job:3|.js:3|.jse:3|.ksh:3|.lnk:3|.lzh:3|.mad:3|.maf:3|.mag:3|.mam:3|.maq:3|.mar:3|.mas:3|.mat:3|.mau:3|.mav:3|.maw:3|.mda:3|.mdb:3|.mde:3|.mdt:3|.mdw:3|.mdz:3|.msc:3|.msi:3|.msp:3|.mst:3|.ocx:3|.ops:3|.pcd:3|.pi:3|.pif:3|.prf:3|.prg:3|.pst:3|.rar:3|.reg:3|.scf:3|.scr:3|.sct:3|.sea:3|.shb:3|.shs:3|.sit:3|.tar:3|.taz:3|.tgz:3|.tmp:3|.url:3|.vb:3|.vbe:3|.vbs:3|.vsmacros:3|.vss:3|.vst:3|.vsw:3|.webloc:3|.ws:3|.wsc:3|.wsf:3|.wsh:3|.z:3|.zip:3|.zlo:3|.zoo:3|.pdf:2|.fdf:2|.jar:3|.pkg:3|.tool:3|.term:3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\9.0\FeatureLockDown\cDefaultLaunchURLPerms]
"tFlashContentSchemeWhiteList"="http|https|ftp|rtmp|rtmpe|rtmpt|rtmpte|rtmps|mailto"
"tSponsoredContentSchemeWhiteList"="http|https"
"tSchemePerms"="version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:2|file:1|rlogin:3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Peernet]
"Disabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Identities]
@=""
"Locked Down"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections]
"NC_PersonalFirewallConfig"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers]
"authenticodeenabled"=dword:00000000
"TransparentEnabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WSDAPI]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WSDAPI\Discovery Proxies]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client]
"fEnableUsbNoAckIsochWriteToDevice"=dword:00000050
"fEnableUsbBlockDeviceBySetupClass"=dword:00000001
"fEnableUsbSelectDeviceByInterface"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client\UsbBlockDeviceBySetupClasses]
"1000"="{3376f4ce-ff8d-40a2-a80f-bb4359d1415c}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client\UsbSelectDeviceByInterfaces]
"1000"="{6bdd1fc6-810f-11d0-bec7-08002be2092f}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Windows File Protection]
"KnownDllList"="nlhtml.dll"
"SFCDisable"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_CURRENT_USER\Software\Policies]

[HKEY_CURRENT_USER\Software\Policies\Microsoft]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\System]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\Certificates]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CRLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CTLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\Certificates]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CRLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CTLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\AppCompat]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Group Policy Editor]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows NT]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_CURRENT_USER\Software\Policies\Power]

[HKEY_CURRENT_USER\Software\Policies\Power\PowerSettings]



#14 GattSandy

GattSandy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 13 May 2013 - 07:47 PM

Result2 Laptop, working account):

 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments]
"ScanWithAntiVirus"=dword:00000003

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDrives"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"=dword:00000001
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}"=dword:40000021
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"=dword:00000020

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ratings]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000001
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000001
"EnableSecureUIAPaths"=dword:00000001
"EnableUIADesktopToggle"=dword:00000000
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000000
"ValidateAdminCodeSignatures"=dword:00000000
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"scforceoption"=dword:00000000
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"FilterAdministratorToken"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=dword:00000001
"CF_BITMAP"=dword:00000002
"CF_OEMTEXT"=dword:00000007
"CF_DIB"=dword:00000008
"CF_PALETTE"=dword:00000009
"CF_UNICODETEXT"=dword:0000000d
"CF_DIBV5"=dword:00000011

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=dword:00000002
"DontDisplayLogonHoursWarnings"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\9.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\9.0\FeatureLockDown]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\9.0\FeatureLockDown\cDefaultExecMenuItems]
"tWhiteList"="Close|GeneralInfo|Quit|FirstPage|PrevPage|NextPage|LastPage|ActualSize|FitPage|FitWidth|FitHeight|SinglePage|OneColumn|TwoPages|TwoColumns|ZoomViewIn|ZoomViewOut|ShowHideBookmarks|ShowHideThumbnails|Print|GoToPage|ZoomTo|GeneralPrefs|SaveAs|FullScreen|OpenOrganizer|Scan|Web2PDF:OpnURL|AcroSendMail:SendMail|Spelling:Check Spelling|PageSetup|Find|FindSearch|GoBack|GoForward|FitVisible|ShowHideToolbarEditing|ShowHideToolbarCommenting|ShowHideToolbarEdit|ShowHideToolbarFile|ShowHideToolbarFind|ShowHideToolbarForms|ShowHideToolbarMeasuring|ShowHideToolbarData|ShowHideToolbarPageDisplay|ShowHideToolbarNavigation|ShowHideToolbarPrintProduction|ShowHideToolbarRedaction|ShowHideToolbarBasicTools|ShowHideToolbarTasks|ShowHideToolbarTypewriter|PropertyToolbar|ShowHideArticles|ShowHideFileAttachment|ShowHideAnnotManager|ShowHideFields|ShowHideOptCont|ShowHideModelTree|ShowHideSignatures|InsertPages|ExtractPages|ReplacePages|DeletePages|CropPages|RotatePages|AddFileAttachment|FindCurrentBookmark|BookmarkShowLocation|GoBackDoc|GoForward|DocHelpUserGuide|HelpReader|rolReadPage|HandMenuItem|ZoomDragMenuItem|Annots:Tool:InkMenuItem|CollectionHome|CollectionDetails|CollectionPreview|CollectionShowRoot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\9.0\FeatureLockDown\cDefaultLaunchAttachmentPerms]
"tBuiltInPermList"="version:1|.ade:3|.adp:3|.app:3|.arc:3|.arj:3|.asp:3|.bas:3|.bat:3|.bz:3|.bz2:3|.cab:3|.chm:3|.class:3|.cmd:3|.com:3|.command:3|.cpl:3|.crt:3|.csh:3|.desktop:3|.dll:3|.exe:3|.fxp:3|.gz:3|.hex:3|.hlp:3|.hqx:3|.hta:3|.inf:3|.ini:3|.ins:3|.isp:3|.its:3|.job:3|.js:3|.jse:3|.ksh:3|.lnk:3|.lzh:3|.mad:3|.maf:3|.mag:3|.mam:3|.maq:3|.mar:3|.mas:3|.mat:3|.mau:3|.mav:3|.maw:3|.mda:3|.mdb:3|.mde:3|.mdt:3|.mdw:3|.mdz:3|.msc:3|.msi:3|.msp:3|.mst:3|.ocx:3|.ops:3|.pcd:3|.pi:3|.pif:3|.prf:3|.prg:3|.pst:3|.rar:3|.reg:3|.scf:3|.scr:3|.sct:3|.sea:3|.shb:3|.shs:3|.sit:3|.tar:3|.taz:3|.tgz:3|.tmp:3|.url:3|.vb:3|.vbe:3|.vbs:3|.vsmacros:3|.vss:3|.vst:3|.vsw:3|.webloc:3|.ws:3|.wsc:3|.wsf:3|.wsh:3|.z:3|.zip:3|.zlo:3|.zoo:3|.pdf:2|.fdf:2|.jar:3|.pkg:3|.tool:3|.term:3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\9.0\FeatureLockDown\cDefaultLaunchURLPerms]
"tFlashContentSchemeWhiteList"="http|https|ftp|rtmp|rtmpe|rtmpt|rtmpte|rtmps|mailto"
"tSponsoredContentSchemeWhiteList"="http|https"
"tSchemePerms"="version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:2|file:1|rlogin:3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Peernet]
"Disabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Identities]
@=""
"Locked Down"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections]
"NC_PersonalFirewallConfig"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers]
"authenticodeenabled"=dword:00000000
"TransparentEnabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WSDAPI]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WSDAPI\Discovery Proxies]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client]
"fEnableUsbNoAckIsochWriteToDevice"=dword:00000050
"fEnableUsbBlockDeviceBySetupClass"=dword:00000001
"fEnableUsbSelectDeviceByInterface"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client\UsbBlockDeviceBySetupClasses]
"1000"="{3376f4ce-ff8d-40a2-a80f-bb4359d1415c}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client\UsbSelectDeviceByInterfaces]
"1000"="{6bdd1fc6-810f-11d0-bec7-08002be2092f}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Windows File Protection]
"KnownDllList"="nlhtml.dll"
"SFCDisable"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_CURRENT_USER\Software\Policies]

[HKEY_CURRENT_USER\Software\Policies\Microsoft]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\Certificates]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CRLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CTLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\Certificates]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CRLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CTLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers]
"DefaultLevel"=dword:00040000
"SaferFlags"=dword:00000000

[HKEY_CURRENT_USER\Software\Policies\Power]

[HKEY_CURRENT_USER\Software\Policies\Power\PowerSettings]



#15 GattSandy

GattSandy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:55 PM

Posted 13 May 2013 - 07:48 PM

Result3 (remote Win7 x86 PC):

 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=dword:00000001
"NoComponents"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments]
"ScanWithAntiVirus"=dword:00000003

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktop"=dword:00000001
"NoActiveDesktopChanges"=dword:00000001
"ForceActiveDesktopOn"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"=dword:00000001
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}"=dword:40000021
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"=dword:00000020

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000005
"ConsentPromptBehaviorUser"=dword:00000003
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000001
"EnableSecureUIAPaths"=dword:00000001
"EnableUIADesktopToggle"=dword:00000000
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"scforceoption"=dword:00000000
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"FilterAdministratorToken"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=dword:00000001
"CF_BITMAP"=dword:00000002
"CF_OEMTEXT"=dword:00000007
"CF_DIB"=dword:00000008
"CF_PALETTE"=dword:00000009
"CF_UNICODETEXT"=dword:0000000d
"CF_DIBV5"=dword:00000011

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\10.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\10.0\FeatureLockDown]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\10.0\FeatureLockDown\cDefaultExecMenuItems]
"tWhiteList"="Close|GeneralInfo|Quit|FirstPage|PrevPage|NextPage|LastPage|ActualSize|FitPage|FitWidth|FitHeight|SinglePage|OneColumn|TwoPages|TwoColumns|ZoomViewIn|ZoomViewOut|ShowHideBookmarks|ShowHideThumbnails|Print|GoToPage|ZoomTo|GeneralPrefs|SaveAs|FullScreenMode|OpenOrganizer|Scan|Web2PDF:OpnURL|AcroSendMail:SendMail|Spelling:Check Spelling|PageSetup|Find|FindSearch|GoBack|GoForward|FitVisible|ShowHideArticles|ShowHideFileAttachment|ShowHideAnnotManager|ShowHideFields|ShowHideOptCont|ShowHideModelTree|ShowHideSignatures|InsertPages|ExtractPages|ReplacePages|DeletePages|CropPages|RotatePages|AddFileAttachment|FindCurrentBookmark|BookmarkShowLocation|GoBackDoc|GoForwardDoc|DocHelpUserGuide|HelpReader|rolReadPage|HandMenuItem|ZoomDragMenuItem|CollectionPreview|CollectionHome|CollectionDetails|CollectionShowRoot|&Pages|Co&ntent|&Forms|Action &Wizard|Recognize &Text|P&rotection|&Sign && Certify|Doc&ument Processing|Print Pro&duction|Ja&vaScript|&Accessibility|Analy&ze|&Annotations|D&rawing Markups|Revie&w"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\10.0\FeatureLockDown\cDefaultLaunchAttachmentPerms]
"tBuiltInPermList"="version:1|.ade:3|.adp:3|.app:3|.arc:3|.arj:3|.asp:3|.bas:3|.bat:3|.bz:3|.bz2:3|.cab:3|.chm:3|.class:3|.cmd:3|.com:3|.command:3|.cpl:3|.crt:3|.csh:3|.desktop:3|.dll:3|.exe:3|.fxp:3|.gz:3|.hex:3|.hlp:3|.hqx:3|.hta:3|.inf:3|.ini:3|.ins:3|.isp:3|.its:3|.job:3|.js:3|.jse:3|.ksh:3|.lnk:3|.lzh:3|.mad:3|.maf:3|.mag:3|.mam:3|.maq:3|.mar:3|.mas:3|.mat:3|.mau:3|.mav:3|.maw:3|.mda:3|.mdb:3|.mde:3|.mdt:3|.mdw:3|.mdz:3|.msc:3|.msi:3|.msp:3|.mst:3|.ocx:3|.ops:3|.pcd:3|.pi:3|.pif:3|.prf:3|.prg:3|.pst:3|.rar:3|.reg:3|.scf:3|.scr:3|.sct:3|.sea:3|.shb:3|.shs:3|.sit:3|.tar:3|.taz:3|.tgz:3|.tmp:3|.url:3|.vb:3|.vbe:3|.vbs:3|.vsmacros:3|.vss:3|.vst:3|.vsw:3|.webloc:3|.ws:3|.wsc:3|.wsf:3|.wsh:3|.z:3|.zip:3|.zlo:3|.zoo:3|.pdf:2|.fdf:2|.jar:3|.pkg:3|.tool:3|.term:3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\10.0\FeatureLockDown\cDefaultLaunchURLPerms]
"tFlashContentSchemeWhiteList"="http|https|ftp|rtmp|rtmpe|rtmpt|rtmpte|rtmps|mailto"
"tSponsoredContentSchemeWhiteList"="http|https"
"tSchemePerms"="version:2|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:2|file:1|rlogin:3|javascript:4|data:3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Peernet]
"Disabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections]
"NC_PersonalFirewallConfig"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers]
"authenticodeenabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WSDAPI]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WSDAPI\Discovery Proxies]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client]
"fEnableUsbNoAckIsochWriteToDevice"=dword:00000050
"fEnableUsbBlockDeviceBySetupClass"=dword:00000001
"fEnableUsbSelectDeviceByInterface"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client\UsbBlockDeviceBySetupClasses]
"1000"="{3376f4ce-ff8d-40a2-a80f-bb4359d1415c}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client\UsbSelectDeviceByInterfaces]
"1000"="{6bdd1fc6-810f-11d0-bec7-08002be2092f}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Windows File Protection]
"KnownDllList"="nlhtml.dll"

[HKEY_CURRENT_USER\Software\Policies]

[HKEY_CURRENT_USER\Software\Policies\Microsoft]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\Certificates]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CRLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CTLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\Certificates]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CRLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CTLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsMediaPlayer]
"NoCodecDownload"=dword:00000001

[HKEY_CURRENT_USER\Software\Policies\Power]

[HKEY_CURRENT_USER\Software\Policies\Power\PowerSettings]






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users