This topic is lockedWe will attack the other computer when this one is cured
Are you able to access Microsoft sites now ?
Could you then continue with AVP
Google Redirect/Browser Update Virsu
Started by
rbarnhart1
, May 29 2011 09:17 PM
#31
Posted 05 June 2011 - 09:57 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
We will attack the other computer when this one is cured
Are you able to access Microsoft sites now ?
Could you then continue with AVP
#32
Posted 05 June 2011 - 07:26 PM
rbarnhart1
- Topic Starter
-
- Member
-
- 31 posts
Member
We are able to reach the Microsoft update site now. Here are the files:
AVP Report:
Autoscan: completed 5 hours ago (events: 2, objects: 1065575, time: 02:05:31)
6/5/2011 1:08:47 PM Task started
6/5/2011 3:14:18 PM Task completed
I've attached the zip file for sysinfo.
AVP Report:
Autoscan: completed 5 hours ago (events: 2, objects: 1065575, time: 02:05:31)
6/5/2011 1:08:47 PM Task started
6/5/2011 3:14:18 PM Task completed
I've attached the zip file for sysinfo.
Attached Files
-
avptool_sysinfo.zip 26.12KB
115 downloads
#33
Posted 06 June 2011 - 03:35 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
What problems now ?
Please download Malwarebytes' Anti-Malware from Here.
Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Please download Malwarebytes' Anti-Malware from Here.Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
#34
Posted 06 June 2011 - 05:48 PM
rbarnhart1
- Topic Starter
-
- Member
-
- 31 posts
Member
The MBAM scan came back clean, like last time. Nothing found. So far, the virus has not returned in the last couple of days. Maybe we got it this time...I hope. I guess we'll have to keep watching it to see. Should we proceed with the other infected computer?
#35
Posted 07 June 2011 - 06:38 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Aye - at the end I will include a cleanup routine that can be applied to all systems
#36
Posted 07 June 2011 - 07:44 PM
rbarnhart1
- Topic Starter
-
- Member
-
- 31 posts
Member
Should I go back to the original steps you provided in the first post and go from there?
#37
Posted 08 June 2011 - 03:56 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Aye but to save you looking here they are again
Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
THEN
Download OTL to your Desktop
Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
THEN
Download OTL to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Select All Users
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Post both logs
#38
Posted 08 June 2011 - 05:20 PM
rbarnhart1
- Topic Starter
-
- Member
-
- 31 posts
Member
aswMBr won't finish scanning. I get a message saying something caused it to stop working and the program terminates. Should I try OTL or should I do something else first?
#39
Posted 09 June 2011 - 04:11 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
No go straight to OTL and then follow up with TDSSKiller
Please read carefully and follow these steps.
Please read carefully and follow these steps.
- Download TDSSKiller and save it to your Desktop.
- Extract its contents to your desktop.
- Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
- If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
#40
Posted 09 June 2011 - 07:51 PM
rbarnhart1
- Topic Starter
-
- Member
-
- 31 posts
Member
Ok...I ran the OTL and TDS Killer.
OTL Log:
OTL logfile created on: 6/9/2011 9:28:43 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Tamara\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 51.53% Memory free
4.21 Gb Paging File | 2.65 Gb Available in Paging File | 62.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.83 Gb Total Space | 175.75 Gb Free Space | 60.22% Space Free | Partition Type: NTFS
Drive D: | 6.26 Gb Total Space | 0.87 Gb Free Space | 13.98% Space Free | Partition Type: NTFS
Drive K: | 1.86 Gb Total Space | 1.70 Gb Free Space | 91.09% Space Free | Partition Type: FAT32
Computer Name: MY-PC | User Name: Tamara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/05/30 11:31:06 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Tamara\Desktop\OTL.exe
PRC - [2011/04/01 20:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
PRC - [2011/01/30 11:45:14 | 001,306,008 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/11/23 20:53:58 | 004,781,352 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe
PRC - [2009/11/23 20:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2009/11/23 20:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Pen_Tablet.exe
PRC - [2009/11/23 20:53:56 | 001,823,528 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\WTablet\Pen_TabletUser.exe
PRC - [2009/11/18 04:42:52 | 000,275,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2009/11/18 04:02:34 | 000,563,840 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
PRC - [2009/11/18 04:02:34 | 000,173,696 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
PRC - [2009/11/17 20:49:08 | 000,366,720 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
PRC - [2009/09/15 19:47:44 | 000,878,080 | ---- | M] (ActMask Co.,Ltd - http://www.all2pdf.com) -- C:\WINDOWS\System32\PrintDisp.exe
PRC - [2009/06/16 07:38:34 | 000,077,824 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\PrintCtrl.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/02/15 17:34:39 | 001,358,384 | R--- | M] (Linksys, LLC) -- C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/06/02 18:50:34 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/06/02 18:50:32 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/01/19 03:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2007/11/09 13:35:06 | 000,077,876 | ---- | M] (SafeNet) -- C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
PRC - [2007/11/09 13:35:04 | 000,413,746 | ---- | M] (SafeNet) -- C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
PRC - [2007/11/09 13:35:04 | 000,073,782 | ---- | M] (SafeNet) -- C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
PRC - [2007/08/29 22:12:30 | 000,344,064 | ---- | M] (Kmaestro) -- C:\Program Files\HP USB Multimedia Keyboard\Kmaestro.exe
PRC - [2007/07/03 17:30:46 | 005,585,408 | ---- | M] (Chicony) -- C:\WINDOWS\CNYHKey.exe
PRC - [2007/01/08 15:51:56 | 000,053,248 | ---- | M] (Chicony) -- C:\WINDOWS\ModLEDKey.exe
PRC - [2006/09/28 09:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/09/03 14:32:28 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2002/03/19 12:15:46 | 000,036,864 | ---- | M] (D-Link) -- C:\Program Files\WZCBDL Service\WZCBDLS.exe
========== Modules (SafeList) ==========
MOD - [2011/05/30 11:31:06 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Tamara\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/04/01 20:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/22 15:20:39 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/21 13:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 13:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/11/23 20:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009/11/23 20:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009/11/18 04:42:52 | 000,253,568 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/11/18 04:16:42 | 000,137,344 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2009/06/16 07:38:34 | 000,077,824 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [Auto | Running] -- C:\WINDOWS\System32\PrintCtrl.exe -- (Printer Control)
SRV - [2009/04/11 02:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/06/02 18:50:34 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/09 13:35:04 | 000,413,746 | ---- | M] (SafeNet) [Auto | Running] -- C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe -- (IreIKE)
SRV - [2007/11/09 13:35:04 | 000,073,782 | ---- | M] (SafeNet) [Auto | Running] -- C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe -- (IPSECMON)
SRV - [2006/09/11 20:02:44 | 000,544,256 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2006/09/11 20:01:04 | 000,167,936 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2006/09/11 19:56:32 | 000,075,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2006/09/11 19:56:20 | 000,188,416 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2006/09/03 14:32:28 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/01 03:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2006/05/10 13:13:52 | 000,029,696 | R--- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)
SRV - [2002/03/19 12:15:46 | 000,036,864 | ---- | M] (D-Link) [Auto | Start_Pending] -- C:\Program Files\WZCBDL Service\WZCBDLS.exe -- (WZCBDLService)
========== Driver Services (SafeList) ==========
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/01 23:15:04 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/04/03 11:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2009/07/09 13:16:24 | 000,013,480 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\WacomVTHid.sys -- (WacomVTHid)
DRV - [2009/05/20 15:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2008/12/12 19:05:18 | 000,026,416 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 19:05:18 | 000,024,880 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/12/05 19:32:02 | 000,655,872 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/11/09 13:20:50 | 000,138,296 | ---- | M] (SafeNet) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\IpSecDrv.sys -- (IPSECDRV)
DRV - [2007/10/26 15:41:58 | 000,027,408 | ---- | M] (Deterministic Networks Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\vapco.sys -- (DniVap) SafeNet WAN Miniport (VA)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/07 09:40:46 | 000,128,144 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/02/16 15:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006/07/13 14:14:16 | 000,004,608 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2005/12/12 12:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005/08/15 08:27:32 | 000,536,634 | ---- | M] (SafeNet) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\Crypto.sys -- (Crypto)
DRV - [2002/09/27 18:21:26 | 000,022,912 | ---- | M] (D-Link Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\NIOC.sys -- (NIOC)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2418376
IE - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001\..\URLSearchHook: {DC94FEC3-3F89-46D5-B104-ABEBB4940DDA} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/08 17:19:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/08 18:36:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/08 18:36:30 | 000,000,000 | ---D | M]
[2010/08/25 08:40:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tamara\AppData\Roaming\mozilla\Extensions
[2010/08/25 08:40:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tamara\AppData\Roaming\mozilla\Extensions\{fa12e233-4cc1-431c-be50-f3e47860a7ea}
[2009/07/31 10:30:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tamara\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/06/08 13:37:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tamara\AppData\Roaming\mozilla\Firefox\Profiles\u7vwi61q.default\extensions
[2011/03/22 08:57:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tamara\AppData\Roaming\mozilla\Firefox\Profiles\u7vwi61q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/13 18:55:55 | 000,000,000 | ---D | M] (PageTheme) -- C:\Users\Tamara\AppData\Roaming\mozilla\Firefox\Profiles\u7vwi61q.default\extensions\{A5DCA3F5-ED5A-4ed3-9671-DBB0C68FA469}
[2011/05/04 19:05:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Tamara\AppData\Roaming\mozilla\Firefox\Profiles\u7vwi61q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/04/17 11:33:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/03 09:14:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/23 21:58:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/27 06:46:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/17 11:33:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/08 18:36:25 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2011/06/08 18:36:27 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (PageTheme) - {CC0F2900-8A5B-4D0D-9E44-10435BC40774} - C:\Program Files\PageTheme\PageTheme.dll (TODO: <Company name>)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001\..\Toolbar\WebBrowser: (My Power Mall Toolbar) - {AB455519-4E14-498B-A0A9-7DCEF42440FC} - File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BtcMaestro] C:\Program Files\HP USB Multimedia Keyboard\KMaestro.exe (Kmaestro)
O4 - HKLM..\Run: [CCUTRAYICON] File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LchDrv] C:\Windows\LchDrvKey.exe ()
O4 - HKLM..\Run: [ledpointer] C:\Windows\CNYHKey.exe (Chicony)
O4 - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)
O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PrintDisp] C:\WINDOWS\System32\PrintDisp.exe (ActMask Co.,Ltd - http://www.all2pdf.com)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SkypeCtl] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\WINDOWS\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001..\Run: [48F1E587052B947E85A0B40D73622E63] File not found
O4 - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001..\Run: [WindowsUpdate] C:\Users\Tamara\AppData\Roaming\WindowsUpdate\winupdate.exe.exe ()
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O4 - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10p_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ubisoft register.lnk = File not found
O7 - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.196.228.36 207.40.122.15 216.68.1.100
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/17 20:44:10 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/11/22 14:08:16 | 000,000,110 | -H-- | M] () - K:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011/06/08 19:15:11 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Tamara\Desktop\OTL.exe
[2011/06/08 19:15:07 | 000,586,240 | ---- | C] (AVAST Software) -- C:\Users\Tamara\Desktop\aswMBR.exe
[2011/06/06 10:06:57 | 000,000,000 | ---D | C] -- C:\Users\Tamara\AppData\Roaming\TeamViewer
[2011/06/03 01:48:46 | 000,000,000 | ---D | C] -- C:\3fe860b0b1f8d3bf5550003d8aad6e73
[2011/05/23 20:11:23 | 000,000,000 | ---D | C] -- C:\Users\Tamara\AppData\Roaming\TS3Client
[2011/05/23 20:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2011/05/23 20:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/06/09 21:10:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3253985537-1783120850-3274599005-1001.job
[2011/06/09 21:03:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3253985537-1783120850-3274599005-1001UA.job
[2011/06/09 20:16:46 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/09 20:16:46 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/09 15:58:01 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Tamara.job
[2011/06/09 02:03:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3253985537-1783120850-3274599005-1001Core.job
[2011/06/08 19:15:58 | 000,743,952 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/08 19:15:57 | 000,153,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/30 11:31:06 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Tamara\Desktop\OTL.exe
[2011/05/30 10:15:43 | 000,000,905 | ---- | M] () -- C:\Users\Tamara\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/30 10:13:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/30 10:13:07 | 2137,485,312 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/30 10:05:58 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/05/30 10:05:58 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/05/30 10:05:44 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/05/30 09:32:38 | 000,586,240 | ---- | M] (AVAST Software) -- C:\Users\Tamara\Desktop\aswMBR.exe
[2011/05/23 20:08:43 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/06/08 18:36:31 | 000,000,820 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/30 10:05:44 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/05/23 20:08:20 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011/03/13 18:56:53 | 000,043,520 | ---- | C] () -- C:\Windows\System32\sutil32.dll
[2011/01/30 09:45:04 | 000,552,448 | ---- | C] () -- C:\Windows\mHotkey.exe
[2011/01/30 09:45:04 | 000,294,912 | ---- | C] () -- C:\Windows\PIC.dll
[2011/01/30 09:45:04 | 000,049,152 | ---- | C] () -- C:\Windows\CNYUSB.dll
[2011/01/30 09:45:04 | 000,036,864 | ---- | C] () -- C:\Windows\LchDrvKey.exe
[2011/01/30 09:45:04 | 000,024,576 | ---- | C] () -- C:\Windows\HKNTDLL.dll
[2011/01/30 09:45:04 | 000,011,776 | ---- | C] () -- C:\Windows\HIDMNT.dll
[2011/01/30 09:45:04 | 000,005,120 | ---- | C] () -- C:\Windows\HKCYDLL.dll
[2011/01/30 09:45:04 | 000,000,360 | ---- | C] () -- C:\Windows\CNYHKey.ini
[2010/09/08 17:09:50 | 000,172,241 | ---- | C] () -- C:\Windows\hpoins37.dat
[2010/08/25 08:40:21 | 000,691,200 | ---- | C] () -- C:\Windows\System32\PrintLog.exe
[2010/08/25 08:40:21 | 000,524,288 | ---- | C] () -- C:\Windows\System32\PrtPass.exe
[2010/08/23 22:22:04 | 000,148,984 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010/08/23 22:21:47 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010/07/06 06:08:51 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2010/06/27 03:52:42 | 000,000,029 | ---- | C] () -- C:\Windows\PControl.ini
[2010/03/21 08:52:28 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2010/03/21 08:52:27 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2010/02/02 16:05:58 | 000,000,558 | ---- | C] () -- C:\Windows\hpomdl37.dat
[2010/01/29 12:46:08 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/01/29 12:46:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/10 11:00:46 | 000,000,552 | ---- | C] () -- C:\Users\Tamara\AppData\Local\d3d8caps.dat
[2009/05/25 11:24:51 | 000,000,680 | ---- | C] () -- C:\Users\Tamara\AppData\Local\d3d9caps.dat
[2009/03/01 21:14:23 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/02/25 12:01:21 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009/02/24 19:34:56 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI
[2008/11/14 19:37:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/03/29 08:51:08 | 000,031,007 | ---- | C] () -- C:\Users\Tamara\AppData\Roaming\UserTile.png
[2008/03/25 16:56:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2008/01/24 21:23:45 | 000,000,715 | ---- | C] () -- C:\Windows\Edmark.ini
[2008/01/24 21:21:04 | 000,000,519 | ---- | C] () -- C:\Windows\pipeline.ini
[2008/01/23 22:35:09 | 000,000,087 | ---- | C] () -- C:\Windows\encore_launcher.ini
[2008/01/23 22:33:39 | 000,000,163 | ---- | C] () -- C:\Windows\compedia.ini
[2008/01/23 15:14:50 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2008/01/23 14:24:57 | 000,000,035 | ---- | C] () -- C:\Windows\A4W.INI
[2008/01/23 14:15:30 | 000,000,196 | ---- | C] () -- C:\Windows\QTW.INI
[2008/01/01 12:40:47 | 000,083,216 | ---- | C] () -- C:\Windows\System32\KmRemove.exe
[2007/12/06 19:23:17 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/09/25 19:24:48 | 000,027,648 | ---- | C] () -- C:\Users\Tamara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/18 16:19:17 | 000,000,110 | ---- | C] () -- C:\Users\Tamara\AppData\Roaming\wklnhst.dat
[2007/08/24 20:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/03/06 11:49:42 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2007/01/17 20:37:06 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe
[2007/01/17 20:32:58 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/01/17 20:32:58 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/01/17 20:23:22 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2006/11/09 10:19:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,304,344 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,743,952 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,153,924 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/11 03:00:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/08/11 03:00:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/06/23 14:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2005/07/12 14:44:42 | 000,015,872 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.DLL
[2004/09/16 16:24:26 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll
[2004/03/23 16:38:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll
[2003/04/02 10:13:58 | 000,086,016 | ---- | C] () -- C:\Windows\System32\minunzip.dll
[2003/03/14 12:24:00 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe
[2002/06/09 13:07:30 | 000,053,315 | ---- | C] () -- C:\Windows\System32\DevCtrl.dll
========== LOP Check ==========
[2010/08/25 08:39:56 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\AVE INTERVISION
[2010/07/03 09:15:04 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\DAEMON Tools Lite
[2011/04/28 03:24:54 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\FileZilla
[2009/08/05 21:35:23 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\FrostWire
[2010/11/01 06:59:58 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\GetRightToGo
[2010/06/20 17:47:19 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\Image Zone Express
[2009/07/31 10:49:40 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\LimeWire
[2010/07/03 09:25:15 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\My Games
[2009/10/02 18:36:33 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\Notepad++
[2010/11/16 19:10:14 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\OverDrive
[2008/03/29 08:51:07 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\PeerNetworking
[2009/08/23 20:32:04 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\PlayFirst
[2008/06/16 22:05:02 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\Printer Info Cache
[2007/09/04 11:02:06 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\School Zone Preferences
[2011/06/06 10:06:57 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\TeamViewer
[2007/09/18 16:19:19 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\Template
[2011/06/01 12:52:01 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\TS3Client
[2011/01/02 10:54:43 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\Unity
[2011/04/23 10:46:34 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\WinBatch
[2010/05/28 08:07:17 | 000,000,000 | RHSD | M] -- C:\Users\Tamara\AppData\Roaming\WindowsUpdate
[2010/08/22 14:56:33 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\WTouch
[2011/05/30 10:11:34 | 000,032,588 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/14 10:15:05 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/14 10:15:05 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: SVCHOST.EXE >
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\System32\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
< MD5 for: USERINIT.EXE >
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\System32\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< %systemroot%\*. /mp /s >
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/08 18:36:27 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/08 18:36:27 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/08 18:36:27 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/08 18:36:25 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/08 18:36:25 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/08 18:36:25 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Tamara\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/06 01:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Tamara\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/06 01:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Tamara\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/06 01:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Tamara\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/06/06 01:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/30 10:05:44 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/30 10:05:44 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/30 10:05:44 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/30 10:05:45 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/30 10:05:45 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/08/20 17:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/08/20 17:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/08/20 17:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2010/08/20 17:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
========== Alternate Data Streams ==========
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:17639624
< End of report >
Extras:
OTL Extras logfile created on: 6/9/2011 9:28:43 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Tamara\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 51.53% Memory free
4.21 Gb Paging File | 2.65 Gb Available in Paging File | 62.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.83 Gb Total Space | 175.75 Gb Free Space | 60.22% Space Free | Partition Type: NTFS
Drive D: | 6.26 Gb Total Space | 0.87 Gb Free Space | 13.98% Space Free | Partition Type: NTFS
Drive K: | 1.86 Gb Total Space | 1.70 Gb Free Space | 91.09% Space Free | Partition Type: FAT32
Computer Name: MY-PC | User Name: Tamara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenAsAWebSite] -- C:\Program Files\Microsoft WebMatrix\WebMatrix.exe #ExecuteCommand# SiteFromFolder %L (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A0AF61D9-3042-4B97-AE07-8E3C4B4D3F9F}" = lport=9442 | protocol=17 | dir=in | name=intel® viiv™ media server discovery |
"{CE6DEE4A-F661-4B4B-B5CA-F6453625B751}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{EF3DB2ED-E806-4F72-84C2-CBB4AA919A52}" = lport=1900 | protocol=17 | dir=in | name=intel® viiv™ media server upnp discovery |
"{FE45D818-4851-4C7F-838E-9B20EBE595C0}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DEE81B-CD45-4138-A267-79BAC7DCAA69}" = protocol=17 | dir=in | app=c:\program files\juniper\netscreen-remote\cmonapp.exe |
"{06286B84-176F-4DDC-9301-43BEFEE37911}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{0717F2AE-58C7-4797-8705-CFD41269A07B}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{13D437EB-ED42-4088-966B-D7616411B9C5}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqgplgtupl.exe |
"{154FC7AE-ABB5-4160-B999-0B2A4A56362E}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{15E6FE3F-E3B3-47F6-A547-A12E64E336B7}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqgpc01.exe |
"{16941101-7F2B-4446-8DCD-7DCD8919AC09}" = protocol=6 | dir=in | app=c:\program files\juniper\netscreen-remote\cmonapp.exe |
"{16C5E538-2E78-40B0-900B-B2ECF9ABC5B6}" = protocol=6 | dir=in | app=c:\program files\civilization4.exe |
"{1BDA3D4F-083F-443F-8739-8E2F8272314E}" = dir=in | app=c:\program files\hp connections\6811507\program\hp connections |
"{25372217-71F2-47D5-915D-53C66B7E532A}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{25E1E073-0282-454A-AEF5-4D24324C3F47}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{2BA5E981-F444-4993-95C3-00C4E1C6A58C}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{33AF887F-C5F4-4BC3-8A41-98ED6ABFADA8}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{3A9351EA-CFF7-43CA-9278-5C4895DEC9AF}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{3A9ABCA6-4D05-4896-A19D-40EBFBD05CBD}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{42D5136D-C316-4D1B-8804-D0D91C3001DC}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpiscnapp.exe |
"{43C90D98-FE68-4A2E-8737-94CAFF54305A}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{45A4F15B-B706-41DD-9976-80170ACDBBDD}" = protocol=6 | dir=in | app=c:\program files\starcraft ii beta\starcraft ii.exe |
"{46790047-4CFE-45D0-8E1D-CE7ABFEF713C}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqcopy2.exe |
"{4BD45088-A832-4FF9-A87F-32DF94C40ABA}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{4CD9CB87-05CD-4943-AF37-0174411F1E09}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{52477BE7-12ED-43DA-9F70-B6210C65F7EC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{616EE67D-D8D1-4C18-A60B-2E70605539B2}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{62B9A7FC-19BD-4087-B36A-7264D361B812}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{66B74225-33DD-4A62-B0EB-8CFB106DCD4A}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpfccopy.exe |
"{698E3B78-AC8D-4CFA-9328-00B05F3D4B42}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hposfx08.exe |
"{6D88740F-92A0-4DBB-85D2-D02781AD84EA}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\smart web printing\smartwebprintexe.exe |
"{708C009A-D06D-47FC-A326-A72BB23632A6}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{737D7A08-1210-4111-AA3D-8DA19A0FAC34}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe |
"{739BA119-8330-4CCD-9587-9637F0BCEEE9}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqnrs08.exe |
"{74BF18AF-DEC5-4517-B254-6E1ACB57085E}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{78792A47-51F4-41E8-9AC4-B17622078256}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{79CE4F2B-1FA3-426F-A965-B21A09EEF88B}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{7C997FC5-A4DF-491C-BD3C-9AE19ED1CD46}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpofxm08.exe |
"{7EB99517-2B38-445D-A588-541A99BFF8F4}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqusgh.exe |
"{80EACC51-7933-41F0-BEBD-A59E40966F1D}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{81F0050A-F8D6-4DCF-AC54-5E50AE83C5B9}" = protocol=6 | dir=in | app=c:\program files\juniper\netscreen-remote\ireike.exe |
"{84C5C837-31E2-4D86-826D-4314B8312FE7}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{85D16A45-54BE-4B01-9D00-19C0B3B18DDF}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{8D6D829B-43EA-470A-A2AB-8A0407948AE8}" = protocol=17 | dir=in | app=c:\program files\civilization4.exe |
"{A4C3AC46-F071-4B1E-B17C-CE79CE303465}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqusgm.exe |
"{A620986A-87EC-4ED8-B94F-B25173F98FF8}" = protocol=17 | dir=in | app=c:\program files\juniper\netscreen-remote\viewlog.exe |
"{AB83ABF1-1858-40D4-9F1F-04AF80B31493}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{B1713BAF-35CA-466A-8681-0E866C972996}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B4217B05-446C-4BFE-8609-E2B9ECC4AD32}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpoews01.exe |
"{B4BC03BB-5FAB-4259-89B6-EFB1C0EE455E}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqste08.exe |
"{C4BEB658-3D37-4038-8AEE-4F084AEF514F}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{C9279C9F-1914-4FC5-AE63-E1A6D6151CCC}" = protocol=17 | dir=in | app=c:\program files\juniper\netscreen-remote\ireike.exe |
"{CB5C8F58-9BF8-4760-883E-5B1B4C45FF2D}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hposid01.exe |
"{CE6F4D86-F9CB-42F9-9CB6-68D84686722B}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{CED77D9A-2859-4584-A45B-070B404FFE3D}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{D37CA1CC-AE3E-42F4-8DA7-8F024EADC7E4}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqkygrp.exe |
"{D3CDEF08-A324-410D-AB25-FB45E6EC4307}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{DD67D7FD-1945-4A8F-94FB-1A990C5F72C7}" = protocol=17 | dir=in | app=c:\program files\starcraft ii beta\starcraft ii.exe |
"{E1322114-ADEC-47AC-85E2-E9D2332F8505}" = protocol=6 | dir=in | app=c:\program files\juniper\netscreen-remote\viewlog.exe |
"{EBF16CE9-8317-423D-B451-DDEDA55AED15}" = protocol=17 | dir=in | app=c:\program files\juniper\netscreen-remote\vpn.exe |
"{F1AADB8E-8B58-4E85-8F7B-DF781B6965ED}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpzwiz01.exe |
"{F32B3E96-E3E9-4952-84E5-C7D17B68E21B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{FA4D3992-8136-4E74-9CBA-FDB31CC6FBF0}" = protocol=6 | dir=in | app=c:\program files\juniper\netscreen-remote\vpn.exe |
"{FC2676CC-08B2-4158-8B61-57BBB1FFABBD}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpofxs08.exe |
"{FE95422C-3743-42FA-8078-E6281DEFE72F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{07D0DA46-22F0-4815-A015-EA68369ADF06}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{0A210942-E6F0-481D-9702-DAFA30A9B989}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{0F6D634E-8BA9-4506-A2EB-3B5067951B17}C:\program files\starcraft-1153\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft-1153\starcraft\starcraft.exe |
"TCP Query User{129139B5-88C2-416A-B5B4-A99F22C5475A}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{19634A73-A89E-4200-91DB-7E78C2E1840E}C:\program files\starcraft ii beta\versions\base14219\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii beta\versions\base14219\sc2.exe |
"TCP Query User{274EA35D-5370-41A6-83FB-E315EAAA2DF5}C:\perflogs\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\perflogs\starcraft\starcraft.exe |
"TCP Query User{318EEE96-7375-4499-ABD8-A455E733F327}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{3FE7238F-35DD-441F-A1ED-6F43D78AD2AE}C:\perflogs\starcraft 2\starcraft ii beta\versions\base14093\sc2.exe" = protocol=6 | dir=in | app=c:\perflogs\starcraft 2\starcraft ii beta\versions\base14093\sc2.exe |
"TCP Query User{47F73C72-AAD6-45D3-9484-CBA914B36251}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{4A50AFBE-42C5-4144-923D-6FD625E10FC9}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{5244937F-2721-4C57-8621-EE28C651361F}C:\users\tamara\desktop\pictures\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\users\tamara\desktop\pictures\limewire\limewire.exe |
"TCP Query User{57E569AC-6813-4C41-8809-35CB7F259647}C:\users\tamara\downloads\starcraft 2\starcraft ii beta\versions\base15449\sc2.exe" = protocol=6 | dir=in | app=c:\users\tamara\downloads\starcraft 2\starcraft ii beta\versions\base15449\sc2.exe |
"TCP Query User{5CFE1EFC-87E1-4687-9103-9EFE293D8467}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{5ED85274-33E6-4926-B4FE-ADC07BBB448A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{60A20F1F-C58E-4186-BE5C-3659CBF97EA8}C:\users\tamara\downloads\starcraft 2\starcraft ii beta\versions\base14803\sc2.exe" = protocol=6 | dir=in | app=c:\users\tamara\downloads\starcraft 2\starcraft ii beta\versions\base14803\sc2.exe |
"TCP Query User{6897CC40-59CE-45D7-9E54-B4D19A2EA9BE}C:\program files\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base18574\sc2.exe |
"TCP Query User{734D6B25-B433-4C2E-9224-448CC08C06EB}C:\users\tamara\downloads\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\users\tamara\downloads\starcraft\starcraft.exe |
"TCP Query User{784BE5DC-53DC-4046-AB03-A0A9EE2B77D9}C:\perflogs\starcraft 2\starcraft ii beta\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\perflogs\starcraft 2\starcraft ii beta\support\blizzarddownloader.exe |
"TCP Query User{7B1F2BCD-3AF3-42E4-9AF3-8AC7EDB5B211}C:\program files\starcraft shareware(ed)\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft shareware(ed)\starcraft.exe |
"TCP Query User{7BF992C9-12ED-4462-8AA0-CBECC1D168A6}C:\program files\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base18092\sc2.exe |
"TCP Query User{7DEB7A71-0069-4B0E-9BCF-EBA3B66814F0}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{86F79C8F-ED1A-43BE-ABA0-6D7F4F0F4D7F}C:\program files\gamehouse\whatword\whatword.exe" = protocol=6 | dir=in | app=c:\program files\gamehouse\whatword\whatword.exe |
"TCP Query User{8DD68BD3-9527-4FA7-BAE5-936682C95DCB}C:\users\tamara\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\tamara\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{932B1675-13F5-43AC-8BF0-619A93DC1A8D}C:\users\tamara\downloads\starcraft_2_eu_en-gb.exe" = protocol=6 | dir=in | app=c:\users\tamara\downloads\starcraft_2_eu_en-gb.exe |
"TCP Query User{9DC313A7-84AA-4C91-9A2D-2B60A4FD0255}C:\program files\starcraft ii beta\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii beta\support\blizzarddownloader.exe |
"TCP Query User{B50ADD63-158A-467F-836A-744F0301E3B3}C:\program files\hp games\wheel of fortune\wheel of fortune.exe" = protocol=6 | dir=in | app=c:\program files\hp games\wheel of fortune\wheel of fortune.exe |
"TCP Query User{B5B8EF10-E845-40FB-BA3A-6AEEAFE22201}C:\program files\hp games\jeopardy\jeopardy!.exe" = protocol=6 | dir=in | app=c:\program files\hp games\jeopardy\jeopardy!.exe |
"TCP Query User{B759A955-B631-42CF-AB95-4DDE6B2515AF}C:\perflogs\starcraft 2\starcraft ii beta\versions\base15580\sc2.exe" = protocol=6 | dir=in | app=c:\perflogs\starcraft 2\starcraft ii beta\versions\base15580\sc2.exe |
"TCP Query User{B9FD0615-B5CF-4867-9BDD-8D41B9FE038A}C:\perflogs\starcraft 2\starcraft ii beta\starcraft ii.exe" = protocol=6 | dir=in | app=c:\perflogs\starcraft 2\starcraft ii beta\starcraft ii.exe |
"TCP Query User{BB16E8C2-10D2-4892-ADBF-6BE31CC2ED61}C:\program files\starcraft ii beta\versions\base13891\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii beta\versions\base13891\sc2.exe |
"TCP Query User{BFD97AD4-B724-404D-8186-A66034B866B1}C:\users\tamara\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\tamara\downloads\utorrent.exe |
"TCP Query User{C3CE42FA-3CC2-4BCA-985A-3AB4EDE51CC8}C:\perflogs\starcraft 2\starcraft ii beta\versions\base15449\sc2.exe" = protocol=6 | dir=in | app=c:\perflogs\starcraft 2\starcraft ii beta\versions\base15449\sc2.exe |
"TCP Query User{C834839F-B6E6-4F52-AE39-CAD8BCE0916E}C:\users\tamara\downloads\starcraft 2\starcraft ii beta\starcraft ii.exe" = protocol=6 | dir=in | app=c:\users\tamara\downloads\starcraft 2\starcraft ii beta\starcraft ii.exe |
"TCP Query User{CA92F4C2-DE67-4B2F-BF1D-ED04D1087219}C:\perflogs\utorrent.exe" = protocol=6 | dir=in | app=c:\perflogs\utorrent.exe |
"TCP Query User{CB207697-EC0A-40E4-A6FD-39270F5ED72D}C:\users\tamara\downloads\starcraft 2\starcraft ii beta\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\users\tamara\downloads\starcraft 2\starcraft ii beta\support\blizzarddownloader.exe |
"TCP Query User{D395774B-5479-4A56-BC38-FC0B7B99160C}C:\users\tamara\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\tamara\desktop\utorrent.exe |
"TCP Query User{D6F24360-92D8-4C67-A3A9-04D267CFCCAC}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{DFEA96EF-6744-47EE-A281-8862AC188CAC}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"TCP Query User{E98C91E5-352A-4D69-B6F6-07BF7E58BDF9}C:\users\tamara\downloads\starcraft 2\starcraft ii beta\versions\base14093\sc2.exe" = protocol=6 | dir=in | app=c:\users\tamara\downloads\starcraft 2\starcraft ii beta\versions\base14093\sc2.exe |
"TCP Query User{EE7355AC-073E-45BF-B4E9-07BE5BB50D78}C:\program files\starcraft shareware(ed)\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft shareware(ed)\starcraft.exe |
"TCP Query User{F2997359-F62B-4977-ACAC-F4196B6989A3}C:\users\tamara\desktop\pictures\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\users\tamara\desktop\pictures\frostwire\frostwire.exe |
"UDP Query User{05DE5EC7-DB8F-4108-9528-B78B0AEEFD57}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{0B24FCBB-6C70-4D4E-8288-E7D8017393FF}C:\users\tamara\downloads\starcraft 2\starcraft ii beta\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\users\tamara\downloads\starcraft 2\starcraft ii beta\support\blizzarddownloader.exe |
"UDP Query User{1889751D-495B-47FD-9A7A-30670A8FF4DC}C:\perflogs\starcraft 2\starcraft ii beta\starcraft ii.exe" = protocol=17 | dir=in | app=c:\perflogs\starcraft 2\starcraft ii beta\starcraft ii.exe |
"UDP Query User{1F7F3E27-D6A6-4BC6-9B22-885F1CB39FA3}C:\users\tamara\downloads\starcraft 2\starcraft ii beta\versions\base14093\sc2.exe" = protocol=17 | dir=in | app=c:\users\tamara\downloads\starcraft 2\starcraft ii beta\versions\base14093\sc2.exe |
"UDP Query User{24614A4A-97AA-41C1-983F-CDCF34D49347}C:\program files\hp games\jeopardy\jeopardy!.exe" = protocol=17 | dir=in | app=c:\program files\hp games\jeopardy\jeopardy!.exe |
"UDP Query User{25039EE8-5735-4FCD-9ACC-7FDB3FDB59AF}C:\perflogs\starcraft 2\starcraft ii beta\versions\base14093\sc2.exe" = protocol=17 | dir=in | app=c:\perflogs\starcraft 2\starcraft ii beta\versions\base14093\sc2.exe |
"UDP Query User{262360D5-A44B-4073-8B6B-1C48FFD68D77}C:\program files\starcraft shareware(ed)\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft shareware(ed)\starcraft.exe |
"UDP Query User{2E95F22D-5531-4DB4-A67D-9D23FAF9469F}C:\users\tamara\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\tamara\downloads\utorrent.exe |
"UDP Query User{326B9ABE-9868-4D69-89CE-1FEE108D2F09}C:\perflogs\utorrent.exe" = protocol=17 | dir=in | app=c:\perflogs\utorrent.exe |
"UDP Query User{32E908F8-E522-42FD-A9FE-446F4F7ED12B}C:\users\tamara\downloads\starcraft 2\starcraft ii beta\starcraft ii.exe" = protocol=17 | dir=in | app=c:\users\tamara\downloads\starcraft 2\starcraft ii beta\starcraft ii.exe |
"UDP Query User{453933B8-C934-4C82-8649-A94D961646EA}C:\program files\starcraft-1153\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft-1153\starcraft\starcraft.exe |
"UDP Query User{4B54F997-31AE-4D8C-B94F-B22EDA3A69DA}C:\users\tamara\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\tamara\desktop\utorrent.exe |
"UDP Query User{4ED27D2A-2C29-4C7D-BA34-011CCC179503}C:\perflogs\starcraft 2\starcraft ii beta\versions\base15580\sc2.exe" = protocol=17 | dir=in | app=c:\perflogs\starcraft 2\starcraft ii beta\versions\base15580\sc2.exe |
"UDP Query User{4F6A98F3-BF05-483F-A9D0-AB8A8C7F38B0}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{5A3818B6-F744-4607-89D0-DDCBC8D5B86F}C:\users\tamara\downloads\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\users\tamara\downloads\starcraft\starcraft.exe |
"UDP Query User{5A91AB44-2179-4949-A018-9BA232E15466}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{6AB719EC-5081-4985-8DF6-AB0E395AACE3}C:\perflogs\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\perflogs\starcraft\starcraft.exe |
"UDP Query User{74045332-999E-4775-A20C-F1B85C9875E6}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{7AEF1390-12CD-4AAD-A867-780C5C62083B}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{7FB1F021-0EDD-44E5-9C1D-F9F752029F23}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{80196D89-6514-40F2-A997-8FE1EA34392E}C:\users\tamara\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\tamara\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{8228B638-52F7-4E86-ACBD-9D0666BD8C07}C:\program files\starcraft ii beta\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii beta\support\blizzarddownloader.exe |
"UDP Query User{977449F4-0D80-4837-9764-3C668155FCC9}C:\program files\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base18574\sc2.exe |
"UDP Query User{A07AA142-2A00-4558-AB63-7CAF8D926DDD}C:\users\tamara\downloads\starcraft 2\starcraft ii beta\versions\base14803\sc2.exe" = protocol=17 | dir=in | app=c:\users\tamara\downloads\starcraft 2\starcraft ii beta\versions\base14803\sc2.exe |
"UDP Query User{A740C51C-1780-4A64-888A-9EE5E6C013BD}C:\program files\hp games\wheel of fortune\wheel of fortune.exe" = protocol=17 | dir=in | app=c:\program files\hp games\wheel of fortune\wheel of fortune.exe |
"UDP Query User{AD287631-1D80-4718-A762-BCA746B85A1C}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{B2A89861-8369-4355-91F5-58F0CB3C4F46}C:\perflogs\starcraft 2\starcraft ii beta\versions\base15449\sc2.exe" = protocol=17 | dir=in | app=c:\perflogs\starcraft 2\starcraft ii beta\versions\base15449\sc2.exe |
"UDP Query User{B7412801-4488-4513-9F0A-EC8C6E347F15}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"UDP Query User{B949EEB8-C89A-4870-97F0-89B9008C89E9}C:\program files\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base18092\sc2.exe |
"UDP Query User{BD757A21-0567-474F-A8E3-E91F8CB95EE6}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{C30B39D1-D4F4-4C98-8CD2-399E37C44C7C}C:\users\tamara\downloads\starcraft 2\starcraft ii beta\versions\base15449\sc2.exe" = protocol=17 | dir=in | app=c:\users\tamara\downloads\starcraft 2\starcraft ii beta\versions\base15449\sc2.exe |
"UDP Query User{D2382738-BC3C-483E-9C2E-B9EBBC9DC202}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{D40928A6-1491-4C73-BD7D-C40A83ECCE27}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{D70153D0-100F-4F6A-81E7-B398565714B1}C:\program files\starcraft ii beta\versions\base14219\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii beta\versions\base14219\sc2.exe |
"UDP Query User{D90B0B32-7AAC-48CB-AB5A-5579E950BA76}C:\users\tamara\downloads\starcraft_2_eu_en-gb.exe" = protocol=17 | dir=in | app=c:\users\tamara\downloads\starcraft_2_eu_en-gb.exe |
"UDP Query User{DBD35C31-F349-4371-9A92-47644DE0D2D0}C:\program files\starcraft shareware(ed)\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft shareware(ed)\starcraft.exe |
"UDP Query User{E23774C9-91CB-4D12-A0AD-226AD92D4D22}C:\program files\gamehouse\whatword\whatword.exe" = protocol=17 | dir=in | app=c:\program files\gamehouse\whatword\whatword.exe |
"UDP Query User{EE271BD1-E902-42B0-92F2-103710770847}C:\program files\starcraft ii beta\versions\base13891\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii beta\versions\base13891\sc2.exe |
"UDP Query User{F009A904-75A5-4091-AE95-9610730281DA}C:\users\tamara\desktop\pictures\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\users\tamara\desktop\pictures\frostwire\frostwire.exe |
"UDP Query User{F29D1FEB-C404-451E-B528-D2E6DD6EF907}C:\users\tamara\desktop\pictures\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\users\tamara\desktop\pictures\limewire\limewire.exe |
"UDP Query User{F64E1B19-BA88-4E3A-80AD-2C3B421C2FC4}C:\perflogs\starcraft 2\starcraft ii beta\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\perflogs\starcraft 2\starcraft ii beta\support\blizzarddownloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08067AFD-4ECE-4454-80B4-31C859D4EDC1}" = F4400
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{22025051-1991-48EB-8BE8-7A3329DAE7ED}" = IIS 7.5 Express
"{26595B84-25F5-43E2-9696-B1720E813850}" = WZCBDL Service
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 24
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2F141715-E144-48C0-8562-D193B7AB85BC}" = Microsoft SQL Server Compact 4.0 ENU
"{2F931B84-0CEE-11D1-AA7D-0080AD1AC47A}" = NetScreen-Remote
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}" = Microsoft SQL Server VSS Writer
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB6A079-178B-4144-B21F-4D1AE71666A2}" = Microsoft SQL Server 2008 R2 Native Client
"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 Database Engine Shared
"{5134B35A-B559-4762-94A4-FD4918977953}" = Microsoft Web Deploy 2.0
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{56EC96C1-1FC1-4188-9A96-8142A2EE694F}" = Pure Networks Platform
"{574157B0-9D84-49d9-B08B-5296638BF5EE}" = 4300_Help
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = SQL Server 2008 R2 Database Engine Services
"{5BDFAB82-060E-438B-AB4F-A2331B2294C0}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Intel® Viiv™ Software
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}" = Microsoft SQL Server 2008 R2 Setup (English)
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{76BB7B2D-748F-4AE9-89C3-78C051833EA1}" = OpenOffice.org 2.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7C8EAD2B-A954-4F73-AAFC-C3EC60D49ADA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{85076DFF-7A17-3566-9CC0-488E6E6D4494}" = Microsoft Visual Web Developer 2010 Express - ENU
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A51500FE-6408-4305-B071-B961F691A4CE}" = Microsoft SQL Server Compact 4.0 Web Tools ENU
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{A800FCC9-8E1E-4D84-9CED-47870701FDE1}" = HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5
"{A835C187-691C-4827-BCEA-1611179C96B9}" = DJ_AIO_05_F4400_Software_Min
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0B2407C-AA1A-4812-85DA-E833D5BC3E97}" = 4300
"{B338EA45-9F18-4FE4-A079-89668D1F6519}" = USB Wireless Keyboard Driver
"{B3D1CFF9-C5DA-3590-894B-40821DDB67C5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = SQL Server 2008 R2 Database Engine Services
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B83A15A7-2BD5-4416-BC43-AF5F9A4B08A9}" = muvee autoProducer 5.0
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BCF4E5BE-C249-4ED3-BA3B-C4257C743995}" = NIOC Service
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 Common Files
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}" = Microsoft Web Platform Installer 3.0
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D10F4E09-E88F-481D-B607-8FE79C4536B7}" = Microsoft WebMatrix
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}" = iTunes
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EBEAF45A-58C3-44c8-8714-87909EBD6BC2}" = 4300Trb
"{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1
"{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 Database Engine Shared
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 Common Files
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AMVONET" = AMVONET
"Arcade Games_is1" = Arcade Games
"BFGC" = Big Fish Games: Game Manager
"BFG-Zhu Zhu Pets" = Zhu Zhu Pets
"BtcMaestro" = HP USB Multimedia Keyboard Driver V1.1
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Color Efex Pro 3.0 Wacom Edition 3" = Color Efex Pro 3.0 Wacom Edition 3
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Digital Editions" = Adobe Digital Editions
"FileZilla Client" = FileZilla Client 3.4.0
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = HP OCR Software 8.0
"HPOOVClient-6811507 Uninstaller" = HP Connections (remove only)
"InstallShield_{26595B84-25F5-43E2-9696-B1720E813850}" = WZCBDL Service
"InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"InstallShield_{BCF4E5BE-C249-4ED3-BA3B-C4257C743995}" = NIOC Service
"Intel® Configuration Center" = Intel® Viiv™ Software
"Linksys Wireless Manager" = Linksys Wireless Manager
"Math Odyssey Pre-Algebra" = Math Odyssey Pre-Algebra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Web Developer 2010 Express - ENU" = Microsoft Visual Web Developer 2010 Express - ENU
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"NSS" = Norton Security Scan
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Pen Tablet Driver" = Bamboo
"QuickTime32" = QuickTime for Windows (32-bit)
"Shop for HP Supplies" = Shop for HP Supplies
"StarCraft II" = StarCraft II
"TBSB06984.TBSB06984Toolbar" = My Power Mall Toolbar
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WildTangent hp Master Uninstall" = HP Games
"WildTangent hpdesktop Master Uninstall" = My HP Games
"WorldCast_is1" = WorldCast 4.0
"WT016061" = Tornado Jockey
"Xfire" = Xfire (remove only)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3253985537-1783120850-3274599005-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Tamara
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 3/6/2010 6:15:35 PM | Computer Name = My-PC | Source = avast! | ID = 33554522
Description =
Error - 3/8/2010 6:22:57 PM | Computer Name = My-PC | Source = avast! | ID = 33554522
Description =
Error - 3/13/2010 4:46:45 PM | Computer Name = My-PC | Source = avast! | ID = 33554522
Description =
Error - 3/14/2010 10:50:32 PM | Computer Name = My-PC | Source = avast! | ID = 33554522
Description =
Error - 3/21/2010 9:36:06 AM | Computer Name = My-PC | Source = avast! | ID = 33554522
Description =
Error - 3/21/2010 5:50:20 PM | Computer Name = My-PC | Source = avast! | ID = 33554522
Description =
Error - 3/21/2010 6:16:53 PM | Computer Name = My-PC | Source = avast! | ID = 33554522
Description =
Error - 3/23/2010 9:54:27 AM | Computer Name = My-PC | Source = avast! | ID = 33554522
Description =
Error - 3/25/2010 12:42:15 PM | Computer Name = My-PC | Source = avast! | ID = 33554522
Description =
Error - 4/2/2010 7:34:33 AM | Computer Name = My-PC | Source = avast! | ID = 33554522
Description =
[ Application Events ]
Error - 5/7/2011 8:46:09 PM | Computer Name = My-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 5/11/2011 4:51:47 PM | Computer Name = My-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4127, time
stamp 0x4daf62c6, faulting module ntdll.dll, version 6.0.6002.18327, time stamp
0x4cb73436, exception code 0xc0000005, fault offset 0x00048822, process id 0x27c,
application start time 0x01cc0cb6546d43ea.
Error - 5/11/2011 4:53:42 PM | Computer Name = My-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4127, time
stamp 0x4daf62c6, faulting module ntdll.dll, version 6.0.6002.18327, time stamp
0x4cb73436, exception code 0xc0000005, fault offset 0x00048822, process id 0x1320,
application start time 0x01cc101d5987cd4a.
Error - 5/12/2011 8:47:45 AM | Computer Name = My-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.4127 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: c5c Start Time: 01cc101db619ec0a Termination Time: 192
Error - 5/12/2011 6:22:13 PM | Computer Name = My-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 5/13/2011 2:00:49 AM | Computer Name = My-PC | Source = Application Error | ID = 1000
Description = Faulting application MHotkey.exe, version 3.0.0.12, time stamp 0x00000000,
faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception
code 0xc0000008, fault offset 0x0007442c, process id 0x11f8, application start time
0x01cc10f3292fb700.
Error - 5/18/2011 8:22:33 AM | Computer Name = My-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 5/18/2011 10:19:53 PM | Computer Name = My-PC | Source = Application Error | ID = 1000
Description = Faulting application MHotkey.exe, version 3.0.0.12, time stamp 0x00000000,
faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception
code 0xc0000008, fault offset 0x00074548, process id 0x11fc, application start time
0x01cc1556edd86343.
Error - 5/23/2011 12:07:34 PM | Computer Name = My-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4127, time
stamp 0x4daf62c6, faulting module ntdll.dll, version 6.0.6002.18327, time stamp
0x4cb73436, exception code 0xc0000005, fault offset 0x00048822, process id 0x1fcc,
application start time 0x01cc17036dd46ac0.
Error - 5/26/2011 7:55:07 AM | Computer Name = My-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ Media Center Events ]
Error - 5/30/2008 1:33:14 PM | Computer Name = Tamara-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 6/2/2008 9:20:34 PM | Computer Name = Tamara-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 6/7/2008 10:43:25 PM | Computer Name = Tamara-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 6/8/2008 6:42:16 AM | Computer Name = Tamara-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 7/17/2008 6:22:01 PM | Computer Name = Tamara-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 8/28/2008 5:54:29 AM | Computer Name = Tamara-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 12/2/2008 2:53:13 AM | Computer Name = Tamara-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 2/3/2009 2:52:30 AM | Computer Name = Tamara-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 9/5/2009 4:08:13 PM | Computer Name = Tamara-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.
Error - 9/6/2009 4:08:11 PM | Computer Name = Tamara-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.
[ System Events ]
Error - 6/7/2011 2:55:06 PM | Computer Name = My-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.184 for the Network Card with network
address 001EE5E96C91 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).
Error - 6/7/2011 2:56:14 PM | Computer Name = My-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.206 for the Network Card with network
address 001EE5E96C91 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).
Error - 6/7/2011 3:00:34 PM | Computer Name = My-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.86 for the Network Card with network
address 001EE5E96C91 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).
Error - 6/7/2011 3:48:20 PM | Computer Name = My-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.118 for the Network Card with network
address 001EE5E96C91 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).
Error - 6/7/2011 3:50:09 PM | Computer Name = My-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.156 for the Network Card with network
address 001EE5E96C91 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).
Error - 6/7/2011 3:53:11 PM | Computer Name = My-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.75 for the Network Card with network
address 001EE5E96C91 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).
Error - 6/7/2011 3:53:15 PM | Computer Name = My-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 0.0.0.0 for the Network Card with network address
001EE5E96C91 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a
DHCPNACK message).
Error - 6/7/2011 4:21:19 PM | Computer Name = My-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.139 for the Network Card with network
address 001EE5E96C91 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).
Error - 6/7/2011 4:25:07 PM | Computer Name = My-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.137 for the Network Card with network
address 001EE5E96C91 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).
Error - 6/7/2011 4:25:31 PM | Computer Name = My-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.189 for the Network Card with network
address 001EE5E96C91 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).
< End of report >
OTL Log:
OTL logfile created on: 6/9/2011 9:28:43 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Tamara\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 51.53% Memory free
4.21 Gb Paging File | 2.65 Gb Available in Paging File | 62.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.83 Gb Total Space | 175.75 Gb Free Space | 60.22% Space Free | Partition Type: NTFS
Drive D: | 6.26 Gb Total Space | 0.87 Gb Free Space | 13.98% Space Free | Partition Type: NTFS
Drive K: | 1.86 Gb Total Space | 1.70 Gb Free Space | 91.09% Space Free | Partition Type: FAT32
Computer Name: MY-PC | User Name: Tamara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/05/30 11:31:06 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Tamara\Desktop\OTL.exe
PRC - [2011/04/01 20:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
PRC - [2011/01/30 11:45:14 | 001,306,008 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/11/23 20:53:58 | 004,781,352 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe
PRC - [2009/11/23 20:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2009/11/23 20:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Pen_Tablet.exe
PRC - [2009/11/23 20:53:56 | 001,823,528 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\WTablet\Pen_TabletUser.exe
PRC - [2009/11/18 04:42:52 | 000,275,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2009/11/18 04:02:34 | 000,563,840 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
PRC - [2009/11/18 04:02:34 | 000,173,696 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
PRC - [2009/11/17 20:49:08 | 000,366,720 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
PRC - [2009/09/15 19:47:44 | 000,878,080 | ---- | M] (ActMask Co.,Ltd - http://www.all2pdf.com) -- C:\WINDOWS\System32\PrintDisp.exe
PRC - [2009/06/16 07:38:34 | 000,077,824 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\WINDOWS\System32\PrintCtrl.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/02/15 17:34:39 | 001,358,384 | R--- | M] (Linksys, LLC) -- C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/06/02 18:50:34 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/06/02 18:50:32 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/01/19 03:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2007/11/09 13:35:06 | 000,077,876 | ---- | M] (SafeNet) -- C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
PRC - [2007/11/09 13:35:04 | 000,413,746 | ---- | M] (SafeNet) -- C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
PRC - [2007/11/09 13:35:04 | 000,073,782 | ---- | M] (SafeNet) -- C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
PRC - [2007/08/29 22:12:30 | 000,344,064 | ---- | M] (Kmaestro) -- C:\Program Files\HP USB Multimedia Keyboard\Kmaestro.exe
PRC - [2007/07/03 17:30:46 | 005,585,408 | ---- | M] (Chicony) -- C:\WINDOWS\CNYHKey.exe
PRC - [2007/01/08 15:51:56 | 000,053,248 | ---- | M] (Chicony) -- C:\WINDOWS\ModLEDKey.exe
PRC - [2006/09/28 09:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/09/03 14:32:28 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2002/03/19 12:15:46 | 000,036,864 | ---- | M] (D-Link) -- C:\Program Files\WZCBDL Service\WZCBDLS.exe
========== Modules (SafeList) ==========
MOD - [2011/05/30 11:31:06 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Tamara\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/04/01 20:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/22 15:20:39 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/21 13:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 13:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/11/23 20:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009/11/23 20:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009/11/18 04:42:52 | 000,253,568 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/11/18 04:16:42 | 000,137,344 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2009/06/16 07:38:34 | 000,077,824 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [Auto | Running] -- C:\WINDOWS\System32\PrintCtrl.exe -- (Printer Control)
SRV - [2009/04/11 02:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/06/02 18:50:34 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/09 13:35:04 | 000,413,746 | ---- | M] (SafeNet) [Auto | Running] -- C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe -- (IreIKE)
SRV - [2007/11/09 13:35:04 | 000,073,782 | ---- | M] (SafeNet) [Auto | Running] -- C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe -- (IPSECMON)
SRV - [2006/09/11 20:02:44 | 000,544,256 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2006/09/11 20:01:04 | 000,167,936 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2006/09/11 19:56:32 | 000,075,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2006/09/11 19:56:20 | 000,188,416 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2006/09/03 14:32:28 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/01 03:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2006/05/10 13:13:52 | 000,029,696 | R--- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)
SRV - [2002/03/19 12:15:46 | 000,036,864 | ---- | M] (D-Link) [Auto | Start_Pending] -- C:\Program Files\WZCBDL Service\WZCBDLS.exe -- (WZCBDLService)
========== Driver Services (SafeList) ==========
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/01 23:15:04 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/04/03 11:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2009/07/09 13:16:24 | 000,013,480 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\WacomVTHid.sys -- (WacomVTHid)
DRV - [2009/05/20 15:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2008/12/12 19:05:18 | 000,026,416 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 19:05:18 | 000,024,880 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/12/05 19:32:02 | 000,655,872 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/11/09 13:20:50 | 000,138,296 | ---- | M] (SafeNet) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\IpSecDrv.sys -- (IPSECDRV)
DRV - [2007/10/26 15:41:58 | 000,027,408 | ---- | M] (Deterministic Networks Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\vapco.sys -- (DniVap) SafeNet WAN Miniport (VA)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/07 09:40:46 | 000,128,144 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/02/16 15:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006/07/13 14:14:16 | 000,004,608 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2005/12/12 12:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005/08/15 08:27:32 | 000,536,634 | ---- | M] (SafeNet) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\Crypto.sys -- (Crypto)
DRV - [2002/09/27 18:21:26 | 000,022,912 | ---- | M] (D-Link Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\NIOC.sys -- (NIOC)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2418376
IE - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001\..\URLSearchHook: {DC94FEC3-3F89-46D5-B104-ABEBB4940DDA} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/08 17:19:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/08 18:36:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/08 18:36:30 | 000,000,000 | ---D | M]
[2010/08/25 08:40:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tamara\AppData\Roaming\mozilla\Extensions
[2010/08/25 08:40:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tamara\AppData\Roaming\mozilla\Extensions\{fa12e233-4cc1-431c-be50-f3e47860a7ea}
[2009/07/31 10:30:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tamara\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/06/08 13:37:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tamara\AppData\Roaming\mozilla\Firefox\Profiles\u7vwi61q.default\extensions
[2011/03/22 08:57:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tamara\AppData\Roaming\mozilla\Firefox\Profiles\u7vwi61q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/13 18:55:55 | 000,000,000 | ---D | M] (PageTheme) -- C:\Users\Tamara\AppData\Roaming\mozilla\Firefox\Profiles\u7vwi61q.default\extensions\{A5DCA3F5-ED5A-4ed3-9671-DBB0C68FA469}
[2011/05/04 19:05:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Tamara\AppData\Roaming\mozilla\Firefox\Profiles\u7vwi61q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/04/17 11:33:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/03 09:14:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/23 21:58:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/27 06:46:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/17 11:33:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/08 18:36:25 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2011/06/08 18:36:27 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (PageTheme) - {CC0F2900-8A5B-4D0D-9E44-10435BC40774} - C:\Program Files\PageTheme\PageTheme.dll (TODO: <Company name>)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001\..\Toolbar\WebBrowser: (My Power Mall Toolbar) - {AB455519-4E14-498B-A0A9-7DCEF42440FC} - File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BtcMaestro] C:\Program Files\HP USB Multimedia Keyboard\KMaestro.exe (Kmaestro)
O4 - HKLM..\Run: [CCUTRAYICON] File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LchDrv] C:\Windows\LchDrvKey.exe ()
O4 - HKLM..\Run: [ledpointer] C:\Windows\CNYHKey.exe (Chicony)
O4 - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)
O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PrintDisp] C:\WINDOWS\System32\PrintDisp.exe (ActMask Co.,Ltd - http://www.all2pdf.com)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SkypeCtl] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\WINDOWS\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001..\Run: [48F1E587052B947E85A0B40D73622E63] File not found
O4 - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001..\Run: [WindowsUpdate] C:\Users\Tamara\AppData\Roaming\WindowsUpdate\winupdate.exe.exe ()
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O4 - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10p_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ubisoft register.lnk = File not found
O7 - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.196.228.36 207.40.122.15 216.68.1.100
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/17 20:44:10 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/11/22 14:08:16 | 000,000,110 | -H-- | M] () - K:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011/06/08 19:15:11 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Tamara\Desktop\OTL.exe
[2011/06/08 19:15:07 | 000,586,240 | ---- | C] (AVAST Software) -- C:\Users\Tamara\Desktop\aswMBR.exe
[2011/06/06 10:06:57 | 000,000,000 | ---D | C] -- C:\Users\Tamara\AppData\Roaming\TeamViewer
[2011/06/03 01:48:46 | 000,000,000 | ---D | C] -- C:\3fe860b0b1f8d3bf5550003d8aad6e73
[2011/05/23 20:11:23 | 000,000,000 | ---D | C] -- C:\Users\Tamara\AppData\Roaming\TS3Client
[2011/05/23 20:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2011/05/23 20:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/06/09 21:10:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3253985537-1783120850-3274599005-1001.job
[2011/06/09 21:03:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3253985537-1783120850-3274599005-1001UA.job
[2011/06/09 20:16:46 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/09 20:16:46 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/09 15:58:01 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Tamara.job
[2011/06/09 02:03:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3253985537-1783120850-3274599005-1001Core.job
[2011/06/08 19:15:58 | 000,743,952 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/08 19:15:57 | 000,153,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/30 11:31:06 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Tamara\Desktop\OTL.exe
[2011/05/30 10:15:43 | 000,000,905 | ---- | M] () -- C:\Users\Tamara\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/30 10:13:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/30 10:13:07 | 2137,485,312 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/30 10:05:58 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/05/30 10:05:58 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/05/30 10:05:44 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/05/30 09:32:38 | 000,586,240 | ---- | M] (AVAST Software) -- C:\Users\Tamara\Desktop\aswMBR.exe
[2011/05/23 20:08:43 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/06/08 18:36:31 | 000,000,820 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/30 10:05:44 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/05/23 20:08:20 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011/03/13 18:56:53 | 000,043,520 | ---- | C] () -- C:\Windows\System32\sutil32.dll
[2011/01/30 09:45:04 | 000,552,448 | ---- | C] () -- C:\Windows\mHotkey.exe
[2011/01/30 09:45:04 | 000,294,912 | ---- | C] () -- C:\Windows\PIC.dll
[2011/01/30 09:45:04 | 000,049,152 | ---- | C] () -- C:\Windows\CNYUSB.dll
[2011/01/30 09:45:04 | 000,036,864 | ---- | C] () -- C:\Windows\LchDrvKey.exe
[2011/01/30 09:45:04 | 000,024,576 | ---- | C] () -- C:\Windows\HKNTDLL.dll
[2011/01/30 09:45:04 | 000,011,776 | ---- | C] () -- C:\Windows\HIDMNT.dll
[2011/01/30 09:45:04 | 000,005,120 | ---- | C] () -- C:\Windows\HKCYDLL.dll
[2011/01/30 09:45:04 | 000,000,360 | ---- | C] () -- C:\Windows\CNYHKey.ini
[2010/09/08 17:09:50 | 000,172,241 | ---- | C] () -- C:\Windows\hpoins37.dat
[2010/08/25 08:40:21 | 000,691,200 | ---- | C] () -- C:\Windows\System32\PrintLog.exe
[2010/08/25 08:40:21 | 000,524,288 | ---- | C] () -- C:\Windows\System32\PrtPass.exe
[2010/08/23 22:22:04 | 000,148,984 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010/08/23 22:21:47 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010/07/06 06:08:51 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2010/06/27 03:52:42 | 000,000,029 | ---- | C] () -- C:\Windows\PControl.ini
[2010/03/21 08:52:28 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2010/03/21 08:52:27 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2010/02/02 16:05:58 | 000,000,558 | ---- | C] () -- C:\Windows\hpomdl37.dat
[2010/01/29 12:46:08 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/01/29 12:46:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/10 11:00:46 | 000,000,552 | ---- | C] () -- C:\Users\Tamara\AppData\Local\d3d8caps.dat
[2009/05/25 11:24:51 | 000,000,680 | ---- | C] () -- C:\Users\Tamara\AppData\Local\d3d9caps.dat
[2009/03/01 21:14:23 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/02/25 12:01:21 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009/02/24 19:34:56 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI
[2008/11/14 19:37:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/03/29 08:51:08 | 000,031,007 | ---- | C] () -- C:\Users\Tamara\AppData\Roaming\UserTile.png
[2008/03/25 16:56:08 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll
[2008/01/24 21:23:45 | 000,000,715 | ---- | C] () -- C:\Windows\Edmark.ini
[2008/01/24 21:21:04 | 000,000,519 | ---- | C] () -- C:\Windows\pipeline.ini
[2008/01/23 22:35:09 | 000,000,087 | ---- | C] () -- C:\Windows\encore_launcher.ini
[2008/01/23 22:33:39 | 000,000,163 | ---- | C] () -- C:\Windows\compedia.ini
[2008/01/23 15:14:50 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2008/01/23 14:24:57 | 000,000,035 | ---- | C] () -- C:\Windows\A4W.INI
[2008/01/23 14:15:30 | 000,000,196 | ---- | C] () -- C:\Windows\QTW.INI
[2008/01/01 12:40:47 | 000,083,216 | ---- | C] () -- C:\Windows\System32\KmRemove.exe
[2007/12/06 19:23:17 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/09/25 19:24:48 | 000,027,648 | ---- | C] () -- C:\Users\Tamara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/18 16:19:17 | 000,000,110 | ---- | C] () -- C:\Users\Tamara\AppData\Roaming\wklnhst.dat
[2007/08/24 20:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/03/06 11:49:42 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2007/01/17 20:37:06 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe
[2007/01/17 20:32:58 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/01/17 20:32:58 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/01/17 20:23:22 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2006/11/09 10:19:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,304,344 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,743,952 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,153,924 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/11 03:00:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/08/11 03:00:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/06/23 14:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2005/07/12 14:44:42 | 000,015,872 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.DLL
[2004/09/16 16:24:26 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll
[2004/03/23 16:38:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll
[2003/04/02 10:13:58 | 000,086,016 | ---- | C] () -- C:\Windows\System32\minunzip.dll
[2003/03/14 12:24:00 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe
[2002/06/09 13:07:30 | 000,053,315 | ---- | C] () -- C:\Windows\System32\DevCtrl.dll
========== LOP Check ==========
[2010/08/25 08:39:56 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\AVE INTERVISION
[2010/07/03 09:15:04 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\DAEMON Tools Lite
[2011/04/28 03:24:54 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\FileZilla
[2009/08/05 21:35:23 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\FrostWire
[2010/11/01 06:59:58 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\GetRightToGo
[2010/06/20 17:47:19 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\Image Zone Express
[2009/07/31 10:49:40 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\LimeWire
[2010/07/03 09:25:15 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\My Games
[2009/10/02 18:36:33 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\Notepad++
[2010/11/16 19:10:14 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\OverDrive
[2008/03/29 08:51:07 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\PeerNetworking
[2009/08/23 20:32:04 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\PlayFirst
[2008/06/16 22:05:02 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\Printer Info Cache
[2007/09/04 11:02:06 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\School Zone Preferences
[2011/06/06 10:06:57 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\TeamViewer
[2007/09/18 16:19:19 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\Template
[2011/06/01 12:52:01 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\TS3Client
[2011/01/02 10:54:43 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\Unity
[2011/04/23 10:46:34 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\WinBatch
[2010/05/28 08:07:17 | 000,000,000 | RHSD | M] -- C:\Users\Tamara\AppData\Roaming\WindowsUpdate
[2010/08/22 14:56:33 | 000,000,000 | ---D | M] -- C:\Users\Tamara\AppData\Roaming\WTouch
[2011/05/30 10:11:34 | 000,032,588 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/14 10:15:05 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/14 10:15:05 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: SVCHOST.EXE >
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\System32\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
< MD5 for: USERINIT.EXE >
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\System32\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< %systemroot%\*. /mp /s >
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/08 18:36:27 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/08 18:36:27 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/08 18:36:27 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/08 18:36:25 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/08 18:36:25 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/08 18:36:25 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Tamara\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/06 01:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Tamara\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/06 01:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Tamara\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/06 01:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Tamara\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/06/06 01:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/30 10:05:44 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/30 10:05:44 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/30 10:05:44 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/30 10:05:45 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/30 10:05:45 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/08/20 17:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/08/20 17:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/08/20 17:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2010/08/20 17:00:18 | 002,388,264 | ---- | M] (Apple Inc.)
========== Alternate Data Streams ==========
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:17639624
< End of report >
Extras:
OTL Extras logfile created on: 6/9/2011 9:28:43 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Tamara\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 51.53% Memory free
4.21 Gb Paging File | 2.65 Gb Available in Paging File | 62.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.83 Gb Total Space | 175.75 Gb Free Space | 60.22% Space Free | Partition Type: NTFS
Drive D: | 6.26 Gb Total Space | 0.87 Gb Free Space | 13.98% Space Free | Partition Type: NTFS
Drive K: | 1.86 Gb Total Space | 1.70 Gb Free Space | 91.09% Space Free | Partition Type: FAT32
Computer Name: MY-PC | User Name: Tamara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenAsAWebSite] -- C:\Program Files\Microsoft WebMatrix\WebMatrix.exe #ExecuteCommand# SiteFromFolder %L (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A0AF61D9-3042-4B97-AE07-8E3C4B4D3F9F}" = lport=9442 | protocol=17 | dir=in | name=intel® viiv™ media server discovery |
"{CE6DEE4A-F661-4B4B-B5CA-F6453625B751}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{EF3DB2ED-E806-4F72-84C2-CBB4AA919A52}" = lport=1900 | protocol=17 | dir=in | name=intel® viiv™ media server upnp discovery |
"{FE45D818-4851-4C7F-838E-9B20EBE595C0}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DEE81B-CD45-4138-A267-79BAC7DCAA69}" = protocol=17 | dir=in | app=c:\program files\juniper\netscreen-remote\cmonapp.exe |
"{06286B84-176F-4DDC-9301-43BEFEE37911}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{0717F2AE-58C7-4797-8705-CFD41269A07B}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{13D437EB-ED42-4088-966B-D7616411B9C5}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqgplgtupl.exe |
"{154FC7AE-ABB5-4160-B999-0B2A4A56362E}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{15E6FE3F-E3B3-47F6-A547-A12E64E336B7}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqgpc01.exe |
"{16941101-7F2B-4446-8DCD-7DCD8919AC09}" = protocol=6 | dir=in | app=c:\program files\juniper\netscreen-remote\cmonapp.exe |
"{16C5E538-2E78-40B0-900B-B2ECF9ABC5B6}" = protocol=6 | dir=in | app=c:\program files\civilization4.exe |
"{1BDA3D4F-083F-443F-8739-8E2F8272314E}" = dir=in | app=c:\program files\hp connections\6811507\program\hp connections |
"{25372217-71F2-47D5-915D-53C66B7E532A}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{25E1E073-0282-454A-AEF5-4D24324C3F47}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{2BA5E981-F444-4993-95C3-00C4E1C6A58C}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{33AF887F-C5F4-4BC3-8A41-98ED6ABFADA8}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{3A9351EA-CFF7-43CA-9278-5C4895DEC9AF}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{3A9ABCA6-4D05-4896-A19D-40EBFBD05CBD}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{42D5136D-C316-4D1B-8804-D0D91C3001DC}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpiscnapp.exe |
"{43C90D98-FE68-4A2E-8737-94CAFF54305A}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{45A4F15B-B706-41DD-9976-80170ACDBBDD}" = protocol=6 | dir=in | app=c:\program files\starcraft ii beta\starcraft ii.exe |
"{46790047-4CFE-45D0-8E1D-CE7ABFEF713C}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqcopy2.exe |
"{4BD45088-A832-4FF9-A87F-32DF94C40ABA}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{4CD9CB87-05CD-4943-AF37-0174411F1E09}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{52477BE7-12ED-43DA-9F70-B6210C65F7EC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{616EE67D-D8D1-4C18-A60B-2E70605539B2}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{62B9A7FC-19BD-4087-B36A-7264D361B812}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{66B74225-33DD-4A62-B0EB-8CFB106DCD4A}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpfccopy.exe |
"{698E3B78-AC8D-4CFA-9328-00B05F3D4B42}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hposfx08.exe |
"{6D88740F-92A0-4DBB-85D2-D02781AD84EA}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\smart web printing\smartwebprintexe.exe |
"{708C009A-D06D-47FC-A326-A72BB23632A6}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{737D7A08-1210-4111-AA3D-8DA19A0FAC34}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe |
"{739BA119-8330-4CCD-9587-9637F0BCEEE9}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqnrs08.exe |
"{74BF18AF-DEC5-4517-B254-6E1ACB57085E}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{78792A47-51F4-41E8-9AC4-B17622078256}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{79CE4F2B-1FA3-426F-A965-B21A09EEF88B}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{7C997FC5-A4DF-491C-BD3C-9AE19ED1CD46}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpofxm08.exe |
"{7EB99517-2B38-445D-A588-541A99BFF8F4}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqusgh.exe |
"{80EACC51-7933-41F0-BEBD-A59E40966F1D}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{81F0050A-F8D6-4DCF-AC54-5E50AE83C5B9}" = protocol=6 | dir=in | app=c:\program files\juniper\netscreen-remote\ireike.exe |
"{84C5C837-31E2-4D86-826D-4314B8312FE7}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{85D16A45-54BE-4B01-9D00-19C0B3B18DDF}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{8D6D829B-43EA-470A-A2AB-8A0407948AE8}" = protocol=17 | dir=in | app=c:\program files\civilization4.exe |
"{A4C3AC46-F071-4B1E-B17C-CE79CE303465}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqusgm.exe |
"{A620986A-87EC-4ED8-B94F-B25173F98FF8}" = protocol=17 | dir=in | app=c:\program files\juniper\netscreen-remote\viewlog.exe |
"{AB83ABF1-1858-40D4-9F1F-04AF80B31493}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{B1713BAF-35CA-466A-8681-0E866C972996}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B4217B05-446C-4BFE-8609-E2B9ECC4AD32}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpoews01.exe |
"{B4BC03BB-5FAB-4259-89B6-EFB1C0EE455E}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqste08.exe |
"{C4BEB658-3D37-4038-8AEE-4F084AEF514F}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{C9279C9F-1914-4FC5-AE63-E1A6D6151CCC}" = protocol=17 | dir=in | app=c:\program files\juniper\netscreen-remote\ireike.exe |
"{CB5C8F58-9BF8-4760-883E-5B1B4C45FF2D}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hposid01.exe |
"{CE6F4D86-F9CB-42F9-9CB6-68D84686722B}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{CED77D9A-2859-4584-A45B-070B404FFE3D}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{D37CA1CC-AE3E-42F4-8DA7-8F024EADC7E4}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqkygrp.exe |
"{D3CDEF08-A324-410D-AB25-FB45E6EC4307}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{DD67D7FD-1945-4A8F-94FB-1A990C5F72C7}" = protocol=17 | dir=in | app=c:\program files\starcraft ii beta\starcraft ii.exe |
"{E1322114-ADEC-47AC-85E2-E9D2332F8505}" = protocol=6 | dir=in | app=c:\program files\juniper\netscreen-remote\viewlog.exe |
"{EBF16CE9-8317-423D-B451-DDEDA55AED15}" = protocol=17 | dir=in | app=c:\program files\juniper\netscreen-remote\vpn.exe |
"{F1AADB8E-8B58-4E85-8F7B-DF781B6965ED}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpzwiz01.exe |
"{F32B3E96-E3E9-4952-84E5-C7D17B68E21B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{FA4D3992-8136-4E74-9CBA-FDB31CC6FBF0}" = protocol=6 | dir=in | app=c:\program files\juniper\netscreen-remote\vpn.exe |
"{FC2676CC-08B2-4158-8B61-57BBB1FFABBD}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpofxs08.exe |
"{FE95422C-3743-42FA-8078-E6281DEFE72F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{07D0DA46-22F0-4815-A015-EA68369ADF06}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{0A210942-E6F0-481D-9702-DAFA30A9B989}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{0F6D634E-8BA9-4506-A2EB-3B5067951B17}C:\program files\starcraft-1153\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft-1153\starcraft\starcraft.exe |
"TCP Query User{129139B5-88C2-416A-B5B4-A99F22C5475A}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{19634A73-A89E-4200-91DB-7E78C2E1840E}C:\program files\starcraft ii beta\versions\base14219\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii beta\versions\base14219\sc2.exe |
"TCP Query User{274EA35D-5370-41A6-83FB-E315EAAA2DF5}C:\perflogs\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\perflogs\starcraft\starcraft.exe |
"TCP Query User{318EEE96-7375-4499-ABD8-A455E733F327}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{3FE7238F-35DD-441F-A1ED-6F43D78AD2AE}C:\perflogs\starcraft 2\starcraft ii beta\versions\base14093\sc2.exe" = protocol=6 | dir=in | app=c:\perflogs\starcraft 2\starcraft ii beta\versions\base14093\sc2.exe |
"TCP Query User{47F73C72-AAD6-45D3-9484-CBA914B36251}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{4A50AFBE-42C5-4144-923D-6FD625E10FC9}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{5244937F-2721-4C57-8621-EE28C651361F}C:\users\tamara\desktop\pictures\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\users\tamara\desktop\pictures\limewire\limewire.exe |
"TCP Query User{57E569AC-6813-4C41-8809-35CB7F259647}C:\users\tamara\downloads\starcraft 2\starcraft ii beta\versions\base15449\sc2.exe" = protocol=6 | dir=in | app=c:\users\tamara\downloads\starcraft 2\starcraft ii beta\versions\base15449\sc2.exe |
"TCP Query User{5CFE1EFC-87E1-4687-9103-9EFE293D8467}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{5ED85274-33E6-4926-B4FE-ADC07BBB448A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{60A20F1F-C58E-4186-BE5C-3659CBF97EA8}C:\users\tamara\downloads\starcraft 2\starcraft ii beta\versions\base14803\sc2.exe" = protocol=6 | dir=in | app=c:\users\tamara\downloads\starcraft 2\starcraft ii beta\versions\base14803\sc2.exe |
"TCP Query User{6897CC40-59CE-45D7-9E54-B4D19A2EA9BE}C:\program files\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base18574\sc2.exe |
"TCP Query User{734D6B25-B433-4C2E-9224-448CC08C06EB}C:\users\tamara\downloads\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\users\tamara\downloads\starcraft\starcraft.exe |
"TCP Query User{784BE5DC-53DC-4046-AB03-A0A9EE2B77D9}C:\perflogs\starcraft 2\starcraft ii beta\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\perflogs\starcraft 2\starcraft ii beta\support\blizzarddownloader.exe |
"TCP Query User{7B1F2BCD-3AF3-42E4-9AF3-8AC7EDB5B211}C:\program files\starcraft shareware(ed)\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft shareware(ed)\starcraft.exe |
"TCP Query User{7BF992C9-12ED-4462-8AA0-CBECC1D168A6}C:\program files\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base18092\sc2.exe |
"TCP Query User{7DEB7A71-0069-4B0E-9BCF-EBA3B66814F0}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{86F79C8F-ED1A-43BE-ABA0-6D7F4F0F4D7F}C:\program files\gamehouse\whatword\whatword.exe" = protocol=6 | dir=in | app=c:\program files\gamehouse\whatword\whatword.exe |
"TCP Query User{8DD68BD3-9527-4FA7-BAE5-936682C95DCB}C:\users\tamara\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\tamara\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{932B1675-13F5-43AC-8BF0-619A93DC1A8D}C:\users\tamara\downloads\starcraft_2_eu_en-gb.exe" = protocol=6 | dir=in | app=c:\users\tamara\downloads\starcraft_2_eu_en-gb.exe |
"TCP Query User{9DC313A7-84AA-4C91-9A2D-2B60A4FD0255}C:\program files\starcraft ii beta\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii beta\support\blizzarddownloader.exe |
"TCP Query User{B50ADD63-158A-467F-836A-744F0301E3B3}C:\program files\hp games\wheel of fortune\wheel of fortune.exe" = protocol=6 | dir=in | app=c:\program files\hp games\wheel of fortune\wheel of fortune.exe |
"TCP Query User{B5B8EF10-E845-40FB-BA3A-6AEEAFE22201}C:\program files\hp games\jeopardy\jeopardy!.exe" = protocol=6 | dir=in | app=c:\program files\hp games\jeopardy\jeopardy!.exe |
"TCP Query User{B759A955-B631-42CF-AB95-4DDE6B2515AF}C:\perflogs\starcraft 2\starcraft ii beta\versions\base15580\sc2.exe" = protocol=6 | dir=in | app=c:\perflogs\starcraft 2\starcraft ii beta\versions\base15580\sc2.exe |
"TCP Query User{B9FD0615-B5CF-4867-9BDD-8D41B9FE038A}C:\perflogs\starcraft 2\starcraft ii beta\starcraft ii.exe" = protocol=6 | dir=in | app=c:\perflogs\starcraft 2\starcraft ii beta\starcraft ii.exe |
"TCP Query User{BB16E8C2-10D2-4892-ADBF-6BE31CC2ED61}C:\program files\starcraft ii beta\versions\base13891\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii beta\versions\base13891\sc2.exe |
"TCP Query User{BFD97AD4-B724-404D-8186-A66034B866B1}C:\users\tamara\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\tamara\downloads\utorrent.exe |
"TCP Query User{C3CE42FA-3CC2-4BCA-985A-3AB4EDE51CC8}C:\perflogs\starcraft 2\starcraft ii beta\versions\base15449\sc2.exe" = protocol=6 | dir=in | app=c:\perflogs\starcraft 2\starcraft ii beta\versions\base15449\sc2.exe |
"TCP Query User{C834839F-B6E6-4F52-AE39-CAD8BCE0916E}C:\users\tamara\downloads\starcraft 2\starcraft ii beta\starcraft ii.exe" = protocol=6 | dir=in | app=c:\users\tamara\downloads\starcraft 2\starcraft ii beta\starcraft ii.exe |
"TCP Query User{CA92F4C2-DE67-4B2F-BF1D-ED04D1087219}C:\perflogs\utorrent.exe" = protocol=6 | dir=in | app=c:\perflogs\utorrent.exe |
"TCP Query User{CB207697-EC0A-40E4-A6FD-39270F5ED72D}C:\users\tamara\downloads\starcraft 2\starcraft ii beta\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\users\tamara\downloads\starcraft 2\starcraft ii beta\support\blizzarddownloader.exe |
"TCP Query User{D395774B-5479-4A56-BC38-FC0B7B99160C}C:\users\tamara\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\tamara\desktop\utorrent.exe |
"TCP Query User{D6F24360-92D8-4C67-A3A9-04D267CFCCAC}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{DFEA96EF-6744-47EE-A281-8862AC188CAC}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"TCP Query User{E98C91E5-352A-4D69-B6F6-07BF7E58BDF9}C:\users\tamara\downloads\starcraft 2\starcraft ii beta\versions\base14093\sc2.exe" = protocol=6 | dir=in | app=c:\users\tamara\downloads\starcraft 2\starcraft ii beta\versions\base14093\sc2.exe |
"TCP Query User{EE7355AC-073E-45BF-B4E9-07BE5BB50D78}C:\program files\starcraft shareware(ed)\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft shareware(ed)\starcraft.exe |
"TCP Query User{F2997359-F62B-4977-ACAC-F4196B6989A3}C:\users\tamara\desktop\pictures\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\users\tamara\desktop\pictures\frostwire\frostwire.exe |
"UDP Query User{05DE5EC7-DB8F-4108-9528-B78B0AEEFD57}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{0B24FCBB-6C70-4D4E-8288-E7D8017393FF}C:\users\tamara\downloads\starcraft 2\starcraft ii beta\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\users\tamara\downloads\starcraft 2\starcraft ii beta\support\blizzarddownloader.exe |
"UDP Query User{1889751D-495B-47FD-9A7A-30670A8FF4DC}C:\perflogs\starcraft 2\starcraft ii beta\starcraft ii.exe" = protocol=17 | dir=in | app=c:\perflogs\starcraft 2\starcraft ii beta\starcraft ii.exe |
"UDP Query User{1F7F3E27-D6A6-4BC6-9B22-885F1CB39FA3}C:\users\tamara\downloads\starcraft 2\starcraft ii beta\versions\base14093\sc2.exe" = protocol=17 | dir=in | app=c:\users\tamara\downloads\starcraft 2\starcraft ii beta\versions\base14093\sc2.exe |
"UDP Query User{24614A4A-97AA-41C1-983F-CDCF34D49347}C:\program files\hp games\jeopardy\jeopardy!.exe" = protocol=17 | dir=in | app=c:\program files\hp games\jeopardy\jeopardy!.exe |
"UDP Query User{25039EE8-5735-4FCD-9ACC-7FDB3FDB59AF}C:\perflogs\starcraft 2\starcraft ii beta\versions\base14093\sc2.exe" = protocol=17 | dir=in | app=c:\perflogs\starcraft 2\starcraft ii beta\versions\base14093\sc2.exe |
"UDP Query User{262360D5-A44B-4073-8B6B-1C48FFD68D77}C:\program files\starcraft shareware(ed)\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft shareware(ed)\starcraft.exe |
"UDP Query User{2E95F22D-5531-4DB4-A67D-9D23FAF9469F}C:\users\tamara\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\tamara\downloads\utorrent.exe |
"UDP Query User{326B9ABE-9868-4D69-89CE-1FEE108D2F09}C:\perflogs\utorrent.exe" = protocol=17 | dir=in | app=c:\perflogs\utorrent.exe |
"UDP Query User{32E908F8-E522-42FD-A9FE-446F4F7ED12B}C:\users\tamara\downloads\starcraft 2\starcraft ii beta\starcraft ii.exe" = protocol=17 | dir=in | app=c:\users\tamara\downloads\starcraft 2\starcraft ii beta\starcraft ii.exe |
"UDP Query User{453933B8-C934-4C82-8649-A94D961646EA}C:\program files\starcraft-1153\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft-1153\starcraft\starcraft.exe |
"UDP Query User{4B54F997-31AE-4D8C-B94F-B22EDA3A69DA}C:\users\tamara\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\tamara\desktop\utorrent.exe |
"UDP Query User{4ED27D2A-2C29-4C7D-BA34-011CCC179503}C:\perflogs\starcraft 2\starcraft ii beta\versions\base15580\sc2.exe" = protocol=17 | dir=in | app=c:\perflogs\starcraft 2\starcraft ii beta\versions\base15580\sc2.exe |
"UDP Query User{4F6A98F3-BF05-483F-A9D0-AB8A8C7F38B0}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{5A3818B6-F744-4607-89D0-DDCBC8D5B86F}C:\users\tamara\downloads\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\users\tamara\downloads\starcraft\starcraft.exe |
"UDP Query User{5A91AB44-2179-4949-A018-9BA232E15466}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{6AB719EC-5081-4985-8DF6-AB0E395AACE3}C:\perflogs\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\perflogs\starcraft\starcraft.exe |
"UDP Query User{74045332-999E-4775-A20C-F1B85C9875E6}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{7AEF1390-12CD-4AAD-A867-780C5C62083B}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{7FB1F021-0EDD-44E5-9C1D-F9F752029F23}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{80196D89-6514-40F2-A997-8FE1EA34392E}C:\users\tamara\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\tamara\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{8228B638-52F7-4E86-ACBD-9D0666BD8C07}C:\program files\starcraft ii beta\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii beta\support\blizzarddownloader.exe |
"UDP Query User{977449F4-0D80-4837-9764-3C668155FCC9}C:\program files\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base18574\sc2.exe |
"UDP Query User{A07AA142-2A00-4558-AB63-7CAF8D926DDD}C:\users\tamara\downloads\starcraft 2\starcraft ii beta\versions\base14803\sc2.exe" = protocol=17 | dir=in | app=c:\users\tamara\downloads\starcraft 2\starcraft ii beta\versions\base14803\sc2.exe |
"UDP Query User{A740C51C-1780-4A64-888A-9EE5E6C013BD}C:\program files\hp games\wheel of fortune\wheel of fortune.exe" = protocol=17 | dir=in | app=c:\program files\hp games\wheel of fortune\wheel of fortune.exe |
"UDP Query User{AD287631-1D80-4718-A762-BCA746B85A1C}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{B2A89861-8369-4355-91F5-58F0CB3C4F46}C:\perflogs\starcraft 2\starcraft ii beta\versions\base15449\sc2.exe" = protocol=17 | dir=in | app=c:\perflogs\starcraft 2\starcraft ii beta\versions\base15449\sc2.exe |
"UDP Query User{B7412801-4488-4513-9F0A-EC8C6E347F15}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"UDP Query User{B949EEB8-C89A-4870-97F0-89B9008C89E9}C:\program files\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base18092\sc2.exe |
"UDP Query User{BD757A21-0567-474F-A8E3-E91F8CB95EE6}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{C30B39D1-D4F4-4C98-8CD2-399E37C44C7C}C:\users\tamara\downloads\starcraft 2\starcraft ii beta\versions\base15449\sc2.exe" = protocol=17 | dir=in | app=c:\users\tamara\downloads\starcraft 2\starcraft ii beta\versions\base15449\sc2.exe |
"UDP Query User{D2382738-BC3C-483E-9C2E-B9EBBC9DC202}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{D40928A6-1491-4C73-BD7D-C40A83ECCE27}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{D70153D0-100F-4F6A-81E7-B398565714B1}C:\program files\starcraft ii beta\versions\base14219\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii beta\versions\base14219\sc2.exe |
"UDP Query User{D90B0B32-7AAC-48CB-AB5A-5579E950BA76}C:\users\tamara\downloads\starcraft_2_eu_en-gb.exe" = protocol=17 | dir=in | app=c:\users\tamara\downloads\starcraft_2_eu_en-gb.exe |
"UDP Query User{DBD35C31-F349-4371-9A92-47644DE0D2D0}C:\program files\starcraft shareware(ed)\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft shareware(ed)\starcraft.exe |
"UDP Query User{E23774C9-91CB-4D12-A0AD-226AD92D4D22}C:\program files\gamehouse\whatword\whatword.exe" = protocol=17 | dir=in | app=c:\program files\gamehouse\whatword\whatword.exe |
"UDP Query User{EE271BD1-E902-42B0-92F2-103710770847}C:\program files\starcraft ii beta\versions\base13891\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii beta\versions\base13891\sc2.exe |
"UDP Query User{F009A904-75A5-4091-AE95-9610730281DA}C:\users\tamara\desktop\pictures\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\users\tamara\desktop\pictures\frostwire\frostwire.exe |
"UDP Query User{F29D1FEB-C404-451E-B528-D2E6DD6EF907}C:\users\tamara\desktop\pictures\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\users\tamara\desktop\pictures\limewire\limewire.exe |
"UDP Query User{F64E1B19-BA88-4E3A-80AD-2C3B421C2FC4}C:\perflogs\starcraft 2\starcraft ii beta\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\perflogs\starcraft 2\starcraft ii beta\support\blizzarddownloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08067AFD-4ECE-4454-80B4-31C859D4EDC1}" = F4400
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{22025051-1991-48EB-8BE8-7A3329DAE7ED}" = IIS 7.5 Express
"{26595B84-25F5-43E2-9696-B1720E813850}" = WZCBDL Service
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 24
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2F141715-E144-48C0-8562-D193B7AB85BC}" = Microsoft SQL Server Compact 4.0 ENU
"{2F931B84-0CEE-11D1-AA7D-0080AD1AC47A}" = NetScreen-Remote
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{47BE41E6-2F0F-4D17-9C2D-3850FFD9D405}" = Microsoft SQL Server VSS Writer
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB6A079-178B-4144-B21F-4D1AE71666A2}" = Microsoft SQL Server 2008 R2 Native Client
"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 Database Engine Shared
"{5134B35A-B559-4762-94A4-FD4918977953}" = Microsoft Web Deploy 2.0
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{56EC96C1-1FC1-4188-9A96-8142A2EE694F}" = Pure Networks Platform
"{574157B0-9D84-49d9-B08B-5296638BF5EE}" = 4300_Help
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = SQL Server 2008 R2 Database Engine Services
"{5BDFAB82-060E-438B-AB4F-A2331B2294C0}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Intel® Viiv™ Software
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}" = Microsoft SQL Server 2008 R2 Setup (English)
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{76BB7B2D-748F-4AE9-89C3-78C051833EA1}" = OpenOffice.org 2.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7C8EAD2B-A954-4F73-AAFC-C3EC60D49ADA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{85076DFF-7A17-3566-9CC0-488E6E6D4494}" = Microsoft Visual Web Developer 2010 Express - ENU
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A51500FE-6408-4305-B071-B961F691A4CE}" = Microsoft SQL Server Compact 4.0 Web Tools ENU
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{A800FCC9-8E1E-4D84-9CED-47870701FDE1}" = HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5
"{A835C187-691C-4827-BCEA-1611179C96B9}" = DJ_AIO_05_F4400_Software_Min
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0B2407C-AA1A-4812-85DA-E833D5BC3E97}" = 4300
"{B338EA45-9F18-4FE4-A079-89668D1F6519}" = USB Wireless Keyboard Driver
"{B3D1CFF9-C5DA-3590-894B-40821DDB67C5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = SQL Server 2008 R2 Database Engine Services
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B83A15A7-2BD5-4416-BC43-AF5F9A4B08A9}" = muvee autoProducer 5.0
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BCF4E5BE-C249-4ED3-BA3B-C4257C743995}" = NIOC Service
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 Common Files
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}" = Microsoft Web Platform Installer 3.0
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D10F4E09-E88F-481D-B607-8FE79C4536B7}" = Microsoft WebMatrix
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}" = iTunes
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EBEAF45A-58C3-44c8-8714-87909EBD6BC2}" = 4300Trb
"{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1
"{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}" = SQL Server 2008 R2 Database Engine Shared
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 Common Files
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AMVONET" = AMVONET
"Arcade Games_is1" = Arcade Games
"BFGC" = Big Fish Games: Game Manager
"BFG-Zhu Zhu Pets" = Zhu Zhu Pets
"BtcMaestro" = HP USB Multimedia Keyboard Driver V1.1
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Color Efex Pro 3.0 Wacom Edition 3" = Color Efex Pro 3.0 Wacom Edition 3
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Digital Editions" = Adobe Digital Editions
"FileZilla Client" = FileZilla Client 3.4.0
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = HP OCR Software 8.0
"HPOOVClient-6811507 Uninstaller" = HP Connections (remove only)
"InstallShield_{26595B84-25F5-43E2-9696-B1720E813850}" = WZCBDL Service
"InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"InstallShield_{BCF4E5BE-C249-4ED3-BA3B-C4257C743995}" = NIOC Service
"Intel® Configuration Center" = Intel® Viiv™ Software
"Linksys Wireless Manager" = Linksys Wireless Manager
"Math Odyssey Pre-Algebra" = Math Odyssey Pre-Algebra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Web Developer 2010 Express - ENU" = Microsoft Visual Web Developer 2010 Express - ENU
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"NSS" = Norton Security Scan
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Pen Tablet Driver" = Bamboo
"QuickTime32" = QuickTime for Windows (32-bit)
"Shop for HP Supplies" = Shop for HP Supplies
"StarCraft II" = StarCraft II
"TBSB06984.TBSB06984Toolbar" = My Power Mall Toolbar
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WildTangent hp Master Uninstall" = HP Games
"WildTangent hpdesktop Master Uninstall" = My HP Games
"WorldCast_is1" = WorldCast 4.0
"WT016061" = Tornado Jockey
"Xfire" = Xfire (remove only)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3253985537-1783120850-3274599005-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Tamara
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 3/6/2010 6:15:35 PM | Computer Name = My-PC | Source = avast! | ID = 33554522
Description =
Error - 3/8/2010 6:22:57 PM | Computer Name = My-PC | Source = avast! | ID = 33554522
Description =
Error - 3/13/2010 4:46:45 PM | Computer Name = My-PC | Source = avast! | ID = 33554522
Description =
Error - 3/14/2010 10:50:32 PM | Computer Name = My-PC | Source = avast! | ID = 33554522
Description =
Error - 3/21/2010 9:36:06 AM | Computer Name = My-PC | Source = avast! | ID = 33554522
Description =
Error - 3/21/2010 5:50:20 PM | Computer Name = My-PC | Source = avast! | ID = 33554522
Description =
Error - 3/21/2010 6:16:53 PM | Computer Name = My-PC | Source = avast! | ID = 33554522
Description =
Error - 3/23/2010 9:54:27 AM | Computer Name = My-PC | Source = avast! | ID = 33554522
Description =
Error - 3/25/2010 12:42:15 PM | Computer Name = My-PC | Source = avast! | ID = 33554522
Description =
Error - 4/2/2010 7:34:33 AM | Computer Name = My-PC | Source = avast! | ID = 33554522
Description =
[ Application Events ]
Error - 5/7/2011 8:46:09 PM | Computer Name = My-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 5/11/2011 4:51:47 PM | Computer Name = My-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4127, time
stamp 0x4daf62c6, faulting module ntdll.dll, version 6.0.6002.18327, time stamp
0x4cb73436, exception code 0xc0000005, fault offset 0x00048822, process id 0x27c,
application start time 0x01cc0cb6546d43ea.
Error - 5/11/2011 4:53:42 PM | Computer Name = My-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4127, time
stamp 0x4daf62c6, faulting module ntdll.dll, version 6.0.6002.18327, time stamp
0x4cb73436, exception code 0xc0000005, fault offset 0x00048822, process id 0x1320,
application start time 0x01cc101d5987cd4a.
Error - 5/12/2011 8:47:45 AM | Computer Name = My-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.4127 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: c5c Start Time: 01cc101db619ec0a Termination Time: 192
Error - 5/12/2011 6:22:13 PM | Computer Name = My-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 5/13/2011 2:00:49 AM | Computer Name = My-PC | Source = Application Error | ID = 1000
Description = Faulting application MHotkey.exe, version 3.0.0.12, time stamp 0x00000000,
faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception
code 0xc0000008, fault offset 0x0007442c, process id 0x11f8, application start time
0x01cc10f3292fb700.
Error - 5/18/2011 8:22:33 AM | Computer Name = My-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 5/18/2011 10:19:53 PM | Computer Name = My-PC | Source = Application Error | ID = 1000
Description = Faulting application MHotkey.exe, version 3.0.0.12, time stamp 0x00000000,
faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception
code 0xc0000008, fault offset 0x00074548, process id 0x11fc, application start time
0x01cc1556edd86343.
Error - 5/23/2011 12:07:34 PM | Computer Name = My-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4127, time
stamp 0x4daf62c6, faulting module ntdll.dll, version 6.0.6002.18327, time stamp
0x4cb73436, exception code 0xc0000005, fault offset 0x00048822, process id 0x1fcc,
application start time 0x01cc17036dd46ac0.
Error - 5/26/2011 7:55:07 AM | Computer Name = My-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ Media Center Events ]
Error - 5/30/2008 1:33:14 PM | Computer Name = Tamara-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 6/2/2008 9:20:34 PM | Computer Name = Tamara-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 6/7/2008 10:43:25 PM | Computer Name = Tamara-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 6/8/2008 6:42:16 AM | Computer Name = Tamara-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 7/17/2008 6:22:01 PM | Computer Name = Tamara-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 8/28/2008 5:54:29 AM | Computer Name = Tamara-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 12/2/2008 2:53:13 AM | Computer Name = Tamara-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 2/3/2009 2:52:30 AM | Computer Name = Tamara-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 9/5/2009 4:08:13 PM | Computer Name = Tamara-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.
Error - 9/6/2009 4:08:11 PM | Computer Name = Tamara-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.
[ System Events ]
Error - 6/7/2011 2:55:06 PM | Computer Name = My-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.184 for the Network Card with network
address 001EE5E96C91 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).
Error - 6/7/2011 2:56:14 PM | Computer Name = My-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.206 for the Network Card with network
address 001EE5E96C91 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).
Error - 6/7/2011 3:00:34 PM | Computer Name = My-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.86 for the Network Card with network
address 001EE5E96C91 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).
Error - 6/7/2011 3:48:20 PM | Computer Name = My-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.118 for the Network Card with network
address 001EE5E96C91 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).
Error - 6/7/2011 3:50:09 PM | Computer Name = My-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.156 for the Network Card with network
address 001EE5E96C91 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).
Error - 6/7/2011 3:53:11 PM | Computer Name = My-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.75 for the Network Card with network
address 001EE5E96C91 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).
Error - 6/7/2011 3:53:15 PM | Computer Name = My-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 0.0.0.0 for the Network Card with network address
001EE5E96C91 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a
DHCPNACK message).
Error - 6/7/2011 4:21:19 PM | Computer Name = My-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.139 for the Network Card with network
address 001EE5E96C91 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).
Error - 6/7/2011 4:25:07 PM | Computer Name = My-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.137 for the Network Card with network
address 001EE5E96C91 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).
Error - 6/7/2011 4:25:31 PM | Computer Name = My-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.189 for the Network Card with network
address 001EE5E96C91 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).
< End of report >
#41
Posted 09 June 2011 - 07:52 PM
rbarnhart1
- Topic Starter
-
- Member
-
- 31 posts
Member
TDSKiller:
2011/06/09 21:44:17.0111 1412 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/09 21:44:17.0471 1412 ================================================================================
2011/06/09 21:44:17.0471 1412 SystemInfo:
2011/06/09 21:44:17.0471 1412
2011/06/09 21:44:17.0471 1412 OS Version: 6.0.6002 ServicePack: 2.0
2011/06/09 21:44:17.0471 1412 Product type: Workstation
2011/06/09 21:44:17.0471 1412 ComputerName: MY-PC
2011/06/09 21:44:17.0472 1412 UserName: Tamara
2011/06/09 21:44:17.0472 1412 Windows directory: C:\Windows
2011/06/09 21:44:17.0472 1412 System windows directory: C:\Windows
2011/06/09 21:44:17.0472 1412 Processor architecture: Intel x86
2011/06/09 21:44:17.0472 1412 Number of processors: 2
2011/06/09 21:44:17.0472 1412 Page size: 0x1000
2011/06/09 21:44:17.0472 1412 Boot type: Normal boot
2011/06/09 21:44:17.0472 1412 ================================================================================
2011/06/09 21:44:18.0185 1412 Initialize success
2011/06/09 21:44:22.0487 7732 ================================================================================
2011/06/09 21:44:22.0487 7732 Scan started
2011/06/09 21:44:22.0487 7732 Mode: Manual;
2011/06/09 21:44:22.0487 7732 ================================================================================
2011/06/09 21:44:23.0561 7732 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/06/09 21:44:23.0688 7732 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/09 21:44:23.0823 7732 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/06/09 21:44:23.0924 7732 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/06/09 21:44:23.0991 7732 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/06/09 21:44:24.0083 7732 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/06/09 21:44:24.0162 7732 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/06/09 21:44:24.0228 7732 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/09 21:44:24.0302 7732 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/06/09 21:44:24.0346 7732 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/06/09 21:44:24.0416 7732 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/06/09 21:44:24.0484 7732 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/06/09 21:44:24.0540 7732 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/06/09 21:44:24.0661 7732 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/06/09 21:44:24.0741 7732 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/06/09 21:44:24.0858 7732 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\Windows\system32\drivers\aswFsBlk.sys
2011/06/09 21:44:24.0937 7732 aswMonFlt (bd9119468c32b7ecd1e0544d3f286a73) C:\Windows\system32\drivers\aswMonFlt.sys
2011/06/09 21:44:24.0985 7732 aswRdr (69823954bbd461a73d69774928c9737e) C:\Windows\system32\drivers\aswRdr.sys
2011/06/09 21:44:25.0072 7732 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\Windows\system32\drivers\aswSP.sys
2011/06/09 21:44:25.0097 7732 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\Windows\system32\drivers\aswTdi.sys
2011/06/09 21:44:25.0162 7732 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/09 21:44:25.0204 7732 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/06/09 21:44:25.0381 7732 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/09 21:44:25.0605 7732 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/09 21:44:25.0677 7732 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/09 21:44:25.0752 7732 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/09 21:44:25.0833 7732 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/09 21:44:25.0896 7732 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/09 21:44:25.0946 7732 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/09 21:44:26.0001 7732 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/09 21:44:26.0130 7732 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/09 21:44:26.0287 7732 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/09 21:44:26.0352 7732 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/09 21:44:26.0427 7732 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/06/09 21:44:26.0476 7732 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/06/09 21:44:26.0615 7732 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/06/09 21:44:26.0669 7732 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/06/09 21:44:26.0789 7732 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/09 21:44:26.0854 7732 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/06/09 21:44:26.0953 7732 Crypto (800ec253f07f89c2fc694839dfeef6f8) C:\Windows\system32\Drivers\Crypto.sys
2011/06/09 21:44:27.0042 7732 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/06/09 21:44:27.0201 7732 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/06/09 21:44:27.0295 7732 DNE (812f9714b6d2d93078bf4d126167c5ba) C:\Windows\system32\DRIVERS\dne2000.sys
2011/06/09 21:44:27.0380 7732 DniVap (3e8710943760f2054e56eed761d875cf) C:\Windows\system32\DRIVERS\vapco.sys
2011/06/09 21:44:27.0534 7732 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/06/09 21:44:27.0641 7732 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/06/09 21:44:27.0684 7732 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/06/09 21:44:27.0882 7732 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/09 21:44:27.0981 7732 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/09 21:44:28.0117 7732 E100B (d00eeae1cacd77a1a8396bbc19140bba) C:\Windows\system32\DRIVERS\e100b325.sys
2011/06/09 21:44:28.0190 7732 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/09 21:44:28.0260 7732 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/06/09 21:44:28.0325 7732 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/06/09 21:44:28.0459 7732 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/06/09 21:44:28.0557 7732 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/06/09 21:44:28.0642 7732 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/09 21:44:28.0767 7732 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/09 21:44:28.0929 7732 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/09 21:44:29.0012 7732 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/09 21:44:29.0135 7732 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/06/09 21:44:29.0287 7732 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/09 21:44:29.0361 7732 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/09 21:44:29.0505 7732 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/09 21:44:29.0587 7732 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/09 21:44:29.0734 7732 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/09 21:44:29.0804 7732 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/09 21:44:29.0912 7732 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/09 21:44:30.0042 7732 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/09 21:44:30.0195 7732 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/06/09 21:44:30.0388 7732 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
2011/06/09 21:44:30.0602 7732 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/06/09 21:44:30.0813 7732 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/06/09 21:44:30.0931 7732 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/06/09 21:44:31.0002 7732 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/09 21:44:31.0144 7732 iaStor (25c3d5f66a74a7bddeca56085f040d2e) C:\Windows\system32\DRIVERS\iaStor.sys
2011/06/09 21:44:31.0240 7732 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/06/09 21:44:31.0627 7732 igfx (62f534791ae488a475a3e508d92af4cc) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/06/09 21:44:31.0855 7732 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/09 21:44:32.0056 7732 IntcAzAudAddService (edc37b918e583a5a813c53d4f5588255) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/09 21:44:32.0226 7732 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/06/09 21:44:32.0272 7732 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/09 21:44:32.0421 7732 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/09 21:44:32.0565 7732 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/09 21:44:32.0686 7732 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/09 21:44:32.0793 7732 IPSECDRV (e3df87b6a6f7a6291a79e7b3281345e6) C:\Windows\system32\Drivers\IPSECDRV.sys
2011/06/09 21:44:32.0902 7732 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/09 21:44:33.0026 7732 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/06/09 21:44:33.0076 7732 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/09 21:44:33.0150 7732 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/09 21:44:33.0216 7732 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/09 21:44:33.0295 7732 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/09 21:44:33.0429 7732 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/09 21:44:33.0564 7732 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/09 21:44:33.0707 7732 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/09 21:44:33.0829 7732 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/09 21:44:33.0932 7732 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/09 21:44:34.0013 7732 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/09 21:44:34.0148 7732 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/09 21:44:34.0265 7732 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/06/09 21:44:34.0364 7732 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/06/09 21:44:34.0561 7732 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/09 21:44:34.0651 7732 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/09 21:44:34.0733 7732 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/09 21:44:34.0925 7732 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/09 21:44:35.0058 7732 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/09 21:44:35.0225 7732 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/06/09 21:44:35.0297 7732 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/09 21:44:35.0355 7732 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/09 21:44:35.0455 7732 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/09 21:44:35.0565 7732 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/09 21:44:35.0660 7732 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/09 21:44:35.0788 7732 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/09 21:44:35.0860 7732 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/06/09 21:44:35.0909 7732 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/06/09 21:44:35.0978 7732 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/09 21:44:36.0026 7732 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/09 21:44:36.0116 7732 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/09 21:44:36.0163 7732 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/09 21:44:36.0228 7732 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/09 21:44:36.0291 7732 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/06/09 21:44:36.0387 7732 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/09 21:44:36.0478 7732 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/09 21:44:36.0529 7732 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/06/09 21:44:36.0646 7732 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/09 21:44:36.0759 7732 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/06/09 21:44:36.0984 7732 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/09 21:44:37.0103 7732 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/09 21:44:37.0175 7732 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/09 21:44:37.0242 7732 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/09 21:44:37.0409 7732 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/09 21:44:37.0450 7732 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/09 21:44:37.0578 7732 netr28u (af14f279bf4ac27560c6bcc82cb09d24) C:\Windows\system32\DRIVERS\netr28u.sys
2011/06/09 21:44:37.0775 7732 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/09 21:44:37.0844 7732 NIOC (660afb141d2b66d46bbce3d0167e693b) C:\Windows\system32\NIOC.SYS
2011/06/09 21:44:37.0958 7732 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/06/09 21:44:38.0103 7732 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/09 21:44:38.0247 7732 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/06/09 21:44:38.0415 7732 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/09 21:44:38.0525 7732 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/09 21:44:38.0629 7732 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/06/09 21:44:38.0660 7732 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/06/09 21:44:38.0705 7732 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/06/09 21:44:38.0903 7732 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/09 21:44:39.0005 7732 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/09 21:44:39.0102 7732 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/06/09 21:44:39.0266 7732 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/09 21:44:39.0440 7732 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/06/09 21:44:39.0576 7732 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/06/09 21:44:39.0662 7732 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/09 21:44:39.0817 7732 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/09 21:44:39.0962 7732 pnarp (63200893c9d5934a7504d20f68276cc7) C:\Windows\system32\DRIVERS\pnarp.sys
2011/06/09 21:44:40.0133 7732 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/09 21:44:40.0301 7732 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/06/09 21:44:40.0394 7732 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
2011/06/09 21:44:40.0465 7732 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/09 21:44:40.0548 7732 purendis (748bcab4eff5959ed347c05a1c1a0af8) C:\Windows\system32\DRIVERS\purendis.sys
2011/06/09 21:44:40.0612 7732 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2011/06/09 21:44:40.0713 7732 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/06/09 21:44:40.0833 7732 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/09 21:44:40.0930 7732 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/09 21:44:41.0000 7732 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/09 21:44:41.0132 7732 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/09 21:44:41.0225 7732 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/09 21:44:41.0333 7732 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/09 21:44:41.0466 7732 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/09 21:44:41.0632 7732 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/09 21:44:41.0752 7732 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/06/09 21:44:41.0857 7732 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/09 21:44:42.0008 7732 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/06/09 21:44:42.0240 7732 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\Windows\system32\DRIVERS\RsFx0150.sys
2011/06/09 21:44:42.0426 7732 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/09 21:44:42.0546 7732 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/09 21:44:42.0695 7732 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/09 21:44:42.0847 7732 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/09 21:44:43.0008 7732 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/09 21:44:43.0178 7732 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/09 21:44:43.0333 7732 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/06/09 21:44:43.0496 7732 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/09 21:44:43.0549 7732 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/09 21:44:43.0694 7732 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/09 21:44:43.0878 7732 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/06/09 21:44:44.0043 7732 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/06/09 21:44:44.0206 7732 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/06/09 21:44:44.0378 7732 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/06/09 21:44:44.0599 7732 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/09 21:44:44.0817 7732 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/06/09 21:44:44.0817 7732 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/06/09 21:44:44.0827 7732 sptd - detected LockedFile.Multi.Generic (1)
2011/06/09 21:44:45.0068 7732 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/06/09 21:44:45.0324 7732 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/09 21:44:45.0451 7732 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/09 21:44:45.0636 7732 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/09 21:44:45.0755 7732 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/09 21:44:45.0858 7732 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/09 21:44:45.0907 7732 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/09 21:44:46.0335 7732 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/06/09 21:44:46.0535 7732 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/09 21:44:46.0715 7732 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/09 21:44:46.0831 7732 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/09 21:44:46.0943 7732 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/09 21:44:46.0982 7732 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/09 21:44:47.0058 7732 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/09 21:44:47.0221 7732 TSHWMDTCP (a7d055f92c8ea06849cefc0e3aa78730) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
2011/06/09 21:44:47.0361 7732 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/09 21:44:47.0517 7732 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/09 21:44:47.0702 7732 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/09 21:44:47.0827 7732 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/06/09 21:44:47.0936 7732 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/09 21:44:48.0080 7732 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/09 21:44:48.0182 7732 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/06/09 21:44:48.0215 7732 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/09 21:44:48.0251 7732 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/09 21:44:48.0376 7732 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/09 21:44:48.0502 7732 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/09 21:44:48.0546 7732 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/09 21:44:48.0704 7732 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/09 21:44:48.0790 7732 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/09 21:44:48.0862 7732 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/09 21:44:48.0969 7732 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/09 21:44:49.0106 7732 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/09 21:44:49.0189 7732 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/09 21:44:49.0276 7732 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/09 21:44:49.0373 7732 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/09 21:44:49.0481 7732 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/09 21:44:49.0672 7732 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/06/09 21:44:49.0766 7732 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/06/09 21:44:49.0833 7732 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/06/09 21:44:49.0971 7732 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/09 21:44:50.0214 7732 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/06/09 21:44:50.0315 7732 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/06/09 21:44:50.0391 7732 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/06/09 21:44:50.0587 7732 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
2011/06/09 21:44:50.0639 7732 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/09 21:44:50.0752 7732 wacomvhid (51d580f30d1a1f2ea4965af6abc2bcb2) C:\Windows\system32\DRIVERS\wacomvhid.sys
2011/06/09 21:44:50.0795 7732 WacomVTHid (6d95cb7cefe61b62472076187277edf6) C:\Windows\system32\DRIVERS\WacomVTHid.sys
2011/06/09 21:44:50.0871 7732 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/09 21:44:50.0896 7732 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/09 21:44:50.0978 7732 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/06/09 21:44:51.0076 7732 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/09 21:44:51.0233 7732 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/06/09 21:44:51.0401 7732 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/09 21:44:51.0536 7732 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/09 21:44:51.0645 7732 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/09 21:44:51.0783 7732 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/09 21:44:51.0895 7732 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2011/06/09 21:44:51.0938 7732 MBR (0x1B8) (8913823ff508ccf109db74b636c301da) \Device\Harddisk0\DR0
2011/06/09 21:44:51.0991 7732 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR6
2011/06/09 21:44:52.0030 7732 ================================================================================
2011/06/09 21:44:52.0030 7732 Scan finished
2011/06/09 21:44:52.0030 7732 ================================================================================
2011/06/09 21:44:52.0047 6332 Detected object count: 1
2011/06/09 21:44:52.0047 6332 Actual detected object count: 1
2011/06/09 21:45:04.0365 6332 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/06/09 21:46:56.0530 7948 ================================================================================
2011/06/09 21:46:56.0530 7948 Scan started
2011/06/09 21:46:56.0530 7948 Mode: Manual;
2011/06/09 21:46:56.0530 7948 ================================================================================
2011/06/09 21:46:57.0176 7948 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/06/09 21:46:57.0254 7948 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/09 21:46:57.0347 7948 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/06/09 21:46:57.0423 7948 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/06/09 21:46:57.0490 7948 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/06/09 21:46:57.0582 7948 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/06/09 21:46:57.0703 7948 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/06/09 21:46:57.0753 7948 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/09 21:46:57.0818 7948 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/06/09 21:46:57.0879 7948 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/06/09 21:46:57.0932 7948 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/06/09 21:46:58.0008 7948 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/06/09 21:46:58.0081 7948 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/06/09 21:46:58.0277 7948 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/06/09 21:46:58.0348 7948 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/06/09 21:46:58.0449 7948 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\Windows\system32\drivers\aswFsBlk.sys
2011/06/09 21:46:58.0545 7948 aswMonFlt (bd9119468c32b7ecd1e0544d3f286a73) C:\Windows\system32\drivers\aswMonFlt.sys
2011/06/09 21:46:58.0618 7948 aswRdr (69823954bbd461a73d69774928c9737e) C:\Windows\system32\drivers\aswRdr.sys
2011/06/09 21:46:58.0696 7948 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\Windows\system32\drivers\aswSP.sys
2011/06/09 21:46:58.0763 7948 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\Windows\system32\drivers\aswTdi.sys
2011/06/09 21:46:58.0828 7948 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/09 21:46:58.0895 7948 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/06/09 21:46:59.0014 7948 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/09 21:46:59.0213 7948 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/09 21:46:59.0268 7948 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/09 21:46:59.0368 7948 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/09 21:46:59.0474 7948 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/09 21:46:59.0587 7948 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/09 21:46:59.0653 7948 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/09 21:46:59.0734 7948 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/09 21:46:59.0829 7948 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/09 21:46:59.0928 7948 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/09 21:47:00.0009 7948 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/09 21:47:00.0068 7948 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/06/09 21:47:00.0123 7948 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/06/09 21:47:00.0181 7948 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/06/09 21:47:00.0210 7948 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/06/09 21:47:00.0246 7948 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/09 21:47:00.0270 7948 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/06/09 21:47:00.0395 7948 Crypto (800ec253f07f89c2fc694839dfeef6f8) C:\Windows\system32\Drivers\Crypto.sys
2011/06/09 21:47:00.0475 7948 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/06/09 21:47:00.0540 7948 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/06/09 21:47:00.0611 7948 DNE (812f9714b6d2d93078bf4d126167c5ba) C:\Windows\system32\DRIVERS\dne2000.sys
2011/06/09 21:47:00.0671 7948 DniVap (3e8710943760f2054e56eed761d875cf) C:\Windows\system32\DRIVERS\vapco.sys
2011/06/09 21:47:00.0742 7948 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/06/09 21:47:00.0790 7948 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/06/09 21:47:00.0817 7948 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/06/09 21:47:00.0903 7948 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/09 21:47:01.0055 7948 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/09 21:47:01.0125 7948 E100B (d00eeae1cacd77a1a8396bbc19140bba) C:\Windows\system32\DRIVERS\e100b325.sys
2011/06/09 21:47:01.0198 7948 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/09 21:47:01.0268 7948 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/06/09 21:47:01.0367 7948 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/06/09 21:47:01.0492 7948 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/06/09 21:47:01.0607 7948 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/06/09 21:47:01.0675 7948 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/09 21:47:01.0766 7948 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/09 21:47:01.0862 7948 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/09 21:47:01.0937 7948 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/09 21:47:02.0026 7948 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/06/09 21:47:02.0145 7948 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/09 21:47:02.0261 7948 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/09 21:47:02.0355 7948 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/09 21:47:02.0437 7948 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/09 21:47:02.0561 7948 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/09 21:47:02.0604 7948 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/09 21:47:02.0662 7948 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/09 21:47:02.0750 7948 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/09 21:47:02.0820 7948 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/06/09 21:47:02.0930 7948 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
2011/06/09 21:47:03.0052 7948 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/06/09 21:47:03.0180 7948 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/06/09 21:47:03.0231 7948 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/06/09 21:47:03.0285 7948 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/09 21:47:03.0394 7948 iaStor (25c3d5f66a74a7bddeca56085f040d2e) C:\Windows\system32\DRIVERS\iaStor.sys
2011/06/09 21:47:03.0456 7948 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/06/09 21:47:03.0594 7948 igfx (62f534791ae488a475a3e508d92af4cc) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/06/09 21:47:03.0689 7948 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/09 21:47:03.0847 7948 IntcAzAudAddService (edc37b918e583a5a813c53d4f5588255) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/09 21:47:03.0926 7948 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/06/09 21:47:03.0980 7948 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/09 21:47:04.0096 7948 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/09 21:47:04.0265 7948 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/09 21:47:04.0377 7948 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/09 21:47:04.0470 7948 IPSECDRV (e3df87b6a6f7a6291a79e7b3281345e6) C:\Windows\system32\Drivers\IPSECDRV.sys
2011/06/09 21:47:04.0577 7948 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/09 21:47:04.0659 7948 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/06/09 21:47:04.0726 7948 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/09 21:47:04.0801 7948 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/09 21:47:04.0858 7948 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/09 21:47:04.0895 7948 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/09 21:47:04.0954 7948 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/09 21:47:05.0040 7948 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/09 21:47:05.0166 7948 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/09 21:47:05.0271 7948 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/09 21:47:05.0324 7948 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/09 21:47:05.0380 7948 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/09 21:47:05.0456 7948 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/09 21:47:05.0582 7948 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/06/09 21:47:05.0640 7948 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/06/09 21:47:05.0703 7948 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/09 21:47:05.0744 7948 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/09 21:47:05.0800 7948 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/09 21:47:05.0909 7948 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/09 21:47:05.0967 7948 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/09 21:47:06.0075 7948 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/06/09 21:47:06.0172 7948 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/09 21:47:06.0248 7948 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/09 21:47:06.0314 7948 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/09 21:47:06.0383 7948 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/09 21:47:06.0486 7948 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/09 21:47:06.0605 7948 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/09 21:47:06.0678 7948 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/06/09 21:47:06.0768 7948 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/06/09 21:47:06.0887 7948 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/09 21:47:06.0960 7948 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/09 21:47:07.0042 7948 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/09 21:47:07.0122 7948 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/09 21:47:07.0170 7948 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/09 21:47:07.0233 7948 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/06/09 21:47:07.0321 7948 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/09 21:47:07.0428 7948 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/09 21:47:07.0563 7948 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/06/09 21:47:07.0631 7948 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/09 21:47:07.0735 7948 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/06/09 21:47:07.0851 7948 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/09 21:47:07.0954 7948 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/09 21:47:08.0042 7948 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/09 21:47:08.0201 7948 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/09 21:47:08.0259 7948 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/09 21:47:08.0334 7948 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/09 21:47:08.0444 7948 netr28u (af14f279bf4ac27560c6bcc82cb09d24) C:\Windows\system32\DRIVERS\netr28u.sys
2011/06/09 21:47:08.0518 7948 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/09 21:47:08.0578 7948 NIOC (660afb141d2b66d46bbce3d0167e693b) C:\Windows\system32\NIOC.SYS
2011/06/09 21:47:08.0692 7948 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/06/09 21:47:08.0796 7948 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/09 21:47:08.0923 7948 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/06/09 21:47:09.0024 7948 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/09 21:47:09.0159 7948 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/09 21:47:09.0213 7948 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/06/09 21:47:09.0260 7948 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/06/09 21:47:09.0389 7948 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/06/09 21:47:09.0620 7948 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/09 21:47:09.0722 7948 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/09 21:47:09.0811 7948 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/06/09 21:47:09.0866 7948 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/09 21:47:09.0941 7948 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/06/09 21:47:10.0002 7948 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/06/09 21:47:10.0046 7948 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/09 21:47:10.0111 7948 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/09 21:47:10.0213 7948 pnarp (63200893c9d5934a7504d20f68276cc7) C:\Windows\system32\DRIVERS\pnarp.sys
2011/06/09 21:47:10.0334 7948 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/09 21:47:10.0435 7948 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/06/09 21:47:10.0478 7948 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
2011/06/09 21:47:10.0533 7948 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/09 21:47:10.0591 7948 purendis (748bcab4eff5959ed347c05a1c1a0af8) C:\Windows\system32\DRIVERS\purendis.sys
2011/06/09 21:47:10.0638 7948 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2011/06/09 21:47:10.0755 7948 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/06/09 21:47:10.0843 7948 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/09 21:47:10.0934 7948 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/09 21:47:11.0043 7948 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/09 21:47:11.0166 7948 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/09 21:47:11.0234 7948 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/09 21:47:11.0290 7948 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/09 21:47:11.0359 7948 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/09 21:47:11.0425 7948 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/09 21:47:11.0478 7948 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/06/09 21:47:11.0542 7948 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/09 21:47:11.0643 7948 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/06/09 21:47:11.0741 7948 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\Windows\system32\DRIVERS\RsFx0150.sys
2011/06/09 21:47:11.0835 7948 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/09 21:47:11.0923 7948 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/09 21:47:12.0004 7948 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/09 21:47:12.0048 7948 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/09 21:47:12.0101 7948 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/09 21:47:12.0188 7948 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/09 21:47:12.0285 7948 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/06/09 21:47:12.0314 7948 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/09 21:47:12.0359 7948 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/09 21:47:12.0404 7948 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/09 21:47:12.0497 7948 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/06/09 21:47:12.0562 7948 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/06/09 21:47:12.0633 7948 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/06/09 21:47:12.0705 7948 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/06/09 21:47:12.0801 7948 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/09 21:47:12.0894 7948 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/06/09 21:47:12.0894 7948 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/06/09 21:47:12.0902 7948 sptd - detected LockedFile.Multi.Generic (1)
2011/06/09 21:47:12.0995 7948 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/06/09 21:47:13.0059 7948 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/09 21:47:13.0112 7948 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/09 21:47:13.0196 7948 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/09 21:47:13.0265 7948 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/09 21:47:13.0293 7948 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/09 21:47:13.0326 7948 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/09 21:47:13.0495 7948 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/06/09 21:47:13.0587 7948 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/09 21:47:13.0692 7948 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/09 21:47:13.0792 7948 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/09 21:47:13.0846 7948 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/09 21:47:13.0960 7948 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/09 21:47:14.0035 7948 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/09 21:47:14.0198 7948 TSHWMDTCP (a7d055f92c8ea06849cefc0e3aa78730) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
2011/06/09 21:47:14.0313 7948 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/09 21:47:14.0428 7948 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/09 21:47:14.0522 7948 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/09 21:47:14.0605 7948 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/06/09 21:47:14.0705 7948 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/09 21:47:14.0791 7948 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/09 21:47:14.0876 7948 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/06/09 21:47:14.0985 7948 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/09 21:47:15.0053 7948 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/09 21:47:15.0120 7948 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/09 21:47:15.0179 7948 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/09 21:47:15.0257 7948 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/09 21:47:15.0323 7948 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/09 21:47:15.0459 7948 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/09 21:47:15.0523 7948 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/09 21:47:15.0571 7948 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/09 21:47:15.0651 7948 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/09 21:47:15.0725 7948 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/09 21:47:15.0787 7948 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/09 21:47:15.0875 7948 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/09 21:47:15.0975 7948 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/09 21:47:16.0084 7948 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/06/09 21:47:16.0160 7948 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/06/09 21:47:16.0228 7948 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/06/09 21:47:16.0299 7948 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/09 21:47:16.0359 7948 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/06/09 21:47:16.0410 7948 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/06/09 21:47:16.0477 7948 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/06/09 21:47:16.0606 7948 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
2011/06/09 21:47:16.0659 7948 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/09 21:47:16.0719 7948 wacomvhid (51d580f30d1a1f2ea4965af6abc2bcb2) C:\Windows\system32\DRIVERS\wacomvhid.sys
2011/06/09 21:47:16.0782 7948 WacomVTHid (6d95cb7cefe61b62472076187277edf6) C:\Windows\system32\DRIVERS\WacomVTHid.sys
2011/06/09 21:47:16.0857 7948 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/09 21:47:16.0872 7948 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/09 21:47:16.0947 7948 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/06/09 21:47:17.0020 7948 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/09 21:47:17.0139 7948 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/06/09 21:47:17.0271 7948 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/09 21:47:17.0356 7948 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/09 21:47:17.0415 7948 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/09 21:47:17.0519 7948 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/09 21:47:17.0581 7948 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2011/06/09 21:47:17.0633 7948 MBR (0x1B8) (8913823ff508ccf109db74b636c301da) \Device\Harddisk0\DR0
2011/06/09 21:47:17.0669 7948 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR6
2011/06/09 21:47:17.0706 7948 ================================================================================
2011/06/09 21:47:17.0706 7948 Scan finished
2011/06/09 21:47:17.0706 7948 ================================================================================
2011/06/09 21:47:17.0723 7516 Detected object count: 1
2011/06/09 21:47:17.0724 7516 Actual detected object count: 1
2011/06/09 21:47:51.0579 7516 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/06/09 21:44:17.0111 1412 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/09 21:44:17.0471 1412 ================================================================================
2011/06/09 21:44:17.0471 1412 SystemInfo:
2011/06/09 21:44:17.0471 1412
2011/06/09 21:44:17.0471 1412 OS Version: 6.0.6002 ServicePack: 2.0
2011/06/09 21:44:17.0471 1412 Product type: Workstation
2011/06/09 21:44:17.0471 1412 ComputerName: MY-PC
2011/06/09 21:44:17.0472 1412 UserName: Tamara
2011/06/09 21:44:17.0472 1412 Windows directory: C:\Windows
2011/06/09 21:44:17.0472 1412 System windows directory: C:\Windows
2011/06/09 21:44:17.0472 1412 Processor architecture: Intel x86
2011/06/09 21:44:17.0472 1412 Number of processors: 2
2011/06/09 21:44:17.0472 1412 Page size: 0x1000
2011/06/09 21:44:17.0472 1412 Boot type: Normal boot
2011/06/09 21:44:17.0472 1412 ================================================================================
2011/06/09 21:44:18.0185 1412 Initialize success
2011/06/09 21:44:22.0487 7732 ================================================================================
2011/06/09 21:44:22.0487 7732 Scan started
2011/06/09 21:44:22.0487 7732 Mode: Manual;
2011/06/09 21:44:22.0487 7732 ================================================================================
2011/06/09 21:44:23.0561 7732 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/06/09 21:44:23.0688 7732 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/09 21:44:23.0823 7732 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/06/09 21:44:23.0924 7732 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/06/09 21:44:23.0991 7732 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/06/09 21:44:24.0083 7732 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/06/09 21:44:24.0162 7732 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/06/09 21:44:24.0228 7732 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/09 21:44:24.0302 7732 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/06/09 21:44:24.0346 7732 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/06/09 21:44:24.0416 7732 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/06/09 21:44:24.0484 7732 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/06/09 21:44:24.0540 7732 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/06/09 21:44:24.0661 7732 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/06/09 21:44:24.0741 7732 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/06/09 21:44:24.0858 7732 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\Windows\system32\drivers\aswFsBlk.sys
2011/06/09 21:44:24.0937 7732 aswMonFlt (bd9119468c32b7ecd1e0544d3f286a73) C:\Windows\system32\drivers\aswMonFlt.sys
2011/06/09 21:44:24.0985 7732 aswRdr (69823954bbd461a73d69774928c9737e) C:\Windows\system32\drivers\aswRdr.sys
2011/06/09 21:44:25.0072 7732 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\Windows\system32\drivers\aswSP.sys
2011/06/09 21:44:25.0097 7732 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\Windows\system32\drivers\aswTdi.sys
2011/06/09 21:44:25.0162 7732 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/09 21:44:25.0204 7732 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/06/09 21:44:25.0381 7732 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/09 21:44:25.0605 7732 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/09 21:44:25.0677 7732 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/09 21:44:25.0752 7732 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/09 21:44:25.0833 7732 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/09 21:44:25.0896 7732 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/09 21:44:25.0946 7732 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/09 21:44:26.0001 7732 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/09 21:44:26.0130 7732 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/09 21:44:26.0287 7732 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/09 21:44:26.0352 7732 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/09 21:44:26.0427 7732 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/06/09 21:44:26.0476 7732 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/06/09 21:44:26.0615 7732 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/06/09 21:44:26.0669 7732 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/06/09 21:44:26.0789 7732 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/09 21:44:26.0854 7732 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/06/09 21:44:26.0953 7732 Crypto (800ec253f07f89c2fc694839dfeef6f8) C:\Windows\system32\Drivers\Crypto.sys
2011/06/09 21:44:27.0042 7732 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/06/09 21:44:27.0201 7732 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/06/09 21:44:27.0295 7732 DNE (812f9714b6d2d93078bf4d126167c5ba) C:\Windows\system32\DRIVERS\dne2000.sys
2011/06/09 21:44:27.0380 7732 DniVap (3e8710943760f2054e56eed761d875cf) C:\Windows\system32\DRIVERS\vapco.sys
2011/06/09 21:44:27.0534 7732 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/06/09 21:44:27.0641 7732 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/06/09 21:44:27.0684 7732 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/06/09 21:44:27.0882 7732 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/09 21:44:27.0981 7732 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/09 21:44:28.0117 7732 E100B (d00eeae1cacd77a1a8396bbc19140bba) C:\Windows\system32\DRIVERS\e100b325.sys
2011/06/09 21:44:28.0190 7732 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/09 21:44:28.0260 7732 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/06/09 21:44:28.0325 7732 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/06/09 21:44:28.0459 7732 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/06/09 21:44:28.0557 7732 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/06/09 21:44:28.0642 7732 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/09 21:44:28.0767 7732 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/09 21:44:28.0929 7732 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/09 21:44:29.0012 7732 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/09 21:44:29.0135 7732 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/06/09 21:44:29.0287 7732 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/09 21:44:29.0361 7732 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/09 21:44:29.0505 7732 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/09 21:44:29.0587 7732 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/09 21:44:29.0734 7732 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/09 21:44:29.0804 7732 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/09 21:44:29.0912 7732 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/09 21:44:30.0042 7732 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/09 21:44:30.0195 7732 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/06/09 21:44:30.0388 7732 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
2011/06/09 21:44:30.0602 7732 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/06/09 21:44:30.0813 7732 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/06/09 21:44:30.0931 7732 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/06/09 21:44:31.0002 7732 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/09 21:44:31.0144 7732 iaStor (25c3d5f66a74a7bddeca56085f040d2e) C:\Windows\system32\DRIVERS\iaStor.sys
2011/06/09 21:44:31.0240 7732 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/06/09 21:44:31.0627 7732 igfx (62f534791ae488a475a3e508d92af4cc) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/06/09 21:44:31.0855 7732 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/09 21:44:32.0056 7732 IntcAzAudAddService (edc37b918e583a5a813c53d4f5588255) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/09 21:44:32.0226 7732 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/06/09 21:44:32.0272 7732 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/09 21:44:32.0421 7732 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/09 21:44:32.0565 7732 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/09 21:44:32.0686 7732 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/09 21:44:32.0793 7732 IPSECDRV (e3df87b6a6f7a6291a79e7b3281345e6) C:\Windows\system32\Drivers\IPSECDRV.sys
2011/06/09 21:44:32.0902 7732 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/09 21:44:33.0026 7732 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/06/09 21:44:33.0076 7732 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/09 21:44:33.0150 7732 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/09 21:44:33.0216 7732 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/09 21:44:33.0295 7732 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/09 21:44:33.0429 7732 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/09 21:44:33.0564 7732 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/09 21:44:33.0707 7732 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/09 21:44:33.0829 7732 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/09 21:44:33.0932 7732 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/09 21:44:34.0013 7732 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/09 21:44:34.0148 7732 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/09 21:44:34.0265 7732 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/06/09 21:44:34.0364 7732 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/06/09 21:44:34.0561 7732 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/09 21:44:34.0651 7732 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/09 21:44:34.0733 7732 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/09 21:44:34.0925 7732 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/09 21:44:35.0058 7732 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/09 21:44:35.0225 7732 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/06/09 21:44:35.0297 7732 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/09 21:44:35.0355 7732 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/09 21:44:35.0455 7732 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/09 21:44:35.0565 7732 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/09 21:44:35.0660 7732 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/09 21:44:35.0788 7732 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/09 21:44:35.0860 7732 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/06/09 21:44:35.0909 7732 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/06/09 21:44:35.0978 7732 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/09 21:44:36.0026 7732 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/09 21:44:36.0116 7732 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/09 21:44:36.0163 7732 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/09 21:44:36.0228 7732 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/09 21:44:36.0291 7732 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/06/09 21:44:36.0387 7732 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/09 21:44:36.0478 7732 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/09 21:44:36.0529 7732 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/06/09 21:44:36.0646 7732 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/09 21:44:36.0759 7732 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/06/09 21:44:36.0984 7732 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/09 21:44:37.0103 7732 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/09 21:44:37.0175 7732 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/09 21:44:37.0242 7732 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/09 21:44:37.0409 7732 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/09 21:44:37.0450 7732 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/09 21:44:37.0578 7732 netr28u (af14f279bf4ac27560c6bcc82cb09d24) C:\Windows\system32\DRIVERS\netr28u.sys
2011/06/09 21:44:37.0775 7732 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/09 21:44:37.0844 7732 NIOC (660afb141d2b66d46bbce3d0167e693b) C:\Windows\system32\NIOC.SYS
2011/06/09 21:44:37.0958 7732 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/06/09 21:44:38.0103 7732 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/09 21:44:38.0247 7732 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/06/09 21:44:38.0415 7732 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/09 21:44:38.0525 7732 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/09 21:44:38.0629 7732 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/06/09 21:44:38.0660 7732 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/06/09 21:44:38.0705 7732 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/06/09 21:44:38.0903 7732 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/09 21:44:39.0005 7732 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/09 21:44:39.0102 7732 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/06/09 21:44:39.0266 7732 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/09 21:44:39.0440 7732 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/06/09 21:44:39.0576 7732 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/06/09 21:44:39.0662 7732 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/09 21:44:39.0817 7732 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/09 21:44:39.0962 7732 pnarp (63200893c9d5934a7504d20f68276cc7) C:\Windows\system32\DRIVERS\pnarp.sys
2011/06/09 21:44:40.0133 7732 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/09 21:44:40.0301 7732 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/06/09 21:44:40.0394 7732 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
2011/06/09 21:44:40.0465 7732 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/09 21:44:40.0548 7732 purendis (748bcab4eff5959ed347c05a1c1a0af8) C:\Windows\system32\DRIVERS\purendis.sys
2011/06/09 21:44:40.0612 7732 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2011/06/09 21:44:40.0713 7732 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/06/09 21:44:40.0833 7732 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/09 21:44:40.0930 7732 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/09 21:44:41.0000 7732 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/09 21:44:41.0132 7732 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/09 21:44:41.0225 7732 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/09 21:44:41.0333 7732 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/09 21:44:41.0466 7732 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/09 21:44:41.0632 7732 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/09 21:44:41.0752 7732 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/06/09 21:44:41.0857 7732 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/09 21:44:42.0008 7732 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/06/09 21:44:42.0240 7732 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\Windows\system32\DRIVERS\RsFx0150.sys
2011/06/09 21:44:42.0426 7732 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/09 21:44:42.0546 7732 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/09 21:44:42.0695 7732 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/09 21:44:42.0847 7732 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/09 21:44:43.0008 7732 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/09 21:44:43.0178 7732 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/09 21:44:43.0333 7732 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/06/09 21:44:43.0496 7732 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/09 21:44:43.0549 7732 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/09 21:44:43.0694 7732 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/09 21:44:43.0878 7732 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/06/09 21:44:44.0043 7732 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/06/09 21:44:44.0206 7732 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/06/09 21:44:44.0378 7732 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/06/09 21:44:44.0599 7732 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/09 21:44:44.0817 7732 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/06/09 21:44:44.0817 7732 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/06/09 21:44:44.0827 7732 sptd - detected LockedFile.Multi.Generic (1)
2011/06/09 21:44:45.0068 7732 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/06/09 21:44:45.0324 7732 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/09 21:44:45.0451 7732 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/09 21:44:45.0636 7732 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/09 21:44:45.0755 7732 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/09 21:44:45.0858 7732 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/09 21:44:45.0907 7732 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/09 21:44:46.0335 7732 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/06/09 21:44:46.0535 7732 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/09 21:44:46.0715 7732 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/09 21:44:46.0831 7732 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/09 21:44:46.0943 7732 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/09 21:44:46.0982 7732 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/09 21:44:47.0058 7732 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/09 21:44:47.0221 7732 TSHWMDTCP (a7d055f92c8ea06849cefc0e3aa78730) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
2011/06/09 21:44:47.0361 7732 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/09 21:44:47.0517 7732 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/09 21:44:47.0702 7732 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/09 21:44:47.0827 7732 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/06/09 21:44:47.0936 7732 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/09 21:44:48.0080 7732 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/09 21:44:48.0182 7732 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/06/09 21:44:48.0215 7732 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/09 21:44:48.0251 7732 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/09 21:44:48.0376 7732 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/09 21:44:48.0502 7732 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/09 21:44:48.0546 7732 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/09 21:44:48.0704 7732 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/09 21:44:48.0790 7732 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/09 21:44:48.0862 7732 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/09 21:44:48.0969 7732 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/09 21:44:49.0106 7732 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/09 21:44:49.0189 7732 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/09 21:44:49.0276 7732 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/09 21:44:49.0373 7732 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/09 21:44:49.0481 7732 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/09 21:44:49.0672 7732 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/06/09 21:44:49.0766 7732 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/06/09 21:44:49.0833 7732 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/06/09 21:44:49.0971 7732 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/09 21:44:50.0214 7732 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/06/09 21:44:50.0315 7732 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/06/09 21:44:50.0391 7732 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/06/09 21:44:50.0587 7732 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
2011/06/09 21:44:50.0639 7732 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/09 21:44:50.0752 7732 wacomvhid (51d580f30d1a1f2ea4965af6abc2bcb2) C:\Windows\system32\DRIVERS\wacomvhid.sys
2011/06/09 21:44:50.0795 7732 WacomVTHid (6d95cb7cefe61b62472076187277edf6) C:\Windows\system32\DRIVERS\WacomVTHid.sys
2011/06/09 21:44:50.0871 7732 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/09 21:44:50.0896 7732 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/09 21:44:50.0978 7732 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/06/09 21:44:51.0076 7732 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/09 21:44:51.0233 7732 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/06/09 21:44:51.0401 7732 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/09 21:44:51.0536 7732 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/09 21:44:51.0645 7732 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/09 21:44:51.0783 7732 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/09 21:44:51.0895 7732 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2011/06/09 21:44:51.0938 7732 MBR (0x1B8) (8913823ff508ccf109db74b636c301da) \Device\Harddisk0\DR0
2011/06/09 21:44:51.0991 7732 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR6
2011/06/09 21:44:52.0030 7732 ================================================================================
2011/06/09 21:44:52.0030 7732 Scan finished
2011/06/09 21:44:52.0030 7732 ================================================================================
2011/06/09 21:44:52.0047 6332 Detected object count: 1
2011/06/09 21:44:52.0047 6332 Actual detected object count: 1
2011/06/09 21:45:04.0365 6332 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/06/09 21:46:56.0530 7948 ================================================================================
2011/06/09 21:46:56.0530 7948 Scan started
2011/06/09 21:46:56.0530 7948 Mode: Manual;
2011/06/09 21:46:56.0530 7948 ================================================================================
2011/06/09 21:46:57.0176 7948 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/06/09 21:46:57.0254 7948 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/09 21:46:57.0347 7948 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/06/09 21:46:57.0423 7948 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/06/09 21:46:57.0490 7948 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/06/09 21:46:57.0582 7948 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/06/09 21:46:57.0703 7948 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/06/09 21:46:57.0753 7948 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/09 21:46:57.0818 7948 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/06/09 21:46:57.0879 7948 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/06/09 21:46:57.0932 7948 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/06/09 21:46:58.0008 7948 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/06/09 21:46:58.0081 7948 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/06/09 21:46:58.0277 7948 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/06/09 21:46:58.0348 7948 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/06/09 21:46:58.0449 7948 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\Windows\system32\drivers\aswFsBlk.sys
2011/06/09 21:46:58.0545 7948 aswMonFlt (bd9119468c32b7ecd1e0544d3f286a73) C:\Windows\system32\drivers\aswMonFlt.sys
2011/06/09 21:46:58.0618 7948 aswRdr (69823954bbd461a73d69774928c9737e) C:\Windows\system32\drivers\aswRdr.sys
2011/06/09 21:46:58.0696 7948 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\Windows\system32\drivers\aswSP.sys
2011/06/09 21:46:58.0763 7948 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\Windows\system32\drivers\aswTdi.sys
2011/06/09 21:46:58.0828 7948 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/09 21:46:58.0895 7948 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/06/09 21:46:59.0014 7948 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/09 21:46:59.0213 7948 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/09 21:46:59.0268 7948 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/09 21:46:59.0368 7948 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/09 21:46:59.0474 7948 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/09 21:46:59.0587 7948 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/09 21:46:59.0653 7948 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/09 21:46:59.0734 7948 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/09 21:46:59.0829 7948 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/09 21:46:59.0928 7948 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/09 21:47:00.0009 7948 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/09 21:47:00.0068 7948 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/06/09 21:47:00.0123 7948 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/06/09 21:47:00.0181 7948 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/06/09 21:47:00.0210 7948 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/06/09 21:47:00.0246 7948 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/09 21:47:00.0270 7948 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/06/09 21:47:00.0395 7948 Crypto (800ec253f07f89c2fc694839dfeef6f8) C:\Windows\system32\Drivers\Crypto.sys
2011/06/09 21:47:00.0475 7948 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/06/09 21:47:00.0540 7948 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/06/09 21:47:00.0611 7948 DNE (812f9714b6d2d93078bf4d126167c5ba) C:\Windows\system32\DRIVERS\dne2000.sys
2011/06/09 21:47:00.0671 7948 DniVap (3e8710943760f2054e56eed761d875cf) C:\Windows\system32\DRIVERS\vapco.sys
2011/06/09 21:47:00.0742 7948 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/06/09 21:47:00.0790 7948 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/06/09 21:47:00.0817 7948 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/06/09 21:47:00.0903 7948 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/09 21:47:01.0055 7948 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/09 21:47:01.0125 7948 E100B (d00eeae1cacd77a1a8396bbc19140bba) C:\Windows\system32\DRIVERS\e100b325.sys
2011/06/09 21:47:01.0198 7948 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/09 21:47:01.0268 7948 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/06/09 21:47:01.0367 7948 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/06/09 21:47:01.0492 7948 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/06/09 21:47:01.0607 7948 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/06/09 21:47:01.0675 7948 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/09 21:47:01.0766 7948 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/09 21:47:01.0862 7948 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/09 21:47:01.0937 7948 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/09 21:47:02.0026 7948 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/06/09 21:47:02.0145 7948 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/09 21:47:02.0261 7948 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/09 21:47:02.0355 7948 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/09 21:47:02.0437 7948 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/09 21:47:02.0561 7948 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/09 21:47:02.0604 7948 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/09 21:47:02.0662 7948 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/09 21:47:02.0750 7948 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/09 21:47:02.0820 7948 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/06/09 21:47:02.0930 7948 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
2011/06/09 21:47:03.0052 7948 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/06/09 21:47:03.0180 7948 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/06/09 21:47:03.0231 7948 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/06/09 21:47:03.0285 7948 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/09 21:47:03.0394 7948 iaStor (25c3d5f66a74a7bddeca56085f040d2e) C:\Windows\system32\DRIVERS\iaStor.sys
2011/06/09 21:47:03.0456 7948 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/06/09 21:47:03.0594 7948 igfx (62f534791ae488a475a3e508d92af4cc) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/06/09 21:47:03.0689 7948 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/09 21:47:03.0847 7948 IntcAzAudAddService (edc37b918e583a5a813c53d4f5588255) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/09 21:47:03.0926 7948 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/06/09 21:47:03.0980 7948 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/09 21:47:04.0096 7948 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/09 21:47:04.0265 7948 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/09 21:47:04.0377 7948 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/09 21:47:04.0470 7948 IPSECDRV (e3df87b6a6f7a6291a79e7b3281345e6) C:\Windows\system32\Drivers\IPSECDRV.sys
2011/06/09 21:47:04.0577 7948 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/09 21:47:04.0659 7948 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/06/09 21:47:04.0726 7948 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/09 21:47:04.0801 7948 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/09 21:47:04.0858 7948 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/09 21:47:04.0895 7948 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/09 21:47:04.0954 7948 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/09 21:47:05.0040 7948 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/09 21:47:05.0166 7948 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/09 21:47:05.0271 7948 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/09 21:47:05.0324 7948 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/09 21:47:05.0380 7948 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/09 21:47:05.0456 7948 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/09 21:47:05.0582 7948 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/06/09 21:47:05.0640 7948 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/06/09 21:47:05.0703 7948 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/09 21:47:05.0744 7948 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/09 21:47:05.0800 7948 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/09 21:47:05.0909 7948 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/09 21:47:05.0967 7948 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/09 21:47:06.0075 7948 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/06/09 21:47:06.0172 7948 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/09 21:47:06.0248 7948 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/09 21:47:06.0314 7948 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/09 21:47:06.0383 7948 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/09 21:47:06.0486 7948 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/09 21:47:06.0605 7948 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/09 21:47:06.0678 7948 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/06/09 21:47:06.0768 7948 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/06/09 21:47:06.0887 7948 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/09 21:47:06.0960 7948 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/09 21:47:07.0042 7948 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/09 21:47:07.0122 7948 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/09 21:47:07.0170 7948 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/09 21:47:07.0233 7948 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/06/09 21:47:07.0321 7948 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/09 21:47:07.0428 7948 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/09 21:47:07.0563 7948 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/06/09 21:47:07.0631 7948 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/09 21:47:07.0735 7948 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/06/09 21:47:07.0851 7948 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/09 21:47:07.0954 7948 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/09 21:47:08.0042 7948 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/09 21:47:08.0201 7948 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/09 21:47:08.0259 7948 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/09 21:47:08.0334 7948 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/09 21:47:08.0444 7948 netr28u (af14f279bf4ac27560c6bcc82cb09d24) C:\Windows\system32\DRIVERS\netr28u.sys
2011/06/09 21:47:08.0518 7948 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/09 21:47:08.0578 7948 NIOC (660afb141d2b66d46bbce3d0167e693b) C:\Windows\system32\NIOC.SYS
2011/06/09 21:47:08.0692 7948 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/06/09 21:47:08.0796 7948 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/09 21:47:08.0923 7948 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/06/09 21:47:09.0024 7948 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/09 21:47:09.0159 7948 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/09 21:47:09.0213 7948 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/06/09 21:47:09.0260 7948 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/06/09 21:47:09.0389 7948 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/06/09 21:47:09.0620 7948 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/09 21:47:09.0722 7948 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/09 21:47:09.0811 7948 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/06/09 21:47:09.0866 7948 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/09 21:47:09.0941 7948 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/06/09 21:47:10.0002 7948 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/06/09 21:47:10.0046 7948 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/09 21:47:10.0111 7948 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/09 21:47:10.0213 7948 pnarp (63200893c9d5934a7504d20f68276cc7) C:\Windows\system32\DRIVERS\pnarp.sys
2011/06/09 21:47:10.0334 7948 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/09 21:47:10.0435 7948 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/06/09 21:47:10.0478 7948 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
2011/06/09 21:47:10.0533 7948 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/09 21:47:10.0591 7948 purendis (748bcab4eff5959ed347c05a1c1a0af8) C:\Windows\system32\DRIVERS\purendis.sys
2011/06/09 21:47:10.0638 7948 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2011/06/09 21:47:10.0755 7948 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/06/09 21:47:10.0843 7948 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/09 21:47:10.0934 7948 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/09 21:47:11.0043 7948 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/09 21:47:11.0166 7948 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/09 21:47:11.0234 7948 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/09 21:47:11.0290 7948 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/09 21:47:11.0359 7948 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/09 21:47:11.0425 7948 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/09 21:47:11.0478 7948 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/06/09 21:47:11.0542 7948 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/09 21:47:11.0643 7948 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/06/09 21:47:11.0741 7948 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\Windows\system32\DRIVERS\RsFx0150.sys
2011/06/09 21:47:11.0835 7948 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/09 21:47:11.0923 7948 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/09 21:47:12.0004 7948 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/09 21:47:12.0048 7948 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/09 21:47:12.0101 7948 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/09 21:47:12.0188 7948 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/09 21:47:12.0285 7948 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/06/09 21:47:12.0314 7948 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/09 21:47:12.0359 7948 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/09 21:47:12.0404 7948 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/09 21:47:12.0497 7948 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/06/09 21:47:12.0562 7948 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/06/09 21:47:12.0633 7948 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/06/09 21:47:12.0705 7948 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/06/09 21:47:12.0801 7948 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/09 21:47:12.0894 7948 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/06/09 21:47:12.0894 7948 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/06/09 21:47:12.0902 7948 sptd - detected LockedFile.Multi.Generic (1)
2011/06/09 21:47:12.0995 7948 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/06/09 21:47:13.0059 7948 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/09 21:47:13.0112 7948 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/09 21:47:13.0196 7948 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/09 21:47:13.0265 7948 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/09 21:47:13.0293 7948 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/09 21:47:13.0326 7948 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/09 21:47:13.0495 7948 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/06/09 21:47:13.0587 7948 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/09 21:47:13.0692 7948 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/09 21:47:13.0792 7948 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/09 21:47:13.0846 7948 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/09 21:47:13.0960 7948 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/09 21:47:14.0035 7948 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/09 21:47:14.0198 7948 TSHWMDTCP (a7d055f92c8ea06849cefc0e3aa78730) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
2011/06/09 21:47:14.0313 7948 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/09 21:47:14.0428 7948 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/09 21:47:14.0522 7948 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/09 21:47:14.0605 7948 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/06/09 21:47:14.0705 7948 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/09 21:47:14.0791 7948 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/09 21:47:14.0876 7948 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/06/09 21:47:14.0985 7948 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/09 21:47:15.0053 7948 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/09 21:47:15.0120 7948 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/09 21:47:15.0179 7948 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/09 21:47:15.0257 7948 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/09 21:47:15.0323 7948 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/09 21:47:15.0459 7948 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/09 21:47:15.0523 7948 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/09 21:47:15.0571 7948 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/09 21:47:15.0651 7948 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/09 21:47:15.0725 7948 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/09 21:47:15.0787 7948 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/09 21:47:15.0875 7948 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/09 21:47:15.0975 7948 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/09 21:47:16.0084 7948 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/06/09 21:47:16.0160 7948 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/06/09 21:47:16.0228 7948 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/06/09 21:47:16.0299 7948 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/09 21:47:16.0359 7948 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/06/09 21:47:16.0410 7948 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/06/09 21:47:16.0477 7948 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/06/09 21:47:16.0606 7948 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
2011/06/09 21:47:16.0659 7948 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/09 21:47:16.0719 7948 wacomvhid (51d580f30d1a1f2ea4965af6abc2bcb2) C:\Windows\system32\DRIVERS\wacomvhid.sys
2011/06/09 21:47:16.0782 7948 WacomVTHid (6d95cb7cefe61b62472076187277edf6) C:\Windows\system32\DRIVERS\WacomVTHid.sys
2011/06/09 21:47:16.0857 7948 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/09 21:47:16.0872 7948 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/09 21:47:16.0947 7948 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/06/09 21:47:17.0020 7948 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/09 21:47:17.0139 7948 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/06/09 21:47:17.0271 7948 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/09 21:47:17.0356 7948 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/09 21:47:17.0415 7948 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/09 21:47:17.0519 7948 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/09 21:47:17.0581 7948 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2011/06/09 21:47:17.0633 7948 MBR (0x1B8) (8913823ff508ccf109db74b636c301da) \Device\Harddisk0\DR0
2011/06/09 21:47:17.0669 7948 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR6
2011/06/09 21:47:17.0706 7948 ================================================================================
2011/06/09 21:47:17.0706 7948 Scan finished
2011/06/09 21:47:17.0706 7948 ================================================================================
2011/06/09 21:47:17.0723 7516 Detected object count: 1
2011/06/09 21:47:17.0724 7516 Actual detected object count: 1
2011/06/09 21:47:51.0579 7516 LockedFile.Multi.Generic(sptd) - User select action: Skip
#42
Posted 10 June 2011 - 02:27 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
A few miscreants showing there - so lets get rid of them
Run OTL
THEN
Please download Malwarebytes' Anti-Malware from Here.
Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
[2010/07/03 09:14:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/23 21:58:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/27 06:46:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001..\Run: [48F1E587052B947E85A0B40D73622E63] File not found
O4 - HKU\S-1-5-21-3253985537-1783120850-3274599005-1001..\Run: [WindowsUpdate] C:\Users\Tamara\AppData\Roaming\WindowsUpdate\winupdate.exe.exe ()
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_07)
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Please download Malwarebytes' Anti-Malware from Here.Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
#43
Posted 10 June 2011 - 04:15 PM
rbarnhart1
- Topic Starter
-
- Member
-
- 31 posts
Member
OTL was shot down. I started the scan and a message came up saying that it stopped working. The virus seems even worse than it was on the other computer. What's next? Should I try Malewarebytes?
#44
Posted 11 June 2011 - 05:22 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Yes run Malwarebytes - if that should fail
Download RogueKiller to your desktop
Then retry Malwarebytes
Download RogueKiller to your desktop
- Quit all running programs
- For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
- When prompted, type 1 and validate
- The RKreport.txt shall be generated next to the executable.
- If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Then retry Malwarebytes
#45
Posted 11 June 2011 - 12:37 PM
rbarnhart1
- Topic Starter
-
- Member
-
- 31 posts
Member
MWB successfully removed 31 items. That is a good sign....however, I should mention that the virus is back on the other computer now. I'm going to go through one last attempt with this and if doesn't work I'm just going to wipe both computers and reload the OS.
It's interesting to note that MWB found 31 objects on the 2nd computer but found nothing on the 1st one. I wonder if the 31 objects that were found are even related to the virus we are trying to get or if it is other stuff that we didn't know about. When I restarted the computer, I noticed a bunch of windows services pop up that haven't been lately (such as parental notifications, blocked programs, etc). Also, Avast did an automatic update. So, there seems like a lot of positive things happening there. However, we thought we had the other computer settled also...but we were wrong :-). What should we do next?
Here's the Log file:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6835
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
6/11/2011 1:11:23 PM
mbam-log-2011-06-11 (13-11-23).txt
Scan type: Quick scan
Objects scanned: 228494
Time elapsed: 24 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 24
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{CC0F2900-8A5B-4D0D-9E44-10435BC40774} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{89E96460-93F7-40B6-A4D7-1E8079283BD7} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{60977D31-766E-45AB-8CAD-93EDECE7C2E9} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\facerange.StockBar.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\facerange.StockBar (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC0F2900-8A5B-4D0D-9E44-10435BC40774} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC0F2900-8A5B-4D0D-9E44-10435BC40774} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC0F2900-8A5B-4D0D-9E44-10435BC40774} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cerberus (Backdoor.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
It's interesting to note that MWB found 31 objects on the 2nd computer but found nothing on the 1st one. I wonder if the 31 objects that were found are even related to the virus we are trying to get or if it is other stuff that we didn't know about. When I restarted the computer, I noticed a bunch of windows services pop up that haven't been lately (such as parental notifications, blocked programs, etc). Also, Avast did an automatic update. So, there seems like a lot of positive things happening there. However, we thought we had the other computer settled also...but we were wrong :-). What should we do next?
Here's the Log file:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6835
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
6/11/2011 1:11:23 PM
mbam-log-2011-06-11 (13-11-23).txt
Scan type: Quick scan
Objects scanned: 228494
Time elapsed: 24 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 24
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{CC0F2900-8A5B-4D0D-9E44-10435BC40774} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{89E96460-93F7-40B6-A4D7-1E8079283BD7} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{60977D31-766E-45AB-8CAD-93EDECE7C2E9} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\facerange.StockBar.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\facerange.StockBar (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC0F2900-8A5B-4D0D-9E44-10435BC40774} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC0F2900-8A5B-4D0D-9E44-10435BC40774} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC0F2900-8A5B-4D0D-9E44-10435BC40774} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cerberus (Backdoor.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
