Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect Concidence or not?


  • Please log in to reply

#1
taybaxter

taybaxter

    Member

  • Member
  • PipPip
  • 16 posts
So I had a problem with a google redirect virus a week or so ago and I seemed to have taken care of it. It was pretty persistent and I had to run a number of malware removal programs, reinstall firefox and even use CCleaner before I finally stopped getting redirects. The final malware removal program I used, emsisoft Anti-malware, removed a number of trojans. I haven't had any redirects since then at all and I've used the computer a lot.

Problem is, I got a phone call today from my credit card company and someone has been using my credit card! About two hundred dollars worth of charges at Mcdonalds, Wendys, and even Macys from two separate locations...Illinois and Florida (I live in Missouri). I'm getting a new credit card and reporting the fraud BUT I'm worried that my computer is compromised. I'm loath to reformat--although I guess I will if necessary :angry: --so I'm hoping maybe it's a coincidence.

I don't seem to be having any overt problems but I wonder if anyone sees anything in the OTL log below. I also am looking for any advice anyone might have:

THANKS!





OTL logfile created on: 5/18/2012 3:06:31 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Taylor\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.97 Gb Total Physical Memory | 2.84 Gb Available Physical Memory | 47.57% Memory free
11.93 Gb Paging File | 8.18 Gb Available in Paging File | 68.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 362.24 Gb Total Space | 186.42 Gb Free Space | 51.46% Space Free | Partition Type: NTFS

Computer Name: TAYLOR-PC | User Name: Taylor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/18 15:05:51 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Taylor\Downloads\OTL.exe
PRC - [2012/05/06 23:07:57 | 000,400,344 | ---- | M] (Mozilla Messaging) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2012/04/22 18:45:26 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/04/20 20:18:58 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/04/20 16:09:02 | 003,065,120 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2012/04/20 16:09:00 | 003,361,184 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/06 18:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/03/06 18:15:13 | 000,134,920 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2011/12/05 22:05:32 | 000,049,664 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
PRC - [2011/10/26 10:09:02 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/22 13:57:34 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFTray.exe
PRC - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFService.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/03/05 21:05:26 | 000,173,872 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWi.exe
PRC - [2009/03/04 18:20:22 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
PRC - [2009/03/04 18:20:06 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
PRC - [2009/03/04 18:19:48 | 000,045,056 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
PRC - [2009/03/04 18:18:48 | 000,045,056 | ---- | M] (Sony Electronics, Inc.) -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/21 13:07:42 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009/01/21 13:07:42 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009/01/19 15:49:24 | 000,203,624 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009/01/19 15:49:24 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009/01/14 16:38:40 | 005,184,872 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2008/09/18 13:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008/09/11 01:37:36 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/09/09 15:57:52 | 000,077,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) -- c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/18 14:59:16 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/05/18 14:59:10 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/05/18 14:59:09 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/05/18 14:59:09 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/05/18 14:59:09 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/05/17 09:29:00 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/17 09:28:53 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/14 21:19:38 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012/05/13 21:25:56 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/13 21:25:38 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3aa966e818d35f094e23bbbdcf1b4297\System.Web.ni.dll
MOD - [2012/05/13 21:25:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/13 21:25:09 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b1a95b0145ac26d9637b894ee38d5eac\PresentationFramework.ni.dll
MOD - [2012/05/13 21:24:37 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\79b487ba3d893f59ce7e697d06721dd0\System.Windows.Forms.ni.dll
MOD - [2012/05/13 21:24:20 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\1dce8ad4aa93ed395af726c0e510846e\System.Drawing.ni.dll
MOD - [2012/05/13 21:24:16 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
MOD - [2012/05/13 21:24:14 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\35652d0f564409d493f4f2053d40154d\PresentationCore.ni.dll
MOD - [2012/05/13 21:23:56 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/13 21:23:48 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/13 21:23:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/06 23:07:59 | 001,952,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2012/05/06 23:07:58 | 000,162,776 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2012/05/06 23:07:58 | 000,021,976 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2012/04/20 20:19:01 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/01/03 21:51:04 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/01/03 21:51:03 | 003,190,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/11/20 22:24:16 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2010/11/20 22:23:48 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010/11/20 22:23:48 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2009/03/05 21:05:26 | 000,173,872 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWi.exe
MOD - [2009/03/04 18:20:22 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
MOD - [2009/03/04 18:20:10 | 000,024,576 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWHELP.dll
MOD - [2009/03/04 18:20:06 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
MOD - [2009/03/04 18:19:48 | 000,045,056 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
MOD - [2009/03/04 18:19:46 | 000,040,960 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll
MOD - [2009/03/04 18:19:46 | 000,024,576 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll
MOD - [2009/03/04 18:19:42 | 000,024,576 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll
MOD - [2009/03/04 18:19:42 | 000,020,480 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll
MOD - [2009/03/04 18:19:36 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWBTH.dll
MOD - [2009/03/04 18:19:34 | 000,053,248 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWLAN.dll
MOD - [2009/03/04 18:19:34 | 000,016,384 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWDEV.dll
MOD - [2009/03/04 18:19:30 | 000,020,480 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWSET.dll
MOD - [2009/03/04 18:18:00 | 000,016,384 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWGadgetInterface.dll
MOD - [2009/03/04 18:17:58 | 000,020,480 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWCommon.dll
MOD - [2009/03/04 18:17:58 | 000,016,384 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll
MOD - [2009/03/04 18:17:56 | 000,016,384 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll
MOD - [2009/03/04 18:17:54 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SharedInterfaces.dll
MOD - [2009/03/04 18:17:54 | 000,020,480 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\DebugMsg.dll
MOD - [2009/03/04 18:17:52 | 000,126,976 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SonyCommonLib.dll
MOD - [2009/03/04 18:17:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\MessageXML.dll
MOD - [2009/03/04 18:17:52 | 000,020,480 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Resources.dll
MOD - [2009/03/04 18:17:52 | 000,016,384 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SystemPowerDLL.dll
MOD - [2009/03/04 18:17:50 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\DictionaryLookup.dll
MOD - [2009/03/04 14:59:32 | 000,036,864 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll
MOD - [2009/03/04 14:59:32 | 000,016,384 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll
MOD - [2009/02/06 21:30:12 | 000,026,624 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWTSK.dll
MOD - [2008/06/12 03:00:38 | 000,237,568 | ---- | M] () -- c:\Program Files (x86)\Adobe\Reader 9.0\Reader\sqlite.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/03/06 18:15:13 | 000,134,920 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2011/12/05 22:11:56 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/06/22 19:14:26 | 001,430,800 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV:64bit: - [2011/06/22 18:53:42 | 000,840,976 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/01/24 13:23:16 | 000,839,720 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/01/19 19:43:04 | 000,394,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2009/01/17 00:59:12 | 000,110,376 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2009/01/05 21:13:13 | 000,141,344 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2008/12/19 16:02:10 | 000,411,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2008/09/29 19:06:32 | 000,167,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector) Intel®
SRV:64bit: - [2008/04/27 19:00:38 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.exe -- (XAudioService)
SRV - [2012/05/14 21:19:39 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/22 18:45:26 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/20 20:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/20 16:09:02 | 003,065,120 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/03/05 15:54:04 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/02/22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/05 15:41:46 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/02/05 15:41:44 | 000,390,440 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/02/05 15:41:44 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/02/05 15:41:44 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/02/05 15:41:44 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/01/21 13:07:44 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/01/21 13:07:42 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/01/21 13:07:42 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/01/19 15:49:24 | 000,203,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/01/14 16:38:40 | 005,184,872 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/01/08 03:10:32 | 000,114,688 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2008/09/18 13:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/09/11 01:37:36 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/08/09 00:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/06 18:04:31 | 000,141,144 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2012/03/06 18:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/03/06 18:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/03/06 18:03:29 | 000,258,904 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2012/03/06 18:02:45 | 000,028,504 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/03/06 18:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/06 18:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/03/06 18:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/03/06 18:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/05 22:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/12/05 22:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/12/05 21:12:14 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/11/28 12:26:19 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2011/08/03 17:16:06 | 008,388,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNv64.sys -- (NETwNv64) ___ Intel®
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/22 13:57:58 | 000,074,824 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon)
DRV:64bit: - [2011/02/22 13:57:56 | 000,041,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2011/02/22 13:57:54 | 000,065,072 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/07/12 13:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/10 15:44:18 | 000,191,392 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/02/10 15:02:06 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/02/10 15:02:05 | 000,133,672 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/02/10 15:02:05 | 000,095,784 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/02/10 15:01:43 | 000,036,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/11/18 19:08:46 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2008/10/22 19:02:17 | 000,085,504 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk)
DRV:64bit: - [2008/10/22 19:02:08 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk)
DRV:64bit: - [2008/08/29 02:57:24 | 004,745,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/07/17 19:05:52 | 000,193,072 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/05/28 05:23:40 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2008/04/29 19:03:13 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/04/27 19:00:38 | 000,009,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2008/04/27 19:00:35 | 001,511,936 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2008/04/27 19:00:35 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2008/04/27 19:00:33 | 000,731,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/04/27 19:00:33 | 000,300,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2008/04/24 17:06:42 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2007/04/16 23:51:50 | 000,014,112 | R--- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2011/11/02 11:13:26 | 000,041,728 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys -- (a2injectiondriver)
DRV - [2011/11/02 11:13:12 | 000,063,880 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
DRV - [2011/05/19 14:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2010/05/05 09:40:54 | 000,014,720 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys -- (a2util)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7SNNT
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7SNNT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...NT_enUS420US420
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...NT_enUS420US420
IE - HKCU\..\SearchScopes\{FBD9499A-91EC-C593-1D50-7512683B52A6}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/05/12 22:31:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/05/12 19:46:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/12 20:14:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/13 09:48:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/12 19:52:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/05/12 19:52:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/05/12 19:52:06 | 000,000,000 | ---D | M]

[2012/05/13 09:48:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Extensions
[2012/05/14 13:39:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\9xy7dwng.default\extensions
[2012/05/13 09:48:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/13 13:43:21 | 000,377,615 | ---- | M] () (No name found) -- C:\USERS\TAYLOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9XY7DWNG.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
[2012/04/20 20:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/20 20:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/20 20:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: avast! WebRep = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Poppit = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\

O1 HOSTS File: ([2012/05/12 13:13:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AML] C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe (Sony)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2D38DB1-7045-44A6-91F5-D751ACF05153}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\intu-help-qb2 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Taylor\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Taylor\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/17 09:16:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/15 08:37:24 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Local\CrashDumps
[2012/05/15 06:32:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012/05/15 06:31:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012/05/15 06:31:39 | 000,000,000 | ---D | C] -- C:\Users\Taylor\Documents\Anti-Malware
[2012/05/15 06:28:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/05/15 06:28:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/05/14 21:56:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThreatFire
[2012/05/14 21:56:46 | 000,074,824 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys
[2012/05/14 21:56:46 | 000,065,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys
[2012/05/14 21:56:46 | 000,041,888 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys
[2012/05/14 21:56:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ThreatFire
[2012/05/14 21:56:44 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/05/13 22:26:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/05/13 21:25:03 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Local\ElevatedDiagnostics
[2012/05/13 21:23:32 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Local\Diagnostics
[2012/05/13 21:17:30 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/05/13 14:10:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/05/13 14:10:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012/05/13 10:42:19 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/05/13 10:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/05/13 10:38:23 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/05/13 09:48:31 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Roaming\Mozilla
[2012/05/13 09:48:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/05/13 09:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/05/13 09:06:29 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/05/13 09:06:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012/05/13 02:14:13 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Local\NPE
[2012/05/13 02:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/05/13 02:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/05/13 02:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/05/13 01:36:53 | 000,000,000 | ---D | C] -- C:\Users\Taylor\Desktop\GooredFix Backups
[2012/05/13 00:56:51 | 000,543,024 | ---- | C] (Microsoft Corporation) -- C:\Users\Taylor\IE9-Windows7-x64-enu.exe
[2012/05/12 23:56:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/12 23:54:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/12 23:53:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/12 22:31:50 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/05/12 22:31:48 | 000,028,504 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2012/05/12 22:24:40 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/05/12 22:06:20 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~Q
[2012/05/12 21:43:51 | 000,000,000 | -H-D | C] -- C:\$INPLACE.~TR
[2012/05/12 21:34:33 | 000,000,000 | -H-D | C] -- C:\Users\Taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/05/12 21:33:02 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012/05/12 19:31:42 | 000,000,000 | --SD | C] -- C:\Users\Taylor\AppData\Roaming\Microsoft
[2012/05/12 19:31:42 | 000,000,000 | R--D | C] -- C:\Users\Taylor\Videos
[2012/05/12 19:31:42 | 000,000,000 | R--D | C] -- C:\Users\Taylor\Saved Games
[2012/05/12 19:31:42 | 000,000,000 | R--D | C] -- C:\Users\Taylor\Pictures
[2012/05/12 19:31:42 | 000,000,000 | R--D | C] -- C:\Users\Taylor\Music
[2012/05/12 19:31:42 | 000,000,000 | R--D | C] -- C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/05/12 19:31:42 | 000,000,000 | R--D | C] -- C:\Users\Taylor\Links
[2012/05/12 19:31:42 | 000,000,000 | R--D | C] -- C:\Users\Taylor\Favorites
[2012/05/12 19:31:42 | 000,000,000 | R--D | C] -- C:\Users\Taylor\Downloads
[2012/05/12 19:31:42 | 000,000,000 | R--D | C] -- C:\Users\Taylor\Documents
[2012/05/12 19:31:42 | 000,000,000 | R--D | C] -- C:\Users\Taylor\Desktop
[2012/05/12 19:31:42 | 000,000,000 | R--D | C] -- C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/05/12 19:31:42 | 000,000,000 | -HSD | C] -- C:\Users\Taylor\AppData\Local\Temporary Internet Files
[2012/05/12 19:31:42 | 000,000,000 | -HSD | C] -- C:\Users\Taylor\Templates
[2012/05/12 19:31:42 | 000,000,000 | -HSD | C] -- C:\Users\Taylor\Start Menu
[2012/05/12 19:31:42 | 000,000,000 | -HSD | C] -- C:\Users\Taylor\SendTo
[2012/05/12 19:31:42 | 000,000,000 | -HSD | C] -- C:\Users\Taylor\Recent
[2012/05/12 19:31:42 | 000,000,000 | -HSD | C] -- C:\Users\Taylor\PrintHood
[2012/05/12 19:31:42 | 000,000,000 | -HSD | C] -- C:\Users\Taylor\NetHood
[2012/05/12 19:31:42 | 000,000,000 | -HSD | C] -- C:\Users\Taylor\Documents\My Videos
[2012/05/12 19:31:42 | 000,000,000 | -HSD | C] -- C:\Users\Taylor\Documents\My Pictures
[2012/05/12 19:31:42 | 000,000,000 | -HSD | C] -- C:\Users\Taylor\Documents\My Music
[2012/05/12 19:31:42 | 000,000,000 | -HSD | C] -- C:\Users\Taylor\My Documents
[2012/05/12 19:31:42 | 000,000,000 | -HSD | C] -- C:\Users\Taylor\Local Settings
[2012/05/12 19:31:42 | 000,000,000 | -HSD | C] -- C:\Users\Taylor\AppData\Local\History
[2012/05/12 19:31:42 | 000,000,000 | -HSD | C] -- C:\Users\Taylor\Cookies
[2012/05/12 19:31:42 | 000,000,000 | -HSD | C] -- C:\Users\Taylor\Application Data
[2012/05/12 19:31:42 | 000,000,000 | -HSD | C] -- C:\Users\Taylor\AppData\Local\Application Data
[2012/05/12 19:31:42 | 000,000,000 | -H-D | C] -- C:\Users\Taylor\AppData
[2012/05/12 19:31:42 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Local\Temp
[2012/05/12 19:31:42 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Local\Microsoft
[2012/05/12 19:31:42 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Roaming\Media Center Programs
[2012/05/12 19:30:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2012/05/12 19:30:10 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/05/12 19:28:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012/05/12 19:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/05/12 19:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\Apoint
[2012/05/12 19:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2012/05/12 19:27:09 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/05/12 13:47:02 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/05/12 13:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/05/12 12:50:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/12 12:50:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/12 12:50:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/12 12:46:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/12 12:45:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/11 21:27:06 | 000,000,000 | ---D | C] -- C:\Users\Taylor\Documents\Telltale Games
[2012/05/11 19:37:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN
[2012/05/11 19:37:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES
[2012/05/11 19:37:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES
[2012/05/11 19:37:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES
[2012/05/11 19:37:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES
[2012/05/11 19:37:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN
[2012/05/11 19:32:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/05/11 18:51:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/05/11 17:49:08 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Roaming\HpUpdate
[2012/05/11 17:48:56 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2012/05/10 10:43:55 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Local\Microsoft Corporation
[2012/05/10 10:38:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor
[2012/05/01 10:29:01 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Roaming\Sony Corporation
[2012/04/27 14:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/04/27 14:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Pro Control Center
[2012/04/27 14:26:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012/04/27 13:50:25 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobility Modder.NET
[2012/04/27 13:50:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MobilityDotNET
[2012/04/27 13:32:38 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Roaming\driveridentifier
[2012/04/27 13:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Identifier
[2012/04/27 13:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Identifier
[2012/04/27 12:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/04/27 12:02:50 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/04/26 22:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/04/26 17:01:45 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Roaming\ATI
[2012/04/26 16:30:49 | 000,030,208 | ---- | C] (Auslogics) -- C:\Windows\SysNative\rdboot64.exe
[2012/04/22 12:14:08 | 000,000,000 | ---D | C] -- C:\Users\Taylor\Documents\AnatomyPapers
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/18 14:54:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/18 14:18:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/18 13:57:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/18 07:04:41 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/17 22:49:53 | 000,002,211 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/05/17 09:30:59 | 000,785,966 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/17 09:30:59 | 000,668,906 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/17 09:30:59 | 000,125,060 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/17 09:30:47 | 000,785,966 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/16 15:00:08 | 000,011,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/16 15:00:08 | 000,011,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/15 06:32:04 | 000,001,115 | ---- | M] () -- C:\Users\Taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/05/15 06:32:04 | 000,001,091 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012/05/15 01:46:45 | 510,935,039 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/14 21:56:48 | 000,000,958 | ---- | M] () -- C:\Users\Taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\ThreatFire.lnk
[2012/05/14 21:56:48 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\ThreatFire.lnk
[2012/05/13 21:17:02 | 602,766,393 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/05/13 21:09:36 | 000,001,437 | ---- | M] () -- C:\Users\Taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/13 21:05:31 | 000,393,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/13 14:17:10 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/05/13 14:17:09 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/05/13 09:48:23 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/13 09:06:29 | 000,003,211 | ---- | M] () -- C:\Users\Taylor\Desktop\Sophos Virus Removal Tool.lnk
[2012/05/13 02:08:36 | 000,001,258 | ---- | M] () -- C:\Users\Taylor\Desktop\Spybot - Search & Destroy.lnk
[2012/05/13 01:55:34 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/12 22:31:48 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/05/12 22:24:26 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/05/12 21:33:06 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/05/12 21:07:31 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/05/12 21:07:31 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/05/12 20:49:10 | 000,023,356 | ---- | M] () -- C:\Windows\SysNative\emptyregdb.dat
[2012/05/12 19:29:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/05/12 19:28:24 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012/05/12 19:28:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2012/05/12 18:35:50 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/12 18:35:49 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/12 17:22:46 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/05/12 17:22:46 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/05/12 17:09:43 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/05/12 13:47:02 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/05/12 13:13:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/12 12:29:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012/05/12 12:29:43 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/05/11 20:49:24 | 000,000,222 | ---- | M] () -- C:\Users\Taylor\Desktop\The Walking Dead.url
[2012/05/11 19:48:33 | 000,000,574 | -HS- | M] () -- C:\Users\Taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2012/04/27 16:03:44 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\Victoria 2.lnk
[2012/04/27 13:50:25 | 000,001,844 | ---- | M] () -- C:\Users\Taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\Mobility Modder.NET.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/15 06:32:04 | 000,001,115 | ---- | C] () -- C:\Users\Taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/05/15 06:32:04 | 000,001,091 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012/05/14 21:56:48 | 000,000,958 | ---- | C] () -- C:\Users\Taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\ThreatFire.lnk
[2012/05/14 21:56:48 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\ThreatFire.lnk
[2012/05/14 20:36:08 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/13 21:17:02 | 602,766,393 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/05/13 14:17:10 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/05/13 14:17:09 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/05/13 10:47:18 | 000,393,392 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/13 09:48:23 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/13 09:48:22 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/05/13 09:06:29 | 000,003,211 | ---- | C] () -- C:\Users\Taylor\Desktop\Sophos Virus Removal Tool.lnk
[2012/05/13 02:08:36 | 000,001,258 | ---- | C] () -- C:\Users\Taylor\Desktop\Spybot - Search & Destroy.lnk
[2012/05/12 22:31:48 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/05/12 21:35:07 | 000,001,409 | ---- | C] () -- C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/05/12 21:34:41 | 000,001,443 | ---- | C] () -- C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/05/12 21:33:06 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/05/12 21:09:05 | 510,935,039 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/12 20:49:10 | 000,023,356 | ---- | C] () -- C:\Windows\SysNative\emptyregdb.dat
[2012/05/12 19:31:42 | 000,000,290 | ---- | C] () -- C:\Users\Taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/05/12 19:31:42 | 000,000,272 | ---- | C] () -- C:\Users\Taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/05/12 19:30:53 | 000,785,966 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/12 19:29:57 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/05/12 19:29:56 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/05/12 19:29:26 | 000,011,120 | -H-- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/12 19:29:26 | 000,011,120 | -H-- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/12 19:29:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/05/12 19:28:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/05/12 19:28:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2012/05/12 17:22:41 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012/05/12 17:22:41 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2012/05/12 12:50:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/12 12:50:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/12 12:50:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/12 12:50:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/12 12:50:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/12 12:29:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012/05/12 12:29:43 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/05/11 20:49:24 | 000,000,222 | ---- | C] () -- C:\Users\Taylor\Desktop\The Walking Dead.url
[2012/05/11 19:02:07 | 000,121,856 | ---- | C] () -- C:\Windows\SysNative\EhStorAuthn.dll
[2012/05/11 19:02:07 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012/05/11 18:59:46 | 000,009,239 | ---- | C] () -- C:\Windows\SysWow64\spcinstrumentation.man
[2012/05/10 10:38:31 | 000,002,038 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2012/04/27 16:03:44 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\Victoria 2.lnk
[2012/04/27 13:50:25 | 000,001,844 | ---- | C] () -- C:\Users\Taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\Mobility Modder.NET.lnk
[2011/12/05 21:35:10 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/12/05 21:35:10 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/11/28 14:29:38 | 000,148,947 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011/11/28 14:24:42 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/06/08 15:46:08 | 000,000,482 | ---- | C] () -- C:\Windows\eReg.dat
[2011/05/02 11:16:37 | 051,575,210 | ---- | C] () -- C:\Windows\BIOSROM.DAT
[2011/02/17 18:33:13 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2011/02/17 17:42:16 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini

========== LOP Check ==========

[2012/05/12 20:36:17 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\Auslogics
[2012/05/12 20:36:17 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\driveridentifier
[2012/05/12 20:36:17 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\fltk.org
[2012/05/12 20:36:17 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\GetRightToGo
[2012/05/12 20:36:18 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\Image Zone Express
[2012/05/12 20:36:48 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\OpenCandy
[2012/05/12 20:36:48 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\Origin
[2012/05/12 20:36:48 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\Printer Info Cache
[2012/05/12 20:36:49 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\Spore
[2012/05/12 20:36:49 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\SystemRequirementsLab
[2012/05/12 20:36:50 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\Thunderbird
[2012/05/12 20:36:54 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\Tropico 3
[2012/05/12 20:36:54 | 000,000,000 | -HSD | M] -- C:\Users\Taylor\AppData\Roaming\wyUpdate AU
[2009/07/14 00:08:49 | 000,004,134 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#3
taybaxter

taybaxter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi Gammo!

Thanks so much for helping. No problem at all about the wait.

I have run a few more scans since I posted and picked up a few things but haven't changed much. Still not having any obvious signs of infection but worried nonetheless.

Here is the OTL notepad file. It did not load an extras file at all for some reason.


OTL logfile created on: 5/21/2012 9:46:36 PM - Run 2
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Taylor\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.97 Gb Total Physical Memory | 3.76 Gb Available Physical Memory | 63.07% Memory free
11.93 Gb Paging File | 9.11 Gb Available in Paging File | 76.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 362.24 Gb Total Space | 178.68 Gb Free Space | 49.33% Space Free | Partition Type: NTFS

Computer Name: TAYLOR-PC | User Name: Taylor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/18 15:05:51 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Taylor\Downloads\OTL.exe
PRC - [2012/04/20 20:18:58 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/04/20 16:09:02 | 003,065,120 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/19 19:36:02 | 002,421,640 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2012/03/19 19:32:00 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2012/03/06 18:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/03/06 18:15:13 | 000,134,920 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/24 18:15:17 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2009/03/04 18:20:22 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
PRC - [2009/03/04 18:20:06 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
PRC - [2009/03/04 18:19:48 | 000,045,056 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
PRC - [2009/03/04 18:18:48 | 000,045,056 | ---- | M] (Sony Electronics, Inc.) -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
PRC - [2009/01/21 13:07:42 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009/01/21 13:07:42 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009/01/19 15:49:24 | 000,203,624 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009/01/19 15:49:24 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009/01/14 16:38:40 | 005,184,872 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2008/09/18 13:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008/09/09 15:57:52 | 000,077,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) -- c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/18 17:18:40 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3aa966e818d35f094e23bbbdcf1b4297\System.Web.ni.dll
MOD - [2012/05/18 17:18:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/18 17:18:01 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\79b487ba3d893f59ce7e697d06721dd0\System.Windows.Forms.ni.dll
MOD - [2012/05/18 17:17:50 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\1dce8ad4aa93ed395af726c0e510846e\System.Drawing.ni.dll
MOD - [2012/05/18 17:16:37 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/18 17:16:25 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
MOD - [2012/05/17 09:29:00 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/17 09:28:53 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/04/20 20:19:01 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/01/03 21:51:04 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/01/03 21:51:03 | 003,190,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/11/20 22:24:16 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2010/11/20 22:23:48 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010/11/20 22:23:48 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2009/03/04 18:20:22 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
MOD - [2009/03/04 18:20:06 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
MOD - [2009/03/04 18:19:48 | 000,045,056 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
MOD - [2009/03/04 18:19:46 | 000,040,960 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll
MOD - [2009/03/04 18:19:46 | 000,024,576 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll
MOD - [2009/03/04 18:19:42 | 000,024,576 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll
MOD - [2009/03/04 18:19:42 | 000,020,480 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll
MOD - [2009/03/04 18:18:00 | 000,016,384 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWGadgetInterface.dll
MOD - [2009/03/04 18:17:58 | 000,016,384 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll
MOD - [2009/03/04 18:17:56 | 000,016,384 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll
MOD - [2009/03/04 18:17:54 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SharedInterfaces.dll
MOD - [2009/03/04 18:17:54 | 000,020,480 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\DebugMsg.dll
MOD - [2009/03/04 18:17:52 | 000,126,976 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SonyCommonLib.dll
MOD - [2009/03/04 18:17:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\MessageXML.dll
MOD - [2009/03/04 18:17:52 | 000,020,480 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Resources.dll
MOD - [2009/03/04 18:17:52 | 000,016,384 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SystemPowerDLL.dll
MOD - [2009/03/04 18:17:50 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\DictionaryLookup.dll
MOD - [2009/03/04 14:59:32 | 000,036,864 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll
MOD - [2009/03/04 14:59:32 | 000,016,384 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/16 11:07:14 | 000,827,520 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV:64bit: - [2012/03/06 18:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/03/06 18:15:13 | 000,134,920 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2011/12/05 22:11:56 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/06/22 19:14:26 | 001,430,800 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV:64bit: - [2011/06/22 18:53:42 | 000,840,976 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/01/24 13:23:16 | 000,839,720 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/01/19 19:43:04 | 000,394,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2009/01/17 00:59:12 | 000,110,376 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2009/01/05 21:13:13 | 000,141,344 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2008/12/19 16:02:10 | 000,411,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2008/09/29 19:06:32 | 000,167,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector) Intel®
SRV - [2012/05/14 21:19:39 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/22 18:45:26 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/20 20:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/20 16:09:02 | 003,065,120 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/19 19:36:02 | 002,421,640 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/03/05 15:54:04 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/05 15:41:46 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/02/05 15:41:44 | 000,390,440 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/02/05 15:41:44 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/02/05 15:41:44 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/02/05 15:41:44 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/01/21 13:07:44 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/01/21 13:07:42 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/01/21 13:07:42 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/01/19 15:49:24 | 000,203,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/01/14 16:38:40 | 005,184,872 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/01/08 03:10:32 | 000,114,688 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2008/09/18 13:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/09/11 01:37:36 | 000,024,576 | ---- | M] (Intuit) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/08/09 00:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/16 11:06:54 | 000,033,672 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2012/03/06 18:04:31 | 000,141,144 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2012/03/06 18:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/03/06 18:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/03/06 18:03:29 | 000,258,904 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2012/03/06 18:02:45 | 000,028,504 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/03/06 18:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/06 18:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/03/06 18:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/03/06 18:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/05 22:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/12/05 22:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/12/05 21:12:14 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/11/28 12:26:19 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2011/08/03 17:16:06 | 008,388,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNv64.sys -- (NETwNv64) ___ Intel®
DRV:64bit: - [2011/05/07 17:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/07/12 13:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/10 15:44:18 | 000,191,392 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/02/10 15:02:06 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/02/10 15:02:05 | 000,133,672 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/02/10 15:02:05 | 000,095,784 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/02/10 15:01:43 | 000,036,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/11/18 19:08:46 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2008/10/22 19:02:17 | 000,085,504 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk)
DRV:64bit: - [2008/10/22 19:02:08 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk)
DRV:64bit: - [2008/08/29 02:57:24 | 004,745,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/07/17 19:05:52 | 000,193,072 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/05/28 05:23:40 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2008/04/29 19:03:13 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/04/24 17:06:42 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2007/04/16 23:51:50 | 000,014,112 | R--- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2011/11/02 11:13:26 | 000,041,728 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys -- (a2injectiondriver)
DRV - [2011/11/02 11:13:12 | 000,063,880 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
DRV - [2011/05/19 14:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2010/05/05 09:40:54 | 000,014,720 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys -- (a2util)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7SNNT
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7SNNT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2629391195-176494859-1906237358-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-2629391195-176494859-1906237358-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2629391195-176494859-1906237358-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-2629391195-176494859-1906237358-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2629391195-176494859-1906237358-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2629391195-176494859-1906237358-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2629391195-176494859-1906237358-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...NT_enUS420US420
IE - HKU\S-1-5-21-2629391195-176494859-1906237358-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...NT_enUS420US420
IE - HKU\S-1-5-21-2629391195-176494859-1906237358-1000\..\SearchScopes\{FBD9499A-91EC-C593-1D50-7512683B52A6}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKU\S-1-5-21-2629391195-176494859-1906237358-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2629391195-176494859-1906237358-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/05/18 23:19:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/05/12 22:31:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/05/12 19:46:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/12 20:14:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012/05/18 23:03:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/21 01:01:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/21 01:01:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/05/21 01:01:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/05/21 01:01:32 | 000,000,000 | ---D | M]

[2012/05/13 09:48:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Extensions
[2012/05/14 13:39:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\9xy7dwng.default\extensions
[2012/05/13 09:48:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/12 22:31:30 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/05/13 13:43:21 | 000,377,615 | ---- | M] () (No name found) -- C:\USERS\TAYLOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9XY7DWNG.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
[2012/04/20 20:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/20 20:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/20 20:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: avast! WebRep = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Poppit = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\

O1 HOSTS File: ([2012/05/12 13:13:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKU\S-1-5-21-2629391195-176494859-1906237358-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2629391195-176494859-1906237358-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AML] C:\Program Files (x86)\Sony\VAIO Launcher\AML.exe (Sony)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe ()
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2629391195-176494859-1906237358-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2D38DB1-7045-44A6-91F5-D751ACF05153}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\intu-help-qb2 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - AppInit_DLLs: (CertPolsys.dll) - C:\Windows\SysNative\CertPolsys.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Taylor\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Taylor\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/21 01:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/05/21 01:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/05/21 01:06:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/05/21 01:01:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/21 01:01:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/05/21 00:58:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/19 16:12:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Port Scanner Software
[2012/05/18 23:04:04 | 000,000,000 | ---D | C] -- C:\Users\Taylor\Documents\ForceField Shared Files
[2012/05/18 23:04:03 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Roaming\CheckPoint
[2012/05/18 23:03:37 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2012/05/18 23:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2012/05/18 23:01:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2012/05/18 23:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012/05/18 22:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012/05/18 22:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2012/05/18 22:39:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2012/05/18 22:33:25 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Roaming\Curiolab
[2012/05/18 22:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It!
[2012/05/18 22:32:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Exterminate It!
[2012/05/18 22:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\Keylogger Detector
[2012/05/18 22:22:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LOCALAPPDATA%
[2012/05/18 22:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2012/05/18 21:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/05/18 21:46:13 | 000,000,000 | ---D | C] -- C:\Users\Taylor\Documents\Simply Super Software
[2012/05/18 21:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012/05/18 21:45:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012/05/18 21:45:42 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Roaming\Simply Super Software
[2012/05/18 21:45:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012/05/18 21:45:17 | 010,491,128 | ---- | C] (Simply Super Software ) -- C:\Users\Taylor\Desktop\trjsetup682.exe
[2012/05/18 21:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\ZeoBIT
[2012/05/18 16:57:30 | 000,051,496 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2012/05/15 08:37:24 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Local\CrashDumps
[2012/05/15 06:32:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012/05/15 06:31:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012/05/15 06:31:39 | 000,000,000 | ---D | C] -- C:\Users\Taylor\Documents\Anti-Malware
[2012/05/15 06:28:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/05/15 06:28:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/05/14 21:56:44 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/05/13 22:26:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/05/13 21:23:32 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Local\Diagnostics
[2012/05/13 21:17:30 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/05/13 14:10:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012/05/13 14:10:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012/05/13 10:42:19 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/05/13 10:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/05/13 10:38:23 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/05/13 09:48:31 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Roaming\Mozilla
[2012/05/13 09:48:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/05/13 09:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/05/13 02:14:13 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Local\NPE
[2012/05/13 02:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/05/13 01:36:53 | 000,000,000 | ---D | C] -- C:\Users\Taylor\Desktop\GooredFix Backups
[2012/05/13 00:56:51 | 000,543,024 | ---- | C] (Microsoft Corporation) -- C:\Users\Taylor\IE9-Windows7-x64-enu.exe
[2012/05/12 23:56:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/12 23:54:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/12 23:53:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/12 22:31:50 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/05/12 22:31:48 | 000,028,504 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2012/05/12 22:24:40 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/05/12 22:06:20 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~Q
[2012/05/12 21:43:51 | 000,000,000 | -H-D | C] -- C:\$INPLACE.~TR
[2012/05/12 21:34:33 | 000,000,000 | -H-D | C] -- C:\Users\Taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/05/12 21:33:02 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012/05/12 19:31:42 | 000,000,000 | --SD | C] -- C:\Users\Taylor\AppData\Roaming\Microsoft
[2012/05/12 19:31:42 | 000,000,000 | R--D | C] -- C:\Users\Taylor\Videos
[2012/05/12 19:31:42 | 000,000,000 | R--D | C] -- C:\Users\Taylor\Saved Games
[2012/05/12 19:31:42 | 000,000,000 | R--D | C] -- C:\Users\Taylor\Pictures
[2012/05/12 19:31:42 | 000,000,000 | R--D | C] -- C:\Users\Taylor\Music
[2012/05/12 19:31:42 | 000,000,000 | R--D | C] -- C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/05/12 19:31:42 | 000,000,000 | R--D | C] -- C:\Users\Taylor\Links
[2012/05/12 19:31:42 | 000,000,000 | R--D | C] -- C:\Users\Taylor\Favorites
[2012/05/12 19:31:42 | 000,000,000 | R--D | C] -- C:\Users\Taylor\Downloads
[2012/05/12 19:31:42 | 000,000,000 | R--D | C] -- C:\Users\Taylor\Documents
[2012/05/12 19:31:42 | 000,000,000 | R--D | C] -- C:\Users\Taylor\Desktop
[2012/05/12 19:31:42 | 000,000,000 | R--D | C] -- C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/05/12 19:31:42 | 000,000,000 | -HSD | C] -- C:\Users\Taylor\AppData\Local\Temporary Internet Files
[2012/05/12 19:31:42 | 000,000,000 | -HSD | C] -- C:\Users\Taylor\Templates
[2012/05/12 19:31:42 | 000,000,000 | -HSD | C] -- C:\Users\Taylor\Start Menu
[2012/05/12 19:31:42 | 000,000,000 | -HSD | C] -- C:\Users\Taylor\SendTo
[2012/05/12 19:31:42 | 000,000,000 | -HSD | C] -- C:\Users\Taylor\Recent
[2012/05/12 19:31:42 | 000,000,000 | -HSD | C] -- C:\Users\Taylor\PrintHood
[2012/05/12 19:31:42 | 000,000,000 | -HSD | C] -- C:\Users\Taylor\NetHood
[2012/05/12 19:31:42 | 000,000,000 | -HSD | C] -- C:\Users\Taylor\Documents\My Videos
[2012/05/12 19:31:42 | 000,000,000 | -HSD | C] -- C:\Users\Taylor\Documents\My Pictures
[2012/05/12 19:31:42 | 000,000,000 | -HSD | C] -- C:\Users\Taylor\Documents\My Music
[2012/05/12 19:31:42 | 000,000,000 | -HSD | C] -- C:\Users\Taylor\My Documents
[2012/05/12 19:31:42 | 000,000,000 | -HSD | C] -- C:\Users\Taylor\Local Settings
[2012/05/12 19:31:42 | 000,000,000 | -HSD | C] -- C:\Users\Taylor\AppData\Local\History
[2012/05/12 19:31:42 | 000,000,000 | -HSD | C] -- C:\Users\Taylor\Cookies
[2012/05/12 19:31:42 | 000,000,000 | -HSD | C] -- C:\Users\Taylor\Application Data
[2012/05/12 19:31:42 | 000,000,000 | -HSD | C] -- C:\Users\Taylor\AppData\Local\Application Data
[2012/05/12 19:31:42 | 000,000,000 | -H-D | C] -- C:\Users\Taylor\AppData
[2012/05/12 19:31:42 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Local\Temp
[2012/05/12 19:31:42 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Local\Microsoft
[2012/05/12 19:31:42 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Roaming\Media Center Programs
[2012/05/12 19:30:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2012/05/12 19:30:10 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/05/12 19:28:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012/05/12 19:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/05/12 19:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\Apoint
[2012/05/12 19:27:09 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/05/12 13:47:02 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/05/12 13:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/05/12 12:50:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/12 12:50:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/12 12:50:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/12 12:46:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/12 12:45:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/11 21:27:06 | 000,000,000 | ---D | C] -- C:\Users\Taylor\Documents\Telltale Games
[2012/05/11 19:37:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN
[2012/05/11 19:37:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES
[2012/05/11 19:37:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES
[2012/05/11 19:37:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES
[2012/05/11 19:37:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES
[2012/05/11 19:37:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN
[2012/05/11 19:32:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/05/11 18:51:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/05/11 17:49:08 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Roaming\HpUpdate
[2012/05/11 17:48:56 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2012/05/10 10:43:55 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Local\Microsoft Corporation
[2012/05/10 10:38:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor
[2012/05/01 10:29:01 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Roaming\Sony Corporation
[2012/04/27 14:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/04/27 14:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Pro Control Center
[2012/04/27 14:26:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012/04/27 13:50:25 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobility Modder.NET
[2012/04/27 13:50:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MobilityDotNET
[2012/04/27 13:32:38 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Roaming\driveridentifier
[2012/04/27 13:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Identifier
[2012/04/27 13:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Identifier
[2012/04/27 12:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/04/27 12:02:50 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/04/26 22:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/04/26 17:01:45 | 000,000,000 | ---D | C] -- C:\Users\Taylor\AppData\Roaming\ATI
[2012/04/26 16:30:49 | 000,030,208 | ---- | C] (Auslogics) -- C:\Windows\SysNative\rdboot64.exe
[2012/04/22 12:14:08 | 000,000,000 | ---D | C] -- C:\Users\Taylor\Documents\AnatomyPapers
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/21 21:40:13 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/21 21:40:13 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/21 21:39:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/21 01:07:03 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/21 01:01:25 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/05/21 00:37:18 | 000,011,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/21 00:37:18 | 000,011,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/21 00:35:53 | 000,792,118 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/21 00:35:53 | 000,669,086 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/21 00:35:53 | 000,125,240 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/21 00:27:21 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/21 00:25:25 | 000,393,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/21 00:24:52 | 510,935,039 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/20 00:26:26 | 000,044,202 | ---- | M] () -- C:\Users\Taylor\Desktop\what.jpg
[2012/05/19 16:29:37 | 000,009,730 | ---- | M] () -- C:\Users\Taylor\Documents\cc_20120519_162929.reg
[2012/05/19 16:17:23 | 000,051,936 | ---- | M] () -- C:\Users\Taylor\Documents\cc_20120519_161707.reg
[2012/05/18 23:05:16 | 000,415,859 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2012/05/18 22:32:58 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\Exterminate It!.lnk
[2012/05/18 21:45:28 | 010,491,128 | ---- | M] (Simply Super Software ) -- C:\Users\Taylor\Desktop\trjsetup682.exe
[2012/05/18 16:57:30 | 000,051,496 | ---- | M] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2012/05/17 22:49:53 | 000,002,211 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/05/17 09:30:59 | 000,785,966 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/15 06:32:04 | 000,001,115 | ---- | M] () -- C:\Users\Taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/05/15 06:32:04 | 000,001,091 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012/05/13 21:09:36 | 000,001,437 | ---- | M] () -- C:\Users\Taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/13 14:17:10 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/05/13 14:17:09 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/05/13 09:48:23 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/13 01:55:34 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/12 22:31:48 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/05/12 22:24:26 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/05/12 21:33:06 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/05/12 21:07:31 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/05/12 21:07:31 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/05/12 20:49:10 | 000,023,356 | ---- | M] () -- C:\Windows\SysNative\emptyregdb.dat
[2012/05/12 19:29:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/05/12 19:28:24 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012/05/12 19:28:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2012/05/12 18:35:50 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/12 18:35:49 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/12 17:22:46 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/05/12 17:22:46 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/05/12 17:09:43 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/05/12 13:47:02 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/05/12 13:13:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/12 12:29:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012/05/12 12:29:43 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/05/11 20:49:24 | 000,000,222 | ---- | M] () -- C:\Users\Taylor\Desktop\The Walking Dead.url
[2012/05/11 19:48:33 | 000,000,574 | -HS- | M] () -- C:\Users\Taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2012/04/27 16:03:44 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\Victoria 2.lnk
[2012/04/27 13:50:25 | 000,001,844 | ---- | M] () -- C:\Users\Taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\Mobility Modder.NET.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/21 01:07:02 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/21 01:01:25 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/05/21 00:25:11 | 000,393,392 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/20 00:25:29 | 000,044,202 | ---- | C] () -- C:\Users\Taylor\Desktop\what.jpg
[2012/05/19 16:29:30 | 000,009,730 | ---- | C] () -- C:\Users\Taylor\Documents\cc_20120519_162929.reg
[2012/05/19 16:17:10 | 000,051,936 | ---- | C] () -- C:\Users\Taylor\Documents\cc_20120519_161707.reg
[2012/05/18 23:04:28 | 000,415,859 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2012/05/18 22:32:58 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\Exterminate It!.lnk
[2012/05/18 21:45:45 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2012/05/18 21:45:45 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2012/05/18 21:45:45 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2012/05/18 21:45:44 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2012/05/15 06:32:04 | 000,001,115 | ---- | C] () -- C:\Users\Taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/05/15 06:32:04 | 000,001,091 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012/05/14 20:36:08 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/13 14:17:10 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/05/13 14:17:09 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/05/13 09:48:23 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/13 09:48:22 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/05/12 22:31:48 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/05/12 21:35:07 | 000,001,409 | ---- | C] () -- C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/05/12 21:34:41 | 000,001,443 | ---- | C] () -- C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/05/12 21:33:06 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/05/12 21:09:05 | 510,935,039 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/12 20:49:10 | 000,023,356 | ---- | C] () -- C:\Windows\SysNative\emptyregdb.dat
[2012/05/12 19:31:42 | 000,000,290 | ---- | C] () -- C:\Users\Taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/05/12 19:31:42 | 000,000,272 | ---- | C] () -- C:\Users\Taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/05/12 19:30:53 | 000,785,966 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/12 19:29:57 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/05/12 19:29:56 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/05/12 19:29:26 | 000,011,120 | -H-- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/12 19:29:26 | 000,011,120 | -H-- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/12 19:29:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/05/12 19:28:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/05/12 19:28:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2012/05/12 17:22:41 | 000,001,890 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012/05/12 17:22:41 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2012/05/12 12:50:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/12 12:50:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/12 12:50:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/12 12:50:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/12 12:50:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/12 12:29:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012/05/12 12:29:43 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/05/11 20:49:24 | 000,000,222 | ---- | C] () -- C:\Users\Taylor\Desktop\The Walking Dead.url
[2012/05/11 19:02:07 | 000,121,856 | ---- | C] () -- C:\Windows\SysNative\EhStorAuthn.dll
[2012/05/11 19:02:07 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012/05/11 18:59:46 | 000,009,239 | ---- | C] () -- C:\Windows\SysWow64\spcinstrumentation.man
[2012/05/10 10:38:31 | 000,002,038 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2012/04/27 16:03:44 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\Victoria 2.lnk
[2012/04/27 13:50:25 | 000,001,844 | ---- | C] () -- C:\Users\Taylor\Application Data\Microsoft\Internet Explorer\Quick Launch\Mobility Modder.NET.lnk
[2011/12/05 21:35:10 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/12/05 21:35:10 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/11/28 14:29:38 | 000,148,947 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011/11/28 14:24:42 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/06/08 15:46:08 | 000,000,482 | ---- | C] () -- C:\Windows\eReg.dat
[2011/05/02 11:16:37 | 051,575,210 | ---- | C] () -- C:\Windows\BIOSROM.DAT
[2011/02/17 18:33:13 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2011/02/17 17:42:16 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini

========== LOP Check ==========

[2012/05/12 20:36:17 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\Auslogics
[2012/05/18 23:04:03 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\CheckPoint
[2012/05/18 22:33:25 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\Curiolab
[2012/05/12 20:36:17 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\driveridentifier
[2012/05/12 20:36:17 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\fltk.org
[2012/05/12 20:36:17 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\GetRightToGo
[2012/05/12 20:36:18 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\Image Zone Express
[2012/05/12 20:36:48 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\OpenCandy
[2012/05/12 20:36:48 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\Origin
[2012/05/12 20:36:48 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\Printer Info Cache
[2012/05/18 21:45:42 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\Simply Super Software
[2012/05/12 20:36:49 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\Spore
[2012/05/12 20:36:49 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\SystemRequirementsLab
[2012/05/12 20:36:50 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\Thunderbird
[2012/05/12 20:36:54 | 000,000,000 | ---D | M] -- C:\Users\Taylor\AppData\Roaming\Tropico 3
[2012/05/12 20:36:54 | 000,000,000 | -HSD | M] -- C:\Users\Taylor\AppData\Roaming\wyUpdate AU
[2009/07/14 00:08:49 | 000,006,394 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >

Edited by taybaxter, 21 May 2012 - 09:07 PM.

  • 0

#4
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
To use Virustotal go Here
Posted Image
  • Click the Choose File button in the middle of the screen. This will open a File Upload window.
  • In the File name box, type, or copy and paste the following and click Open: NOTE.. Only one file per scan
  • C:\Windows\SysNative\CertPolsys.dll
  • This will put the file in the box on the Virustotal page.
  • Click the Scan it! button and wait for the reply.
  • Copy and paste the Virustotal link(s) (URL) in your next reply



Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#5
taybaxter

taybaxter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Okay so I don't have a folder called SysNative but I did find CertPolsys.dll in my system32 folder. Funny thing though: the contents of the folder looked different under the browser tool for virustotal.com than they do in windows explorer on my computer. There is NOT a file called CertPolsys.dll in my system32 folder in the "browse" tool for uploading files on virustotal but I can see that file quite clearly when looking in the folder on my computer.

The virustotal.com "version" of my system32 folder shows a file called CertPolsys32.dll. There is also another file in the system32 folder called CertPolsys64 that does not show up in the browser. I downloaded the VirusTotal uploader to try to get it to the site but I just get an error message saying that I can't access the file. What could be going on?

I ran a TDSS scan and found 9 unsigned files. Skipped over them. Results:

14:16:45.0973 7116 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
14:16:47.0976 7116 ============================================================
14:16:47.0976 7116 Current date / time: 2012/05/22 14:16:47.0976
14:16:47.0976 7116 SystemInfo:
14:16:47.0976 7116
14:16:47.0976 7116 OS Version: 6.1.7601 ServicePack: 1.0
14:16:47.0976 7116 Product type: Workstation
14:16:47.0976 7116 ComputerName: TAYLOR-PC
14:16:47.0977 7116 UserName: Taylor
14:16:47.0977 7116 Windows directory: C:\Windows
14:16:47.0977 7116 System windows directory: C:\Windows
14:16:47.0977 7116 Running under WOW64
14:16:47.0977 7116 Processor architecture: Intel x64
14:16:47.0977 7116 Number of processors: 2
14:16:47.0977 7116 Page size: 0x1000
14:16:47.0977 7116 Boot type: Normal boot
14:16:47.0977 7116 ============================================================
14:16:48.0529 7116 Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:16:48.0573 7116 ============================================================
14:16:48.0573 7116 \Device\Harddisk0\DR0:
14:16:48.0574 7116 MBR partitions:
14:16:48.0574 7116 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14C0000, BlocksNum 0x2D478800
14:16:48.0574 7116 ============================================================
14:16:48.0640 7116 C: <-> \Device\Harddisk0\DR0\Partition0
14:16:48.0640 7116 ============================================================
14:16:48.0640 7116 Initialize success
14:16:48.0640 7116 ============================================================
14:17:19.0867 7904 ============================================================
14:17:19.0868 7904 Scan started
14:17:19.0868 7904 Mode: Manual; SigCheck; TDLFS;
14:17:19.0868 7904 ============================================================
14:17:20.0477 7904 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
14:17:20.0578 7904 1394ohci - ok
14:17:20.0703 7904 a2acc (922ab7cc2c12c38dc2c4074af893d5fb) C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
14:17:20.0746 7904 a2acc - ok
14:17:20.0990 7904 a2AntiMalware (0d5cb73fd036d9e904e0fc443e4e71ca) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
14:17:21.0059 7904 a2AntiMalware - ok
14:17:21.0148 7904 A2DDA (3044d0f3feb9ffe8bc953d8f34b5b504) C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
14:17:21.0163 7904 A2DDA - ok
14:17:21.0180 7904 a2injectiondriver (905cda5a8d86f733df8000909b4916ed) C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys
14:17:21.0196 7904 a2injectiondriver - ok
14:17:21.0240 7904 a2util (e41d79682a209f72f4f578cfd4a53952) C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys
14:17:21.0255 7904 a2util - ok
14:17:21.0376 7904 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
14:17:21.0392 7904 ACDaemon - ok
14:17:21.0637 7904 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:17:21.0659 7904 ACPI - ok
14:17:21.0678 7904 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:17:21.0704 7904 AcpiPmi - ok
14:17:21.0895 7904 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:17:21.0913 7904 AdobeFlashPlayerUpdateSvc - ok
14:17:21.0993 7904 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:17:22.0027 7904 adp94xx - ok
14:17:22.0124 7904 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:17:22.0147 7904 adpahci - ok
14:17:22.0160 7904 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:17:22.0181 7904 adpu320 - ok
14:17:22.0251 7904 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:17:22.0300 7904 AeLookupSvc - ok
14:17:22.0352 7904 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:17:22.0411 7904 AFD - ok
14:17:22.0474 7904 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:17:22.0512 7904 agp440 - ok
14:17:22.0540 7904 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:17:22.0564 7904 ALG - ok
14:17:22.0609 7904 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:17:22.0627 7904 aliide - ok
14:17:22.0674 7904 AMD External Events Utility (b5e2434fc851698c1f119cf1c3935a50) C:\Windows\system32\atiesrxx.exe
14:17:22.0706 7904 AMD External Events Utility - ok
14:17:22.0756 7904 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:17:22.0773 7904 amdide - ok
14:17:22.0804 7904 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:17:22.0858 7904 AmdK8 - ok
14:17:23.0437 7904 amdkmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
14:17:23.0588 7904 amdkmdag - ok
14:17:23.0872 7904 amdkmdap (b9e1c7b7f1865f99b16ff2e1bb94edb6) C:\Windows\system32\DRIVERS\atikmpag.sys
14:17:23.0902 7904 amdkmdap - ok
14:17:23.0940 7904 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
14:17:23.0997 7904 AmdPPM - ok
14:17:24.0054 7904 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:17:24.0073 7904 amdsata - ok
14:17:24.0115 7904 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:17:24.0144 7904 amdsbs - ok
14:17:24.0177 7904 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:17:24.0194 7904 amdxata - ok
14:17:24.0294 7904 ApfiltrService (22fecb5b3de1eb8b1b2761338922f681) C:\Windows\system32\DRIVERS\Apfiltr.sys
14:17:24.0311 7904 ApfiltrService - ok
14:17:24.0377 7904 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:17:24.0451 7904 AppID - ok
14:17:24.0504 7904 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:17:24.0551 7904 AppIDSvc - ok
14:17:24.0587 7904 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:17:24.0668 7904 Appinfo - ok
14:17:24.0837 7904 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:17:24.0852 7904 Apple Mobile Device - ok
14:17:24.0901 7904 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:17:24.0919 7904 arc - ok
14:17:24.0938 7904 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:17:24.0956 7904 arcsas - ok
14:17:24.0995 7904 ArcSoftKsUFilter (1ce3822b05a5e229286a15ea39369870) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
14:17:25.0009 7904 ArcSoftKsUFilter - ok
14:17:25.0188 7904 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:17:25.0204 7904 aspnet_state - ok
14:17:25.0255 7904 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
14:17:25.0271 7904 aswFsBlk - ok
14:17:25.0336 7904 aswFW (ffe56ac75a257141561daf42c3f7d16b) C:\Windows\system32\drivers\aswFW.sys
14:17:25.0353 7904 aswFW - ok
14:17:25.0418 7904 aswKbd (316271cc32fdfffcdb30677684906d5e) C:\Windows\system32\drivers\aswKbd.sys
14:17:25.0434 7904 aswKbd - ok
14:17:25.0466 7904 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
14:17:25.0482 7904 aswMonFlt - ok
14:17:25.0506 7904 aswNdis (518b8d447a1975ab46da093a2e743256) C:\Windows\system32\DRIVERS\aswNdis.sys
14:17:25.0520 7904 aswNdis - ok
14:17:25.0573 7904 aswNdis2 (36dbcb80e0af1dc228f495faf00a4bc8) C:\Windows\system32\drivers\aswNdis2.sys
14:17:25.0592 7904 aswNdis2 - ok
14:17:25.0627 7904 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
14:17:25.0644 7904 aswRdr - ok
14:17:25.0735 7904 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
14:17:25.0763 7904 aswSnx - ok
14:17:25.0827 7904 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
14:17:25.0848 7904 aswSP - ok
14:17:25.0882 7904 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
14:17:25.0900 7904 aswTdi - ok
14:17:25.0953 7904 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:17:26.0000 7904 AsyncMac - ok
14:17:26.0049 7904 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:17:26.0066 7904 atapi - ok
14:17:26.0616 7904 atikmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
14:17:26.0769 7904 atikmdag - ok
14:17:27.0031 7904 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:17:27.0095 7904 AudioEndpointBuilder - ok
14:17:27.0102 7904 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:17:27.0156 7904 AudioSrv - ok
14:17:27.0293 7904 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:17:27.0309 7904 avast! Antivirus - ok
14:17:27.0322 7904 avast! Firewall (7d465549dfb0eca6601e9609c72cd20a) C:\Program Files\AVAST Software\Avast\afwServ.exe
14:17:27.0341 7904 avast! Firewall - ok
14:17:27.0375 7904 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:17:27.0403 7904 AxInstSV - ok
14:17:27.0520 7904 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:17:27.0574 7904 b06bdrv - ok
14:17:27.0669 7904 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:17:27.0726 7904 b57nd60a - ok
14:17:27.0750 7904 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:17:27.0773 7904 BDESVC - ok
14:17:27.0804 7904 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:17:27.0880 7904 Beep - ok
14:17:27.0978 7904 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:17:28.0074 7904 BFE - ok
14:17:28.0176 7904 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
14:17:28.0300 7904 BITS - ok
14:17:28.0402 7904 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:17:28.0425 7904 blbdrive - ok
14:17:28.0546 7904 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:17:28.0566 7904 Bonjour Service - ok
14:17:28.0604 7904 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:17:28.0657 7904 bowser - ok
14:17:28.0687 7904 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:17:28.0712 7904 BrFiltLo - ok
14:17:28.0770 7904 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:17:28.0817 7904 BrFiltUp - ok
14:17:28.0894 7904 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:17:28.0977 7904 Browser - ok
14:17:29.0028 7904 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:17:29.0086 7904 Brserid - ok
14:17:29.0111 7904 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:17:29.0136 7904 BrSerWdm - ok
14:17:29.0185 7904 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:17:29.0239 7904 BrUsbMdm - ok
14:17:29.0271 7904 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:17:29.0293 7904 BrUsbSer - ok
14:17:29.0331 7904 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
14:17:29.0353 7904 BthEnum - ok
14:17:29.0360 7904 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
14:17:29.0413 7904 BTHMODEM - ok
14:17:29.0478 7904 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
14:17:29.0504 7904 BthPan - ok
14:17:29.0583 7904 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
14:17:29.0649 7904 BTHPORT - ok
14:17:29.0719 7904 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:17:29.0802 7904 bthserv - ok
14:17:29.0836 7904 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
14:17:29.0857 7904 BTHUSB - ok
14:17:29.0890 7904 btwaudio (4e26c89d8941ae0ad3f12de9c3dddb5a) C:\Windows\system32\drivers\btwaudio.sys
14:17:29.0906 7904 btwaudio - ok
14:17:29.0937 7904 btwavdt (6b15769244a37b1ff4ca4eba8693c7f3) C:\Windows\system32\drivers\btwavdt.sys
14:17:29.0953 7904 btwavdt - ok
14:17:30.0151 7904 btwdins (f28dab823fcda98f50dd677552a4dc52) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
14:17:30.0178 7904 btwdins - ok
14:17:30.0212 7904 btwl2cap (0037cb116097e8e0ea77f3b13c50ff1e) C:\Windows\system32\DRIVERS\btwl2cap.sys
14:17:30.0226 7904 btwl2cap - ok
14:17:30.0258 7904 btwrchid (651154ee76ea31eee050f3b66e5d086b) C:\Windows\system32\DRIVERS\btwrchid.sys
14:17:30.0272 7904 btwrchid - ok
14:17:30.0289 7904 CAXHWAZL - ok
14:17:30.0333 7904 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:17:30.0408 7904 cdfs - ok
14:17:30.0448 7904 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:17:30.0471 7904 cdrom - ok
14:17:30.0534 7904 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:17:30.0589 7904 CertPropSvc - ok
14:17:30.0631 7904 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:17:30.0684 7904 circlass - ok
14:17:30.0734 7904 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:17:30.0760 7904 CLFS - ok
14:17:30.0858 7904 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:17:30.0874 7904 clr_optimization_v2.0.50727_32 - ok
14:17:30.0965 7904 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:17:30.0981 7904 clr_optimization_v2.0.50727_64 - ok
14:17:31.0055 7904 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:17:31.0072 7904 clr_optimization_v4.0.30319_32 - ok
14:17:31.0133 7904 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:17:31.0150 7904 clr_optimization_v4.0.30319_64 - ok
14:17:31.0172 7904 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:17:31.0195 7904 CmBatt - ok
14:17:31.0232 7904 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:17:31.0249 7904 cmdide - ok
14:17:31.0310 7904 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:17:31.0353 7904 CNG - ok
14:17:31.0381 7904 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:17:31.0398 7904 Compbatt - ok
14:17:31.0434 7904 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:17:31.0459 7904 CompositeBus - ok
14:17:31.0475 7904 COMSysApp - ok
14:17:31.0512 7904 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:17:31.0530 7904 crcdisk - ok
14:17:31.0614 7904 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:17:31.0674 7904 CryptSvc - ok
14:17:31.0752 7904 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:17:31.0843 7904 DcomLaunch - ok
14:17:31.0901 7904 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:17:31.0992 7904 defragsvc - ok
14:17:32.0065 7904 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:17:32.0145 7904 DfsC - ok
14:17:32.0200 7904 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:17:32.0281 7904 Dhcp - ok
14:17:32.0321 7904 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:17:32.0402 7904 discache - ok
14:17:32.0455 7904 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:17:32.0473 7904 Disk - ok
14:17:32.0501 7904 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:17:32.0552 7904 Dnscache - ok
14:17:32.0582 7904 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:17:32.0640 7904 dot3svc - ok
14:17:32.0703 7904 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:17:32.0798 7904 DPS - ok
14:17:32.0862 7904 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:17:32.0914 7904 drmkaud - ok
14:17:33.0014 7904 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:17:33.0051 7904 DXGKrnl - ok
14:17:33.0110 7904 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:17:33.0190 7904 EapHost - ok
14:17:33.0411 7904 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:17:33.0503 7904 ebdrv - ok
14:17:33.0662 7904 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:17:33.0686 7904 EFS - ok
14:17:33.0806 7904 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:17:33.0907 7904 ehRecvr - ok
14:17:33.0984 7904 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:17:34.0009 7904 ehSched - ok
14:17:34.0129 7904 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:17:34.0183 7904 elxstor - ok
14:17:34.0212 7904 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:17:34.0250 7904 ErrDev - ok
14:17:34.0374 7904 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:17:34.0469 7904 EventSystem - ok
14:17:34.0676 7904 EvtEng (f7bf273af871315560bce41643af104d) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
14:17:34.0714 7904 EvtEng - ok
14:17:34.0933 7904 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:17:34.0995 7904 exfat - ok
14:17:35.0017 7904 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:17:35.0066 7904 fastfat - ok
14:17:35.0169 7904 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:17:35.0206 7904 Fax - ok
14:17:35.0243 7904 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
14:17:35.0292 7904 fdc - ok
14:17:35.0367 7904 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:17:35.0416 7904 fdPHost - ok
14:17:35.0431 7904 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:17:35.0480 7904 FDResPub - ok
14:17:35.0499 7904 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:17:35.0517 7904 FileInfo - ok
14:17:35.0522 7904 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:17:35.0602 7904 Filetrace - ok
14:17:35.0740 7904 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:17:35.0762 7904 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
14:17:35.0762 7904 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
14:17:35.0768 7904 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
14:17:35.0790 7904 flpydisk - ok
14:17:35.0831 7904 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:17:35.0881 7904 FltMgr - ok
14:17:35.0993 7904 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
14:17:36.0077 7904 FontCache - ok
14:17:36.0271 7904 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:17:36.0285 7904 FontCache3.0.0.0 - ok
14:17:36.0350 7904 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:17:36.0369 7904 FsDepends - ok
14:17:36.0396 7904 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:17:36.0413 7904 Fs_Rec - ok
14:17:36.0453 7904 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:17:36.0478 7904 fvevol - ok
14:17:36.0512 7904 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:17:36.0530 7904 gagp30kx - ok
14:17:36.0568 7904 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:17:36.0581 7904 GEARAspiWDM - ok
14:17:36.0675 7904 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:17:36.0745 7904 gpsvc - ok
14:17:36.0861 7904 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:17:36.0877 7904 gupdate - ok
14:17:36.0881 7904 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:17:36.0896 7904 gupdatem - ok
14:17:36.0937 7904 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:17:36.0953 7904 gusvc - ok
14:17:36.0999 7904 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:17:37.0040 7904 hcw85cir - ok
14:17:37.0081 7904 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:17:37.0107 7904 HDAudBus - ok
14:17:37.0112 7904 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:17:37.0135 7904 HidBatt - ok
14:17:37.0144 7904 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
14:17:37.0173 7904 HidBth - ok
14:17:37.0200 7904 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:17:37.0225 7904 HidIr - ok
14:17:37.0270 7904 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:17:37.0345 7904 hidserv - ok
14:17:37.0383 7904 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
14:17:37.0406 7904 HidUsb - ok
14:17:37.0454 7904 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:17:37.0504 7904 hkmsvc - ok
14:17:37.0544 7904 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:17:37.0606 7904 HomeGroupListener - ok
14:17:37.0662 7904 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:17:37.0729 7904 HomeGroupProvider - ok
14:17:37.0834 7904 hpqcxs08 (fcb563b0a23643e5f80b6ff1e60f610f) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
14:17:37.0846 7904 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
14:17:37.0846 7904 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
14:17:37.0861 7904 hpqddsvc (25e443e27165c652723a92d9bdfd4649) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
14:17:37.0873 7904 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
14:17:37.0873 7904 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
14:17:37.0927 7904 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:17:37.0946 7904 HpSAMD - ok
14:17:37.0950 7904 HSF_DPV - ok
14:17:38.0045 7904 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:17:38.0171 7904 HTTP - ok
14:17:38.0210 7904 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:17:38.0227 7904 hwpolicy - ok
14:17:38.0245 7904 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:17:38.0269 7904 i8042prt - ok
14:17:38.0329 7904 iaStor (8d58627fef3f8767665d9f4dc91cbd97) C:\Windows\system32\drivers\iaStor.sys
14:17:38.0349 7904 iaStor - ok
14:17:38.0403 7904 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:17:38.0426 7904 iaStorV - ok
14:17:38.0635 7904 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:17:38.0662 7904 idsvc - ok
14:17:38.0689 7904 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:17:38.0708 7904 iirsp - ok
14:17:38.0805 7904 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:17:38.0902 7904 IKEEXT - ok
14:17:39.0068 7904 IntcAzAudAddService (18f7691b18d4a93559d2a998ab2142bd) C:\Windows\system32\drivers\RTKVHD64.sys
14:17:39.0107 7904 IntcAzAudAddService - ok
14:17:39.0328 7904 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:17:39.0346 7904 intelide - ok
14:17:39.0393 7904 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:17:39.0416 7904 intelppm - ok
14:17:39.0464 7904 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:17:39.0514 7904 IPBusEnum - ok
14:17:39.0540 7904 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:17:39.0586 7904 IpFilterDriver - ok
14:17:39.0657 7904 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:17:39.0713 7904 iphlpsvc - ok
14:17:39.0721 7904 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:17:39.0771 7904 IPMIDRV - ok
14:17:39.0781 7904 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:17:39.0870 7904 IPNAT - ok
14:17:40.0032 7904 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
14:17:40.0060 7904 iPod Service - ok
14:17:40.0087 7904 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:17:40.0114 7904 IRENUM - ok
14:17:40.0126 7904 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:17:40.0143 7904 isapnp - ok
14:17:40.0186 7904 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:17:40.0217 7904 iScsiPrt - ok
14:17:40.0380 7904 ISWKL (2f062e9aa964c05241a213bd7b6ff935) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
14:17:40.0396 7904 ISWKL - ok
14:17:40.0547 7904 IswSvc (9a7e564c1d2a8b6768e9c6872b9d0e2f) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
14:17:40.0572 7904 IswSvc - ok
14:17:40.0680 7904 IviRegMgr (213822072085b5bbad9af30ab577d817) c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
14:17:40.0696 7904 IviRegMgr - ok
14:17:40.0894 7904 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:17:40.0912 7904 kbdclass - ok
14:17:40.0949 7904 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:17:40.0993 7904 kbdhid - ok
14:17:41.0040 7904 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:17:41.0069 7904 KeyIso - ok
14:17:41.0086 7904 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:17:41.0108 7904 KSecDD - ok
14:17:41.0131 7904 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:17:41.0150 7904 KSecPkg - ok
14:17:41.0176 7904 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:17:41.0246 7904 ksthunk - ok
14:17:41.0315 7904 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:17:41.0420 7904 KtmRm - ok
14:17:41.0524 7904 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
14:17:41.0616 7904 LanmanServer - ok
14:17:41.0682 7904 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:17:41.0785 7904 LanmanWorkstation - ok
14:17:41.0868 7904 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:17:41.0916 7904 lltdio - ok
14:17:41.0975 7904 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:17:42.0067 7904 lltdsvc - ok
14:17:42.0101 7904 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:17:42.0150 7904 lmhosts - ok
14:17:42.0195 7904 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:17:42.0214 7904 LSI_FC - ok
14:17:42.0223 7904 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:17:42.0242 7904 LSI_SAS - ok
14:17:42.0249 7904 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:17:42.0267 7904 LSI_SAS2 - ok
14:17:42.0296 7904 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:17:42.0314 7904 LSI_SCSI - ok
14:17:42.0367 7904 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:17:42.0415 7904 luafv - ok
14:17:42.0439 7904 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
14:17:42.0456 7904 MBAMProtector - ok
14:17:42.0588 7904 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:17:42.0612 7904 MBAMService - ok
14:17:42.0673 7904 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:17:42.0699 7904 Mcx2Svc - ok
14:17:42.0745 7904 mdmxsdk - ok
14:17:42.0753 7904 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:17:42.0770 7904 megasas - ok
14:17:42.0876 7904 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:17:42.0897 7904 MegaSR - ok
14:17:42.0958 7904 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:17:43.0041 7904 MMCSS - ok
14:17:43.0067 7904 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:17:43.0114 7904 Modem - ok
14:17:43.0119 7904 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:17:43.0144 7904 monitor - ok
14:17:43.0194 7904 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:17:43.0211 7904 mouclass - ok
14:17:43.0230 7904 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
14:17:43.0285 7904 mouhid - ok
14:17:43.0321 7904 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:17:43.0340 7904 mountmgr - ok
14:17:43.0438 7904 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:17:43.0455 7904 MozillaMaintenance - ok
14:17:43.0491 7904 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:17:43.0526 7904 mpio - ok
14:17:43.0543 7904 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:17:43.0591 7904 mpsdrv - ok
14:17:43.0684 7904 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:17:43.0807 7904 MpsSvc - ok
14:17:43.0838 7904 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:17:43.0882 7904 MRxDAV - ok
14:17:43.0937 7904 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:17:43.0999 7904 mrxsmb - ok
14:17:44.0046 7904 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:17:44.0078 7904 mrxsmb10 - ok
14:17:44.0103 7904 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:17:44.0130 7904 mrxsmb20 - ok
14:17:44.0171 7904 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:17:44.0188 7904 msahci - ok
14:17:44.0201 7904 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:17:44.0221 7904 msdsm - ok
14:17:44.0302 7904 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:17:44.0395 7904 MSDTC - ok
14:17:44.0430 7904 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:17:44.0478 7904 Msfs - ok
14:17:44.0482 7904 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:17:44.0560 7904 mshidkmdf - ok
14:17:44.0588 7904 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:17:44.0605 7904 msisadrv - ok
14:17:44.0658 7904 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:17:44.0721 7904 MSiSCSI - ok
14:17:44.0726 7904 msiserver - ok
14:17:44.0759 7904 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:17:44.0839 7904 MSKSSRV - ok
14:17:44.0869 7904 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:17:44.0949 7904 MSPCLOCK - ok
14:17:44.0985 7904 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:17:45.0058 7904 MSPQM - ok
14:17:45.0110 7904 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:17:45.0133 7904 MsRPC - ok
14:17:45.0146 7904 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:17:45.0163 7904 mssmbios - ok
14:17:45.0188 7904 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:17:45.0262 7904 MSTEE - ok
14:17:45.0284 7904 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:17:45.0321 7904 MTConfig - ok
14:17:45.0360 7904 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:17:45.0379 7904 Mup - ok
14:17:45.0442 7904 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:17:45.0529 7904 napagent - ok
14:17:45.0599 7904 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:17:45.0657 7904 NativeWifiP - ok
14:17:45.0758 7904 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:17:45.0804 7904 NDIS - ok
14:17:45.0848 7904 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:17:45.0897 7904 NdisCap - ok
14:17:45.0938 7904 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:17:45.0986 7904 NdisTapi - ok
14:17:46.0021 7904 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:17:46.0098 7904 Ndisuio - ok
14:17:46.0143 7904 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:17:46.0286 7904 NdisWan - ok
14:17:46.0305 7904 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:17:46.0350 7904 NDProxy - ok
14:17:46.0392 7904 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:17:46.0470 7904 NetBIOS - ok
14:17:46.0518 7904 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:17:46.0566 7904 NetBT - ok
14:17:46.0596 7904 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:17:46.0619 7904 Netlogon - ok
14:17:46.0685 7904 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:17:46.0749 7904 Netman - ok
14:17:46.0907 7904 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:17:46.0924 7904 NetMsmqActivator - ok
14:17:46.0928 7904 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:17:46.0944 7904 NetPipeActivator - ok
14:17:47.0005 7904 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:17:47.0091 7904 netprofm - ok
14:17:47.0095 7904 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:17:47.0111 7904 NetTcpActivator - ok
14:17:47.0116 7904 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:17:47.0132 7904 NetTcpPortSharing - ok
14:17:47.0521 7904 NETw5v64 (bfbd278f8c9bcec693345759ac278e14) C:\Windows\system32\DRIVERS\NETw5v64.sys
14:17:47.0652 7904 NETw5v64 - ok
14:17:48.0218 7904 NETwNv64 (6b138b65b531c3a2380becabef0b6157) C:\Windows\system32\DRIVERS\NETwNv64.sys
14:17:48.0339 7904 NETwNv64 - ok
14:17:48.0468 7904 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:17:48.0486 7904 nfrd960 - ok
14:17:48.0567 7904 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:17:48.0667 7904 NlaSvc - ok
14:17:48.0703 7904 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:17:48.0750 7904 Npfs - ok
14:17:48.0766 7904 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:17:48.0849 7904 nsi - ok
14:17:48.0887 7904 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:17:48.0937 7904 nsiproxy - ok
14:17:49.0066 7904 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:17:49.0130 7904 Ntfs - ok
14:17:49.0312 7904 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:17:49.0358 7904 Null - ok
14:17:49.0441 7904 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:17:49.0461 7904 nvraid - ok
14:17:49.0489 7904 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:17:49.0508 7904 nvstor - ok
14:17:49.0569 7904 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:17:49.0588 7904 nv_agp - ok
14:17:49.0742 7904 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:17:49.0763 7904 odserv - ok
14:17:49.0772 7904 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:17:49.0794 7904 ohci1394 - ok
14:17:49.0857 7904 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:17:49.0875 7904 ose - ok
14:17:49.0941 7904 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:17:50.0026 7904 p2pimsvc - ok
14:17:50.0120 7904 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:17:50.0156 7904 p2psvc - ok
14:17:50.0241 7904 PACSPTISVR (b8040c5c1fc1fbbbe5c78cb9eda343ec) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
14:17:50.0252 7904 PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
14:17:50.0252 7904 PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
14:17:50.0281 7904 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
14:17:50.0305 7904 Parport - ok
14:17:50.0334 7904 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:17:50.0353 7904 partmgr - ok
14:17:50.0373 7904 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:17:50.0443 7904 PcaSvc - ok
14:17:50.0498 7904 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:17:50.0518 7904 pci - ok
14:17:50.0522 7904 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:17:50.0540 7904 pciide - ok
14:17:50.0567 7904 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
14:17:50.0588 7904 pcmcia - ok
14:17:50.0611 7904 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:17:50.0629 7904 pcw - ok
14:17:50.0678 7904 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:17:50.0753 7904 PEAUTH - ok
14:17:50.0896 7904 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:17:50.0920 7904 PerfHost - ok
14:17:51.0127 7904 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:17:51.0220 7904 pla - ok
14:17:51.0299 7904 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:17:51.0363 7904 PlugPlay - ok
14:17:51.0369 7904 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:17:51.0406 7904 PNRPAutoReg - ok
14:17:51.0453 7904 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:17:51.0484 7904 PNRPsvc - ok
14:17:51.0554 7904 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:17:51.0647 7904 PolicyAgent - ok
14:17:51.0704 7904 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:17:51.0800 7904 Power - ok
14:17:51.0917 7904 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:17:51.0992 7904 PptpMiniport - ok
14:17:52.0049 7904 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
14:17:52.0096 7904 Processor - ok
14:17:52.0174 7904 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:17:52.0258 7904 ProfSvc - ok
14:17:52.0307 7904 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:17:52.0330 7904 ProtectedStorage - ok
14:17:52.0388 7904 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:17:52.0436 7904 Psched - ok
14:17:52.0460 7904 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
14:17:52.0475 7904 PxHlpa64 - ok
14:17:52.0593 7904 QBCFMonitorService (17996ca5c59259ae02ca95bd11d7beec) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
14:17:52.0602 7904 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
14:17:52.0602 7904 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)
14:17:52.0657 7904 QBFCService (2241eaf40e472c471cb80cf6b97cca11) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
14:17:52.0695 7904 QBFCService ( UnsignedFile.Multi.Generic ) - warning
14:17:52.0695 7904 QBFCService - detected UnsignedFile.Multi.Generic (1)
14:17:52.0826 7904 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
14:17:52.0885 7904 ql2300 - ok
14:17:53.0090 7904 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
14:17:53.0109 7904 ql40xx - ok
14:17:53.0166 7904 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:17:53.0205 7904 QWAVE - ok
14:17:53.0212 7904 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:17:53.0247 7904 QWAVEdrv - ok
14:17:53.0251 7904 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:17:53.0299 7904 RasAcd - ok
14:17:53.0349 7904 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:17:53.0396 7904 RasAgileVpn - ok
14:17:53.0440 7904 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:17:53.0491 7904 RasAuto - ok
14:17:53.0536 7904 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:17:53.0616 7904 Rasl2tp - ok
14:17:53.0672 7904 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:17:53.0737 7904 RasMan - ok
14:17:53.0752 7904 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:17:53.0800 7904 RasPppoe - ok
14:17:53.0822 7904 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:17:53.0898 7904 RasSstp - ok
14:17:53.0946 7904 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:17:54.0036 7904 rdbss - ok
14:17:54.0067 7904 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
14:17:54.0127 7904 rdpbus - ok
14:17:54.0160 7904 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:17:54.0207 7904 RDPCDD - ok
14:17:54.0260 7904 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:17:54.0309 7904 RDPENCDD - ok
14:17:54.0336 7904 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:17:54.0382 7904 RDPREFMP - ok
14:17:54.0414 7904 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
14:17:54.0470 7904 RDPWD - ok
14:17:54.0526 7904 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:17:54.0557 7904 rdyboost - ok
14:17:54.0578 7904 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
14:17:54.0593 7904 regi - ok
14:17:54.0748 7904 RegSrvc (92c422f8f0e6018ffc1c760b88a98eb3) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
14:17:54.0774 7904 RegSrvc - ok
14:17:54.0839 7904 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:17:54.0930 7904 RemoteAccess - ok
14:17:54.0992 7904 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:17:55.0071 7904 RemoteRegistry - ok
14:17:55.0152 7904 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
14:17:55.0178 7904 RFCOMM - ok
14:17:55.0260 7904 rimsptsk (7eae3999b94a8ce60bfbaa83462b89a1) C:\Windows\system32\DRIVERS\rimssn64.sys
14:17:55.0281 7904 rimsptsk - ok
14:17:55.0322 7904 risdptsk (fa6d7cd63ad08a01d9259f58e0c5c09e) C:\Windows\system32\DRIVERS\risdsn64.sys
14:17:55.0342 7904 risdptsk - ok
14:17:55.0368 7904 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:17:55.0419 7904 RpcEptMapper - ok
14:17:55.0470 7904 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:17:55.0519 7904 RpcLocator - ok
14:17:55.0574 7904 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:17:55.0628 7904 RpcSs - ok
14:17:55.0668 7904 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:17:55.0717 7904 rspndr - ok
14:17:55.0776 7904 RTHDMIAzAudService (c3cf92f7983477ff305bd1afae411152) C:\Windows\system32\drivers\RtHDMIVX.sys
14:17:55.0793 7904 RTHDMIAzAudService - ok
14:17:55.0900 7904 RtkAudioService (bdd34a4a3725e3d527beda3c5fb67603) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
14:17:55.0916 7904 RtkAudioService - ok
14:17:56.0004 7904 SampleCollector (9a5fb8de6567bc86fccde2f0336857a3) C:\Program Files\Sony\VAIO Care\collsvc.exe
14:17:56.0015 7904 SampleCollector ( UnsignedFile.Multi.Generic ) - warning
14:17:56.0015 7904 SampleCollector - detected UnsignedFile.Multi.Generic (1)
14:17:56.0051 7904 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:17:56.0074 7904 SamSs - ok
14:17:56.0097 7904 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:17:56.0116 7904 sbp2port - ok
14:17:56.0167 7904 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:17:56.0219 7904 SCardSvr - ok
14:17:56.0253 7904 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:17:56.0321 7904 scfilter - ok
14:17:56.0425 7904 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:17:56.0543 7904 Schedule - ok
14:17:56.0600 7904 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:17:56.0646 7904 SCPolicySvc - ok
14:17:56.0682 7904 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:17:56.0709 7904 SDRSVC - ok
14:17:56.0810 7904 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:17:56.0888 7904 secdrv - ok
14:17:56.0915 7904 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:17:56.0963 7904 seclogon - ok
14:17:56.0993 7904 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:17:57.0077 7904 SENS - ok
14:17:57.0125 7904 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:17:57.0150 7904 SensrSvc - ok
14:17:57.0167 7904 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
14:17:57.0190 7904 Serenum - ok
14:17:57.0213 7904 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
14:17:57.0264 7904 Serial - ok
14:17:57.0338 7904 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
14:17:57.0393 7904 sermouse - ok
14:17:57.0425 7904 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:17:57.0497 7904 SessionEnv - ok
14:17:57.0564 7904 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys
14:17:57.0583 7904 SFEP - ok
14:17:57.0588 7904 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:17:57.0647 7904 sffdisk - ok
14:17:57.0652 7904 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:17:57.0685 7904 sffp_mmc - ok
14:17:57.0691 7904 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:17:57.0716 7904 sffp_sd - ok
14:17:57.0722 7904 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
14:17:57.0744 7904 sfloppy - ok
14:17:57.0813 7904 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:17:57.0892 7904 SharedAccess - ok
14:17:57.0956 7904 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:17:58.0046 7904 ShellHWDetection - ok
14:17:58.0081 7904 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
14:17:58.0100 7904 SiSRaid2 - ok
14:17:58.0108 7904 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
14:17:58.0127 7904 SiSRaid4 - ok
14:17:58.0148 7904 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:17:58.0196 7904 Smb - ok
14:17:58.0230 7904 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:17:58.0257 7904 SNMPTRAP - ok
14:17:58.0448 7904 SOHCImp (7b24efa2a60ba7388fecda63ab24560a) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
14:17:58.0463 7904 SOHCImp - ok
14:17:58.0478 7904 SOHDBSvr (140fcf5ffae4efba9740a9fd8b49e0bf) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
14:17:58.0492 7904 SOHDBSvr - ok
14:17:58.0536 7904 SOHDms (d8c244121a06b581b097d9617d94cff1) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
14:17:58.0569 7904 SOHDms - ok
14:17:58.0587 7904 SOHDs (2db561887ea122b946bbe2821473edd8) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
14:17:58.0601 7904 SOHDs - ok
14:17:58.0632 7904 SOHPlMgr (ab9ee246a1eb2c3c7c6cb16e0b9462f7) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
14:17:58.0646 7904 SOHPlMgr - ok
14:17:58.0682 7904 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:17:58.0703 7904 spldr - ok
14:17:58.0771 7904 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:17:58.0826 7904 Spooler - ok
14:17:59.0046 7904 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:17:59.0190 7904 sppsvc - ok
14:17:59.0356 7904 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:17:59.0407 7904 sppuinotify - ok
14:17:59.0486 7904 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:17:59.0514 7904 srv - ok
14:17:59.0548 7904 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:17:59.0617 7904 srv2 - ok
14:17:59.0685 7904 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
14:17:59.0711 7904 SrvHsfHDA - ok
14:17:59.0820 7904 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
14:17:59.0859 7904 SrvHsfV92 - ok
14:18:00.0090 7904 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
14:18:00.0121 7904 SrvHsfWinac - ok
14:18:00.0195 7904 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:18:00.0254 7904 srvnet - ok
14:18:00.0314 7904 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:18:00.0466 7904 SSDPSRV - ok
14:18:00.0476 7904 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:18:00.0529 7904 SstpSvc - ok
14:18:00.0621 7904 Steam Client Service - ok
14:18:00.0714 7904 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
14:18:00.0732 7904 stexstor - ok
14:18:00.0818 7904 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:18:00.0866 7904 stisvc - ok
14:18:00.0886 7904 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:18:00.0903 7904 swenum - ok
14:18:00.0945 7904 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:18:01.0015 7904 swprv - ok
14:18:01.0130 7904 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:18:01.0226 7904 SysMain - ok
14:18:01.0382 7904 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:18:01.0448 7904 TabletInputService - ok
14:18:01.0495 7904 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:18:01.0587 7904 TapiSrv - ok
14:18:01.0625 7904 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:18:01.0677 7904 TBS - ok
14:18:01.0928 7904 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:18:02.0007 7904 Tcpip - ok
14:18:02.0368 7904 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:18:02.0417 7904 TCPIP6 - ok
14:18:02.0633 7904 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:18:02.0713 7904 tcpipreg - ok
14:18:02.0732 7904 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:18:02.0754 7904 TDPIPE - ok
14:18:02.0800 7904 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:18:02.0853 7904 TDTCP - ok
14:18:02.0903 7904 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:18:02.0950 7904 tdx - ok
14:18:02.0969 7904 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
14:18:02.0987 7904 TermDD - ok
14:18:03.0073 7904 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:18:03.0158 7904 TermService - ok
14:18:03.0177 7904 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:18:03.0208 7904 Themes - ok
14:18:03.0246 7904 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:18:03.0296 7904 THREADORDER - ok
14:18:03.0317 7904 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:18:03.0381 7904 TrkWks - ok
14:18:03.0464 7904 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:18:03.0539 7904 TrustedInstaller - ok
14:18:03.0563 7904 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:18:03.0621 7904 tssecsrv - ok
14:18:03.0676 7904 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:18:03.0724 7904 TsUsbFlt - ok
14:18:03.0732 7904 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
14:18:03.0759 7904 TsUsbGD - ok
14:18:03.0815 7904 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:18:03.0862 7904 tunnel - ok
14:18:03.0869 7904 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
14:18:03.0888 7904 uagp35 - ok
14:18:04.0020 7904 uCamMonitor (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
14:18:04.0036 7904 uCamMonitor - ok
14:18:04.0065 7904 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:18:04.0147 7904 udfs - ok
14:18:04.0214 7904 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:18:04.0240 7904 UI0Detect - ok
14:18:04.0301 7904 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:18:04.0319 7904 uliagpkx - ok
14:18:04.0363 7904 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:18:04.0385 7904 umbus - ok
14:18:04.0390 7904 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
14:18:04.0413 7904 UmPass - ok
14:18:04.0442 7904 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:18:04.0541 7904 upnphost - ok
14:18:04.0586 7904 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:18:04.0608 7904 usbccgp - ok
14:18:04.0618 7904 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:18:04.0645 7904 usbcir - ok
14:18:04.0682 7904 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:18:04.0704 7904 usbehci - ok
14:18:04.0733 7904 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:18:04.0758 7904 usbhub - ok
14:18:04.0775 7904 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:18:04.0799 7904 usbohci - ok
14:18:04.0837 7904 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
14:18:04.0862 7904 usbprint - ok
14:18:04.0900 7904 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
14:18:04.0952 7904 USBSTOR - ok
14:18:04.0987 7904 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
14:18:05.0010 7904 usbuhci - ok
14:18:05.0069 7904 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
14:18:05.0096 7904 usbvideo - ok
14:18:05.0160 7904 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:18:05.0253 7904 UxSms - ok
14:18:05.0484 7904 VAIO Entertainment TV Device Arbitration Service (4e7135d6d0127067e4cfee12259f895d) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
14:18:05.0494 7904 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
14:18:05.0494 7904 VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
14:18:05.0595 7904 VAIO Event Service (73328c784ecfe7072bd102f370076b50) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
14:18:05.0610 7904 VAIO Event Service - ok
14:18:05.0773 7904 VAIO Power Management (b63f63960e7254d9d9ed28474b40eb31) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
14:18:05.0792 7904 VAIO Power Management - ok
14:18:05.0829 7904 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:18:05.0852 7904 VaultSvc - ok
14:18:06.0203 7904 VCFw (0ed1d51dcec67f96cc313d02a1741cf3) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
14:18:06.0300 7904 VCFw - ok
14:18:06.0550 7904 VcmIAlzMgr (7295a2b5795e7b8aa128e5df5a29b656) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
14:18:06.0582 7904 VcmIAlzMgr - ok
14:18:06.0747 7904 VcmXmlIfHelper (76df898710495c5b1476719410d8b895) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
14:18:06.0762 7904 VcmXmlIfHelper - ok
14:18:06.0907 7904 Vcsw - ok
14:18:07.0141 7904 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:18:07.0159 7904 vdrvroot - ok
14:18:07.0226 7904 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:18:07.0296 7904 vds - ok
14:18:07.0358 7904 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:18:07.0384 7904 vga - ok
14:18:07.0419 7904 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:18:07.0467 7904 VgaSave - ok
14:18:07.0482 7904 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:18:07.0503 7904 vhdmp - ok
14:18:07.0509 7904 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:18:07.0527 7904 viaide - ok
14:18:07.0542 7904 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:18:07.0561 7904 volmgr - ok
14:18:07.0597 7904 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:18:07.0621 7904 volmgrx - ok
14:18:07.0647 7904 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:18:07.0668 7904 volsnap - ok
14:18:07.0736 7904 Vsdatant (239d8d72730226cd460bdc8ca0a23d43) C:\Windows\system32\DRIVERS\vsdatant.sys
14:18:07.0759 7904 Vsdatant - ok
14:18:07.0960 7904 vsmon - ok
14:18:08.0024 7904 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
14:18:08.0045 7904 vsmraid - ok
14:18:08.0188 7904 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:18:08.0309 7904 VSS - ok
14:18:08.0497 7904 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:18:08.0553 7904 vwifibus - ok
14:18:08.0753 7904 VzCdbSvc (79eb419f4a694b4514249e0d3db16ecf) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
14:18:08.0764 7904 VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning
14:18:08.0764 7904 VzCdbSvc - detected UnsignedFile.Multi.Generic (1)
14:18:08.0852 7904 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:18:08.0918 7904 W32Time - ok
14:18:08.0954 7904 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
14:18:08.0989 7904 WacomPen - ok
14:18:09.0042 7904 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:18:09.0120 7904 WANARP - ok
14:18:09.0124 7904 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:18:09.0171 7904 Wanarpv6 - ok
14:18:09.0328 7904 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:18:09.0395 7904 WatAdminSvc - ok
14:18:09.0531 7904 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:18:09.0621 7904 wbengine - ok
14:18:09.0768 7904 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:18:09.0802 7904 WbioSrvc - ok
14:18:09.0827 7904 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:18:09.0864 7904 wcncsvc - ok
14:18:09.0900 7904 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:18:09.0925 7904 WcsPlugInService - ok
14:18:10.0017 7904 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
14:18:10.0034 7904 Wd - ok
14:18:10.0122 7904 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:18:10.0172 7904 Wdf01000 - ok
14:18:10.0192 7904 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:18:10.0271 7904 WdiServiceHost - ok
14:18:10.0274 7904 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:18:10.0307 7904 WdiSystemHost - ok
14:18:10.0347 7904 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:18:10.0416 7904 WebClient - ok
14:18:10.0531 7904 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:18:10.0592 7904 Wecsvc - ok
14:18:10.0632 7904 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:18:10.0699 7904 wercplsupport - ok
14:18:10.0721 7904 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:18:10.0773 7904 WerSvc - ok
14:18:10.0860 7904 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:18:10.0908 7904 WfpLwf - ok
14:18:10.0956 7904 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
14:18:10.0990 7904 WimFltr - ok
14:18:11.0018 7904 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:18:11.0036 7904 WIMMount - ok
14:18:11.0071 7904 winachsf - ok
14:18:11.0150 7904 WinDefend - ok
14:18:11.0161 7904 WinHttpAutoProxySvc - ok
14:18:11.0268 7904 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:18:11.0352 7904 Winmgmt - ok
14:18:11.0521 7904 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:18:11.0624 7904 WinRM - ok
14:18:11.0866 7904 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:18:11.0935 7904 Wlansvc - ok
14:18:12.0019 7904 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:18:12.0054 7904 WmiAcpi - ok
14:18:12.0164 7904 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:18:12.0202 7904 wmiApSrv - ok
14:18:12.0308 7904 WMPNetworkSvc - ok
14:18:12.0354 7904 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:18:12.0380 7904 WPCSvc - ok
14:18:12.0402 7904 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:18:12.0454 7904 WPDBusEnum - ok
14:18:12.0475 7904 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:18:12.0523 7904 ws2ifsl - ok
14:18:12.0551 7904 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
14:18:12.0629 7904 wscsvc - ok
14:18:12.0634 7904 WSearch - ok
14:18:12.0805 7904 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:18:12.0975 7904 wuauserv - ok
14:18:13.0218 7904 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:18:13.0318 7904 WudfPf - ok
14:18:13.0348 7904 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:18:13.0412 7904 WUDFRd - ok
14:18:13.0455 7904 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:18:13.0507 7904 wudfsvc - ok
14:18:13.0533 7904 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:18:13.0567 7904 WwanSvc - ok
14:18:13.0641 7904 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
14:18:13.0668 7904 yukonw7 - ok
14:18:13.0707 7904 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:18:14.0094 7904 \Device\Harddisk0\DR0 - ok
14:18:14.0097 7904 Boot (0x1200) (b69b9d5eade0f999f60d5411cf1b797b) \Device\Harddisk0\DR0\Partition0
14:18:14.0098 7904 \Device\Harddisk0\DR0\Partition0 - ok
14:18:14.0099 7904 ============================================================
14:18:14.0099 7904 Scan finished
14:18:14.0099 7904 ============================================================
14:18:14.0113 3088 Detected object count: 9
14:18:14.0113 3088 Actual detected object count: 9
14:19:08.0321 3088 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:19:08.0321 3088 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:19:08.0323 3088 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
14:19:08.0323 3088 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:19:08.0325 3088 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:19:08.0326 3088 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:19:08.0327 3088 PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
14:19:08.0327 3088 PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:19:08.0329 3088 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user
14:19:08.0329 3088 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:19:08.0330 3088 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user
14:19:08.0330 3088 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:19:08.0332 3088 SampleCollector ( UnsignedFile.Multi.Generic ) - skipped by user
14:19:08.0332 3088 SampleCollector ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:19:08.0335 3088 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:19:08.0335 3088 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:19:08.0336 3088 VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:19:08.0336 3088 VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#6
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#7
taybaxter

taybaxter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Managed to scan a copy that I put on my desktop. Came up clean. Not sure if that means anything since it's a copy of the file though.
  • 0

#8
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts

Managed to scan a copy that I put on my desktop. Came up clean. Not sure if that means anything since it's a copy of the file though.

Can you please post the link the the VirusTotal results?

Please also run ComboFix as instructed in my previous reply. :thumbsup:
  • 0

#9
taybaxter

taybaxter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Here is the combofix log! Had to zip it because it was over 1 mb!





ComboFix 12-05-22.02 - Taylor 05/22/2012 14:52:46.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6111.3655 [GMT -5:00]
Running from: c:\users\Taylor\Desktop\ComboFix.exe
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ZeoBIT
c:\programdata\ZeoBIT\PCKeeper\history.xml
c:\users\Taylor\IE9-Windows7-x64-enu.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-22 to 2012-05-22 )))))))))))))))))))))))))))))))
.
.
2012-05-22 20:05 . 2012-05-22 20:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-22 19:04 . 2012-05-22 19:04 -------- d-----w- c:\program files (x86)\VirusTotalUploader2
2012-05-21 06:06 . 2012-05-21 06:06 -------- d-----w- c:\program files\iPod
2012-05-21 06:06 . 2012-05-21 06:06 -------- d-----w- c:\program files\iTunes
2012-05-19 21:12 . 2012-05-21 06:01 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{22422B3C-094D-45FD-B511-B60B1EF335D8}\offreg.dll
2012-05-19 21:12 . 2012-05-19 21:14 -------- d-----w- c:\program files (x86)\Port Scanner Software
2012-05-19 04:03 . 2012-05-19 04:03 -------- d-----w- c:\program files\CheckPoint
2012-05-19 04:01 . 2012-05-19 04:03 -------- d-----w- c:\program files (x86)\CheckPoint
2012-05-19 04:00 . 2012-05-19 04:00 -------- d-----w- c:\programdata\CheckPoint
2012-05-19 03:39 . 2012-05-22 19:16 -------- d-----w- c:\programdata\SecTaskMan
2012-05-19 03:39 . 2012-05-19 03:39 -------- d-----w- c:\program files (x86)\Security Task Manager
2012-05-19 03:32 . 2012-05-19 04:15 -------- d-----w- c:\program files (x86)\Exterminate It!
2012-05-19 03:29 . 2012-05-19 03:36 -------- d-----w- c:\program files\Keylogger Detector
2012-05-19 03:22 . 2012-05-19 03:22 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2012-05-19 03:06 . 2012-05-19 03:24 -------- d-----w- c:\programdata\Spyware Terminator
2012-05-19 02:45 . 2006-06-19 18:01 69632 ----a-w- c:\windows\SysWow64\ztvcabinet.dll
2012-05-19 02:45 . 2006-05-25 20:52 162304 ----a-w- c:\windows\SysWow64\ztvunrar36.dll
2012-05-19 02:45 . 2005-08-26 06:50 77312 ----a-w- c:\windows\SysWow64\ztvunace26.dll
2012-05-19 02:45 . 2002-03-06 06:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll
2012-05-19 02:45 . 2003-02-03 01:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll
2012-05-19 02:45 . 2012-05-19 03:02 -------- d-----w- c:\program files (x86)\Trojan Remover
2012-05-19 02:45 . 2012-05-19 02:45 -------- d-----w- c:\programdata\Simply Super Software
2012-05-18 21:57 . 2012-05-18 21:57 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2012-05-18 21:42 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{22422B3C-094D-45FD-B511-B60B1EF335D8}\mpengine.dll
2012-05-15 11:31 . 2012-05-22 19:26 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-05-15 11:28 . 2012-05-15 11:28 -------- d-----w- c:\windows\SysWow64\Wat
2012-05-15 11:28 . 2012-05-15 11:28 -------- d-----w- c:\windows\system32\Wat
2012-05-15 02:56 . 2012-05-15 02:56 -------- d-----w- c:\programdata\PC Tools
2012-05-15 02:19 . 2012-05-15 02:19 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-15 01:36 . 2012-05-15 02:19 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-14 14:26 . 2012-02-28 06:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-05-14 03:26 . 2012-05-14 03:26 -------- d-----w- c:\program files (x86)\Oracle
2012-05-14 03:25 . 2012-04-04 23:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-13 21:26 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-13 21:26 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-13 21:26 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-13 21:26 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-13 21:26 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-13 21:26 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-13 21:26 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-13 19:10 . 2012-05-13 19:10 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-05-13 19:10 . 2012-05-13 19:10 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-05-13 15:38 . 2012-05-13 15:38 -------- d-----w- c:\program files\CCleaner
2012-05-13 14:06 . 2012-05-13 14:06 -------- d-----w- c:\programdata\Sophos
2012-05-13 08:18 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2012-05-13 08:17 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-05-13 08:16 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-05-13 08:16 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-05-13 08:16 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2012-05-13 08:16 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll
2012-05-13 08:16 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2012-05-13 08:16 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2012-05-13 08:16 . 2011-02-19 09:00 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-05-13 08:16 . 2011-02-19 12:03 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-05-13 08:16 . 2011-02-19 06:30 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-05-13 08:16 . 2011-02-19 04:34 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-05-13 08:16 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll
2012-05-13 08:16 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2012-05-13 08:15 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-05-13 08:15 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2012-05-13 08:15 . 2011-03-03 06:21 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2012-05-13 08:15 . 2011-03-03 05:36 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2012-05-13 08:13 . 2011-07-16 05:21 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-05-13 08:12 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-13 08:12 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-13 08:12 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-13 08:12 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-13 08:12 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-13 08:12 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-13 08:12 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-05-13 08:12 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-05-13 08:12 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-05-13 08:12 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-05-13 07:08 . 2012-05-19 02:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-13 04:54 . 2012-05-13 04:54 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-13 04:53 . 2012-05-13 04:54 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-13 03:31 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-05-13 03:31 . 2012-03-06 23:02 28504 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-05-13 03:24 . 2012-05-19 21:15 -------- d-----w- c:\windows\Panther
2012-05-13 03:06 . 2012-05-13 01:50 -------- d-----w- C:\$WINDOWS.~Q
2012-05-13 02:43 . 2012-05-13 02:55 -------- d-----w- C:\$INPLACE.~TR
2012-05-13 02:33 . 2012-05-13 02:33 -------- d-----w- C:\Recovery
2012-05-13 02:21 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-05-13 02:21 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-05-13 02:21 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-13 02:21 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-05-13 02:21 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-05-13 02:21 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-13 02:21 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-13 01:40 . 2012-05-13 01:40 -------- d-----w- c:\users\Default\Roaming
2012-05-13 01:40 . 2012-05-13 01:40 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-05-13 00:31 . 2012-05-22 20:04 -------- d-----w- c:\users\Taylor
2012-05-13 00:30 . 2012-05-13 00:30 -------- d-----w- c:\windows\SysWow64\URTTEMP
2012-05-13 00:30 . 2012-05-21 06:07 -------- d-sh--w- c:\windows\Installer
2012-05-13 00:28 . 2012-05-13 00:28 -------- d-----w- c:\windows\SysWow64\RTCOM
2012-05-13 00:28 . 2012-05-13 00:28 -------- d-----w- c:\program files\Realtek
2012-05-13 00:28 . 2012-05-13 00:28 0 ----a-w- c:\windows\ativpsrm.bin
2012-05-13 00:28 . 2012-05-13 00:28 -------- d-----w- c:\program files\Apoint
2012-05-12 18:47 . 2012-05-12 18:47 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-05-12 18:32 . 2012-05-13 01:13 -------- d-----w- c:\programdata\HitmanPro
2012-05-12 06:00 . 2011-01-20 14:42 1257984 ------w- c:\windows\system32\MFH264Dec.dll
2012-05-12 06:00 . 2011-01-20 14:15 979456 ------w- c:\windows\SysWow64\MFH264Dec.dll
2012-05-12 06:00 . 2011-01-20 14:41 428544 ------w- c:\windows\system32\MFHEAACdec.dll
2012-05-12 06:00 . 2011-01-20 14:40 377344 ------w- c:\windows\system32\mfmp4src.dll
2012-05-12 06:00 . 2011-01-20 14:14 357376 ------w- c:\windows\SysWow64\MFHEAACdec.dll
2012-05-12 06:00 . 2011-01-20 14:14 302592 ------w- c:\windows\SysWow64\mfmp4src.dll
2012-05-12 00:37 . 2012-05-12 00:38 -------- d-----w- c:\windows\SysWow64\ca-ES
2012-05-12 00:37 . 2012-05-12 00:38 -------- d-----w- c:\windows\SysWow64\eu-ES
2012-05-12 00:37 . 2012-05-12 00:38 -------- d-----w- c:\windows\SysWow64\vi-VN
2012-05-12 00:37 . 2012-05-12 00:37 -------- d-----w- c:\windows\system32\ca-ES
2012-05-12 00:37 . 2012-05-12 00:37 -------- d-----w- c:\windows\system32\eu-ES
2012-05-12 00:37 . 2012-05-12 00:37 -------- d-----w- c:\windows\system32\vi-VN
2012-05-12 00:32 . 2012-05-13 01:16 -------- d-----w- c:\windows\system32\SPReview
2012-05-12 00:13 . 2009-04-11 05:11 946688 ------w- c:\windows\system32\scavenge.dll
2012-05-12 00:12 . 2009-04-11 05:10 56320 ------w- c:\windows\system32\compcln.exe
2012-05-12 00:02 . 2009-04-11 05:11 2146304 ------w- c:\windows\system32\FunctionDiscoveryFolder.dll
2012-05-12 00:02 . 2009-04-11 04:28 2134528 ------w- c:\windows\SysWow64\FunctionDiscoveryFolder.dll
2012-05-12 00:02 . 2009-04-11 05:11 121856 ------w- c:\windows\system32\EhStorAuthn.dll
2012-05-12 00:02 . 2009-04-11 04:28 117248 ------w- c:\windows\SysWow64\EhStorAuthn.dll
2012-05-12 00:01 . 2009-04-11 04:28 463872 ------w- c:\windows\SysWow64\IasMigReader.exe
2012-05-12 00:01 . 2009-04-11 05:11 1085440 ------w- c:\windows\system32\wcnwiz2.dll
2012-05-12 00:01 . 2009-04-11 04:28 968192 ------w- c:\windows\SysWow64\wcnwiz2.dll
2012-05-12 00:01 . 2009-04-11 04:28 165376 ------w- c:\windows\SysWow64\WcnNetsh.dll
2012-05-12 00:00 . 2009-04-11 05:11 397312 ------w- c:\windows\system32\WscEapPr.dll
2012-05-12 00:00 . 2009-04-11 04:28 291328 ------w- c:\windows\SysWow64\WscEapPr.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-15 02:19 . 2011-08-08 16:47 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-06 03:34 . 2012-04-06 03:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 03:34 . 2012-04-06 03:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 03:34 . 2012-04-06 03:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 03:33 . 2012-04-06 03:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 03:33 . 2012-04-06 03:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 03:33 . 2012-04-06 03:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-06 03:32 . 2012-04-06 03:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-06 03:32 . 2012-04-06 03:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-06 03:32 . 2012-04-06 03:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-04-04 23:47 . 2011-03-16 04:26 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 20:56 . 2011-11-22 22:40 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 23:15 . 2012-01-23 15:30 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2012-01-23 15:30 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-02-22 18:13 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2012-01-23 15:34 141144 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-03-06 23:04 . 2012-01-23 15:31 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2012-01-23 15:34 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:03 . 2012-01-23 15:31 258904 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-03-06 23:01 . 2012-01-23 15:31 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2012-01-23 15:31 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2012-01-23 15:34 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 15:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-17 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AML"="c:\program files (x86)\Sony\VAIO Launcher\AML.exe" [2009-03-09 1101824]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SmartWiHelper"="c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" [2009-03-06 77824]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-06 343168]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-07-24 273544]
"VAIOSurvey"="c:\program files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe" [2008-07-25 385024]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-05-19 1239312]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2012-03-20 73360]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-01-19 20:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-22 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 257696]
R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-22 135664]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-02-05 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-02-05 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-02-05 390440]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-02-05 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-02-05 91432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-01-20 394536]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-01-17 110376]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]
S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2011-11-02 41728]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-05-05 14720]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.5 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-04-20 3065120]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-03-06 134920]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-03-16 33672]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-03-16 827520]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-01-06 141344]
S2 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2008-09-30 167424]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-12-19 411496]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-01-14 5184872]
S3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2011-11-02 63880]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETwNv64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETwNv64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 91420896
*Deregistered* - 91420896
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 02:19]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-22 18:18]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-22 18:18]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-07-18 152576]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-01-06 6956576]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-06 1833504]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-03-16 1126528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\9xy7dwng.default\
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-22 15:13:14
ComboFix-quarantined-files.txt 2012-05-22 20:13
ComboFix2.txt 2012-05-12 18:16
.
Pre-Run: 189,407,899,648 bytes free
Post-Run: 189,567,066,112 bytes free
.
- - End Of File - - E888AE8651211D104A40A88B426924E3

Attached Files


Edited by Gammo, 23 May 2012 - 10:42 AM.
added snippet of ComboFix log

  • 0

#10
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Google Chrome and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these.

The WOT add-on will nicely help to enhance your security, no matter which web browser you use. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.
  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :cool:
  • 0

#11
taybaxter

taybaxter

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thank you for everything! I'm following the steps right now. So was I infected with anything in the end?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP