Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus - Backdoor.win64.generic and Ping.exe [Closed]

Started by jblb2009 , Jun 08 2012 09:44 PM

  • This topic is locked This topic is locked

#1
jblb2009
Posted 08 June 2012 - 09:44 PM

jblb2009

    New Member

  • Member
  • Pip
  • 7 posts
Hi

I believe I have a virus that i can not delete.

I have 3 ping.exe loaded in my processes and kaspersky has been picking up HEUR: backdoor.win64.generic trojan but does not remove the problem.

Here is my OTL Log

OTL logfile created on: 6/9/2012 1:34:29 PM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\JohnLani\Documents\NSWFB
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.93 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 53.38% Memory free
7.87 Gb Paging File | 5.93 Gb Available in Paging File | 75.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 18.51 Gb Free Space | 18.51% Space Free | Partition Type: NTFS
Drive D: | 300.00 Gb Total Space | 13.41 Gb Free Space | 4.47% Space Free | Partition Type: NTFS
Drive E: | 65.76 Gb Total Space | 24.65 Gb Free Space | 37.49% Space Free | Partition Type: NTFS

Computer Name: JOHNLANI-PC | User Name: JohnLani | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/09 13:33:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\JohnLani\My Documents\NSWFB\OTL.exe
PRC - [2012/06/09 13:33:33 | 137,320,080 | ---- | M] () -- C:\Users\JohnLani\My Documents\NSWFB\setup_11.0.0.1245.x01_2012_06_09_04_23.exe
PRC - [2012/06/09 04:24:11 | 000,717,328 | ---- | M] () -- C:\Users\JohnLani\AppData\Local\Temp\RarSFX0\8122820.exe
PRC - [2012/06/09 04:24:06 | 000,457,768 | ---- | M] (Kaspersky Lab) -- C:\Users\JohnLani\AppData\Local\Temp\4207968\8122820.exe
PRC - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
PRC - [2009/07/14 11:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE


========== Modules (No Company Name) ==========

MOD - [2012/06/09 13:33:33 | 137,320,080 | ---- | M] () -- C:\Users\JohnLani\My Documents\NSWFB\setup_11.0.0.1245.x01_2012_06_09_04_23.exe
MOD - [2012/06/09 04:24:11 | 000,717,328 | ---- | M] () -- C:\Users\JohnLani\AppData\Local\Temp\RarSFX0\8122820.exe
MOD - [2011/04/24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtgui4.dll
MOD - [2011/04/24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtsql4.dll
MOD - [2011/04/24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtscript4.dll
MOD - [2011/04/24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtnetwork4.dll
MOD - [2011/04/24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtcore4.dll
MOD - [2011/04/24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtdeclarative4.dll
MOD - [2011/04/20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll
MOD - [2010/11/20 22:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 22:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/01 17:42:24 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/09/12 00:40:22 | 002,287,360 | ---- | M] (O&O Software GmbH) [Auto | Stopped] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)
SRV - [2012/05/05 18:03:07 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/09 19:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/11/12 10:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/08/13 21:25:00 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/05/11 14:32:08 | 003,703,816 | ---- | M] (Matrox Graphics Inc) [Auto | Stopped] -- C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Services.exe -- (Matrox.Pdesk3.ServicesHost)
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [On_Demand | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2010/11/20 22:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 22:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 22:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/05/01 16:08:33 | 000,186,760 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Photodex\ProShowProducer\scsiaccess.exe -- (ScsiAccess)
SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/11 07:51:05 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/10/31 19:31:48 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/18 12:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/09 10:53:08 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ozuuiixh.sys -- (ozuuiixh)
DRV:64bit: - [2012/06/08 14:55:05 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/05/15 12:50:18 | 000,094,208 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 16:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/05/20 20:04:32 | 000,017,496 | ---- | M] (CH Products) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\chdrvr03.sys -- (chdrvr03)
DRV:64bit: - [2011/05/20 20:04:30 | 000,013,016 | ---- | M] (CH Products) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\chdrvr02.sys -- (chdrvr02)
DRV:64bit: - [2011/05/20 20:04:28 | 000,251,224 | ---- | M] (CH Products) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\chdrvr01.sys -- (chdrvr01)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 16:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/03/04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/03/04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010/11/20 23:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/16 22:09:50 | 000,038,056 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/09/14 23:16:15 | 000,125,888 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010/07/09 13:19:02 | 000,021,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134)
DRV:64bit: - [2010/04/19 19:29:18 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2010/01/03 19:01:55 | 000,314,016 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/01/03 19:01:55 | 000,043,680 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/12/17 16:49:02 | 000,045,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npusbio_x64.sys -- (npusbio)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/08/03 10:12:00 | 001,289,216 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\P17.sys -- (P17)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 06:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/12/08 13:48:44 | 000,023,040 | ---- | M] (GoFlight, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gfvknt64.sys -- (gfvknt)
DRV:64bit: - [2008/06/27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007/04/04 12:28:40 | 001,495,936 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbVM302.sys -- (ZSMC301b) Vimicro USB PC Camera (ZC0302)
DRV:64bit: - [2007/03/18 08:43:28 | 000,301,824 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vvftav302.sys -- (vvftav302)
DRV:64bit: - [2006/11/10 23:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SysTool64.sys -- (SysTool)
DRV - [2012/04/28 13:16:22 | 000,021,872 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2012/04/28 13:16:20 | 000,033,184 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2012/01/05 18:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2010/09/14 23:16:15 | 000,125,888 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/12/18 10:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\JohnLani\Documents\NSWFB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ninemsn.com.au/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D2 AB BC A3 00 5A CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com.au/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@abr.gov.au/KeyMgmtPlugin: C:\Program Files (x86)\ABR\Plug-In\bin\npAUSkeyPlugin.dll (Commonwealth Government of Australia)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@csi.business.gov.au/CsiPlugin: C:\Program Files (x86)\Common-Use Signing Interface\bin\npCsiPlugin.dll (Commonwealth Government of Australia)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/18 08:16:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/02/02 15:51:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/06/08 15:10:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/06/08 15:10:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/11 20:05:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/11 20:05:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/18 08:16:01 | 000,000,000 | ---D | M]

[2011/03/21 09:07:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JohnLani\AppData\Roaming\Mozilla\Extensions
[2010/08/02 14:01:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JohnLani\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/11/01 10:11:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JohnLani\AppData\Roaming\Mozilla\Firefox\extensions
[2009/11/01 10:13:41 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\JohnLani\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2012/05/19 22:15:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JohnLani\AppData\Roaming\Mozilla\Firefox\Profiles\q7fmh5uv.default\extensions
[2011/08/28 03:22:00 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\JohnLani\AppData\Roaming\Mozilla\Firefox\Profiles\q7fmh5uv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/08 15:10:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/08 13:53:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/08 14:55:53 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak2
[2012/02/02 15:51:34 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\JohnLani\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ABR_AUSkey Mozilla Plugin (Enabled) = C:\Program Files (x86)\ABR\Plug-In\bin\npAUSkeyPlugin.dll
CHR - plugin: CSI Mozilla Plugin (Enabled) = C:\Program Files (x86)\Common-Use Signing Interface\bin\npCsiPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Raindrops = C:\Users\JohnLani\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcipapbfhdnmgihoimbjiadmhpcgcnil\1.0.0.2_0\
CHR - Extension: YouTube = C:\Users\JohnLani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\JohnLani\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\JohnLani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Virtual Keyboard = C:\Users\JohnLani\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Gmail = C:\Users\JohnLani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\JohnLani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2012/02/02 15:43:51 | 000,002,287 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BigDogPath] C:\Windows\VM302Snap.exe (Vimicro)
O4 - HKLM..\Run: [Domino] C:\Windows\Domino.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Matrox PowerDesk] C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Startup.exe (Matrox Graphics Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Creative Software Update] C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [CreativeTaskScheduler] C:\Program Files (x86)\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Users\JohnLani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk = C:\Users\JohnLani\AppData\Local\Temp\_uninst_.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Download with ImTOO iPhone Transfer Platinum - C:\Program Files (x86)\ImTOO\iPhone Transfer Platinum\upod_link.HTM File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download with ImTOO iPhone Transfer Platinum - C:\Program Files (x86)\ImTOO\iPhone Transfer Platinum\upod_link.HTM File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: abr.gov.au ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ato.gov.au ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bussiness.gov.au ([www] https in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ent_4.3.1.0.cab (SysInfo Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} http://www.systemreq...reqlab_test.cab (System Requirements Lab Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.1.66.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F6A85D9-39A3-425A-9D6F-C812C3F19B3A}: DhcpNameServer = 139.130.4.4 203.50.2.71
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63C57A69-2348-4299-8E70-76FED20EB0D0}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Users\JohnLani\AppData\Roaming\Fxnu8RiZ6Zl.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2ae4007b-c6b7-11de-a285-001cc0372afd}\Shell - "" = AutoRun
O33 - MountPoints2\{2ae4007b-c6b7-11de-a285-001cc0372afd}\Shell\AutoRun\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/09 10:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/09 10:00:12 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/09 10:00:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/09 09:48:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/06/08 20:02:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/06/08 20:02:46 | 000,000,000 | ---D | C] -- C:\Users\JohnLani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/06/08 19:27:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2012/06/08 19:27:00 | 000,000,000 | ---D | C] -- C:\Users\JohnLani\AppData\Roaming\IObit
[2012/06/08 19:21:58 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/08 14:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2012
[2012/06/08 14:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/06/08 14:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/06/08 14:55:05 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/06/08 14:26:45 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/06/08 14:26:17 | 004,539,477 | R--- | C] (Swearware) -- C:\Users\JohnLani\Desktop\ComboFix.exe
[2012/06/08 14:13:03 | 000,000,000 | ---D | C] -- C:\Users\JohnLani\AppData\Roaming\Malwarebytes
[2012/06/08 14:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/06 14:21:51 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/06/03 18:43:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wings of POWER II
[2012/06/03 18:43:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wings of POWER II
[2012/06/01 19:39:20 | 000,000,000 | ---D | C] -- C:\Users\JohnLani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CLS A330_A340
[2012/05/28 13:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navigraph
[2012/05/28 13:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Navigraph
[2012/05/27 22:20:10 | 000,000,000 | ---D | C] -- C:\Users\JohnLani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PollyPot Software
[2012/05/21 16:40:50 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\JohnLani\Desktop\TDSSKiller.exe
[2012/05/15 12:50:18 | 000,094,208 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\rzudd.sys
[2012/05/15 12:36:12 | 000,142,848 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysWow64\rztouchdll.dll
[2012/05/15 12:36:02 | 000,354,816 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysWow64\rzdevicedll.dll
[2012/05/15 12:36:00 | 000,165,888 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysWow64\rzaudiodll.dll
[2012/05/13 22:38:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/13 22:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/13 22:37:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/12 12:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2012/05/12 12:55:14 | 000,000,000 | ---D | C] -- C:\Users\JohnLani\AppData\Local\Razer
[2012/05/12 12:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2012/05/12 12:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2012/05/11 09:00:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/09 13:33:59 | 000,000,935 | ---- | M] () -- C:\Users\JohnLani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk
[2012/06/09 10:51:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/09 10:51:49 | 3168,862,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/09 10:51:47 | 001,077,156 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2012/06/09 10:50:39 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/09 10:50:39 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/09 10:48:45 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/09 10:48:44 | 000,000,486 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2012/06/09 10:02:15 | 000,001,155 | ---- | M] () -- C:\Users\JohnLani\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/09 10:02:15 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/09 10:02:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/09 09:56:13 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/09 09:48:51 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/09 09:48:35 | 000,827,546 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/09 09:48:35 | 000,680,250 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/09 09:48:35 | 000,135,102 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/08 22:57:33 | 003,077,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/08 20:02:46 | 000,003,023 | ---- | M] () -- C:\Users\JohnLani\Desktop\HiJackThis.lnk
[2012/06/08 19:27:17 | 000,001,189 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2012/06/08 15:12:45 | 000,002,521 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/06/08 15:10:33 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/06/08 15:10:27 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/06/08 14:56:20 | 000,017,408 | ---- | M] () -- C:\Users\JohnLani\AppData\Local\WebpageIcons.db
[2012/06/08 14:55:05 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/06/08 14:26:41 | 004,539,477 | R--- | M] (Swearware) -- C:\Users\JohnLani\Desktop\ComboFix.exe
[2012/06/07 19:04:20 | 000,000,181 | ---- | M] () -- C:\Windows\MYOBP.INI
[2012/06/07 19:03:54 | 000,000,041 | ---- | M] () -- C:\Windows\MYOB.INI
[2012/06/06 16:54:09 | 000,000,581 | ---- | M] () -- C:\Users\JohnLani\Desktop\Traffic - Shortcut.lnk
[2012/06/03 21:07:15 | 000,000,786 | ---- | M] () -- C:\Windows\axisConfig.cfg
[2012/06/03 19:55:44 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\A2A Message Boards.lnk
[2012/05/31 19:42:02 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\REX Essential.lnk
[2012/05/28 13:22:37 | 000,002,773 | ---- | M] () -- C:\Users\Public\Desktop\Navigraph nDAC 3.lnk
[2012/05/27 22:20:10 | 000,003,085 | ---- | M] () -- C:\Users\JohnLani\Desktop\GoFlight PMDG Interface.lnk
[2012/05/25 20:22:03 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/05/21 16:40:50 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\JohnLani\Desktop\TDSSKiller.exe
[2012/05/19 22:11:19 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/05/15 12:50:18 | 000,094,208 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\rzudd.sys
[2012/05/15 12:36:12 | 000,142,848 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysWow64\rztouchdll.dll
[2012/05/15 12:36:02 | 000,354,816 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysWow64\rzdevicedll.dll
[2012/05/15 12:36:00 | 000,165,888 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysWow64\rzaudiodll.dll
[2012/05/13 12:37:42 | 000,007,598 | ---- | M] () -- C:\Users\JohnLani\AppData\Local\Resmon.ResmonCfg
[2012/05/12 13:15:19 | 000,002,011 | ---- | M] () -- C:\Users\JohnLani\Desktop\Razer Synapse 2.0.lnk
[2012/05/12 13:01:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf
[2012/05/11 23:05:46 | 000,827,766 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/09 13:33:59 | 000,000,935 | ---- | C] () -- C:\Users\JohnLani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk
[2012/06/09 13:00:18 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{46146aa2-bd24-d0de-ef95-74d607514c2e}\U\80000000.@
[2012/06/09 11:34:43 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{46146aa2-bd24-d0de-ef95-74d607514c2e}\U\00000008.@
[2012/06/09 10:56:34 | 000,093,696 | ---- | C] () -- C:\Windows\Installer\{46146aa2-bd24-d0de-ef95-74d607514c2e}\U\80000032.@
[2012/06/09 10:56:34 | 000,076,800 | ---- | C] () -- C:\Windows\Installer\{46146aa2-bd24-d0de-ef95-74d607514c2e}\U\80000064.@
[2012/06/09 10:00:23 | 000,001,155 | ---- | C] () -- C:\Users\JohnLani\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/09 10:00:23 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/09 09:48:46 | 000,001,931 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/08 20:02:46 | 000,003,023 | ---- | C] () -- C:\Users\JohnLani\Desktop\HiJackThis.lnk
[2012/06/08 19:27:17 | 000,001,189 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2012/06/08 14:56:19 | 000,017,408 | ---- | C] () -- C:\Users\JohnLani\AppData\Local\WebpageIcons.db
[2012/06/08 14:55:57 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/06/08 14:55:57 | 000,107,177 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/06/06 16:54:09 | 000,000,581 | ---- | C] () -- C:\Users\JohnLani\Desktop\Traffic - Shortcut.lnk
[2012/06/06 14:10:36 | 000,000,740 | ---- | C] () -- C:\Windows\Installer\{46146aa2-bd24-d0de-ef95-74d607514c2e}\L\00000004.@
[2012/06/06 14:10:35 | 000,001,584 | ---- | C] () -- C:\Windows\Installer\{46146aa2-bd24-d0de-ef95-74d607514c2e}\U\000000cb.@
[2012/06/06 14:10:35 | 000,001,536 | ---- | C] () -- C:\Windows\Installer\{46146aa2-bd24-d0de-ef95-74d607514c2e}\U\00000004.@
[2012/06/03 20:30:15 | 000,000,786 | ---- | C] () -- C:\Windows\axisConfig.cfg
[2012/06/03 19:55:44 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\A2A Message Boards.lnk
[2012/06/03 19:54:53 | 000,153,088 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2012/05/31 19:42:02 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\REX Essential.lnk
[2012/05/28 13:22:37 | 000,002,773 | ---- | C] () -- C:\Users\Public\Desktop\Navigraph nDAC 3.lnk
[2012/05/27 22:20:10 | 000,003,085 | ---- | C] () -- C:\Users\JohnLani\Desktop\GoFlight PMDG Interface.lnk
[2012/05/19 22:11:19 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012/05/12 13:15:19 | 000,002,011 | ---- | C] () -- C:\Users\JohnLani\Desktop\Razer Synapse 2.0.lnk
[2012/05/12 13:01:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf
[2012/03/14 19:28:03 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\DBCDBF32.DLL
[2012/03/14 19:28:03 | 000,184,320 | ---- | C] () -- C:\Windows\SysWow64\dbcmdb32.dll
[2012/03/14 19:28:03 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\dbcjpg32.dll
[2012/03/14 19:28:03 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\DBCMEM32.DLL
[2012/03/14 19:28:03 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\dbcgeo32.dll
[2012/02/09 19:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/01/12 15:59:40 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{46146aa2-bd24-d0de-ef95-74d607514c2e}\@
[2011/12/01 21:58:24 | 000,000,080 | ---- | C] () -- C:\Users\JohnLani\AppData\Local\X-Plane Installer.prf
[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/05/18 08:14:19 | 000,164,600 | ---- | C] () -- C:\Windows\hpoins27.dat.temp
[2011/05/18 08:14:19 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl27.dat.temp
[2011/05/11 10:26:48 | 003,751,424 | ---- | C] () -- C:\Windows\SysWow64\MtxApi.dll
[2011/04/08 15:44:10 | 000,552,960 | ---- | C] () -- C:\Windows\SysWow64\FS2AUDIO.dll
[2011/03/21 09:07:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/03/10 18:01:07 | 000,001,447 | ---- | C] () -- C:\Windows\aeroSystems.ini
[2011/01/22 07:58:59 | 000,212,776 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/11/08 13:51:05 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/09/17 17:20:55 | 000,782,056 | ---- | C] () -- C:\Windows\SysWow64\unins000.exe
[2010/09/17 17:20:55 | 000,031,779 | ---- | C] () -- C:\Windows\SysWow64\unins000.dat
[2010/08/30 11:32:00 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/07/31 22:26:15 | 000,054,404 | ---- | C] () -- C:\Windows\SysWow64\sndspeed.dll
[2010/07/17 08:58:56 | 000,007,598 | ---- | C] () -- C:\Users\JohnLani\AppData\Local\Resmon.ResmonCfg
[2010/06/11 07:51:51 | 000,000,000 | ---- | C] () -- C:\Users\JohnLani\AppData\Roaming\chrtmp

========== LOP Check ==========

[2011/10/26 15:54:45 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\.BitTornado
[2011/01/04 16:33:41 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Alternative Software Ltd
[2012/01/03 16:05:07 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\AUSkey
[2011/10/08 20:31:36 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\CleanMyPC Software
[2011/01/15 22:07:44 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\com.bigfatsimulations.airportmadness3.3A85083A650345D1ADAB4572C5816AD2DC9802A3.1
[2009/11/01 17:24:04 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\DAEMON Tools Lite
[2011/03/20 09:11:34 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\DiskAid
[2012/04/12 22:58:20 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\EZCA
[2011/12/31 16:13:03 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\FlyingWSimulation
[2012/04/13 18:08:21 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\FS2Crew2010
[2010/09/17 17:20:55 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\FSWidgets
[2011/07/23 17:31:42 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\gtk-2.0
[2012/02/25 17:45:15 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\HiFi
[2011/03/20 09:26:39 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\ImTOO
[2010/08/15 18:56:37 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\InfraRecorder
[2010/02/07 11:07:56 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Internal Workings
[2012/06/08 19:27:00 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\IObit
[2012/01/04 21:05:54 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Jürgen Treml
[2011/08/22 14:33:53 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Kalypso Media
[2010/07/07 09:52:59 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Leadertech
[2011/05/04 09:03:28 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\LogMate
[2011/03/20 09:10:17 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\MobileSyncBrowser
[2010/03/27 12:45:14 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Multi Crew Experience
[2011/12/31 21:52:16 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\MyTraffic
[2010/05/01 16:08:36 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Netscape
[2010/09/21 17:25:23 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\nHancer
[2009/11/22 14:57:04 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Nokia
[2009/11/01 11:03:17 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Participatory Culture Foundation
[2009/10/31 19:32:48 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\PC Suite
[2012/01/27 19:32:42 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\PCF-VLC
[2010/05/01 16:08:16 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Photodex
[2012/06/07 19:10:43 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\PrimoPDF
[2011/06/27 10:27:56 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Publish Providers
[2010/09/17 07:56:03 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Roaming
[2010/01/03 09:00:53 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\SIGMA
[2011/05/09 16:20:28 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\SmartDraw
[2011/06/27 10:27:54 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Sony
[2011/07/08 17:28:44 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\The Creative Assembly
[2011/12/05 09:10:04 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Ubisoft
[2011/07/25 19:24:11 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Unity
[2012/06/09 10:13:50 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\uTorrent
[2012/02/26 16:03:39 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Virtuali
[2010/08/30 16:51:50 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\WinBatch
[2010/10/30 09:10:04 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Windows Live Writer
[2010/08/09 16:34:32 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Windows NT
[2010/08/02 17:14:21 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Windows SideBar
[2012/03/12 12:40:59 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Z-Software
[2011/12/25 01:33:00 | 000,000,366 | ---- | M] () -- C:\Windows\Tasks\Driver Fetch.job
[2012/06/09 10:46:20 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/09 10:48:44 | 000,000,486 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (TE).job

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:ECF54A0E
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:A31FAD21
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:CE2C623F
@Alternate Data Stream - 1252 bytes -> C:\ProgramData\Microsoft:mn8diT51cfJ14E7H2VX
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:74603393
@Alternate Data Stream - 1141 bytes -> C:\ProgramData\Microsoft:Ot0N5vFRKfsSQqh370Z3

< End of report >

Can you please help me remove this problem
  • 0

Advertisements

#2
godawgs
Posted 09 June 2012 - 06:40 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello jblb2009, :wave:
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same.
Because of this, you must reply within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
    I would recommend printing them out, if you can, so you can check off each step as you complete it.
    Also, part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions!
  • If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!
  • All tools must be run from an account with Administrator privileges.
  • Do not do things I do not ask for, such as running a spyware scan on your computer, installing/uninstall programs, deleting files, modifying the registry or running any tools, unless instructed to do so. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date (if possible)!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
    In light of this be prepared to back up your data. Have means of backing up your data available.
In order to be notified when your topic has been replied to:

Click My Settings at the top of the page. An Option page will open. In the left hand column click Notification Options. On the new page that opens under the Notification Preferences section click Watch every topic I reply to and set the notification type to Immediate Notification.



:alarm:
Warning: One or more of the identified infections on your computer is known to use a backdoor!
These are information stealing trojans installed on your computer.
Backdoor Trojans, IRCBots, keyloggers and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

I would advise you to immediately disconnect this computer from the internet except when reading my posts, downloading the required tools and replying to this topic on this forum only.

If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following:
  • All passwords should be changed to include those used for banking, email, eBay, Facebook ect; and forums. You should consider them to be compromised. They should be changed using a different computer and not the infected one. If you use the infected computer, an attacker may get the new passwords and transaction information.
  • Banking and credit card institutions should be notified of the possible security breach.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS.
Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall


We can still clean this machine but I can't guarantee that it will be 100% secure afterward. Let me know what you decide to do. If you decide to continue with the cleanup, please proceed with the following steps.


There should be an Extras.txt file in the C:\Users\JohnLani\Documents\NSWFB folder. Please post it in your next reply.

I noticed ComboFix is on the computer. It you haven't already run it please don't for now.

I noticed TDSSKiller in on the computer. Please post the TDSSKiller log in your next reply. The report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step-1.

Things For Your Next Post:
1. The Extras.txt log
2. The TDSSKiller log
  • 0

#3
jblb2009
Posted 09 June 2012 - 07:19 AM

jblb2009

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you

I have managed to run some extra programs and have succesfully stoped ping.exe from loading

What i have found is that I have these trojans popping up in Microsoft Security Essentials

trojan:win32/sirefef.AB
trojan:win64/sirefef.p

These are creating an installer in

C:/windows/assembly/gac_32/desktop.ini
C:/windows/assembly/gac_64/desktop.ini
C:/windows/installer/{46146aa2-bd24-d0de-ef95-74d607514c2e}/U/8000000.@

I have attached the OTL and TDSS files.
For some reason it did not create an EXTRA log.

22:58:36.0965 3604 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
22:58:38.0398 3604 ============================================================
22:58:38.0398 3604 Current date / time: 2012/06/09 22:58:38.0398
22:58:38.0398 3604 SystemInfo:
22:58:38.0398 3604
22:58:38.0398 3604 OS Version: 6.1.7601 ServicePack: 1.0
22:58:38.0398 3604 Product type: Workstation
22:58:38.0398 3604 ComputerName: JOHNLANI-PC
22:58:38.0398 3604 UserName: JohnLani
22:58:38.0398 3604 Windows directory: C:\Windows
22:58:38.0398 3604 System windows directory: C:\Windows
22:58:38.0398 3604 Running under WOW64
22:58:38.0398 3604 Processor architecture: Intel x64
22:58:38.0398 3604 Number of processors: 2
22:58:38.0398 3604 Page size: 0x1000
22:58:38.0398 3604 Boot type: Normal boot
22:58:38.0398 3604 ============================================================
22:58:43.0178 3604 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:58:43.0194 3604 ============================================================
22:58:43.0194 3604 \Device\Harddisk0\DR0:
22:58:43.0194 3604 MBR partitions:
22:58:43.0194 3604 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800000
22:58:43.0194 3604 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC800800, BlocksNum 0x25800000
22:58:43.0194 3604 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32000800, BlocksNum 0x8385000
22:58:43.0194 3604 ============================================================
22:58:43.0271 3604 C: <-> \Device\Harddisk0\DR0\Partition0
22:58:43.0324 3604 D: <-> \Device\Harddisk0\DR0\Partition1
22:58:43.0369 3604 E: <-> \Device\Harddisk0\DR0\Partition2
22:58:43.0369 3604 ============================================================
22:58:43.0369 3604 Initialize success
22:58:43.0369 3604 ============================================================
23:08:24.0705 3376 ============================================================
23:08:24.0706 3376 Scan started
23:08:24.0706 3376 Mode: Manual;
23:08:24.0706 3376 ============================================================
23:08:25.0251 3376 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:08:25.0253 3376 1394ohci - ok
23:08:25.0303 3376 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:08:25.0318 3376 ACPI - ok
23:08:25.0335 3376 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:08:25.0336 3376 AcpiPmi - ok
23:08:25.0383 3376 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
23:08:25.0385 3376 adfs - ok
23:08:25.0540 3376 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:08:25.0555 3376 AdobeFlashPlayerUpdateSvc - ok
23:08:25.0618 3376 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:08:25.0628 3376 adp94xx - ok
23:08:25.0667 3376 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:08:25.0681 3376 adpahci - ok
23:08:25.0706 3376 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:08:25.0708 3376 adpu320 - ok
23:08:25.0729 3376 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:08:25.0731 3376 AeLookupSvc - ok
23:08:25.0782 3376 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:08:25.0792 3376 AFD - ok
23:08:25.0837 3376 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:08:25.0838 3376 agp440 - ok
23:08:25.0851 3376 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:08:25.0853 3376 ALG - ok
23:08:25.0864 3376 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:08:25.0865 3376 aliide - ok
23:08:25.0877 3376 AMD External Events Utility - ok
23:08:25.0895 3376 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:08:25.0895 3376 amdide - ok
23:08:25.0922 3376 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:08:25.0923 3376 AmdK8 - ok
23:08:25.0935 3376 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:08:25.0936 3376 AmdPPM - ok
23:08:25.0971 3376 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:08:25.0973 3376 amdsata - ok
23:08:26.0008 3376 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:08:26.0014 3376 amdsbs - ok
23:08:26.0032 3376 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:08:26.0034 3376 amdxata - ok
23:08:26.0085 3376 AnyDVD (aa10a90af32ba0682820a51fbc4ace90) C:\Windows\system32\Drivers\AnyDVD.sys
23:08:26.0087 3376 AnyDVD - ok
23:08:26.0174 3376 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
23:08:26.0175 3376 AppHostSvc - ok
23:08:26.0224 3376 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:08:26.0225 3376 AppID - ok
23:08:26.0243 3376 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:08:26.0244 3376 AppIDSvc - ok
23:08:26.0272 3376 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:08:26.0273 3376 Appinfo - ok
23:08:26.0404 3376 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:08:26.0406 3376 Apple Mobile Device - ok
23:08:26.0443 3376 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:08:26.0444 3376 arc - ok
23:08:26.0462 3376 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:08:26.0464 3376 arcsas - ok
23:08:26.0581 3376 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:08:26.0582 3376 aspnet_state - ok
23:08:26.0603 3376 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:08:26.0604 3376 AsyncMac - ok
23:08:26.0624 3376 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:08:26.0625 3376 atapi - ok
23:08:26.0722 3376 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
23:08:26.0736 3376 atksgt - ok
23:08:26.0789 3376 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:08:26.0805 3376 AudioEndpointBuilder - ok
23:08:26.0810 3376 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:08:26.0814 3376 AudioSrv - ok
23:08:26.0904 3376 AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
23:08:26.0906 3376 AVP - ok
23:08:26.0958 3376 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:08:26.0959 3376 AxInstSV - ok
23:08:27.0061 3376 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:08:27.0072 3376 b06bdrv - ok
23:08:27.0115 3376 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:08:27.0129 3376 b57nd60a - ok
23:08:27.0175 3376 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:08:27.0177 3376 BDESVC - ok
23:08:27.0189 3376 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:08:27.0189 3376 Beep - ok
23:08:27.0251 3376 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
23:08:27.0264 3376 BITS - ok
23:08:27.0290 3376 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:08:27.0291 3376 blbdrive - ok
23:08:27.0406 3376 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
23:08:27.0416 3376 Bonjour Service - ok
23:08:27.0434 3376 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:08:27.0435 3376 bowser - ok
23:08:27.0452 3376 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:08:27.0453 3376 BrFiltLo - ok
23:08:27.0465 3376 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:08:27.0466 3376 BrFiltUp - ok
23:08:27.0493 3376 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:08:27.0494 3376 BridgeMP - ok
23:08:27.0527 3376 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:08:27.0530 3376 Browser - ok
23:08:27.0552 3376 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:08:27.0568 3376 Brserid - ok
23:08:27.0584 3376 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:08:27.0585 3376 BrSerWdm - ok
23:08:27.0596 3376 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:08:27.0596 3376 BrUsbMdm - ok
23:08:27.0605 3376 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:08:27.0605 3376 BrUsbSer - ok
23:08:27.0619 3376 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:08:27.0621 3376 BTHMODEM - ok
23:08:27.0653 3376 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:08:27.0655 3376 bthserv - ok
23:08:27.0678 3376 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:08:27.0679 3376 cdfs - ok
23:08:27.0726 3376 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
23:08:27.0728 3376 cdrom - ok
23:08:27.0778 3376 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:08:27.0779 3376 CertPropSvc - ok
23:08:27.0827 3376 chdrvr01 (8504f0aa0b81789da9a5cab08cbacd51) C:\Windows\system32\DRIVERS\chdrvr01.sys
23:08:27.0831 3376 chdrvr01 - ok
23:08:27.0854 3376 chdrvr02 (38b5c53eb02e8df28923d5917fbd9f1f) C:\Windows\system32\DRIVERS\chdrvr02.sys
23:08:27.0854 3376 chdrvr02 - ok
23:08:27.0882 3376 chdrvr03 (7b42079e66bfdf958fbd9fe67797d6d3) C:\Windows\system32\DRIVERS\chdrvr03.sys
23:08:27.0883 3376 chdrvr03 - ok
23:08:27.0911 3376 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:08:27.0912 3376 circlass - ok
23:08:27.0942 3376 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:08:27.0955 3376 CLFS - ok
23:08:28.0022 3376 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:08:28.0023 3376 clr_optimization_v2.0.50727_32 - ok
23:08:28.0075 3376 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:08:28.0077 3376 clr_optimization_v2.0.50727_64 - ok
23:08:28.0179 3376 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:08:28.0181 3376 clr_optimization_v4.0.30319_32 - ok
23:08:28.0213 3376 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:08:28.0215 3376 clr_optimization_v4.0.30319_64 - ok
23:08:28.0248 3376 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:08:28.0248 3376 CmBatt - ok
23:08:28.0264 3376 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:08:28.0265 3376 cmdide - ok
23:08:28.0310 3376 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
23:08:28.0321 3376 CNG - ok
23:08:28.0342 3376 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:08:28.0343 3376 Compbatt - ok
23:08:28.0379 3376 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:08:28.0379 3376 CompositeBus - ok
23:08:28.0396 3376 COMSysApp - ok
23:08:28.0486 3376 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
23:08:28.0487 3376 cpudrv64 - ok
23:08:28.0524 3376 cpuz134 (17719a7f571d4cd08223f0b30f71b8b8) C:\Windows\system32\drivers\cpuz134_x64.sys
23:08:28.0525 3376 cpuz134 - ok
23:08:28.0540 3376 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:08:28.0541 3376 crcdisk - ok
23:08:28.0623 3376 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
23:08:28.0625 3376 Creative ALchemy AL6 Licensing Service - ok
23:08:28.0646 3376 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
23:08:28.0647 3376 Creative Audio Engine Licensing Service - ok
23:08:28.0688 3376 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
23:08:28.0695 3376 CryptSvc - ok
23:08:28.0725 3376 CTAudSvcService (69cdba2b9c397e349a04fa70dd9170a2) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
23:08:28.0740 3376 CTAudSvcService - ok
23:08:28.0800 3376 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:08:28.0806 3376 DcomLaunch - ok
23:08:28.0848 3376 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:08:28.0863 3376 defragsvc - ok
23:08:28.0929 3376 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:08:28.0930 3376 DfsC - ok
23:08:28.0987 3376 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:08:29.0001 3376 Dhcp - ok
23:08:29.0008 3376 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:08:29.0009 3376 discache - ok
23:08:29.0044 3376 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:08:29.0045 3376 Disk - ok
23:08:29.0083 3376 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:08:29.0085 3376 Dnscache - ok
23:08:29.0110 3376 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:08:29.0125 3376 dot3svc - ok
23:08:29.0170 3376 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
23:08:29.0172 3376 Dot4 - ok
23:08:29.0212 3376 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
23:08:29.0212 3376 Dot4Print - ok
23:08:29.0248 3376 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
23:08:29.0249 3376 dot4usb - ok
23:08:29.0284 3376 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:08:29.0286 3376 DPS - ok
23:08:29.0322 3376 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:08:29.0323 3376 drmkaud - ok
23:08:29.0395 3376 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:08:29.0415 3376 DXGKrnl - ok
23:08:29.0466 3376 e1express (416a2007878ed1d6fc5dddb9e1f6db3e) C:\Windows\system32\DRIVERS\e1e6032e.sys
23:08:29.0482 3376 e1express - ok
23:08:29.0519 3376 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:08:29.0521 3376 EapHost - ok
23:08:29.0699 3376 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:08:29.0750 3376 ebdrv - ok
23:08:29.0830 3376 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:08:29.0832 3376 EFS - ok
23:08:29.0922 3376 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:08:29.0941 3376 ehRecvr - ok
23:08:29.0962 3376 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:08:29.0964 3376 ehSched - ok
23:08:30.0045 3376 ElbyCDIO (4456e16591843c4506772d2c37834141) C:\Windows\system32\Drivers\ElbyCDIO.sys
23:08:30.0046 3376 ElbyCDIO - ok
23:08:30.0096 3376 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:08:30.0105 3376 elxstor - ok
23:08:30.0134 3376 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:08:30.0135 3376 ErrDev - ok
23:08:30.0186 3376 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:08:30.0199 3376 EventSystem - ok
23:08:30.0216 3376 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:08:30.0222 3376 exfat - ok
23:08:30.0247 3376 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:08:30.0250 3376 fastfat - ok
23:08:30.0302 3376 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:08:30.0321 3376 Fax - ok
23:08:30.0338 3376 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:08:30.0339 3376 fdc - ok
23:08:30.0357 3376 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:08:30.0358 3376 fdPHost - ok
23:08:30.0364 3376 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:08:30.0366 3376 FDResPub - ok
23:08:30.0387 3376 feuorkjv - ok
23:08:30.0401 3376 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:08:30.0403 3376 FileInfo - ok
23:08:30.0519 3376 FileMonitor (060cc45cecae2feaff9c8c52d8fafaa8) C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys
23:08:30.0519 3376 FileMonitor - ok
23:08:30.0537 3376 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:08:30.0538 3376 Filetrace - ok
23:08:30.0638 3376 FLEXnet Licensing Service (73081cf28f0ae20a52ca4f67cee6e6b0) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:08:30.0657 3376 FLEXnet Licensing Service - ok
23:08:30.0790 3376 FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
23:08:30.0808 3376 FLEXnet Licensing Service 64 - ok
23:08:30.0909 3376 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:08:30.0910 3376 flpydisk - ok
23:08:30.0944 3376 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:08:30.0959 3376 FltMgr - ok
23:08:31.0024 3376 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
23:08:31.0040 3376 FontCache - ok
23:08:31.0148 3376 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:08:31.0150 3376 FontCache3.0.0.0 - ok
23:08:31.0169 3376 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:08:31.0170 3376 FsDepends - ok
23:08:31.0210 3376 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
23:08:31.0211 3376 fssfltr - ok
23:08:31.0396 3376 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
23:08:31.0416 3376 fsssvc - ok
23:08:31.0512 3376 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
23:08:31.0512 3376 Fs_Rec - ok
23:08:31.0569 3376 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:08:31.0575 3376 fvevol - ok
23:08:31.0595 3376 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:08:31.0597 3376 gagp30kx - ok
23:08:31.0636 3376 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:08:31.0637 3376 GEARAspiWDM - ok
23:08:31.0673 3376 gfvknt (a297a7b0060e10a4ce577a9f12680046) C:\Windows\system32\DRIVERS\gfvknt64.sys
23:08:31.0673 3376 gfvknt - ok
23:08:31.0738 3376 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:08:31.0752 3376 gpsvc - ok
23:08:31.0855 3376 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:08:31.0856 3376 gupdate - ok
23:08:31.0884 3376 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:08:31.0885 3376 gupdatem - ok
23:08:31.0926 3376 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:08:31.0929 3376 gusvc - ok
23:08:31.0941 3376 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:08:31.0942 3376 hcw85cir - ok
23:08:31.0992 3376 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:08:32.0016 3376 HdAudAddService - ok
23:08:32.0059 3376 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:08:32.0061 3376 HDAudBus - ok
23:08:32.0081 3376 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:08:32.0082 3376 HidBatt - ok
23:08:32.0095 3376 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:08:32.0096 3376 HidBth - ok
23:08:32.0106 3376 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:08:32.0107 3376 HidIr - ok
23:08:32.0133 3376 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
23:08:32.0134 3376 hidserv - ok
23:08:32.0174 3376 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:08:32.0175 3376 HidUsb - ok
23:08:32.0195 3376 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:08:32.0197 3376 hkmsvc - ok
23:08:32.0232 3376 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:08:32.0248 3376 HomeGroupListener - ok
23:08:32.0279 3376 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:08:32.0285 3376 HomeGroupProvider - ok
23:08:32.0447 3376 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
23:08:32.0451 3376 hpqcxs08 - ok
23:08:32.0484 3376 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
23:08:32.0486 3376 hpqddsvc - ok
23:08:32.0539 3376 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:08:32.0540 3376 HpSAMD - ok
23:08:32.0684 3376 HPSLPSVC - ok
23:08:32.0753 3376 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:08:32.0769 3376 HTTP - ok
23:08:32.0794 3376 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:08:32.0795 3376 hwpolicy - ok
23:08:32.0848 3376 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:08:32.0849 3376 i8042prt - ok
23:08:32.0898 3376 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:08:32.0911 3376 iaStorV - ok
23:08:32.0998 3376 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:08:32.0999 3376 IDriverT - ok
23:08:33.0117 3376 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:08:33.0130 3376 idsvc - ok
23:08:33.0227 3376 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:08:33.0228 3376 iirsp - ok
23:08:33.0466 3376 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:08:33.0475 3376 IKEEXT - ok
23:08:33.0595 3376 IMFservice (8ae99ebe30e8338907361018d9030835) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
23:08:33.0610 3376 IMFservice - ok
23:08:33.0695 3376 IntcAzAudAddService - ok
23:08:33.0714 3376 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:08:33.0715 3376 intelide - ok
23:08:33.0738 3376 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:08:33.0739 3376 intelppm - ok
23:08:33.0782 3376 iopkkbzj (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\iopkkbzj.sys
23:08:33.0783 3376 iopkkbzj - ok
23:08:33.0808 3376 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:08:33.0810 3376 IPBusEnum - ok
23:08:33.0832 3376 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:08:33.0833 3376 IpFilterDriver - ok
23:08:33.0905 3376 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
23:08:33.0914 3376 iphlpsvc - ok
23:08:33.0938 3376 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:08:33.0940 3376 IPMIDRV - ok
23:08:33.0967 3376 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:08:33.0969 3376 IPNAT - ok
23:08:34.0113 3376 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
23:08:34.0143 3376 iPod Service - ok
23:08:34.0167 3376 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:08:34.0168 3376 IRENUM - ok
23:08:34.0181 3376 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:08:34.0182 3376 isapnp - ok
23:08:34.0208 3376 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:08:34.0223 3376 iScsiPrt - ok
23:08:34.0252 3376 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:08:34.0253 3376 kbdclass - ok
23:08:34.0291 3376 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
23:08:34.0291 3376 kbdhid - ok
23:08:34.0344 3376 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:08:34.0346 3376 KeyIso - ok
23:08:34.0382 3376 KL1 - ok
23:08:34.0406 3376 kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys
23:08:34.0406 3376 kl2 - ok
23:08:34.0466 3376 KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys
23:08:34.0485 3376 KLIF - ok
23:08:34.0507 3376 KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys
23:08:34.0508 3376 KLIM6 - ok
23:08:34.0538 3376 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
23:08:34.0539 3376 klmouflt - ok
23:08:34.0563 3376 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
23:08:34.0564 3376 KSecDD - ok
23:08:34.0593 3376 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
23:08:34.0600 3376 KSecPkg - ok
23:08:34.0616 3376 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:08:34.0617 3376 ksthunk - ok
23:08:34.0678 3376 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:08:34.0689 3376 KtmRm - ok
23:08:34.0737 3376 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
23:08:34.0752 3376 LanmanServer - ok
23:08:34.0782 3376 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:08:34.0790 3376 LanmanWorkstation - ok
23:08:35.0211 3376 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
23:08:35.0294 3376 LeapFrog Connect Device Service - ok
23:08:35.0500 3376 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
23:08:35.0500 3376 lirsgt - ok
23:08:35.0627 3376 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:08:35.0628 3376 lltdio - ok
23:08:35.0682 3376 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:08:35.0697 3376 lltdsvc - ok
23:08:35.0708 3376 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:08:35.0709 3376 lmhosts - ok
23:08:35.0721 3376 lmimirr - ok
23:08:35.0758 3376 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:08:35.0759 3376 LSI_FC - ok
23:08:35.0776 3376 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:08:35.0777 3376 LSI_SAS - ok
23:08:35.0789 3376 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:08:35.0790 3376 LSI_SAS2 - ok
23:08:35.0809 3376 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:08:35.0810 3376 LSI_SCSI - ok
23:08:35.0829 3376 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:08:35.0830 3376 luafv - ok
23:08:36.0059 3376 Matrox.Pdesk3.ServicesHost (c2f3bba0760ab9dd33bcc60a663a108c) C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Services.exe
23:08:36.0115 3376 Matrox.Pdesk3.ServicesHost - ok
23:08:36.0246 3376 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
23:08:36.0247 3376 MBAMProtector - ok
23:08:36.0299 3376 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:08:36.0317 3376 MBAMService - ok
23:08:36.0336 3376 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:08:36.0338 3376 Mcx2Svc - ok
23:08:36.0367 3376 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:08:36.0368 3376 megasas - ok
23:08:36.0390 3376 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:08:36.0405 3376 MegaSR - ok
23:08:36.0473 3376 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
23:08:36.0475 3376 Microsoft Office Groove Audit Service - ok
23:08:36.0496 3376 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:08:36.0498 3376 MMCSS - ok
23:08:36.0509 3376 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:08:36.0510 3376 Modem - ok
23:08:36.0548 3376 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:08:36.0548 3376 monitor - ok
23:08:36.0593 3376 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:08:36.0595 3376 mouclass - ok
23:08:36.0615 3376 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:08:36.0616 3376 mouhid - ok
23:08:36.0638 3376 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:08:36.0640 3376 mountmgr - ok
23:08:36.0684 3376 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
23:08:36.0691 3376 MpFilter - ok
23:08:36.0731 3376 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:08:36.0733 3376 mpio - ok
23:08:36.0750 3376 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:08:36.0751 3376 mpsdrv - ok
23:08:36.0775 3376 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:08:36.0777 3376 MRxDAV - ok
23:08:36.0800 3376 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:08:36.0803 3376 mrxsmb - ok
23:08:36.0835 3376 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:08:36.0846 3376 mrxsmb10 - ok
23:08:36.0866 3376 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:08:36.0868 3376 mrxsmb20 - ok
23:08:36.0899 3376 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:08:36.0900 3376 msahci - ok
23:08:36.0928 3376 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:08:36.0933 3376 msdsm - ok
23:08:36.0956 3376 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:08:36.0959 3376 MSDTC - ok
23:08:36.0989 3376 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:08:36.0990 3376 Msfs - ok
23:08:37.0012 3376 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:08:37.0013 3376 mshidkmdf - ok
23:08:37.0023 3376 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:08:37.0024 3376 msisadrv - ok
23:08:37.0052 3376 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:08:37.0060 3376 MSiSCSI - ok
23:08:37.0064 3376 msiserver - ok
23:08:37.0086 3376 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:08:37.0087 3376 MSKSSRV - ok
23:08:37.0191 3376 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
23:08:37.0192 3376 MsMpSvc - ok
23:08:37.0207 3376 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:08:37.0207 3376 MSPCLOCK - ok
23:08:37.0222 3376 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:08:37.0223 3376 MSPQM - ok
23:08:37.0258 3376 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:08:37.0275 3376 MsRPC - ok
23:08:37.0288 3376 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:08:37.0289 3376 mssmbios - ok
23:08:37.0304 3376 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:08:37.0304 3376 MSTEE - ok
23:08:37.0307 3376 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:08:37.0308 3376 MTConfig - ok
23:08:37.0335 3376 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:08:37.0336 3376 Mup - ok
23:08:37.0375 3376 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:08:37.0384 3376 napagent - ok
23:08:37.0425 3376 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:08:37.0438 3376 NativeWifiP - ok
23:08:37.0554 3376 NAUpdate (e4534bccdd1ea7a7a256bb9d6688a5fc) C:\Program Files (x86)\Nero\Update\NASvc.exe
23:08:37.0564 3376 NAUpdate - ok
23:08:37.0634 3376 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:08:37.0652 3376 NDIS - ok
23:08:37.0685 3376 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:08:37.0686 3376 NdisCap - ok
23:08:37.0713 3376 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:08:37.0713 3376 NdisTapi - ok
23:08:37.0873 3376 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:08:37.0874 3376 Ndisuio - ok
23:08:37.0907 3376 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:08:37.0909 3376 NdisWan - ok
23:08:37.0935 3376 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:08:37.0936 3376 NDProxy - ok
23:08:37.0969 3376 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
23:08:37.0971 3376 Net Driver HPZ12 - ok
23:08:38.0018 3376 Netaapl (307bc83250fc8e3b2878d81e7d760299) C:\Windows\system32\DRIVERS\netaapl64.sys
23:08:38.0019 3376 Netaapl - ok
23:08:38.0044 3376 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:08:38.0046 3376 NetBIOS - ok
23:08:38.0081 3376 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:08:38.0094 3376 NetBT - ok
23:08:38.0118 3376 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:08:38.0119 3376 Netlogon - ok
23:08:38.0186 3376 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:08:38.0197 3376 Netman - ok
23:08:38.0283 3376 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:08:38.0285 3376 NetMsmqActivator - ok
23:08:38.0298 3376 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:08:38.0299 3376 NetPipeActivator - ok
23:08:38.0329 3376 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:08:38.0339 3376 netprofm - ok
23:08:38.0392 3376 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:08:38.0393 3376 NetTcpActivator - ok
23:08:38.0396 3376 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:08:38.0397 3376 NetTcpPortSharing - ok
23:08:38.0462 3376 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:08:38.0479 3376 nfrd960 - ok
23:08:38.0511 3376 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:08:38.0512 3376 NisDrv - ok
23:08:38.0619 3376 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
23:08:38.0633 3376 NisSrv - ok
23:08:38.0683 3376 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:08:38.0696 3376 NlaSvc - ok
23:08:38.0708 3376 nmwcdcx64 - ok
23:08:38.0721 3376 nmwcdx64 - ok
23:08:38.0734 3376 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:08:38.0735 3376 Npfs - ok
23:08:38.0763 3376 npusbio (95a2ab418251a3b2a2571cde880b80d0) C:\Windows\system32\Drivers\npusbio_x64.sys
23:08:38.0764 3376 npusbio - ok
23:08:38.0774 3376 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:08:38.0776 3376 nsi - ok
23:08:38.0791 3376 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:08:38.0792 3376 nsiproxy - ok
23:08:38.0891 3376 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:08:38.0916 3376 Ntfs - ok
23:08:39.0008 3376 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:08:39.0008 3376 Null - ok
23:09:01.0271 3376 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:09:01.0510 3376 nvlddmkm - ok
23:09:01.0640 3376 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:09:01.0642 3376 nvraid - ok
23:09:01.0688 3376 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:09:01.0690 3376 nvstor - ok
23:09:01.0795 3376 nvsvc (34e5498528bb3d5a951f889f8756ad26) C:\Windows\system32\nvvsvc.exe
23:09:01.0807 3376 nvsvc - ok
23:09:01.0830 3376 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:09:01.0832 3376 nv_agp - ok
23:09:01.0993 3376 O&O Defrag (6ff0f6c590e92ff1dc559b3b1b3b1b11) C:\Program Files\OO Software\Defrag\oodag.exe
23:09:02.0029 3376 O&O Defrag - ok
23:09:02.0148 3376 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:09:02.0159 3376 odserv - ok
23:09:02.0268 3376 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:09:02.0269 3376 ohci1394 - ok
23:09:02.0298 3376 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:09:02.0300 3376 ose - ok
23:09:02.0326 3376 ozuuiixh - ok
23:09:02.0416 3376 P17 (634347adebc790b8f07654a3ea8034fd) C:\Windows\system32\drivers\P17.sys
23:09:02.0440 3376 P17 - ok
23:09:02.0477 3376 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:09:02.0491 3376 p2pimsvc - ok
23:09:02.0515 3376 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:09:02.0537 3376 p2psvc - ok
23:09:02.0583 3376 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:09:02.0583 3376 Parport - ok
23:09:02.0605 3376 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
23:09:02.0607 3376 partmgr - ok
23:09:02.0623 3376 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:09:02.0629 3376 PcaSvc - ok
23:09:02.0663 3376 pccsmcfd - ok
23:09:02.0700 3376 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:09:02.0706 3376 pci - ok
23:09:02.0724 3376 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:09:02.0725 3376 pciide - ok
23:09:02.0750 3376 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:09:02.0756 3376 pcmcia - ok
23:09:02.0778 3376 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:09:02.0779 3376 pcw - ok
23:09:02.0811 3376 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:09:02.0829 3376 PEAUTH - ok
23:09:02.0894 3376 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:09:02.0896 3376 PerfHost - ok
23:09:03.0018 3376 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:09:03.0041 3376 pla - ok
23:09:03.0087 3376 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:09:03.0098 3376 PlugPlay - ok
23:09:03.0160 3376 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
23:09:03.0162 3376 Pml Driver HPZ12 - ok
23:09:03.0185 3376 PnkBstrA - ok
23:09:03.0205 3376 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:09:03.0207 3376 PNRPAutoReg - ok
23:09:03.0231 3376 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:09:03.0235 3376 PNRPsvc - ok
23:09:03.0285 3376 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
23:09:03.0286 3376 Point64 - ok
23:09:03.0334 3376 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:09:03.0344 3376 PolicyAgent - ok
23:09:03.0386 3376 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:09:03.0389 3376 Power - ok
23:09:03.0434 3376 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:09:03.0436 3376 PptpMiniport - ok
23:09:03.0471 3376 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:09:03.0473 3376 Processor - ok
23:09:03.0513 3376 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
23:09:03.0518 3376 ProfSvc - ok
23:09:03.0545 3376 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:09:03.0546 3376 ProtectedStorage - ok
23:09:03.0596 3376 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:09:03.0598 3376 Psched - ok
23:09:03.0674 3376 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:09:03.0704 3376 ql2300 - ok
23:09:03.0789 3376 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:09:03.0791 3376 ql40xx - ok
23:09:03.0826 3376 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:09:03.0842 3376 QWAVE - ok
23:09:03.0858 3376 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:09:03.0859 3376 QWAVEdrv - ok
23:09:03.0873 3376 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:09:03.0874 3376 RasAcd - ok
23:09:03.0920 3376 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:09:03.0922 3376 RasAgileVpn - ok
23:09:03.0935 3376 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:09:03.0939 3376 RasAuto - ok
23:09:03.0965 3376 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:09:03.0967 3376 Rasl2tp - ok
23:09:04.0011 3376 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:09:04.0025 3376 RasMan - ok
23:09:04.0048 3376 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:09:04.0050 3376 RasPppoe - ok
23:09:04.0071 3376 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:09:04.0073 3376 RasSstp - ok
23:09:04.0107 3376 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:09:04.0121 3376 rdbss - ok
23:09:04.0131 3376 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:09:04.0132 3376 rdpbus - ok
23:09:04.0141 3376 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:09:04.0142 3376 RDPCDD - ok
23:09:04.0180 3376 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:09:04.0181 3376 RDPENCDD - ok
23:09:04.0191 3376 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:09:04.0192 3376 RDPREFMP - ok
23:09:04.0219 3376 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
23:09:04.0235 3376 RDPWD - ok
23:09:04.0281 3376 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:09:04.0297 3376 rdyboost - ok
23:09:04.0434 3376 RegFilter (c3b79061634fbc3ba3379f557ad952c7) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys
23:09:04.0435 3376 RegFilter - ok
23:09:04.0486 3376 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:09:04.0488 3376 RemoteAccess - ok
23:09:04.0519 3376 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:09:04.0526 3376 RemoteRegistry - ok
23:09:04.0597 3376 RichVideo (616f6e52cae254727a886ba8eda1beea) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
23:09:04.0600 3376 RichVideo - ok
23:09:04.0619 3376 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:09:04.0621 3376 RpcEptMapper - ok
23:09:04.0643 3376 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:09:04.0645 3376 RpcLocator - ok
23:09:04.0724 3376 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:09:04.0728 3376 RpcSs - ok
23:09:04.0787 3376 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:09:04.0788 3376 rspndr - ok
23:09:04.0832 3376 rzudd (6dd4726d289a891012fe99a5ee1ffa99) C:\Windows\system32\DRIVERS\rzudd.sys
23:09:04.0833 3376 rzudd - ok
23:09:04.0867 3376 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:09:04.0869 3376 SamSs - ok
23:09:04.0897 3376 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:09:04.0898 3376 sbp2port - ok
23:09:04.0916 3376 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:09:04.0921 3376 SCardSvr - ok
23:09:04.0935 3376 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:09:04.0936 3376 scfilter - ok
23:09:04.0994 3376 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:09:05.0012 3376 Schedule - ok
23:09:05.0032 3376 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:09:05.0034 3376 SCPolicySvc - ok
23:09:05.0145 3376 ScsiAccess (958e956e119eb7b9aba142afed1b5ff4) C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
23:09:05.0152 3376 ScsiAccess - ok
23:09:05.0221 3376 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:09:05.0225 3376 SDRSVC - ok
23:09:05.0283 3376 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:09:05.0284 3376 secdrv - ok
23:09:05.0302 3376 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:09:05.0304 3376 seclogon - ok
23:09:05.0318 3376 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
23:09:05.0321 3376 SENS - ok
23:09:05.0336 3376 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:09:05.0339 3376 SensrSvc - ok
23:09:05.0354 3376 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:09:05.0355 3376 Serenum - ok
23:09:05.0374 3376 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:09:05.0375 3376 Serial - ok
23:09:05.0404 3376 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:09:05.0404 3376 sermouse - ok
23:09:05.0439 3376 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:09:05.0442 3376 SessionEnv - ok
23:09:05.0469 3376 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:09:05.0470 3376 sffdisk - ok
23:09:05.0484 3376 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:09:05.0486 3376 sffp_mmc - ok
23:09:05.0500 3376 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:09:05.0500 3376 sffp_sd - ok
23:09:05.0512 3376 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:09:05.0513 3376 sfloppy - ok
23:09:05.0557 3376 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:09:05.0569 3376 ShellHWDetection - ok
23:09:05.0601 3376 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:09:05.0603 3376 SiSRaid2 - ok
23:09:05.0623 3376 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:09:05.0624 3376 SiSRaid4 - ok
23:09:05.0651 3376 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:09:05.0653 3376 Smb - ok
23:09:05.0693 3376 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:09:05.0696 3376 SNMPTRAP - ok
23:09:05.0708 3376 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:09:05.0709 3376 spldr - ok
23:09:05.0754 3376 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:09:05.0774 3376 Spooler - ok
23:09:05.0937 3376 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:09:05.0989 3376 sppsvc - ok
23:09:06.0061 3376 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:09:06.0063 3376 sppuinotify - ok
23:09:06.0116 3376 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:09:06.0126 3376 srv - ok
23:09:06.0158 3376 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:09:06.0168 3376 srv2 - ok
23:09:06.0185 3376 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:09:06.0188 3376 srvnet - ok
23:09:06.0221 3376 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:09:06.0227 3376 SSDPSRV - ok
23:09:06.0236 3376 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:09:06.0240 3376 SstpSvc - ok
23:09:06.0364 3376 Stereo Service (8544a200c40447e465f06e58687428bb) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
23:09:06.0375 3376 Stereo Service - ok
23:09:06.0394 3376 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:09:06.0395 3376 stexstor - ok
23:09:06.0451 3376 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:09:06.0469 3376 stisvc - ok
23:09:06.0506 3376 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:09:06.0506 3376 swenum - ok
23:09:06.0551 3376 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:09:06.0583 3376 swprv - ok
23:09:06.0721 3376 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:09:06.0778 3376 SysMain - ok
23:09:06.0890 3376 SysTool (b07e6681d303a612680223c729b021e2) C:\Windows\system32\DRIVERS\SysTool64.sys
23:09:06.0891 3376 SysTool - ok
23:09:06.0916 3376 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:09:06.0917 3376 TabletInputService - ok
23:09:06.0956 3376 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:09:06.0970 3376 TapiSrv - ok
23:09:06.0987 3376 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:09:06.0990 3376 TBS - ok
23:09:07.0119 3376 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
23:09:07.0161 3376 Tcpip - ok
23:09:07.0276 3376 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
23:09:07.0284 3376 TCPIP6 - ok
23:09:07.0357 3376 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:09:07.0358 3376 tcpipreg - ok
23:09:07.0376 3376 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:09:07.0377 3376 TDPIPE - ok
23:09:07.0457 3376 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:09:07.0458 3376 TDTCP - ok
23:09:07.0483 3376 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:09:07.0485 3376 tdx - ok
23:09:07.0504 3376 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:09:07.0505 3376 TermDD - ok
23:09:07.0570 3376 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:09:07.0588 3376 TermService - ok
23:09:07.0606 3376 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:09:07.0608 3376 Themes - ok
23:09:07.0637 3376 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:09:07.0638 3376 THREADORDER - ok
23:09:07.0645 3376 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:09:07.0648 3376 TrkWks - ok
23:09:07.0715 3376 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:09:07.0722 3376 TrustedInstaller - ok
23:09:07.0750 3376 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:09:07.0751 3376 tssecsrv - ok
23:09:07.0793 3376 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:09:07.0794 3376 TsUsbFlt - ok
23:09:07.0841 3376 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:09:07.0844 3376 tunnel - ok
23:09:07.0861 3376 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:09:07.0863 3376 uagp35 - ok
23:09:07.0898 3376 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:09:07.0912 3376 udfs - ok
23:09:07.0930 3376 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:09:07.0932 3376 UI0Detect - ok
23:09:07.0946 3376 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:09:07.0947 3376 uliagpkx - ok
23:09:07.0983 3376 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
23:09:07.0984 3376 umbus - ok
23:09:07.0996 3376 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:09:07.0996 3376 UmPass - ok
23:09:08.0025 3376 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:09:08.0038 3376 upnphost - ok
23:09:08.0050 3376 upperdev - ok
23:09:08.0200 3376 UrlFilter (401984715693b87fdf4f600fbbebd366) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys
23:09:08.0201 3376 UrlFilter - ok
23:09:08.0238 3376 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
23:09:08.0239 3376 USBAAPL64 - ok
23:09:08.0267 3376 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
23:09:08.0270 3376 usbaudio - ok
23:09:08.0287 3376 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:09:08.0289 3376 usbccgp - ok
23:09:08.0317 3376 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:09:08.0319 3376 usbcir - ok
23:09:08.0324 3376 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
23:09:08.0326 3376 usbehci - ok
23:09:08.0358 3376 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:09:08.0372 3376 usbhub - ok
23:09:08.0384 3376 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:09:08.0385 3376 usbohci - ok
23:09:08.0410 3376 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:09:08.0411 3376 usbprint - ok
23:09:08.0448 3376 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
23:09:08.0449 3376 usbscan - ok
23:09:08.0484 3376 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
23:09:08.0485 3376 usbser - ok
23:09:08.0489 3376 UsbserFilt - ok
23:09:08.0527 3376 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
23:09:08.0528 3376 USBSTOR - ok
23:09:08.0548 3376 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
23:09:08.0549 3376 usbuhci - ok
23:09:08.0573 3376 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:09:08.0575 3376 UxSms - ok
23:09:08.0604 3376 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:09:08.0606 3376 VaultSvc - ok
23:09:08.0678 3376 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:09:08.0679 3376 vdrvroot - ok
23:09:08.0719 3376 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:09:08.0727 3376 vds - ok
23:09:08.0749 3376 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:09:08.0750 3376 vga - ok
23:09:08.0754 3376 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:09:08.0755 3376 VgaSave - ok
23:09:08.0774 3376 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:09:08.0779 3376 vhdmp - ok
23:09:08.0815 3376 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:09:08.0816 3376 viaide - ok
23:09:08.0833 3376 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:09:08.0835 3376 volmgr - ok
23:09:08.0872 3376 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:09:08.0883 3376 volmgrx - ok
23:09:08.0903 3376 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:09:08.0916 3376 volsnap - ok
23:09:08.0957 3376 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:09:08.0958 3376 vsmraid - ok
23:09:09.0052 3376 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:09:09.0082 3376 VSS - ok
23:09:09.0214 3376 vvftav302 (0186ccf2557f71f8b7b26bb43ea8846b) C:\Windows\system32\drivers\vvftav302.sys
23:09:09.0229 3376 vvftav302 - ok
23:09:09.0240 3376 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
23:09:09.0241 3376 vwifibus - ok
23:09:09.0278 3376 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:09:09.0291 3376 W32Time - ok
23:09:09.0388 3376 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
23:09:09.0398 3376 W3SVC - ok
23:09:09.0411 3376 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:09:09.0412 3376 WacomPen - ok
23:09:09.0524 3376 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:09:09.0574 3376 WANARP - ok
23:09:09.0682 3376 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:09:09.0683 3376 Wanarpv6 - ok
23:09:09.0789 3376 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
23:09:09.0791 3376 WAS - ok
23:09:09.0874 3376 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:09:09.0897 3376 WatAdminSvc - ok
23:09:09.0986 3376 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:09:10.0017 3376 wbengine - ok
23:09:10.0154 3376 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:09:10.0160 3376 WbioSrvc - ok
23:09:10.0203 3376 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:09:10.0215 3376 wcncsvc - ok
23:09:10.0223 3376 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:09:10.0225 3376 WcsPlugInService - ok
23:09:10.0291 3376 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:09:10.0291 3376 Wd - ok
23:09:10.0332 3376 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:09:10.0349 3376 Wdf01000 - ok
23:09:10.0365 3376 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:09:10.0368 3376 WdiServiceHost - ok
23:09:10.0372 3376 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:09:10.0374 3376 WdiSystemHost - ok
23:09:10.0400 3376 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:09:10.0415 3376 WebClient - ok
23:09:10.0436 3376 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:09:10.0453 3376 Wecsvc - ok
23:09:10.0468 3376 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:09:10.0471 3376 wercplsupport - ok
23:09:10.0504 3376 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:09:10.0507 3376 WerSvc - ok
23:09:10.0525 3376 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:09:10.0525 3376 WfpLwf - ok
23:09:10.0541 3376 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:09:10.0541 3376 WIMMount - ok
23:09:10.0609 3376 WinDefend - ok
23:09:10.0626 3376 WinHttpAutoProxySvc - ok
23:09:10.0690 3376 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:09:10.0706 3376 Winmgmt - ok
23:09:10.0818 3376 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:09:10.0869 3376 WinRM - ok
23:09:10.0978 3376 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:09:10.0979 3376 WinUsb - ok
23:09:11.0052 3376 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:09:11.0065 3376 Wlansvc - ok
23:09:11.0177 3376 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:09:11.0179 3376 wlcrasvc - ok
23:09:11.0335 3376 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:09:11.0368 3376 wlidsvc - ok
23:09:11.0399 3376 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:09:11.0400 3376 WmiAcpi - ok
23:09:11.0457 3376 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:09:11.0469 3376 wmiApSrv - ok
23:09:11.0521 3376 WMPNetworkSvc - ok
23:09:11.0535 3376 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:09:11.0538 3376 WPCSvc - ok
23:09:11.0564 3376 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:09:11.0568 3376 WPDBusEnum - ok
23:09:11.0586 3376 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:09:11.0587 3376 ws2ifsl - ok
23:09:11.0632 3376 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
23:09:11.0635 3376 wscsvc - ok
23:09:11.0638 3376 WSearch - ok
23:09:11.0783 3376 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
23:09:11.0819 3376 wuauserv - ok
23:09:11.0877 3376 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:09:11.0878 3376 WudfPf - ok
23:09:11.0924 3376 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:09:11.0927 3376 WUDFRd - ok
23:09:11.0952 3376 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:09:11.0955 3376 wudfsvc - ok
23:09:11.0988 3376 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:09:12.0003 3376 WwanSvc - ok
23:09:12.0090 3376 ZSMC301b (6e53d1058b900443949c69ec6215d98f) C:\Windows\system32\Drivers\usbVM302.sys
23:09:12.0123 3376 ZSMC301b - ok
23:09:12.0177 3376 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:09:12.0360 3376 \Device\Harddisk0\DR0 - ok
23:09:12.0368 3376 Boot (0x1200) (133d697514fd52e86d5430d6edc1185c) \Device\Harddisk0\DR0\Partition0
23:09:12.0369 3376 \Device\Harddisk0\DR0\Partition0 - ok
23:09:12.0379 3376 Boot (0x1200) (b1bab3a64d88ede6095c6ee108c7008b) \Device\Harddisk0\DR0\Partition1
23:09:12.0380 3376 \Device\Harddisk0\DR0\Partition1 - ok
23:09:12.0399 3376 Boot (0x1200) (ed4ea400ad7f212b02f68ffb1b589363) \Device\Harddisk0\DR0\Partition2
23:09:12.0400 3376 \Device\Harddisk0\DR0\Partition2 - ok
23:09:12.0400 3376 ============================================================
23:09:12.0400 3376 Scan finished
23:09:12.0400 3376 ============================================================
23:09:12.0408 0956 Detected object count: 0
23:09:12.0408 0956 Actual detected object count: 0
23:09:39.0778 5076 ============================================================
23:09:39.0778 5076 Scan started
23:09:39.0778 5076 Mode: Manual; SigCheck;
23:09:39.0778 5076 ============================================================
23:09:40.0348 5076 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:09:40.0445 5076 1394ohci - ok
23:09:40.0479 5076 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:09:40.0493 5076 ACPI - ok
23:09:40.0510 5076 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:09:40.0554 5076 AcpiPmi - ok
23:09:40.0581 5076 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
23:09:40.0625 5076 adfs - ok
23:09:40.0747 5076 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:09:40.0757 5076 AdobeFlashPlayerUpdateSvc - ok
23:09:40.0803 5076 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:09:40.0819 5076 adp94xx - ok
23:09:40.0841 5076 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:09:40.0855 5076 adpahci - ok
23:09:40.0879 5076 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:09:40.0891 5076 adpu320 - ok
23:09:40.0916 5076 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:09:40.0957 5076 AeLookupSvc - ok
23:09:41.0001 5076 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:09:41.0036 5076 AFD - ok
23:09:41.0056 5076 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:09:41.0067 5076 agp440 - ok
23:09:41.0082 5076 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:09:41.0121 5076 ALG - ok
23:09:41.0138 5076 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:09:41.0149 5076 aliide - ok
23:09:41.0154 5076 AMD External Events Utility - ok
23:09:41.0169 5076 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:09:41.0179 5076 amdide - ok
23:09:41.0197 5076 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:09:41.0217 5076 AmdK8 - ok
23:09:41.0231 5076 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:09:41.0251 5076 AmdPPM - ok
23:09:41.0282 5076 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:09:41.0293 5076 amdsata - ok
23:09:41.0316 5076 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:09:41.0329 5076 amdsbs - ok
23:09:41.0339 5076 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:09:41.0350 5076 amdxata - ok
23:09:41.0382 5076 AnyDVD (aa10a90af32ba0682820a51fbc4ace90) C:\Windows\system32\Drivers\AnyDVD.sys
23:09:41.0393 5076 AnyDVD - ok
23:09:41.0449 5076 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
23:09:41.0491 5076 AppHostSvc - ok
23:09:41.0521 5076 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:09:41.0562 5076 AppID - ok
23:09:41.0573 5076 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:09:41.0600 5076 AppIDSvc - ok
23:09:41.0624 5076 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:09:41.0678 5076 Appinfo - ok
23:09:41.0779 5076 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:09:41.0788 5076 Apple Mobile Device - ok
23:09:41.0805 5076 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:09:41.0817 5076 arc - ok
23:09:41.0836 5076 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:09:41.0848 5076 arcsas - ok
23:09:41.0944 5076 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:09:41.0953 5076 aspnet_state - ok
23:09:41.0966 5076 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:09:41.0994 5076 AsyncMac - ok
23:09:42.0020 5076 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:09:42.0031 5076 atapi - ok
23:09:42.0085 5076 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
23:09:42.0097 5076 atksgt - ok
23:09:42.0153 5076 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:09:42.0197 5076 AudioEndpointBuilder - ok
23:09:42.0202 5076 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:09:42.0238 5076 AudioSrv - ok
23:09:42.0300 5076 AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
23:09:42.0311 5076 AVP - ok
23:09:42.0343 5076 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:09:42.0422 5076 AxInstSV - ok
23:09:42.0501 5076 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:09:42.0537 5076 b06bdrv - ok
23:09:42.0566 5076 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:09:42.0580 5076 b57nd60a - ok
23:09:42.0647 5076 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:09:42.0683 5076 BDESVC - ok
23:09:42.0696 5076 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:09:42.0732 5076 Beep - ok
23:09:42.0803 5076 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
23:09:42.0850 5076 BITS - ok
23:09:42.0864 5076 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:09:42.0887 5076 blbdrive - ok
23:09:42.0958 5076 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
23:09:42.0970 5076 Bonjour Service - ok
23:09:42.0986 5076 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:09:43.0013 5076 bowser - ok
23:09:43.0026 5076 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:09:43.0086 5076 BrFiltLo - ok
23:09:43.0106 5076 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:09:43.0119 5076 BrFiltUp - ok
23:09:43.0133 5076 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:09:43.0175 5076 BridgeMP - ok
23:09:43.0201 5076 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:09:43.0228 5076 Browser - ok
23:09:43.0248 5076 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:09:43.0287 5076 Brserid - ok
23:09:43.0302 5076 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:09:43.0315 5076 BrSerWdm - ok
23:09:43.0336 5076 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:09:43.0359 5076 BrUsbMdm - ok
23:09:43.0378 5076 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:09:43.0389 5076 BrUsbSer - ok
23:09:43.0404 5076 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:09:43.0423 5076 BTHMODEM - ok
23:09:43.0449 5076 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:09:43.0485 5076 bthserv - ok
23:09:43.0506 5076 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:09:43.0550 5076 cdfs - ok
23:09:43.0578 5076 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
23:09:43.0596 5076 cdrom - ok
23:09:43.0618 5076 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:09:43.0657 5076 CertPropSvc - ok
23:09:43.0689 5076 chdrvr01 (8504f0aa0b81789da9a5cab08cbacd51) C:\Windows\system32\DRIVERS\chdrvr01.sys
23:09:43.0700 5076 chdrvr01 - ok
23:09:43.0716 5076 chdrvr02 (38b5c53eb02e8df28923d5917fbd9f1f) C:\Windows\system32\DRIVERS\chdrvr02.sys
23:09:43.0723 5076 chdrvr02 - ok
23:09:43.0745 5076 chdrvr03 (7b42079e66bfdf958fbd9fe67797d6d3) C:\Windows\system32\DRIVERS\chdrvr03.sys
23:09:43.0752 5076 chdrvr03 - ok
23:09:43.0773 5076 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:09:43.0786 5076 circlass - ok
23:09:43.0815 5076 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:09:43.0829 5076 CLFS - ok
23:09:43.0884 5076 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:09:43.0894 5076 clr_optimization_v2.0.50727_32 - ok
23:09:43.0949 5076 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:09:43.0958 5076 clr_optimization_v2.0.50727_64 - ok
23:09:44.0019 5076 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:09:44.0028 5076 clr_optimization_v4.0.30319_32 - ok
23:09:44.0054 5076 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:09:44.0064 5076 clr_optimization_v4.0.30319_64 - ok
23:09:44.0085 5076 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:09:44.0103 5076 CmBatt - ok
23:09:44.0116 5076 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:09:44.0130 5076 cmdide - ok
23:09:44.0172 5076 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
23:09:44.0204 5076 CNG - ok
23:09:44.0216 5076 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:09:44.0228 5076 Compbatt - ok
23:09:44.0252 5076 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:09:44.0278 5076 CompositeBus - ok
23:09:44.0285 5076 COMSysApp - ok
23:09:44.0348 5076 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
23:09:44.0358 5076 cpudrv64 - ok
23:09:44.0375 5076 cpuz134 (17719a7f571d4cd08223f0b30f71b8b8) C:\Windows\system32\drivers\cpuz134_x64.sys
23:09:44.0384 5076 cpuz134 - ok
23:09:44.0399 5076 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:09:44.0410 5076 crcdisk - ok
23:09:44.0463 5076 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
23:09:44.0472 5076 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
23:09:44.0472 5076 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
23:09:44.0496 5076 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
23:09:44.0514 5076 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
23:09:44.0514 5076 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
23:09:44.0541 5076 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
23:09:44.0582 5076 CryptSvc - ok
23:09:44.0609 5076 CTAudSvcService (69cdba2b9c397e349a04fa70dd9170a2) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
23:09:44.0625 5076 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
23:09:44.0625 5076 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
23:09:44.0663 5076 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:09:44.0707 5076 DcomLaunch - ok
23:09:44.0733 5076 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:09:44.0773 5076 defragsvc - ok
23:09:44.0777 5076 Scan interrupted by user!
23:09:44.0777 5076 Scan interrupted by user!
23:09:44.0777 5076 Scan interrupted by user!
23:09:44.0777 5076 ============================================================
23:09:44.0777 5076 Scan finished
23:09:44.0777 5076 ============================================================
23:09:44.0784 4980 Detected object count: 3
23:09:44.0784 4980 Actual detected object count: 3
23:09:46.0814 4980 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:09:46.0814 4980 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:09:46.0814 4980 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:09:46.0814 4980 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:09:46.0815 4980 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
23:09:46.0815 4980 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:09:53.0269 3252 ============================================================
23:09:53.0269 3252 Scan started
23:09:53.0269 3252 Mode: Manual;
23:09:53.0269 3252 ============================================================
23:09:53.0663 3252 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:09:53.0665 3252 1394ohci - ok
23:09:53.0692 3252 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:09:53.0693 3252 ACPI - ok
23:09:53.0712 3252 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:09:53.0712 3252 AcpiPmi - ok
23:09:53.0750 3252 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
23:09:53.0750 3252 adfs - ok
23:09:53.0838 3252 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:09:53.0839 3252 AdobeFlashPlayerUpdateSvc - ok
23:09:53.0883 3252 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:09:53.0885 3252 adp94xx - ok
23:09:53.0911 3252 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:09:53.0912 3252 adpahci - ok
23:09:53.0938 3252 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:09:53.0939 3252 adpu320 - ok
23:09:53.0961 3252 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:09:53.0962 3252 AeLookupSvc - ok
23:09:54.0003 3252 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:09:54.0005 3252 AFD - ok
23:09:54.0025 3252 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:09:54.0026 3252 agp440 - ok
23:09:54.0040 3252 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:09:54.0041 3252 ALG - ok
23:09:54.0052 3252 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:09:54.0052 3252 aliide - ok
23:09:54.0058 3252 AMD External Events Utility - ok
23:09:54.0072 3252 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:09:54.0072 3252 amdide - ok
23:09:54.0088 3252 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:09:54.0088 3252 AmdK8 - ok
23:09:54.0112 3252 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:09:54.0113 3252 AmdPPM - ok
23:09:54.0137 3252 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:09:54.0138 3252 amdsata - ok
23:09:54.0170 3252 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:09:54.0171 3252 amdsbs - ok
23:09:54.0187 3252 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:09:54.0187 3252 amdxata - ok
23:09:54.0218 3252 AnyDVD (aa10a90af32ba0682820a51fbc4ace90) C:\Windows\system32\Drivers\AnyDVD.sys
23:09:54.0219 3252 AnyDVD - ok
23:09:54.0285 3252 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
23:09:54.0285 3252 AppHostSvc - ok
23:09:54.0312 3252 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:09:54.0313 3252 AppID - ok
23:09:54.0331 3252 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:09:54.0332 3252 AppIDSvc - ok
23:09:54.0360 3252 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:09:54.0361 3252 Appinfo - ok
23:09:54.0459 3252 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:09:54.0459 3252 Apple Mobile Device - ok
23:09:54.0475 3252 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:09:54.0476 3252 arc - ok
23:09:54.0496 3252 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:09:54.0496 3252 arcsas - ok
23:09:54.0591 3252 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:09:54.0591 3252 aspnet_state - ok
23:09:54.0602 3252 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:09:54.0603 3252 AsyncMac - ok
23:09:54.0634 3252 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:09:54.0635 3252 atapi - ok
23:09:54.0677 3252 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
23:09:54.0678 3252 atksgt - ok
23:09:54.0720 3252 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:09:54.0723 3252 AudioEndpointBuilder - ok
23:09:54.0731 3252 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:09:54.0735 3252 AudioSrv - ok
23:09:54.0782 3252 AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
23:09:54.0783 3252 AVP - ok
23:09:54.0813 3252 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:09:54.0814 3252 AxInstSV - ok
23:09:54.0861 3252 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:09:54.0863 3252 b06bdrv - ok
23:09:54.0880 3252 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:09:54.0882 3252 b57nd60a - ok
23:09:54.0909 3252 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:09:54.0910 3252 BDESVC - ok
23:09:54.0916 3252 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:09:54.0916 3252 Beep - ok
23:09:54.0984 3252 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
23:09:54.0989 3252 BITS - ok
23:09:55.0000 3252 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:09:55.0001 3252 blbdrive - ok
23:09:55.0094 3252 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
23:09:55.0097 3252 Bonjour Service - ok
23:09:55.0123 3252 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:09:55.0124 3252 bowser - ok
23:09:55.0141 3252 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:09:55.0141 3252 BrFiltLo - ok
23:09:55.0161 3252 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:09:55.0161 3252 BrFiltUp - ok
23:09:55.0181 3252 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:09:55.0182 3252 BridgeMP - ok
23:09:55.0216 3252 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:09:55.0217 3252 Browser - ok
23:09:55.0241 3252 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:09:55.0243 3252 Brserid - ok
23:09:55.0262 3252 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:09:55.0262 3252 BrSerWdm - ok
23:09:55.0274 3252 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:09:55.0274 3252 BrUsbMdm - ok
23:09:55.0283 3252 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:09:55.0283 3252 BrUsbSer - ok
23:09:55.0296 3252 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:09:55.0297 3252 BTHMODEM - ok
23:09:55.0320 3252 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:09:55.0321 3252 bthserv - ok
23:09:55.0344 3252 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:09:55.0345 3252 cdfs - ok
23:09:55.0371 3252 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
23:09:55.0372 3252 cdrom - ok
23:09:55.0400 3252 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:09:55.0401 3252 CertPropSvc - ok
23:09:55.0438 3252 chdrvr01 (8504f0aa0b81789da9a5cab08cbacd51) C:\Windows\system32\DRIVERS\chdrvr01.sys
23:09:55.0439 3252 chdrvr01 - ok
23:09:55.0454 3252 chdrvr02 (38b5c53eb02e8df28923d5917fbd9f1f) C:\Windows\system32\DRIVERS\chdrvr02.sys
23:09:55.0455 3252 chdrvr02 - ok
23:09:55.0482 3252 chdrvr03 (7b42079e66bfdf958fbd9fe67797d6d3) C:\Windows\system32\DRIVERS\chdrvr03.sys
23:09:55.0483 3252 chdrvr03 - ok
23:09:55.0500 3252 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:09:55.0500 3252 circlass - ok
23:09:55.0532 3252 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:09:55.0534 3252 CLFS - ok
23:09:55.0588 3252 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:09:55.0589 3252 clr_optimization_v2.0.50727_32 - ok
23:09:55.0642 3252 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:09:55.0643 3252 clr_optimization_v2.0.50727_64 - ok
23:09:55.0702 3252 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:09:55.0703 3252 clr_optimization_v4.0.30319_32 - ok
23:09:55.0736 3252 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:09:55.0737 3252 clr_optimization_v4.0.30319_64 - ok
23:09:55.0746 3252 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:09:55.0746 3252 CmBatt - ok
23:09:55.0764 3252 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:09:55.0765 3252 cmdide - ok
23:09:55.0810 3252 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
23:09:55.0812 3252 CNG - ok
23:09:55.0832 3252 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:09:55.0833 3252 Compbatt - ok
23:09:55.0857 3252 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:09:55.0858 3252 CompositeBus - ok
23:09:55.0864 3252 COMSysApp - ok
23:09:55.0930 3252 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
23:09:55.0931 3252 cpudrv64 - ok
23:09:55.0947 3252 cpuz134 (17719a7f571d4cd08223f0b30f71b8b8) C:\Windows\system32\drivers\cpuz134_x64.sys
23:09:55.0947 3252 cpuz134 - ok
23:09:55.0958 3252 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:09:55.0959 3252 crcdisk - ok
23:09:56.0024 3252 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
23:09:56.0025 3252 Creative ALchemy AL6 Licensing Service - ok
23:09:56.0044 3252 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
23:09:56.0045 3252 Creative Audio Engine Licensing Service - ok
23:09:56.0088 3252 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
23:09:56.0089 3252 CryptSvc - ok
23:09:56.0114 3252 CTAudSvcService (69cdba2b9c397e349a04fa70dd9170a2) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
23:09:56.0116 3252 CTAudSvcService - ok
23:09:56.0169 3252 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:09:56.0173 3252 DcomLaunch - ok
23:09:56.0215 3252 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:09:56.0217 3252 defragsvc - ok
23:09:56.0262 3252 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:09:56.0263 3252 DfsC - ok
23:09:56.0298 3252 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:09:56.0300 3252 Dhcp - ok
23:09:56.0320 3252 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:09:56.0321 3252 discache - ok
23:09:56.0333 3252 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:09:56.0334 3252 Disk - ok
23:09:56.0372 3252 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:09:56.0374 3252 Dnscache - ok
23:09:56.0399 3252 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:09:56.0401 3252 dot3svc - ok
23:09:56.0427 3252 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
23:09:56.0428 3252 Dot4 - ok
23:09:56.0458 3252 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
23:09:56.0458 3252 Dot4Print - ok
23:09:56.0482 3252 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
23:09:56.0483 3252 dot4usb - ok
23:09:56.0517 3252 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:09:56.0519 3252 DPS - ok
23:09:56.0545 3252 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:09:56.0545 3252 drmkaud - ok
23:09:56.0617 3252 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:09:56.0621 3252 DXGKrnl - ok
23:09:56.0645 3252 e1express (416a2007878ed1d6fc5dddb9e1f6db3e) C:\Windows\system32\DRIVERS\e1e6032e.sys
23:09:56.0647 3252 e1express - ok
23:09:56.0664 3252 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:09:56.0666 3252 EapHost - ok
23:09:56.0827 3252 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:09:56.0841 3252 ebdrv - ok
23:09:56.0942 3252 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:09:56.0943 3252 EFS - ok
23:09:57.0001 3252 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:09:57.0004 3252 ehRecvr - ok
23:09:57.0031 3252 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:09:57.0031 3252 ehSched - ok
23:09:57.0080 3252 ElbyCDIO (4456e16591843c4506772d2c37834141) C:\Windows\system32\Drivers\ElbyCDIO.sys
23:09:57.0081 3252 ElbyCDIO - ok
23:09:57.0108 3252 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:09:57.0110 3252 elxstor - ok
23:09:57.0135 3252 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:09:57.0136 3252 ErrDev - ok
23:09:57.0187 3252 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:09:57.0189 3252 EventSystem - ok
23:09:57.0217 3252 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:09:57.0218 3252 exfat - ok
23:09:57.0237 3252 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:09:57.0238 3252 fastfat - ok
23:09:57.0307 3252 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:09:57.0311 3252 Fax - ok
23:09:57.0340 3252 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:09:57.0340 3252 fdc - ok
23:09:57.0358 3252 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:09:57.0359 3252 fdPHost - ok
23:09:57.0376 3252 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:09:57.0377 3252 FDResPub - ok
23:09:57.0379 3252 feuorkjv - ok
23:09:57.0391 3252 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:09:57.0391 3252 FileInfo - ok
23:09:57.0487 3252 FileMonitor (060cc45cecae2feaff9c8c52d8fafaa8) C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys
23:09:57.0487 3252 FileMonitor - ok
23:09:57.0504 3252 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:09:57.0505 3252 Filetrace - ok
23:09:57.0605 3252 FLEXnet Licensing Service (73081cf28f0ae20a52ca4f67cee6e6b0) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:09:57.0610 3252 FLEXnet Licensing Service - ok
23:09:57.0707 3252 FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
23:09:57.0711 3252 FLEXnet Licensing Service 64 - ok
23:09:57.0810 3252 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:09:57.0811 3252 flpydisk - ok
23:09:57.0856 3252 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:09:57.0858 3252 FltMgr - ok
23:09:57.0946 3252 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
23:09:57.0952 3252 FontCache - ok
23:09:58.0028 3252 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:09:58.0028 3252 FontCache3.0.0.0 - ok
23:09:58.0047 3252 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:09:58.0048 3252 FsDepends - ok
23:09:58.0079 3252 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
23:09:58.0079 3252 fssfltr - ok
23:09:58.0219 3252 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
23:09:58.0226 3252 fsssvc - ok
23:09:58.0313 3252 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
23:09:58.0314 3252 Fs_Rec - ok
23:09:58.0348 3252 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:09:58.0349 3252 fvevol - ok
23:09:58.0364 3252 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:09:58.0364 3252 gagp30kx - ok
23:09:58.0393 3252 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:09:58.0394 3252 GEARAspiWDM - ok
23:09:58.0418 3252 gfvknt (a297a7b0060e10a4ce577a9f12680046) C:\Windows\system32\DRIVERS\gfvknt64.sys
23:09:58.0419 3252 gfvknt - ok
23:09:58.0484 3252 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:09:58.0488 3252 gpsvc - ok
23:09:58.0526 3252 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:09:58.0526 3252 gupdate - ok
23:09:58.0529 3252 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:09:58.0529 3252 gupdatem - ok
23:09:58.0550 3252 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:09:58.0551 3252 gusvc - ok
23:09:58.0565 3252 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:09:58.0566 3252 hcw85cir - ok
23:09:58.0593 3252 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:09:58.0594 3252 HdAudAddService - ok
23:09:58.0617 3252 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:09:58.0618 3252 HDAudBus - ok
23:09:58.0626 3252 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:09:58.0626 3252 HidBatt - ok
23:09:58.0641 3252 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:09:58.0642 3252 HidBth - ok
23:09:58.0663 3252 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:09:58.0664 3252 HidIr - ok
23:09:58.0691 3252 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
23:09:58.0692 3252 hidserv - ok
23:09:58.0698 3252 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:09:58.0699 3252 HidUsb - ok
23:09:58.0718 3252 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:09:58.0720 3252 hkmsvc - ok
23:09:58.0755 3252 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:09:58.0757 3252 HomeGroupListener - ok
23:09:58.0791 3252 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:09:58.0793 3252 HomeGroupProvider - ok
23:09:58.0904 3252 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
23:09:58.0906 3252 hpqcxs08 - ok
23:09:58.0918 3252 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
23:09:58.0919 3252 hpqddsvc - ok
23:09:58.0929 3252 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:09:58.0930 3252 HpSAMD - ok
23:09:59.0018 3252 HPSLPSVC - ok
23:09:59.0078 3252 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:09:59.0081 3252 HTTP - ok
23:09:59.0108 3252 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:09:59.0108 3252 hwpolicy - ok
23:09:59.0127 3252 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:09:59.0128 3252 i8042prt - ok
23:09:59.0167 3252 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:09:59.0169 3252 iaStorV - ok
23:09:59.0233 3252 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:09:59.0234 3252 IDriverT - ok
23:09:59.0341 3252 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:09:59.0345 3252 idsvc - ok
23:09:59.0418 3252 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:09:59.0418 3252 iirsp - ok
23:09:59.0469 3252 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:09:59.0473 3252 IKEEXT - ok
23:09:59.0553 3252 IMFservice (8ae99ebe30e8338907361018d9030835) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
23:09:59.0557 3252 IMFservice - ok
23:09:59.0607 3252 IntcAzAudAddService - ok
23:09:59.0628 3252 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:09:59.0628 3252 intelide - ok
23:09:59.0641 3252 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:09:59.0641 3252 intelppm - ok
23:09:59.0663 3252 iopkkbzj (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\iopkkbzj.sys
23:09:59.0663 3252 iopkkbzj - ok
23:09:59.0689 3252 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:09:59.0690 3252 IPBusEnum - ok
23:09:59.0712 3252 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:09:59.0712 3252 IpFilterDriver - ok
23:09:59.0751 3252 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
23:09:59.0755 3252 iphlpsvc - ok
23:09:59.0786 3252 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:09:59.0787 3252 IPMIDRV - ok
23:09:59.0803 3252 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:09:59.0804 3252 IPNAT - ok
23:09:59.0890 3252 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
23:09:59.0895 3252 iPod Service - ok
23:09:59.0904 3252 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:09:59.0905 3252 IRENUM - ok
23:09:59.0917 3252 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:09:59.0918 3252 isapnp - ok
23:09:59.0944 3252 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:09:59.0945 3252 iScsiPrt - ok
23:09:59.0956 3252 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:09:59.0957 3252 kbdclass - ok
23:09:59.0982 3252 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
23:09:59.0983 3252 kbdhid - ok
23:10:00.0015 3252 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:10:00.0016 3252 KeyIso - ok
23:10:00.0019 3252 KL1 - ok
23:10:00.0041 3252 kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys
23:10:00.0042 3252 kl2 - ok
23:10:00.0091 3252 KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys
23:10:00.0094 3252 KLIF - ok
23:10:00.0111 3252 KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys
23:10:00.0111 3252 KLIM6 - ok
23:10:00.0123 3252 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
23:10:00.0123 3252 klmouflt - ok
23:10:00.0146 3252 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
23:10:00.0147 3252 KSecDD - ok
23:10:00.0172 3252 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
23:10:00.0173 3252 KSecPkg - ok
23:10:00.0185 3252 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:10:00.0186 3252 ksthunk - ok
23:10:00.0223 3252 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:10:00.0226 3252 KtmRm - ok
23:10:00.0262 3252 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
23:10:00.0264 3252 LanmanServer - ok
23:10:00.0295 3252 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:10:00.0297 3252 LanmanWorkstation - ok
23:10:00.0604 3252 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
23:10:00.0630 3252 LeapFrog Connect Device Service - ok
23:10:00.0732 3252 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
23:10:00.0733 3252 lirsgt - ok
23:10:00.0757 3252 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:10:00.0758 3252 lltdio - ok
23:10:00.0786 3252 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:10:00.0788 3252 lltdsvc - ok
23:10:00.0800 3252 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:10:00.0801 3252 lmhosts - ok
23:10:00.0804 3252 lmimirr - ok
23:10:00.0828 3252 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:10:00.0828 3252 LSI_FC - ok
23:10:00.0846 3252 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:10:00.0847 3252 LSI_SAS - ok
23:10:00.0858 3252 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:10:00.0859 3252 LSI_SAS2 - ok
23:10:00.0878 3252 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:10:00.0879 3252 LSI_SCSI - ok
23:10:00.0899 3252 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:10:00.0900 3252 luafv - ok
23:10:01.0118 3252 Matrox.Pdesk3.ServicesHost (c2f3bba0760ab9dd33bcc60a663a108c) C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Services.exe
23:10:01.0134 3252 Matrox.Pdesk3.ServicesHost - ok
23:10:01.0250 3252 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
23:10:01.0250 3252 MBAMProtector - ok
23:10:01.0303 3252 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:10:01.0305 3252 MBAMService - ok
23:10:01.0329 3252 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:10:01.0331 3252 Mcx2Svc - ok
23:10:01.0348 3252 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:10:01.0349 3252 megasas - ok
23:10:01.0372 3252 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:10:01.0374 3252 MegaSR - ok
23:10:01.0431 3252 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
23:10:01.0431 3252 Microsoft Office Groove Audit Service - ok
23:10:01.0455 3252 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:10:01.0457 3252 MMCSS - ok
23:10:01.0469 3252 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:10:01.0470 3252 Modem - ok
23:10:01.0497 3252 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:10:01.0498 3252 monitor - ok
23:10:01.0531 3252 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:10:01.0532 3252 mouclass - ok
23:10:01.0541 3252 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:10:01.0541 3252 mouhid - ok
23:10:01.0576 3252 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:10:01.0577 3252 mountmgr - ok
23:10:01.0600 3252 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
23:10:01.0601 3252 MpFilter - ok
23:10:01.0624 3252 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:10:01.0625 3252 mpio - ok
23:10:01.0653 3252 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:10:01.0654 3252 mpsdrv - ok
23:10:01.0700 3252 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:10:01.0702 3252 MRxDAV - ok
23:10:01.0727 3252 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:10:01.0728 3252 mrxsmb - ok
23:10:01.0758 3252 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:10:01.0759 3252 mrxsmb10 - ok
23:10:01.0770 3252 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:10:01.0771 3252 mrxsmb20 - ok
23:10:01.0781 3252 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:10:01.0781 3252 msahci - ok
23:10:01.0807 3252 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:10:01.0808 3252 msdsm - ok
23:10:01.0824 3252 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:10:01.0826 3252 MSDTC - ok
23:10:01.0837 3252 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:10:01.0838 3252 Msfs - ok
23:10:01.0841 3252 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:10:01.0841 3252 mshidkmdf - ok
23:10:01.0849 3252 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:10:01.0850 3252 msisadrv - ok
23:10:01.0877 3252 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:10:01.0879 3252 MSiSCSI - ok
23:10:01.0881 3252 msiserver - ok
23:10:01.0891 3252 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:10:01.0891 3252 MSKSSRV - ok
23:10:01.0962 3252 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
23:10:01.0962 3252 MsMpSvc - ok
23:10:01.0965 3252 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:10:01.0965 3252 MSPCLOCK - ok
23:10:01.0982 3252 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:10:01.0983 3252 MSPQM - ok
23:10:02.0011 3252 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:10:02.0013 3252 MsRPC - ok
23:10:02.0026 3252 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:10:02.0027 3252 mssmbios - ok
23:10:02.0041 3252 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:10:02.0042 3252 MSTEE - ok
23:10:02.0045 3252 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:10:02.0046 3252 MTConfig - ok
23:10:02.0062 3252 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:10:02.0062 3252 Mup - ok
23:10:02.0100 3252 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:10:02.0103 3252 napagent - ok
23:10:02.0129 3252 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:10:02.0130 3252 NativeWifiP - ok
23:10:02.0235 3252 NAUpdate (e4534bccdd1ea7a7a256bb9d6688a5fc) C:\Program Files (x86)\Nero\Update\NASvc.exe
23:10:02.0238 3252 NAUpdate - ok
23:10:02.0291 3252 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:10:02.0294 3252 NDIS - ok
23:10:02.0312 3252 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:10:02.0312 3252 NdisCap - ok
23:10:02.0329 3252 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:10:02.0330 3252 NdisTapi - ok
23:10:02.0355 3252 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:10:02.0356 3252 Ndisuio - ok
23:10:02.0389 3252 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:10:02.0390 3252 NdisWan - ok
23:10:02.0417 3252 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:10:02.0418 3252 NDProxy - ok
23:10:02.0441 3252 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
23:10:02.0442 3252 Net Driver HPZ12 - ok
23:10:02.0467 3252 Netaapl (307bc83250fc8e3b2878d81e7d760299) C:\Windows\system32\DRIVERS\netaapl64.sys
23:10:02.0469 3252 Netaapl - ok
23:10:02.0483 3252 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:10:02.0483 3252 NetBIOS - ok
23:10:02.0517 3252 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:10:02.0518 3252 NetBT - ok
23:10:02.0555 3252 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:10:02.0557 3252 Netlogon - ok
23:10:02.0599 3252 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:10:02.0602 3252 Netman - ok
23:10:02.0688 3252 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:10:02.0689 3252 NetMsmqActivator - ok
23:10:02.0692 3252 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:10:02.0692 3252 NetPipeActivator - ok
23:10:02.0722 3252 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:10:02.0725 3252 netprofm - ok
23:10:02.0727 3252 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:10:02.0728 3252 NetTcpActivator - ok
23:10:02.0731 3252 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:10:02.0732 3252 NetTcpPortSharing - ok
23:10:02.0807 3252 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:10:02.0808 3252 nfrd960 - ok
23:10:02.0827 3252 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:10:02.0828 3252 NisDrv - ok
23:10:02.0912 3252 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
23:10:02.0913 3252 NisSrv - ok
23:10:02.0953 3252 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:10:02.0955 3252 NlaSvc - ok
23:10:02.0958 3252 nmwcdcx64 - ok
23:10:02.0961 3252 nmwcdx64 - ok
23:10:02.0966 3252 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:10:02.0967 3252 Npfs - ok
23:10:02.0991 3252 npusbio (95a2ab418251a3b2a2571cde880b80d0) C:\Windows\system32\Drivers\npusbio_x64.sys
23:10:02.0991 3252 npusbio - ok
23:10:03.0001 3252 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:10:03.0003 3252 nsi - ok
23:10:03.0019 3252 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:10:03.0020 3252 nsiproxy - ok
23:10:03.0105 3252 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:10:03.0113 3252 Ntfs - ok
23:10:03.0191 3252 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:10:03.0192 3252 Null - ok
23:10:03.0708 3252 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:10:03.0787 3252 nvlddmkm - ok
23:10:03.0889 3252 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:10:03.0890 3252 nvraid - ok
23:10:03.0915 3252 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:10:03.0916 3252 nvstor - ok
23:10:03.0989 3252 nvsvc (34e5498528bb3d5a951f889f8756ad26) C:\Windows\system32\nvvsvc.exe
23:10:03.0994 3252 nvsvc - ok
23:10:04.0024 3252 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:10:04.0025 3252 nv_agp - ok
23:10:04.0175 3252 O&O Defrag (6ff0f6c590e92ff1dc559b3b1b3b1b11) C:\Program Files\OO Software\Defrag\oodag.exe
23:10:04.0185 3252 O&O Defrag - ok
23:10:04.0297 3252 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:10:04.0299 3252 odserv - ok
23:10:04.0351 3252 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:10:04.0352 3252 ohci1394 - ok
23:10:04.0371 3252 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:10:04.0372 3252 ose - ok
23:10:04.0375 3252 ozuuiixh - ok
23:10:04.0461 3252 P17 (634347adebc790b8f07654a3ea8034fd) C:\Windows\system32\drivers\P17.sys
23:10:04.0467 3252 P17 - ok
23:10:04.0515 3252 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:10:04.0518 3252 p2pimsvc - ok
23:10:04.0541 3252 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:10:04.0543 3252 p2psvc - ok
23:10:04.0577 3252 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:10:04.0578 3252 Parport - ok
23:10:04.0600 3252 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
23:10:04.0600 3252 partmgr - ok
23:10:04.0618 3252 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:10:04.0620 3252 PcaSvc - ok
23:10:04.0622 3252 pccsmcfd - ok
23:10:04.0638 3252 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:10:04.0639 3252 pci - ok
23:10:04.0652 3252 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:10:04.0653 3252 pciide - ok
23:10:04.0678 3252 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:10:04.0680 3252 pcmcia - ok
23:10:04.0695 3252 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:10:04.0696 3252 pcw - ok
23:10:04.0726 3252 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:10:04.0730 3252 PEAUTH - ok
23:10:04.0790 3252 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:10:04.0791 3252 PerfHost - ok
23:10:04.0912 3252 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:10:04.0918 3252 pla - ok
23:10:04.0948 3252 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:10:04.0951 3252 PlugPlay - ok
23:10:04.0976 3252 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
23:10:04.0977 3252 Pml Driver HPZ12 - ok
23:10:04.0981 3252 PnkBstrA - ok
23:10:05.0000 3252 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:10:05.0001 3252 PNRPAutoReg - ok
23:10:05.0026 3252 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:10:05.0029 3252 PNRPsvc - ok
23:10:05.0057 3252 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
23:10:05.0058 3252 Point64 - ok
23:10:05.0106 3252 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:10:05.0109 3252 PolicyAgent - ok
23:10:05.0137 3252 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:10:05.0139 3252 Power - ok
23:10:05.0167 3252 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:10:05.0168 3252 PptpMiniport - ok
23:10:05.0200 3252 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:10:05.0201 3252 Processor - ok
23:10:05.0218 3252 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
23:10:05.0220 3252 ProfSvc - ok
23:10:05.0251 3252 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:10:05.0252 3252 ProtectedStorage - ok
23:10:05.0281 3252 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:10:05.0282 3252 Psched - ok
23:10:05.0356 3252 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:10:05.0363 3252 ql2300 - ok
23:10:05.0451 3252 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:10:05.0452 3252 ql40xx - ok
23:10:05.0477 3252 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:10:05.0479 3252 QWAVE - ok
23:10:05.0509 3252 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:10:05.0509 3252 QWAVEdrv - ok
23:10:05.0523 3252 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:10:05.0524 3252 RasAcd - ok
23:10:05.0549 3252 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:10:05.0550 3252 RasAgileVpn - ok
23:10:05.0564 3252 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:10:05.0566 3252 RasAuto - ok
23:10:05.0603 3252 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:10:05.0604 3252 Rasl2tp - ok
23:10:05.0639 3252 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:10:05.0642 3252 RasMan - ok
23:10:05.0654 3252 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:10:05.0655 3252 RasPppoe - ok
23:10:05.0663 3252 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:10:05.0663 3252 RasSstp - ok
23:10:05.0702 3252 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:10:05.0703 3252 rdbss - ok
23:10:05.0715 3252 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:10:05.0716 3252 rdpbus - ok
23:10:05.0725 3252 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:10:05.0726 3252 RDPCDD - ok
23:10:05.0742 3252 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:10:05.0742 3252 RDPENCDD - ok
23:10:05.0753 3252 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:10:05.0753 3252 RDPREFMP - ok
23:10:05.0780 3252 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
23:10:05.0781 3252 RDPWD - ok
23:10:05.0808 3252 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:10:05.0809 3252 rdyboost - ok
23:10:05.0906 3252 RegFilter (c3b79061634fbc3ba3379f557ad952c7) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys
23:10:05.0907 3252 RegFilter - ok
23:10:05.0937 3252 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:10:05.0938 3252 RemoteAccess - ok
23:10:05.0958 3252 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:10:05.0960 3252 RemoteRegistry - ok
23:10:06.0014 3252 RichVideo (616f6e52cae254727a886ba8eda1beea) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
23:10:06.0015 3252 RichVideo - ok
23:10:06.0025 3252 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:10:06.0027 3252 RpcEptMapper - ok
23:10:06.0049 3252 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:10:06.0051 3252 RpcLocator - ok
23:10:06.0096 3252 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:10:06.0100 3252 RpcSs - ok
23:10:06.0126 3252 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:10:06.0127 3252 rspndr - ok
23:10:06.0161 3252 rzudd (6dd4726d289a891012fe99a5ee1ffa99) C:\Windows\system32\DRIVERS\rzudd.sys
23:10:06.0162 3252 rzudd - ok
23:10:06.0195 3252 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:10:06.0196 3252 SamSs - ok
23:10:06.0225 3252 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:10:06.0226 3252 sbp2port - ok
23:10:06.0255 3252 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:10:06.0257 3252 SCardSvr - ok
23:10:06.0275 3252 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:10:06.0276 3252 scfilter - ok
23:10:06.0344 3252 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:10:06.0350 3252 Schedule - ok
23:10:06.0372 3252 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:10:06.0373 3252 SCPolicySvc - ok
23:10:06.0429 3252 ScsiAccess (958e956e119eb7b9aba142afed1b5ff4) C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
23:10:06.0430 3252 ScsiAccess - ok
23:10:06.0461 3252 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:10:06.0464 3252 SDRSVC - ok
23:10:06.0490 3252 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:10:06.0491 3252 secdrv - ok
23:10:06.0509 3252 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:10:06.0512 3252 seclogon - ok
23:10:06.0524 3252 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
23:10:06.0526 3252 SENS - ok
23:10:06.0533 3252 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:10:06.0534 3252 SensrSvc - ok
23:10:06.0549 3252 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:10:06.0550 3252 Serenum - ok
23:10:06.0570 3252 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:10:06.0571 3252 Serial - ok
23:10:06.0599 3252 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:10:06.0600 3252 sermouse - ok
23:10:06.0634 3252 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:10:06.0636 3252 SessionEnv - ok
23:10:06.0653 3252 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:10:06.0654 3252 sffdisk - ok
23:10:06.0668 3252 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:10:06.0669 3252 sffp_mmc - ok
23:10:06.0684 3252 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:10:06.0684 3252 sffp_sd - ok
23:10:06.0697 3252 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:10:06.0698 3252 sfloppy - ok
23:10:06.0741 3252 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:10:06.0744 3252 ShellHWDetection - ok
23:10:06.0763 3252 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:10:06.0764 3252 SiSRaid2 - ok
23:10:06.0785 3252 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:10:06.0786 3252 SiSRaid4 - ok
23:10:06.0802 3252 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:10:06.0802 3252 Smb - ok
23:10:06.0833 3252 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:10:06.0834 3252 SNMPTRAP - ok
23:10:06.0849 3252 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:10:06.0850 3252 spldr - ok
23:10:06.0893 3252 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:10:06.0896 3252 Spooler - ok
23:10:07.0064 3252 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:10:07.0081 3252 sppsvc - ok
23:10:07.0168 3252 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:10:07.0170 3252 sppuinotify - ok
23:10:07.0222 3252 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:10:07.0224 3252 srv - ok
23:10:07.0252 3252 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:10:07.0254 3252 srv2 - ok
23:10:07.0270 3252 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:10:07.0271 3252 srvnet - ok
23:10:07.0294 3252 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:10:07.0296 3252 SSDPSRV - ok
23:10:07.0321 3252 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:10:07.0323 3252 SstpSvc - ok
23:10:07.0436 3252 Stereo Service (8544a200c40447e465f06e58687428bb) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
23:10:07.0438 3252 Stereo Service - ok
23:10:07.0468 3252 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:10:07.0468 3252 stexstor - ok
23:10:07.0512 3252 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:10:07.0518 3252 stisvc - ok
23:10:07.0557 3252 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:10:07.0557 3252 swenum - ok
23:10:07.0591 3252 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:10:07.0594 3252 swprv - ok
23:10:07.0692 3252 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:10:07.0701 3252 SysMain - ok
23:10:07.0786 3252 SysTool (b07e6681d303a612680223c729b021e2) C:\Windows\system32\DRIVERS\SysTool64.sys
23:10:07.0787 3252 SysTool - ok
23:10:07.0812 3252 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:10:07.0814 3252 TabletInputService - ok
23:10:07.0852 3252 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:10:07.0855 3252 TapiSrv - ok
23:10:07.0883 3252 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:10:07.0885 3252 TBS - ok
23:10:07.0982 3252 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
23:10:07.0991 3252 Tcpip - ok
23:10:08.0095 3252 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
23:10:08.0103 3252 TCPIP6 - ok
23:10:08.0154 3252 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:10:08.0154 3252 tcpipreg - ok
23:10:08.0172 3252 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:10:08.0173 3252 TDPIPE - ok
23:10:08.0203 3252 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:10:08.0203 3252 TDTCP - ok
23:10:08.0235 3252 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:10:08.0236 3252 tdx - ok
23:10:08.0256 3252 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:10:08.0257 3252 TermDD - ok
23:10:08.0322 3252 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:10:08.0326 3252 TermService - ok
23:10:08.0336 3252 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:10:08.0338 3252 Themes - ok
23:10:08.0356 3252 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:10:08.0357 3252 THREADORDER - ok
23:10:08.0365 3252 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:10:08.0367 3252 TrkWks - ok
23:10:08.0423 3252 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:10:08.0424 3252 TrustedInstaller - ok
23:10:08.0458 3252 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:10:08.0458 3252 tssecsrv - ok
23:10:08.0478 3252 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:10:08.0479 3252 TsUsbFlt - ok
23:10:08.0504 3252 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:10:08.0505 3252 tunnel - ok
23:10:08.0523 3252 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:10:08.0524 3252 uagp35 - ok
23:10:08.0561 3252 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:10:08.0562 3252 udfs - ok
23:10:08.0582 3252 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:10:08.0583 3252 UI0Detect - ok
23:10:08.0597 3252 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:10:08.0598 3252 uliagpkx - ok
23:10:08.0624 3252 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
23:10:08.0625 3252 umbus - ok
23:10:08.0636 3252 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:10:08.0636 3252 UmPass - ok
23:10:08.0666 3252 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:10:08.0668 3252 upnphost - ok
23:10:08.0672 3252 upperdev - ok
23:10:08.0775 3252 UrlFilter (401984715693b87fdf4f600fbbebd366) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys
23:10:08.0775 3252 UrlFilter - ok
23:10:08.0801 3252 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
23:10:08.0801 3252 USBAAPL64 - ok
23:10:08.0831 3252 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
23:10:08.0831 3252 usbaudio - ok
23:10:08.0850 3252 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:10:08.0851 3252 usbccgp - ok
23:10:08.0869 3252 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:10:08.0869 3252 usbcir - ok
23:10:08.0874 3252 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
23:10:08.0875 3252 usbehci - ok
23:10:08.0899 3252 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:10:08.0901 3252 usbhub - ok
23:10:08.0915 3252 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:10:08.0916 3252 usbohci - ok
23:10:08.0928 3252 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:10:08.0929 3252 usbprint - ok
23:10:08.0956 3252 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
23:10:08.0956 3252 usbscan - ok
23:10:08.0970 3252 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
23:10:08.0970 3252 usbser - ok
23:10:08.0973 3252 UsbserFilt - ok
23:10:08.0990 3252 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
23:10:08.0991 3252 USBSTOR - ok
23:10:09.0000 3252 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
23:10:09.0000 3252 usbuhci - ok
23:10:09.0012 3252 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:10:09.0014 3252 UxSms - ok
23:10:09.0045 3252 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:10:09.0047 3252 VaultSvc - ok
23:10:09.0053 3252 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:10:09.0053 3252 vdrvroot - ok
23:10:09.0092 3252 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:10:09.0096 3252 vds - ok
23:10:09.0112 3252 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:10:09.0113 3252 vga - ok
23:10:09.0117 3252 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:10:09.0117 3252 VgaSave - ok
23:10:09.0137 3252 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:10:09.0138 3252 vhdmp - ok
23:10:09.0156 3252 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:10:09.0157 3252 viaide - ok
23:10:09.0174 3252 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:10:09.0175 3252 volmgr - ok
23:10:09.0211 3252 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:10:09.0214 3252 volmgrx - ok
23:10:09.0232 3252 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:10:09.0234 3252 volsnap - ok
23:10:09.0265 3252 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:10:09.0266 3252 vsmraid - ok
23:10:09.0359 3252 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:10:09.0368 3252 VSS - ok
23:10:09.0478 3252 vvftav302 (0186ccf2557f71f8b7b26bb43ea8846b) C:\Windows\system32\drivers\vvftav302.sys
23:10:09.0480 3252 vvftav302 - ok
23:10:09.0503 3252 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
23:10:09.0504 3252 vwifibus - ok
23:10:09.0541 3252 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:10:09.0544 3252 W32Time - ok
23:10:09.0606 3252 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
23:10:09.0608 3252 W3SVC - ok
23:10:09.0620 3252 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:10:09.0620 3252 WacomPen - ok
23:10:09.0641 3252 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:10:09.0641 3252 WANARP - ok
23:10:09.0644 3252 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:10:09.0645 3252 Wanarpv6 - ok
23:10:09.0654 3252 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
23:10:09.0656 3252 WAS - ok
23:10:09.0738 3252 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:10:09.0746 3252 WatAdminSvc - ok
23:10:09.0837 3252 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:10:09.0846 3252 wbengine - ok
23:10:09.0896 3252 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:10:09.0899 3252 WbioSrvc - ok
23:10:09.0933 3252 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:10:09.0936 3252 wcncsvc - ok
23:10:09.0955 3252 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:10:09.0956 3252 WcsPlugInService - ok
23:10:10.0000 3252 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:10:10.0000 3252 Wd - ok
23:10:10.0040 3252 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:10:10.0042 3252 Wdf01000 - ok
23:10:10.0052 3252 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:10:10.0054 3252 WdiServiceHost - ok
23:10:10.0057 3252 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:10:10.0059 3252 WdiSystemHost - ok
23:10:10.0086 3252 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:10:10.0089 3252 WebClient - ok
23:10:10.0112 3252 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:10:10.0114 3252 Wecsvc - ok
23:10:10.0132 3252 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:10:10.0135 3252 wercplsupport - ok
23:10:10.0168 3252 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:10:10.0170 3252 WerSvc - ok
23:10:10.0188 3252 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:10:10.0189 3252 WfpLwf - ok
23:10:10.0206 3252 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:10:10.0207 3252 WIMMount - ok
23:10:10.0251 3252 WinDefend - ok
23:10:10.0257 3252 WinHttpAutoProxySvc - ok
23:10:10.0310 3252 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:10:10.0311 3252 Winmgmt - ok
23:10:10.0413 3252 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:10:10.0423 3252 WinRM - ok
23:10:10.0499 3252 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:10:10.0500 3252 WinUsb - ok
23:10:10.0550 3252 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:10:10.0556 3252 Wlansvc - ok
23:10:10.0631 3252 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:10:10.0632 3252 wlcrasvc - ok
23:10:10.0786 3252 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:10:10.0795 3252 wlidsvc - ok
23:10:10.0831 3252 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:10:10.0832 3252 WmiAcpi - ok
23:10:10.0883 3252 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:10:10.0885 3252 wmiApSrv - ok
23:10:10.0930 3252 WMPNetworkSvc - ok
23:10:10.0944 3252 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:10:10.0946 3252 WPCSvc - ok
23:10:10.0974 3252 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:10:10.0976 3252 WPDBusEnum - ok
23:10:10.0996 3252 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:10:10.0997 3252 ws2ifsl - ok
23:10:11.0009 3252 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
23:10:11.0011 3252 wscsvc - ok
23:10:11.0014 3252 WSearch - ok
23:10:11.0136 3252 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
23:10:11.0149 3252 wuauserv - ok
23:10:11.0208 3252 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:10:11.0209 3252 WudfPf - ok
23:10:11.0233 3252 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:10:11.0235 3252 WUDFRd - ok
23:10:11.0261 3252 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:10:11.0263 3252 wudfsvc - ok
23:10:11.0297 3252 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:10:11.0300 3252 WwanSvc - ok
23:10:11.0401 3252 ZSMC301b (6e53d1058b900443949c69ec6215d98f) C:\Windows\system32\Drivers\usbVM302.sys
23:10:11.0408 3252 ZSMC301b - ok
23:10:11.0420 3252 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:10:11.0603 3252 \Device\Harddisk0\DR0 - ok
23:10:11.0622 3252 Boot (0x1200) (133d697514fd52e86d5430d6edc1185c) \Device\Harddisk0\DR0\Partition0
23:10:11.0623 3252 \Device\Harddisk0\DR0\Partition0 - ok
23:10:11.0634 3252 Boot (0x1200) (b1bab3a64d88ede6095c6ee108c7008b) \Device\Harddisk0\DR0\Partition1
23:10:11.0635 3252 \Device\Harddisk0\DR0\Partition1 - ok
23:10:11.0654 3252 Boot (0x1200) (ed4ea400ad7f212b02f68ffb1b589363) \Device\Harddisk0\DR0\Partition2
23:10:11.0655 3252 \Device\Harddisk0\DR0\Partition2 - ok
23:10:11.0658 3252 ============================================================
23:10:11.0658 3252 Scan finished
23:10:11.0658 3252 ============================================================
23:10:11.0664 4272 Detected object count: 0
23:10:11.0664 4272 Actual detected object count: 0

OTL logfile created on: 6/9/2012 10:58:13 PM - Run 2
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\JohnLani\Documents\NSWFB
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.93 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 44.24% Memory free
7.87 Gb Paging File | 5.50 Gb Available in Paging File | 69.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 21.27 Gb Free Space | 21.27% Space Free | Partition Type: NTFS
Drive D: | 300.00 Gb Total Space | 13.41 Gb Free Space | 4.47% Space Free | Partition Type: NTFS
Drive E: | 65.76 Gb Total Space | 24.65 Gb Free Space | 37.49% Space Free | Partition Type: NTFS

Computer Name: JOHNLANI-PC | User Name: JohnLani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/09 22:58:03 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\JohnLani\My Documents\NSWFB\OTL.exe
PRC - [2012/05/29 18:21:44 | 000,313,768 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
PRC - [2012/05/23 11:56:51 | 001,240,088 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/02/09 19:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2012/01/03 23:10:50 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011/11/12 11:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2011/11/12 10:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/05/11 14:32:08 | 007,535,112 | ---- | M] (Matrox Graphics Inc.) -- C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Core.exe
PRC - [2011/05/11 14:32:08 | 003,703,816 | ---- | M] (Matrox Graphics Inc) -- C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Services.exe
PRC - [2011/05/11 14:32:08 | 000,884,744 | ---- | M] (Matrox Graphics Inc.) -- C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Startup.exe
PRC - [2010/05/01 16:08:33 | 000,186,760 | ---- | M] () -- C:\Program Files (x86)\Photodex\ProShowProducer\scsiaccess.exe
PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2008/11/18 12:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2007/03/27 09:24:06 | 000,049,152 | ---- | M] (Vimicro) -- C:\Windows\VM302Snap.exe
PRC - [2006/11/17 16:42:46 | 000,053,341 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
PRC - [2006/07/04 06:16:32 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/23 11:56:50 | 000,441,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppgooglenaclpluginchrome.dll
MOD - [2012/05/23 11:56:49 | 003,922,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll
MOD - [2012/05/23 11:55:35 | 000,553,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\libglesv2.dll
MOD - [2012/05/23 11:55:33 | 000,117,784 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\libegl.dll
MOD - [2012/05/23 11:55:24 | 000,134,696 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\avutil-51.dll
MOD - [2012/05/23 11:55:23 | 000,250,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\avformat-54.dll
MOD - [2012/05/23 11:55:21 | 002,375,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll
MOD - [2012/05/23 11:06:23 | 008,743,584 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
MOD - [2012/05/12 14:17:46 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\e72d56a0f58bcf95890614700f925609\System.Management.ni.dll
MOD - [2012/05/12 14:15:28 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\ac5d04fd61df57da0f9976440a8c6c58\System.Runtime.DurableInstancing.ni.dll
MOD - [2012/05/12 14:15:27 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4dd48e938a8834fe950cf0cd11603c71\SMDiagnostics.ni.dll
MOD - [2012/05/12 14:15:26 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\3fe3910474b3e2a08fca9b09330a74f7\System.Runtime.Serialization.ni.dll
MOD - [2012/05/12 14:15:24 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8f0cf05d2b1e46a772312143227cb6ed\System.Xml.Linq.ni.dll
MOD - [2012/05/12 14:14:58 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a181199f8dec15116e1c2eb4a79ec22b\System.Xaml.ni.dll
MOD - [2012/05/11 23:07:09 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\142c428042c2dba4d5ac72495142f58c\PresentationFramework.ni.dll
MOD - [2012/05/11 23:06:53 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\5c18a8cca40f5abb3617826e529a4be9\PresentationCore.ni.dll
MOD - [2012/05/11 23:06:42 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dac2093a24d7582eaee5ebd24ba1d06a\WindowsBase.ni.dll
MOD - [2012/05/11 23:06:42 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3263fe38362543170c1682381eeac25a\PresentationFramework.Aero.ni.dll
MOD - [2012/05/11 23:03:33 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\71109720564155295fbaaff1202a33c0\System.Windows.Forms.ni.dll
MOD - [2012/05/11 23:03:27 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5be779e4d55a04c3b86644505facbe9a\System.Drawing.ni.dll
MOD - [2012/05/11 23:03:23 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3e4f9b3b78f0f13b7469a14e69d756ef\System.Core.ni.dll
MOD - [2012/05/11 23:03:22 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6711765f90c0082ec393943b924ed277\System.Configuration.ni.dll
MOD - [2012/05/11 23:03:21 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bd2433e160ce2f19acc8ebe10babae8d\System.Xml.ni.dll
MOD - [2012/05/11 23:03:18 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9cf67ed1b743fbc3dd6b78fbc0595236\System.ni.dll
MOD - [2012/05/11 23:03:12 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll
MOD - [2011/11/01 22:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 22:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/14 08:19:06 | 008,500,224 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2011/09/14 08:19:06 | 002,348,544 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2010/11/20 22:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2006/07/04 06:16:32 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/01 17:42:24 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/09/12 00:40:22 | 002,287,360 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)
SRV - [2012/05/05 18:03:07 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/09 19:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/11/12 10:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/08/13 21:25:00 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/05/11 14:32:08 | 003,703,816 | ---- | M] (Matrox Graphics Inc) [Auto | Running] -- C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Services.exe -- (Matrox.Pdesk3.ServicesHost)
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [On_Demand | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2010/11/20 22:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 22:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 22:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/05/01 16:08:33 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\ProShowProducer\scsiaccess.exe -- (ScsiAccess)
SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/11 07:51:05 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/10/31 19:31:48 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/18 12:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/09 22:36:23 | 000,050,000 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\iopkkbzj.sys -- (iopkkbzj)
DRV:64bit: - [2012/06/08 14:55:05 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/05/15 12:50:18 | 000,094,208 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 16:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/05/20 20:04:32 | 000,017,496 | ---- | M] (CH Products) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\chdrvr03.sys -- (chdrvr03)
DRV:64bit: - [2011/05/20 20:04:30 | 000,013,016 | ---- | M] (CH Products) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\chdrvr02.sys -- (chdrvr02)
DRV:64bit: - [2011/05/20 20:04:28 | 000,251,224 | ---- | M] (CH Products) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\chdrvr01.sys -- (chdrvr01)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 16:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/03/04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2010/11/20 23:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/16 22:09:50 | 000,038,056 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/09/14 23:16:15 | 000,125,888 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010/07/09 13:19:02 | 000,021,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134)
DRV:64bit: - [2010/04/19 19:29:18 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2010/01/03 19:01:55 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/01/03 19:01:55 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/12/17 16:49:02 | 000,045,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npusbio_x64.sys -- (npusbio)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/08/03 10:12:00 | 001,289,216 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P17.sys -- (P17)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 06:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/12/08 13:48:44 | 000,023,040 | ---- | M] (GoFlight, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gfvknt64.sys -- (gfvknt)
DRV:64bit: - [2008/06/27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007/04/04 12:28:40 | 001,495,936 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbVM302.sys -- (ZSMC301b) Vimicro USB PC Camera (ZC0302)
DRV:64bit: - [2007/03/18 08:43:28 | 000,301,824 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vvftav302.sys -- (vvftav302)
DRV:64bit: - [2006/11/10 23:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SysTool64.sys -- (SysTool)
DRV - [2012/04/28 13:16:22 | 000,021,872 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2012/04/28 13:16:20 | 000,033,184 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2012/01/05 18:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2010/09/14 23:16:15 | 000,125,888 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/12/18 10:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\JohnLani\Documents\NSWFB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ninemsn.com.au/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D2 AB BC A3 00 5A CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com.au/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@abr.gov.au/KeyMgmtPlugin: C:\Program Files (x86)\ABR\Plug-In\bin\npAUSkeyPlugin.dll (Commonwealth Government of Australia)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@csi.business.gov.au/CsiPlugin: C:\Program Files (x86)\Common-Use Signing Interface\bin\npCsiPlugin.dll (Commonwealth Government of Australia)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/18 08:16:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/02/02 15:51:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/06/08 15:10:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/06/08 15:10:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/11 20:05:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/11 20:05:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/18 08:16:01 | 000,000,000 | ---D | M]

[2011/03/21 09:07:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JohnLani\AppData\Roaming\Mozilla\Extensions
[2010/08/02 14:01:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JohnLani\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/11/01 10:11:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JohnLani\AppData\Roaming\Mozilla\Firefox\extensions
[2009/11/01 10:13:41 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\JohnLani\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2012/05/19 22:15:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JohnLani\AppData\Roaming\Mozilla\Firefox\Profiles\q7fmh5uv.default\extensions
[2011/08/28 03:22:00 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\JohnLani\AppData\Roaming\Mozilla\Firefox\Profiles\q7fmh5uv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/08 15:10:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/08 13:53:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/08 14:55:53 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak2
[2012/02/02 15:51:34 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\JohnLani\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ABR_AUSkey Mozilla Plugin (Enabled) = C:\Program Files (x86)\ABR\Plug-In\bin\npAUSkeyPlugin.dll
CHR - plugin: CSI Mozilla Plugin (Enabled) = C:\Program Files (x86)\Common-Use Signing Interface\bin\npCsiPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Raindrops = C:\Users\JohnLani\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcipapbfhdnmgihoimbjiadmhpcgcnil\1.0.0.2_0\
CHR - Extension: YouTube = C:\Users\JohnLani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\JohnLani\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\JohnLani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Virtual Keyboard = C:\Users\JohnLani\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Gmail = C:\Users\JohnLani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\JohnLani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2012/02/02 15:43:51 | 000,002,287 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BigDogPath] C:\Windows\VM302Snap.exe (Vimicro)
O4 - HKLM..\Run: [Domino] C:\Windows\Domino.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Matrox PowerDesk] C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Startup.exe (Matrox Graphics Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Creative Software Update] C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [CreativeTaskScheduler] C:\Program Files (x86)\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Download with ImTOO iPhone Transfer Platinum - C:\Program Files (x86)\ImTOO\iPhone Transfer Platinum\upod_link.HTM File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download with ImTOO iPhone Transfer Platinum - C:\Program Files (x86)\ImTOO\iPhone Transfer Platinum\upod_link.HTM File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: abr.gov.au ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ato.gov.au ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bussiness.gov.au ([www] https in Trusted sites)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ent_4.3.1.0.cab (SysInfo Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} http://www.systemreq...reqlab_test.cab (System Requirements Lab Class)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.1.66.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F6A85D9-39A3-425A-9D6F-C812C3F19B3A}: DhcpNameServer = 139.130.4.4 203.50.2.71
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63C57A69-2348-4299-8E70-76FED20EB0D0}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Users\JohnLani\AppData\Roaming\Fxnu8RiZ6Zl.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2ae4007b-c6b7-11de-a285-001cc0372afd}\Shell - "" = AutoRun
O33 - MountPoints2\{2ae4007b-c6b7-11de-a285-001cc0372afd}\Shell\AutoRun\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/09 10:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/09 10:00:12 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/09 10:00:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/09 09:48:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/06/08 20:02:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/06/08 20:02:46 | 000,000,000 | ---D | C] -- C:\Users\JohnLani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/06/08 19:27:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2012/06/08 19:27:00 | 000,000,000 | ---D | C] -- C:\Users\JohnLani\AppData\Roaming\IObit
[2012/06/08 19:21:58 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/08 14:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2012
[2012/06/08 14:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/06/08 14:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/06/08 14:55:05 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/06/08 14:26:45 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/06/08 14:26:17 | 004,539,477 | R--- | C] (Swearware) -- C:\Users\JohnLani\Desktop\ComboFix.exe
[2012/06/08 14:13:03 | 000,000,000 | ---D | C] -- C:\Users\JohnLani\AppData\Roaming\Malwarebytes
[2012/06/08 14:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/06 14:21:51 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/06/03 18:43:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wings of POWER II
[2012/06/03 18:43:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wings of POWER II
[2012/06/01 19:39:20 | 000,000,000 | ---D | C] -- C:\Users\JohnLani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CLS A330_A340
[2012/05/28 13:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navigraph
[2012/05/28 13:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Navigraph
[2012/05/27 22:20:10 | 000,000,000 | ---D | C] -- C:\Users\JohnLani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PollyPot Software
[2012/05/21 16:40:50 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\JohnLani\Desktop\TDSSKiller.exe
[2012/05/15 12:50:18 | 000,094,208 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\rzudd.sys
[2012/05/15 12:36:12 | 000,142,848 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysWow64\rztouchdll.dll
[2012/05/15 12:36:02 | 000,354,816 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysWow64\rzdevicedll.dll
[2012/05/15 12:36:00 | 000,165,888 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysWow64\rzaudiodll.dll
[2012/05/13 22:38:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/13 22:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/13 22:37:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/12 12:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2012/05/12 12:55:14 | 000,000,000 | ---D | C] -- C:\Users\JohnLani\AppData\Local\Razer
[2012/05/12 12:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2012/05/12 12:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2012/05/11 09:00:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/09 23:02:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/09 22:56:23 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/09 22:42:59 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/09 22:42:59 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/09 22:34:23 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/09 22:34:21 | 000,000,486 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2012/06/09 22:34:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/09 22:33:59 | 3168,862,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/09 22:33:59 | 001,084,812 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2012/06/09 10:02:15 | 000,001,155 | ---- | M] () -- C:\Users\JohnLani\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/09 10:02:15 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/09 09:48:51 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/09 09:48:35 | 000,827,546 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/09 09:48:35 | 000,680,250 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/09 09:48:35 | 000,135,102 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/08 22:57:33 | 003,077,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/08 20:02:46 | 000,003,023 | ---- | M] () -- C:\Users\JohnLani\Desktop\HiJackThis.lnk
[2012/06/08 19:27:17 | 000,001,189 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2012/06/08 15:12:45 | 000,002,521 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/06/08 15:10:33 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/06/08 15:10:27 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/06/08 14:56:20 | 000,017,408 | ---- | M] () -- C:\Users\JohnLani\AppData\Local\WebpageIcons.db
[2012/06/08 14:55:05 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/06/08 14:26:41 | 004,539,477 | R--- | M] (Swearware) -- C:\Users\JohnLani\Desktop\ComboFix.exe
[2012/06/07 19:04:20 | 000,000,181 | ---- | M] () -- C:\Windows\MYOBP.INI
[2012/06/07 19:03:54 | 000,000,041 | ---- | M] () -- C:\Windows\MYOB.INI
[2012/06/06 16:54:09 | 000,000,581 | ---- | M] () -- C:\Users\JohnLani\Desktop\Traffic - Shortcut.lnk
[2012/06/03 21:07:15 | 000,000,786 | ---- | M] () -- C:\Windows\axisConfig.cfg
[2012/06/03 19:55:44 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\A2A Message Boards.lnk
[2012/05/31 19:42:02 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\REX Essential.lnk
[2012/05/28 13:22:37 | 000,002,773 | ---- | M] () -- C:\Users\Public\Desktop\Navigraph nDAC 3.lnk
[2012/05/27 22:20:10 | 000,003,085 | ---- | M] () -- C:\Users\JohnLani\Desktop\GoFlight PMDG Interface.lnk
[2012/05/25 20:22:03 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/05/21 16:40:50 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\JohnLani\Desktop\TDSSKiller.exe
[2012/05/19 22:11:19 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/05/15 12:50:18 | 000,094,208 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\rzudd.sys
[2012/05/15 12:36:12 | 000,142,848 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysWow64\rztouchdll.dll
[2012/05/15 12:36:02 | 000,354,816 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysWow64\rzdevicedll.dll
[2012/05/15 12:36:00 | 000,165,888 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysWow64\rzaudiodll.dll
[2012/05/13 12:37:42 | 000,007,598 | ---- | M] () -- C:\Users\JohnLani\AppData\Local\Resmon.ResmonCfg
[2012/05/12 13:15:19 | 000,002,011 | ---- | M] () -- C:\Users\JohnLani\Desktop\Razer Synapse 2.0.lnk
[2012/05/12 13:01:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf
[2012/05/11 23:05:46 | 000,827,766 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/09 22:20:41 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{46146aa2-bd24-d0de-ef95-74d607514c2e}\U\00000008.@
[2012/06/09 15:12:34 | 000,001,584 | ---- | C] () -- C:\Windows\Installer\{46146aa2-bd24-d0de-ef95-74d607514c2e}\U\000000cb.@
[2012/06/09 15:12:34 | 000,001,536 | ---- | C] () -- C:\Windows\Installer\{46146aa2-bd24-d0de-ef95-74d607514c2e}\U\00000004.@
[2012/06/09 10:00:23 | 000,001,155 | ---- | C] () -- C:\Users\JohnLani\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/09 10:00:23 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/09 09:48:46 | 000,001,931 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/08 20:02:46 | 000,003,023 | ---- | C] () -- C:\Users\JohnLani\Desktop\HiJackThis.lnk
[2012/06/08 19:27:17 | 000,001,189 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2012/06/08 14:56:19 | 000,017,408 | ---- | C] () -- C:\Users\JohnLani\AppData\Local\WebpageIcons.db
[2012/06/08 14:55:57 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/06/08 14:55:57 | 000,107,177 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/06/06 16:54:09 | 000,000,581 | ---- | C] () -- C:\Users\JohnLani\Desktop\Traffic - Shortcut.lnk
[2012/06/06 14:10:36 | 000,000,740 | ---- | C] () -- C:\Windows\Installer\{46146aa2-bd24-d0de-ef95-74d607514c2e}\L\00000004.@
[2012/06/03 20:30:15 | 000,000,786 | ---- | C] () -- C:\Windows\axisConfig.cfg
[2012/06/03 19:55:44 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\A2A Message Boards.lnk
[2012/06/03 19:54:53 | 000,153,088 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2012/05/31 19:42:02 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\REX Essential.lnk
[2012/05/28 13:22:37 | 000,002,773 | ---- | C] () -- C:\Users\Public\Desktop\Navigraph nDAC 3.lnk
[2012/05/27 22:20:10 | 000,003,085 | ---- | C] () -- C:\Users\JohnLani\Desktop\GoFlight PMDG Interface.lnk
[2012/05/19 22:11:19 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012/05/12 13:15:19 | 000,002,011 | ---- | C] () -- C:\Users\JohnLani\Desktop\Razer Synapse 2.0.lnk
[2012/05/12 13:01:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf
[2012/03/14 19:28:03 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\DBCDBF32.DLL
[2012/03/14 19:28:03 | 000,184,320 | ---- | C] () -- C:\Windows\SysWow64\dbcmdb32.dll
[2012/03/14 19:28:03 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\dbcjpg32.dll
[2012/03/14 19:28:03 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\DBCMEM32.DLL
[2012/03/14 19:28:03 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\dbcgeo32.dll
[2012/02/09 19:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/01/12 15:59:40 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{46146aa2-bd24-d0de-ef95-74d607514c2e}\@
[2011/12/01 21:58:24 | 000,000,080 | ---- | C] () -- C:\Users\JohnLani\AppData\Local\X-Plane Installer.prf
[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/05/18 08:14:19 | 000,164,600 | ---- | C] () -- C:\Windows\hpoins27.dat.temp
[2011/05/18 08:14:19 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl27.dat.temp
[2011/05/11 10:26:48 | 003,751,424 | ---- | C] () -- C:\Windows\SysWow64\MtxApi.dll
[2011/04/08 15:44:10 | 000,552,960 | ---- | C] () -- C:\Windows\SysWow64\FS2AUDIO.dll
[2011/03/21 09:07:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/03/10 18:01:07 | 000,001,447 | ---- | C] () -- C:\Windows\aeroSystems.ini
[2011/01/22 07:58:59 | 000,212,776 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/11/08 13:51:05 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/09/17 17:20:55 | 000,782,056 | ---- | C] () -- C:\Windows\SysWow64\unins000.exe
[2010/09/17 17:20:55 | 000,031,779 | ---- | C] () -- C:\Windows\SysWow64\unins000.dat
[2010/08/30 11:32:00 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/07/31 22:26:15 | 000,054,404 | ---- | C] () -- C:\Windows\SysWow64\sndspeed.dll
[2010/07/17 08:58:56 | 000,007,598 | ---- | C] () -- C:\Users\JohnLani\AppData\Local\Resmon.ResmonCfg
[2010/06/11 07:51:51 | 000,000,000 | ---- | C] () -- C:\Users\JohnLani\AppData\Roaming\chrtmp

========== LOP Check ==========

[2011/10/26 15:54:45 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\.BitTornado
[2011/01/04 16:33:41 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Alternative Software Ltd
[2012/01/03 16:05:07 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\AUSkey
[2011/10/08 20:31:36 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\CleanMyPC Software
[2011/01/15 22:07:44 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\com.bigfatsimulations.airportmadness3.3A85083A650345D1ADAB4572C5816AD2DC9802A3.1
[2009/11/01 17:24:04 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\DAEMON Tools Lite
[2011/03/20 09:11:34 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\DiskAid
[2012/04/12 22:58:20 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\EZCA
[2011/12/31 16:13:03 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\FlyingWSimulation
[2012/04/13 18:08:21 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\FS2Crew2010
[2010/09/17 17:20:55 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\FSWidgets
[2011/07/23 17:31:42 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\gtk-2.0
[2012/02/25 17:45:15 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\HiFi
[2011/03/20 09:26:39 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\ImTOO
[2010/08/15 18:56:37 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\InfraRecorder
[2010/02/07 11:07:56 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Internal Workings
[2012/06/08 19:27:00 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\IObit
[2012/01/04 21:05:54 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Jürgen Treml
[2011/08/22 14:33:53 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Kalypso Media
[2010/07/07 09:52:59 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Leadertech
[2011/05/04 09:03:28 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\LogMate
[2011/03/20 09:10:17 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\MobileSyncBrowser
[2010/03/27 12:45:14 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Multi Crew Experience
[2011/12/31 21:52:16 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\MyTraffic
[2010/05/01 16:08:36 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Netscape
[2010/09/21 17:25:23 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\nHancer
[2009/11/22 14:57:04 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Nokia
[2009/11/01 11:03:17 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Participatory Culture Foundation
[2009/10/31 19:32:48 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\PC Suite
[2012/01/27 19:32:42 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\PCF-VLC
[2010/05/01 16:08:16 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Photodex
[2012/06/07 19:10:43 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\PrimoPDF
[2011/06/27 10:27:56 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Publish Providers
[2010/09/17 07:56:03 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Roaming
[2010/01/03 09:00:53 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\SIGMA
[2011/05/09 16:20:28 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\SmartDraw
[2011/06/27 10:27:54 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Sony
[2011/07/08 17:28:44 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\The Creative Assembly
[2011/12/05 09:10:04 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Ubisoft
[2011/07/25 19:24:11 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Unity
[2012/06/09 10:13:50 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\uTorrent
[2012/02/26 16:03:39 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Virtuali
[2010/08/30 16:51:50 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\WinBatch
[2010/10/30 09:10:04 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Windows Live Writer
[2010/08/09 16:34:32 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Windows NT
[2010/08/02 17:14:21 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Windows SideBar
[2012/03/12 12:40:59 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Z-Software
[2011/12/25 01:33:00 | 000,000,366 | ---- | M] () -- C:\Windows\Tasks\Driver Fetch.job
[2012/06/09 10:46:20 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/09 22:34:21 | 000,000,486 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (TE).job

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:ECF54A0E
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:A31FAD21
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:CE2C623F
@Alternate Data Stream - 1252 bytes -> C:\ProgramData\Microsoft:mn8diT51cfJ14E7H2VX
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:74603393
@Alternate Data Stream - 1141 bytes -> C:\ProgramData\Microsoft:Ot0N5vFRKfsSQqh370Z3

< End of report >

Attached Files

  • Attached File  tdss.txt   145.82KB   102 downloads
  • Attached File  OTL.Txt   140.95KB   104 downloads

  • 0

#4
godawgs
Posted 09 June 2012 - 07:47 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

I see the serfef entries in the log. We will kill them directly.

Please don't run any additional tools at this time. It could make things more difficult for us.

I don't need the OTL.txt file again. I need the Extras.txt file.
When you first run OTL it creates two files, OTL.txt and Extras.txt. They are located in the folder where you ran OTL from. In your case that would be the C:\Users\JohnLani\Documents\NSWFB folder.

See it you can locate the Extras.txt file in that folder and post it in your next reply. If you can't find it let me know.

Also, you don't need to attach the files. Copying and pasting them into the post is fine. :thumbsup:
  • 0

#5
jblb2009
Posted 09 June 2012 - 07:51 AM

jblb2009

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
thanks

Here is the extras file log


OTL Extras logfile created on: 6/9/2012 1:34:29 PM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\JohnLani\Documents\NSWFB
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.93 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 53.38% Memory free
7.87 Gb Paging File | 5.93 Gb Available in Paging File | 75.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 18.51 Gb Free Space | 18.51% Space Free | Partition Type: NTFS
Drive D: | 300.00 Gb Total Space | 13.41 Gb Free Space | 4.47% Space Free | Partition Type: NTFS
Drive E: | 65.76 Gb Total Space | 24.65 Gb Free Space | 37.49% Space Free | Partition Type: NTFS

Computer Name: JOHNLANI-PC | User Name: JohnLani | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Play_with_TriDef_Media_Player] -- Reg Error: Key error.
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Play_with_TriDef_Media_Player] -- Reg Error: Key error.
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{186D2CCE-DEFE-4188-AB44-62008E9BC3E0}" = O&O Defrag Professional
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java™ 6 Update 24 (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3690900F-85EA-447F-BAD1-5CA25AA9B627}" = HP Deskjet F2200 All-In-One Driver Software 13.0 Rel. 3
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82FC9F7B-0971-4A4A-879C-012222172359}" = Matrox PowerDesk
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C9608300-11F5-11E0-A64B-0013D3D69929}" = MSVCRT Redists
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D93AC9C8-B6CF-391E-BD2F-48AF4727476C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30411
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"2CA3B8348CD526E9B8928840AC68738C5B5A4F8F" = Windows Driver Package - Thomson (USB_RNDIS) Net (02/15/2007 2.0.0.0)
"5AF8BE22A56B38B1816F36BAC6A71F1277E45440" = Windows Driver Package - NETGEAR Inc. (RTL8187) Net (12/01/2006 6.1258.1201.2006)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"B090418E214D6BD6EE18A512A8EE609225AC9279" = Windows Driver Package - Atheros Communications Inc. (arusb_lhx) Net (09/25/2008 3.1.0.101)
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"PerformanceTest 7_is1" = PerformanceTest v7.0 (64-bit)
"Shop for HP Supplies" = Shop for HP Supplies
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07CC448E-4FFC-444F-999D-10F11AE559FB}" = aerosoft's - Mallorca X for FSX
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F5E7FC8-3D49-47DA-9A51-6A8B4BE393B0}" = aerosoft's - Mega Airport Paris CDG X
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{107254A0-0ADF-11D4-9397-00D0B7020B38}" =
"{11192AA7-FBE3-4150-9667-EE7279CCC769}" = LEGO® Indiana Jones™ 2
"{126B6545-C321-4C22-A8C1-F59065A5E344}" = aerosoft's - FDC Live Cockpit
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17440258-DB48-49DE-8391-79900477490C}" = aerosoft's - Madeira X
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{181A85F3-483B-41DB-84FD-9ADA4F66263E}" = aerosoft's - Pro Flight Emulator Voice Pack
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{1DDDE56A-C6C5-4279-B4A1-3B53192985E8}_is1" = CockpitColors version 1.0
"{1E147940-0F40-4A88-9566-66490B2E841B}" = aerosoft's - FDC Live Cockpit
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{1F95C156-BE36-4D73-B22F-BDE3538B09A8}" = FS Recorder 2.01 for FSX
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20708FD5-E94D-4097-A21E-E28564CDBC06}" = PMDG 737 8900 NGX
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22EDD164-65D5-41DD-961E-08C7CDA4D471}" = Bridge!
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2336573C-3213-48AA-A306-8309BA9BD92C}" = Aerosoft's - Airbus X
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{254f4bc3-bc91-4efa-9f4d-5b17d1aafcc3}" = Nero BackItUp 4
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 24
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BB0BDFF-E193-42A0-90BE-2D59441E51D2}" = F2200
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{37F50C53-EDED-4FFE-9877-532A335C5C18}" = Aerosoft's - MyTraffic 2010
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FA7A919-87DA-42B1-814B-86DE8DCA17C2}" = gmax
"{433A39B0-380C-4634-93FE-12A812954F5B}" = BigPond Broadband ADSL
"{434D083E-7E9A-4D3A-914B-121000008100}" = Operation Flashpoint ®: Red River
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"{463A571A-B793-459B-BEA8-028DC323AAB0}" = Aerosoft's - Mega Airport Zurich 2012 - FSX
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4855F170-260D-4AF7-AD85-7342D61926A9}_is1" = SPAD v0.4
"{488D00E4-1940-4942-B0DF-BAD0BE5AFB13}" = VoxATC X
"{493687F8-8D57-47C4-87B6-D46D7C5203BF}" = EditVoicepack X
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4b422d02-351d-48fc-a6f0-4a1f7ec6695a}" = SecurDisc Viewer
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4DE938F7-C196-43D7-8EEB-411CDE0A96B1}" = System Requirements Lab
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AD2D1FB-C8C1-4DE9-908F-246940A9829A}" = Dinosaur Activity Studio
"{5C34D899-2FE8-45E8-9A11-638C80D18EA0}" = AnyRail4EN
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68617681-28F2-431B-B699-CF5BC6B4D7C7}" = REX Essential Upgrade
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70864384-DD19-44CB-A999-A917F32F623D}" = aerosoft's - Approaching Innsbruck X
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76387E5D-852F-4F86-9928-0781C60C51EC}" = FSX Google Earth Tracker
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77077FFF-8831-470F-9627-E86F06A50CCD}" = Avery Wizard 3.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85DF6786-66AA-42EE-8616-AE456B07BD99}" = Microsoft Flight Simulator SimConnect Client v10.0.61242.0
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86FE411B-172B-404B-9679-3B9E73E47607}" = Microsoft Flight Simulator X SDK SP1A
"{8771A1ED-DE8C-4E4D-825D-C69562CEB7E2}" = GoFlight PMDG Interface
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9013B370-99D4-404B-9DB9-779B51CEB5FF}" = LeapFrog My Pals Plugin
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90447E05-DE8E-470D-8D3E-C871D2AE74AF}" = aerosoft's - Nice Cote dAzur X
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95140000-007F-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3D11978-F110-419E-8981-2CCFC17ADE64}" = Scooby-Doo!™ First Frights
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9FF3B7B-F4BC-4F74-AF6B-BC4925682D3D}" = aerosoft's - USCitiesX - Chicago
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C222566F-1C50-4ECD-A01E-77F9C4B95458}" = DJ_AIO_03_F2200_Software_Min
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{c5d0b536-1327-4e1c-a584-43cc802f509d}" = Nero InCD-Reader
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7EE862A-D83D-4A9F-B746-CBDE39BD7001}" = PMDG 737 6700 NGX RTM
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1AC9B0B-2727-4811-91DC-1FC3C4E47A9B}" = Microsoft Flight Simulator SimConnect Client v10.0.60905.0
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0FD3-5506-4230-97E1-77303E3AC063}_is1" = Active Sky 2012
"{DAA73076-84A5-4141-A630-79380E48C9D0}" = aerosoft's - Mega Airport Lisbon X
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB2423B8-2060-4260-874B-3ED7A68D1275}" = FS Flight Keeper (3.0)
"{EB74294F-B8FC-4387-BEBF-275E36C6076C}" = FS Recorder 2.1 beta 3 for FSX
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EE11CFFC-898C-4875-8A63-8B732A9AD43B}" = Aerosoft's - Aerosoft Launcher
"{EF32F291-8B08-43EF-8BAA-58B9F8C9540F}" = aerosoft's - Lukla X - Mount Everest
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F3CA05B7-B4C0-4C9B-AAA6-16B868B35DF2}" = TrackIR5
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F9217D1C-DF96-4C23-8B43-EC60B9C40CB1}" = Navigraph nDAC 3
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F941AABE-E868-42D9-9F38-884250F7898A}" = aerosoft's - FlightSim Commander 9
"{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect
"{FB3BE405-6BF0-490A-84B3-00611385EA0D}" = Common-Use Signing Interface
"{FCD605A8-4D9D-4FA8-B9EF-043399C84DBA}" = aerosoft's - Pro Flight Emulator Deluxe
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF7DD5BE-42FF-44B8-AF36-4A46CD2C6D42}" = AUSkey software 1.4.0.6
"309E6243-31FB-434E-9FF5-9AFEB1542DAD" = VAFS5
"737NG Audio Ground School" = 737NG Audio Ground School
"7-Zip" = 7-Zip 9.20
"A2A Accusim for the Wings of Silver B377" = A2A Accusim for the Wings of Silver B377
"A2A Accu-Sim P-51" = A2A Accu-Sim P-51
"A2A B17 Accusim" = A2A B17 Accusim
"A2A Captain of the Ship" = A2A Captain of the Ship
"A2A Wings of POWER 3 P-51" = A2A Wings of POWER 3 P-51
"A2A Wings of Silver B377 Stratocruiser" = A2A Wings of Silver B377 Stratocruiser
"Accu-Feel" = Accu-Feel
"ADE9xSetup_is1" = Airport Design Editor 9x Version 1.50.18.197
"Adobe AIR" = Adobe AIR
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"ALchemy" = Creative ALchemy
"AnyDVD" = AnyDVD
"AudioCS" = Creative Audio Control Panel
"Beech B60 Duke Rip" = Beech B60 Duke Rip
"Bus-Simulator 2012_is1" = Bus-Simulator 2012
"CHControlManager_is1" = CH Control Manager Software
"CleanMyPC - Registry Cleaner_is1" = CleanMyPC - Registry Cleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Common-Use Signing Interface" = Common-Use Signing Interface
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Dispatch Planner X" = Dispatch Planner X
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EZdok Camera for Microsoft Flight Simulator X" = EZdok Camera for Microsoft Flight Simulator X
"FinePix Genie_is1" = FUJIFILM MyFinePix Studio 1.0
"Flight Info X" = Flight Info X 1.0.3
"FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"FS_Real_Time" = FS Real Time v1.91.1
"FS2Crew: PMDG 737 NGX Edition" = FS2Crew: PMDG 737 NGX Edition
"FSBuild 2" = FSBuild 2
"Fsbuild 2.4.0.18" = Fsbuild 2.4.0.18
"FSDreamTeam GSX_is1" = FSDreamTeam GSX 1.0.0
"FSWidgets Electronic Flight Bag for FSX_is1" = FSWidgets - EFB for FSX
"GFWL_{434D083E-7E9A-4D3A-914B-121000008100}" = Operation Flashpoint ®: Red River
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"GoFlight Software_is1" = GoFlight Cockpit Control System version 2.03
"Google Chrome" = Google Chrome
"InstallShield_{11192AA7-FBE3-4150-9667-EE7279CCC769}" = LEGO® Indiana Jones™ 2: The Adventure Continues
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{5AD2D1FB-C8C1-4DE9-908F-246940A9829A}" = Dinosaur Activity Studio
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"IObit Malware Fighter_is1" = IObit Malware Fighter
"Lotus Simulations L-39 Albatros v1.35" = Lotus Simulations L-39 Albatros v1.35
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Miro" = Miro
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"MyPalsPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter
"OpenAL" = OpenAL
"Photodex Presenter" = Photodex Presenter
"PhotoPro" = SIGMA Photo Pro
"Precision" = EVGA Precision 1.9.5
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"ProShow Producer" = ProShow Producer
"PunkBusterSvc" = PunkBuster Services
"RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X
"SGU_is1" = SGU
"SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X Service Pack 1
"STBV2_is1" = SuperTrafficBoard v2 FSX
"Syndicate_is1" = Syndicate
"SystemRequirementsLab" = System Requirements Lab
"TOPCAT" = TOPCAT 2.70 - Take-Off and Landing Performance Calculation Tool
"UPCShell" = LeapFrog Connect
"uTorrent" = µTorrent
"VIRTUALI Addon ManagerX 2.9.0.1_is1" = VIRTUALI Addon ManagerX
"VLC media player" = VLC media player 1.1.11
"WaveStudio 7" = Creative WaveStudio 7
"WinGimp-2.0_is1" = GIMP 2.6.11
"Wings of POWER II: B17" = Wings of POWER II: B17
"WinLiveSuite" = Windows Live Essentials
"WOLLONGONG_X 1.00" = WOLLONGONG_X 1.00

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"097dbf5de184dfda" = FS Economy client for FSX
"95d51667c4950ec1" = OZx Airfield Launcher Program
"BOB Version 1.0" = BOB Version 1.0
"CLS A330/A340 FSX (SP2 compatible)" = CLS A330/A340 FSX (SP2 compatible)
"FSCaptain" = FSCaptain
"jlGui 3.0" = jlGui 3.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/8/2012 10:05:39 PM | Computer Name = JohnLani-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/8/2012 10:06:53 PM | Computer Name = JohnLani-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/8/2012 10:13:57 PM | Computer Name = JohnLani-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/8/2012 10:20:04 PM | Computer Name = JohnLani-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/8/2012 10:20:04 PM | Computer Name = JohnLani-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/8/2012 10:20:51 PM | Computer Name = JohnLani-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/8/2012 10:29:48 PM | Computer Name = JohnLani-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/8/2012 10:37:16 PM | Computer Name = JohnLani-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/8/2012 10:52:02 PM | Computer Name = JohnLani-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/8/2012 11:04:36 PM | Computer Name = JohnLani-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/8/2012 11:22:22 PM | Computer Name = JohnLani-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ Media Center Events ]
Error - 12/4/2009 6:29:51 PM | Computer Name = JohnLani-PC | Source = MCUpdate | ID = 0
Description = 9:29:51 AM - Failed to retrieve Directory (Error: The operation has
timed out)

Error - 12/4/2009 6:31:43 PM | Computer Name = JohnLani-PC | Source = MCUpdate | ID = 0
Description = 9:31:01 AM - Failed to retrieve ClientUpdate (Error: The underlying
connection was closed: An unexpected error occurred on a receive.)

Error - 12/4/2009 6:33:56 PM | Computer Name = JohnLani-PC | Source = MCUpdate | ID = 0
Description = 9:33:23 AM - Failed to retrieve MCEClientUX (Error: The operation
has timed out)

Error - 12/4/2009 6:34:09 PM | Computer Name = JohnLani-PC | Source = MCUpdate | ID = 0
Description = 9:34:08 AM - Failed to retrieve Broadband (Error: The remote name
could not be resolved: 'data.tvdownload.microsoft.com')

[ OSession Events ]
Error - 5/15/2011 7:24:11 PM | Computer Name = JohnLani-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/28/2011 7:47:45 PM | Computer Name = JohnLani-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 101
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/8/2011 4:37:37 AM | Computer Name = JohnLani-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 98
seconds with 60 seconds of active time. This session ended with a crash.

Error - 11/14/2011 7:06:21 PM | Computer Name = JohnLani-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 249
seconds with 120 seconds of active time. This session ended with a crash.

Error - 11/17/2011 6:16:14 AM | Computer Name = JohnLani-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 139
seconds with 120 seconds of active time. This session ended with a crash.

Error - 11/21/2011 9:34:15 PM | Computer Name = JohnLani-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 128
seconds with 120 seconds of active time. This session ended with a crash.

Error - 12/1/2011 6:28:58 AM | Computer Name = JohnLani-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/1/2011 6:29:27 AM | Computer Name = JohnLani-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/16/2011 3:03:50 AM | Computer Name = JohnLani-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 326
seconds with 120 seconds of active time. This session ended with a crash.

Error - 1/4/2012 5:41:34 PM | Computer Name = JohnLani-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 141
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/8/2012 8:52:10 PM | Computer Name = JohnLani-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 6/8/2012 8:52:12 PM | Computer Name = JohnLani-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
discache ElbyCDIO KLIF MpFilter spldr Wanarpv6

Error - 6/8/2012 8:53:59 PM | Computer Name = JohnLani-PC | Source = DCOM | ID = 10005
Description =

Error - 6/8/2012 8:54:06 PM | Computer Name = JohnLani-PC | Source = DCOM | ID = 10005
Description =

Error - 6/8/2012 8:54:09 PM | Computer Name = JohnLani-PC | Source = DCOM | ID = 10005
Description =

Error - 6/8/2012 8:54:10 PM | Computer Name = JohnLani-PC | Source = DCOM | ID = 10005
Description =

Error - 6/8/2012 8:54:10 PM | Computer Name = JohnLani-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068

Error - 6/8/2012 10:27:26 PM | Computer Name = JohnLani-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 6/8/2012 10:27:27 PM | Computer Name = JohnLani-PC | Source = Service Control Manager | ID = 7031
Description = The User Profile Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.

Error - 6/8/2012 10:27:27 PM | Computer Name = JohnLani-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Management Instrumentation service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
120000 milliseconds: Restart the service.


< End of report >
  • 0

#6
godawgs
Posted 09 June 2012 - 08:35 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the log. I'll be back shortly and we'll kill the sirefef bugger and take it from there.
  • 0

#7
godawgs
Posted 09 June 2012 - 08:48 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
We are going to kill the culprit and reset the Winsock.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the Protection tab
Remove the tick from "Start with Windows"
Reboot and start with number 1. below to run the OTL fix.
Posted Image

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box , right click and click Copy.
:COMMANDS
[SETRESTOREPOINT]

:OTL
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O20:64bit: - HKLM Winlogon: UserInit - (C:\Users\JohnLani\AppData\Roaming\Fxnu8RiZ6Zl.exe) - File not found
O33 - MountPoints2\{2ae4007b-c6b7-11de-a285-001cc0372afd}\Shell - "" = AutoRun
O33 - MountPoints2\{2ae4007b-c6b7-11de-a285-001cc0372afd}\Shell\AutoRun\command - "" = G:\setup.exe
[2012/06/09 13:00:18 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{46146aa2-bd24-d0de-ef95-74d607514c2e}\U\80000000.@
[2012/06/09 11:34:43 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{46146aa2-bd24-d0de-ef95-74d607514c2e}\U\00000008.@
[2012/06/09 10:56:34 | 000,093,696 | ---- | C] () -- C:\Windows\Installer\{46146aa2-bd24-d0de-ef95-74d607514c2e}\U\80000032.@
[2012/06/09 10:56:34 | 000,076,800 | ---- | C] () -- C:\Windows\Installer\{46146aa2-bd24-d0de-ef95-74d607514c2e}\U\80000064.@
[2012/06/06 14:10:36 | 000,000,740 | ---- | C] () -- C:\Windows\Installer\{46146aa2-bd24-d0de-ef95-74d607514c2e}\L\00000004.@
[2012/06/06 14:10:35 | 000,001,584 | ---- | C] () -- C:\Windows\Installer\{46146aa2-bd24-d0de-ef95-74d607514c2e}\U\000000cb.@
[2012/06/06 14:10:35 | 000,001,536 | ---- | C] () -- C:\Windows\Installer\{46146aa2-bd24-d0de-ef95-74d607514c2e}\U\00000004.@
[2012/01/12 15:59:40 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{46146aa2-bd24-d0de-ef95-74d607514c2e}\@
@Alternate Data Stream - 1252 bytes -> C:\ProgramData\Microsoft:mn8diT51cfJ14E7H2VX
@Alternate Data Stream - 1141 bytes -> C:\ProgramData\Microsoft:Ot0N5vFRKfsSQqh370Z3

:FILES
C:\Users\JohnLani\AppData\Roaming\Fxnu8RiZ6Zl.exe
C:\Windows\Installer\{46146aa2-bd24-d0de-ef95-74d607514c2e}

:COMMANDS
[EMPTYTEMP]
[RESETHOSTS]

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Posted Image Run ComboFix
***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Disable your Firewall

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Also allow the installation of the recovery console (XP only)

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If you recieve an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer. That will cure it.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Don't forget to reenable your Firewall and Anti-Virus


Step-3.

  • Re-open OTL and click the Quick Scan Button
  • Post the log it produces in your next reply.


Step-4

Reset Winsock

Go to this MS site and run the Fixit about halfway down the page.


Step-5.

Things For Your Next Post:
1. The OTL fixes log
2. The ComboFix log
3. The new OTL.txt log
  • 0

#8
jblb2009
Posted 09 June 2012 - 06:46 PM

jblb2009

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks, i believe this has removed the Trojan. I really appreciate your help on this.

Here are the logs.


ComboFix 12-06-09.02 - JohnLani 10/06/2012 10:09:52.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4029.2376 [GMT 10:00]
Running from: c:\users\JohnLani\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\JohnLani\181.JPG
c:\users\JohnLani\AppData\Roaming\JohnLanilog.dat
c:\users\JohnLani\AppData\Roaming\Roaming
c:\users\JohnLani\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst
c:\windows\SysWow64\DBCDBF32.DLL
c:\windows\UNWISE.EXE
D:\install.exe
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-10 to 2012-06-10 )))))))))))))))))))))))))))))))
.
.
2012-06-09 23:39 . 2012-06-09 23:39 -------- d-----w- C:\_OTL
2012-06-09 12:26 . 2012-05-08 00:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB27F432-9EBC-4372-AD0C-365EE0D14091}\mpengine.dll
2012-06-09 00:00 . 2012-06-09 00:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-09 00:00 . 2012-04-04 05:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-08 23:53 . 2012-06-08 23:53 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB2A6CDA-CA0A-4E64-BBC4-F1DFC7BF06C5}\gapaengine.dll
2012-06-08 23:53 . 2012-05-08 00:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-08 23:48 . 2012-06-08 23:48 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-08 13:00 . 2012-06-08 13:00 -------- d-----w- c:\users\Default\AppData\Roaming\IObit
2012-06-08 10:02 . 2012-06-08 10:02 388096 ----a-r- c:\users\JohnLani\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-08 10:02 . 2012-06-08 10:02 -------- d-----w- c:\program files (x86)\Trend Micro
2012-06-08 09:27 . 2012-06-08 09:27 -------- d-----w- c:\users\JohnLani\AppData\Roaming\IObit
2012-06-08 09:21 . 2012-06-08 09:49 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-08 07:49 . 2012-06-08 07:49 -------- d-----w- c:\users\Default\AppData\Local\Microsoft
2012-06-08 04:55 . 2011-04-24 13:13 147856 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\[email protected]_bak2\components\kavlinkfilter.dll
2012-06-08 04:55 . 2012-06-09 03:34 -------- d-----w- c:\programdata\Kaspersky Lab
2012-06-08 04:55 . 2012-06-08 04:55 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-06-08 04:51 . 2012-06-08 04:51 -------- d-----w- c:\users\systemprofile
2012-06-08 04:13 . 2012-06-08 04:13 -------- d-----w- c:\users\JohnLani\AppData\Roaming\Malwarebytes
2012-06-08 04:13 . 2012-06-08 04:13 -------- d-----w- c:\programdata\Malwarebytes
2012-06-06 04:21 . 2012-06-06 04:21 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-03 08:43 . 2012-06-03 08:43 -------- d-----w- c:\program files (x86)\Wings of POWER II
2012-05-28 03:22 . 2012-05-28 03:22 -------- d-----w- c:\programdata\Navigraph
2012-05-15 02:50 . 2012-05-15 02:50 94208 ----a-w- c:\windows\system32\drivers\rzudd.sys
2012-05-15 02:36 . 2012-05-15 02:36 142848 ----a-w- c:\windows\SysWow64\rztouchdll.dll
2012-05-15 02:36 . 2012-05-15 02:36 354816 ----a-w- c:\windows\SysWow64\rzdevicedll.dll
2012-05-15 02:36 . 2012-05-15 02:36 165888 ----a-w- c:\windows\SysWow64\rzaudiodll.dll
2012-05-13 12:37 . 2012-05-13 12:37 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-13 12:37 . 2012-05-13 12:37 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-12 02:55 . 2012-05-12 03:01 -------- d-----w- c:\program files (x86)\Razer
2012-05-12 02:55 . 2012-05-12 02:55 -------- d-----w- c:\users\JohnLani\AppData\Local\Razer
2012-05-12 02:55 . 2012-05-12 02:55 -------- d-----w- c:\programdata\Razer
2012-05-11 04:48 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-11 04:48 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-11 04:48 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 04:48 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-11 04:48 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 04:48 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-11 04:48 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 04:47 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 04:47 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 04:47 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 04:47 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 04:47 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 04:47 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 08:03 . 2012-04-02 22:52 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 08:03 . 2011-05-14 05:52 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 08:02 . 2012-04-14 10:02 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-20 10:44 . 2012-03-20 10:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 10:44 . 2012-03-20 10:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
1998-09-25 03:16 . 2010-04-09 09:51 270848 ----a-w- c:\program files (x86)\UNWISE.EXE
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CreativeTaskScheduler"="c:\program files (x86)\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
"Creative Software Update"="c:\program files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe" [2009-01-15 430968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"BigDogPath"="c:\windows\VM302Snap.exe" [2007-03-26 49152]
"Domino"="c:\windows\Domino.exe" [2006-07-03 49152]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"Matrox PowerDesk"="c:\program files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Startup.exe" [2011-05-11 884744]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-09 49208]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-01 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2012-05-29 313768]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 feuorkjv;feuorkjv;c:\windows\system32\drivers\feuorkjv.sys [x]
R1 ozuuiixh;ozuuiixh;c:\windows\system32\drivers\ozuuiixh.sys [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-21 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-01-10 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-10-31 79360]
R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-11-01 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-21 136176]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 npusbio;npusbio;c:\windows\system32\Drivers\npusbio_x64.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-04-28 33184]
R3 SysTool;SysTool Overclocking Utility;c:\windows\system32\DRIVERS\SysTool64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-04-28 21872]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [x]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-09 821592]
S2 Matrox.Pdesk3.ServicesHost;Matrox.Pdesk3.ServicesHost;c:\program files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Services.exe [2011-05-11 3703816]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S3 chdrvr01;CH Control Manager Driver 1;c:\windows\system32\DRIVERS\chdrvr01.sys [x]
S3 chdrvr02;CH Control Manager Driver 2;c:\windows\system32\DRIVERS\chdrvr02.sys [x]
S3 chdrvr03;chdrvr03;c:\windows\system32\DRIVERS\chdrvr03.sys [x]
S3 gfvknt;GoFlight Virtual HID Keyboard;c:\windows\system32\DRIVERS\gfvknt64.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 08:03]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-21 06:05]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-21 06:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.au/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with ImTOO iPhone Transfer Platinum - c:\program files (x86)\ImTOO\iPhone Transfer Platinum\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: abr.gov.au\www
Trusted Zone: ato.gov.au\www
Trusted Zone: bussiness.gov.au\www
TCP: DhcpNameServer = 10.0.0.138
DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_test.cab
FF - ProfilePath - c:\users\JohnLani\AppData\Roaming\Mozilla\Firefox\Profiles\q7fmh5uv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Adobe Acrobat - Create PDF: [email protected] - c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
SafeBoot-97778890.sys
AddRemove-A2A Accusim for the Wings of Silver B377 - c:\windows\UNWISE.EXE
AddRemove-A2A Captain of the Ship - c:\windows\UNWISE.EXE
AddRemove-A2A Wings of Silver B377 Stratocruiser - c:\windows\UNWISE.EXE
AddRemove-PhotoPro - c:\windows\System32\PPUninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BFE]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MpsSvc]
"ImagePath"="."
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2492522159-3966296365-4233763221-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2e,41,47,75,db,83,92,e7,9f,88,62,03,31,9d,79,72,91,bc,be,3c,58,7f,0c,
17,43,9c,49,3b,25,52,6d,87,b6,84,be,5a,0d,a6,41,56,80,1b,27,db,87,a3,cb,92,\
"??"=hex:4b,17,2f,5e,9b,f8,55,d1,d5,d6,59,2a,d8,e0,3e,b4
.
[HKEY_USERS\S-1-5-21-2492522159-3966296365-4233763221-1001\Software\SecuROM\License information*]
"datasecu"=hex:2c,5d,2f,7f,ff,49,a0,d8,d1,b7,25,31,05,7f,c9,31,c7,e2,34,80,8e,
17,df,8a,b8,51,20,21,a5,8b,ea,79,47,90,6a,e4,8c,8b,33,95,e6,f4,88,3a,19,cc,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\0¥.*]
@=multi:"\00\04\00\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ö%*]
"DFC90B5F2B0FFA63D84FD16F6BF37C4B"=multi:"\00\00\04\00\00\00ÿÿ\00\00¸\00\00\00\00\00\00\00@\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00ø\00\00\00\0e\1fº\0e\00´\09Í!¸\01LÍ!This program cannot be run in DOS mode.\0d\0d\0a$\00\00\00\00\00\00\00pÎð•4¯žÆ4¯žÆ4¯žÆ[Ù5Æ\01¯žÆ[Ù\00Æ)¯žÆ[Ù4ƽ¯žÆSÙ5Æ1¯žÆ=×\0dÆ9¯žÆ4¯ŸÆ‘¯žÆSÙ1Æ'¯žÆSÙ\05Æ5¯žÆSÙ\04Æ5¯žÆSÙ\03Æ5¯žÆRich4¯žÆ\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00PE\00\00L\01\04\001\0d¢K\00\00\00\00\00\00\00\00à\00\"!\0b\01\0a\00\00Š\03\00\00¤\00\00\00\00\00\00%\08\02\00\00\10\00\00\00 \03\00\00\00\00\10\00\10\00\00\00\02\00\00\05\00\01\00\0a\00\00\00\05\00\01\00\00\00\00\00\00P\04\00\00\04\00\00ßÛ\04\00\02\00@\01\00\00\10\00\00\10\00\00\00\00\10\00\00\10\00\00\00\00\00\00\10\00\00\00Е\03\00Å\03\00\00ä‰\03\00Œ\00\00\00\00à\03\00 7\00\00\00\00\00\00\00\00\00\00\00\0c\04\00P\17\00\00\00 \04\00œ \00\00°\12\00\00\1c\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00ø\19\01\00@\00\00\00\00\00\00\00\00\00\00\00\00\10\00\00d\02\00\00´ˆ\03\00`\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00.text\00\00\00•‰\03\00\00\10\00\00\00Š\03\00\00\04\00\00\00\00\00\00\00\00\00\00\00\00\00\00 \00\00`.data\00\00\00X;\00\00\00 \03\00\00\16\00\00\00Ž\03\00\00\00\00\00\00\00\00\00\00\00\00\00@\00\00À.rsrc\00\00\00 7\00\00\00à\03\00\008\00\00\00¤\03\00\00\00\00\00\00\00\00\00\00\00\00\00@\00\[email protected]\00\00$.\00\00\00 \04\00\000\00\00\00Ü\03\00\00\00\00\00\00\00\00\00\00\00\00\00@\00\00B\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="26D922C4406A8836BADB274606C82AB2E3BBD0E7D2AD792D90EA0647493A750506F03A797B4F2F7938D1388B55D75FDA3B410B688CEA968AC42A6C732DB3F1C931814C8C2A2FEC5A2DE55C4E87B733F3DC9D38AF9366137D1DD394E5A6B67121D03183227E8CDA2D433BC795A27818458F11344A5D5BDA60A4E42151BD4D7A1BD2DC6CB2B35CB9D6E72D103EB09BFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CA9C6AECB7A5D1407C038D530D6EB3452113950E635DD016BF4076DA1518D2441408CA8040890EF7D4BCE48B94BA7E074BA7EDD253C97BA35C91B5F833D6C2B9FA2615BDF159B86B44C8CB0581F6408CCA2E865B4938D2B0DDFB07EC6516892BA3DBD70A048B07CD0158A1F1BE7AD4EF1A2046BA921B0A221CC27CE7BFC5778CF7DF48F723B2B64BB0C2FFA6C048457993E6B36CAAE447791C97199669361858CF4EEA13A67B7D351BEF66F6839394AEC194FD2936AE10176B5946B01C8826295DC28D589AD58655F5B73EBE3ADF3D2097CF613B463731B5990A996F6B88D3B000F2D1E2CCE63B8ACB7C72464702F22FC55BA0990913928B6036230296225C4D70A22AF1FF58170F049AB8DA570396A5034870D3FCBC70B8255FD902CA643B11DF14006942DB13356AE6CE39303B5E27ACC603C0CD1062F2375D455C74DB33DBF0C505EF0E1C4A9FD266B2754E01CC8E9FB58F576C230FDEF74CF6079FE98A42BC4B33B4E6961857C149A1A3B2435DA7DBA1ADEB126D4E9390A6CD5714C65AA362ADB62F97A8077590082C3D4CE9FDC8D2BE25FA6E45AE7BF8FBF1E14A6E412B2EED05EF531EF369096C16FDE45D0965F9283A26FCBF5EE3B826EE7F964B12862EAAD7CF60DD27D91A606AB4BD08DD23259E199DB8BB4FD53843224EE3F3CB7FB19A2D0676F1D0CC0A4944C429BF162B68D75F7EF3BF414295C5A8775D6CB942C96F130E4A199A277A846691D38EA18115E4D36E1D3EC364B74C88B40AC771290A8F2B4BFCFE50A00ED07DBE919BBCCDBA28A112032226C4258736C39A72D0B3C34913D7E08F38C1C55D6C4EC987C5A23D06287469871C507BBE4AC7B12AB5E37C5CC6ADA3C8877FCE249851BF09722E7881EDD2B2B0B4F87F43B91581A896C7B8A3724C147BF9D4D3D09479F454A8720091A9CD4F3F1A0A6FB2AA2D3D1AE1A78D67994D46284D629B1CF73591829F0333649907EDF7D50B9F0F5AD27B1D85212A1CD27E92D9AFD1EAE6F3AD9D11A4B7F9BAEC898425B7D8A93F844BE9117039D058312892B16EF32494A0EE7BF5885D4E4E51A46CD094658CB23BB3AB1CF1CE6BF7E4873C363115E39DBA67E917193F962991DDE9EDB5054A175ACEF323B14ACB535069642BDC68B592D004C5CCAED26898E"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
.
**************************************************************************
.
Completion time: 2012-06-10 10:29:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-10 00:29
.
Pre-Run: 24,325,210,112 bytes free
Post-Run: 25,082,585,088 bytes free
.
- - End Of File - - 45F99330949BD8CF60DFBCAC4A027B99



All processes killed
========== COMMANDS ==========
Error: Unable to interpret <[SETRESTOREPOINT]> in the current context!
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Users\JohnLani\AppData\Roaming\Fxnu8RiZ6Zl.exe deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ae4007b-c6b7-11de-a285-001cc0372afd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ae4007b-c6b7-11de-a285-001cc0372afd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ae4007b-c6b7-11de-a285-001cc0372afd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ae4007b-c6b7-11de-a285-001cc0372afd}\ not found.
File G:\setup.exe not found.
File C:\Windows\Installer\{46146aa2-bd24-d0de-ef95-74d607514c2e}\U\80000000.@ not found.
C:\Windows\Installer\{46146aa2-bd24-d0de-ef95-74d607514c2e}\U\00000008.@ moved successfully.
File C:\Windows\Installer\{46146aa2-bd24-d0de-ef95-74d607514c2e}\U\80000032.@ not found.
File C:\Windows\Installer\{46146aa2-bd24-d0de-ef95-74d607514c2e}\U\80000064.@ not found.
C:\Windows\Installer\{46146aa2-bd24-d0de-ef95-74d607514c2e}\L\00000004.@ moved successfully.
C:\Windows\Installer\{46146aa2-bd24-d0de-ef95-74d607514c2e}\U\000000cb.@ moved successfully.
C:\Windows\Installer\{46146aa2-bd24-d0de-ef95-74d607514c2e}\U\00000004.@ moved successfully.
C:\Windows\Installer\{46146aa2-bd24-d0de-ef95-74d607514c2e}\@ moved successfully.
ADS C:\ProgramData\Microsoft:mn8diT51cfJ14E7H2VX deleted successfully.
ADS C:\ProgramData\Microsoft:Ot0N5vFRKfsSQqh370Z3 deleted successfully.
========== FILES ==========
File\Folder C:\Users\JohnLani\AppData\Roaming\Fxnu8RiZ6Zl.exe not found.
C:\Windows\Installer\{46146aa2-bd24-d0de-ef95-74d607514c2e}\U folder moved successfully.
C:\Windows\Installer\{46146aa2-bd24-d0de-ef95-74d607514c2e}\L folder moved successfully.
Folder move failed. C:\Windows\Installer\{46146aa2-bd24-d0de-ef95-74d607514c2e} scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temporary Internet Files folder emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 43720 bytes
->Flash cache emptied: 56502 bytes

















User: JohnLani
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1526826855 bytes
->Java cache emptied: 5206588 bytes
->FireFox cache emptied: 47400015 bytes
->Google Chrome cache emptied: 245049664 bytes
->Apple Safari cache emptied: 2445312 bytes
->Flash cache emptied: 301405 bytes

User: Public

User: systemprofile

User: User
->Java cache emptied: 31272540 bytes
->FireFox cache emptied: 39999275 bytes
->Flash cache emptied: 121575 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1414385 bytes
%systemroot%\System32 .tmp files removed: 4857232 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1804203 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 389 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,819.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.48.0 log created on 06102012_093946

Files\Folders moved on Reboot...
C:\Windows\Installer\{46146aa2-bd24-d0de-ef95-74d607514c2e}\U folder moved successfully.
C:\Windows\Installer\{46146aa2-bd24-d0de-ef95-74d607514c2e} folder moved successfully.

Registry entries deleted on Reboot...








OTL logfile created on: 6/10/2012 10:38:08 AM - Run 3
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\JohnLani\Documents\NSWFB
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.93 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 56.21% Memory free
7.87 Gb Paging File | 5.98 Gb Available in Paging File | 75.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 23.56 Gb Free Space | 23.56% Space Free | Partition Type: NTFS
Drive D: | 300.00 Gb Total Space | 13.41 Gb Free Space | 4.47% Space Free | Partition Type: NTFS
Drive E: | 65.76 Gb Total Space | 24.65 Gb Free Space | 37.49% Space Free | Partition Type: NTFS

Computer Name: JOHNLANI-PC | User Name: JohnLani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/09 22:58:03 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\JohnLani\My Documents\NSWFB\OTL.exe
PRC - [2012/05/29 18:21:44 | 000,313,768 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
PRC - [2012/05/23 11:56:51 | 001,240,088 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/02/09 19:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2012/01/03 23:10:50 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011/11/12 11:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2011/11/12 10:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/05/11 14:32:08 | 007,535,112 | ---- | M] (Matrox Graphics Inc.) -- C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Core.exe
PRC - [2011/05/11 14:32:08 | 003,703,816 | ---- | M] (Matrox Graphics Inc) -- C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Services.exe
PRC - [2011/05/11 14:32:08 | 000,884,744 | ---- | M] (Matrox Graphics Inc.) -- C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Startup.exe
PRC - [2010/05/01 16:08:33 | 000,186,760 | ---- | M] () -- C:\Program Files (x86)\Photodex\ProShowProducer\scsiaccess.exe
PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2008/11/18 12:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2007/03/27 09:24:06 | 000,049,152 | ---- | M] (Vimicro) -- C:\Windows\VM302Snap.exe
PRC - [2006/11/17 16:42:46 | 000,053,341 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
PRC - [2006/07/04 06:16:32 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/23 11:56:50 | 000,441,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppgooglenaclpluginchrome.dll
MOD - [2012/05/23 11:56:49 | 003,922,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll
MOD - [2012/05/23 11:55:35 | 000,553,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\libglesv2.dll
MOD - [2012/05/23 11:55:33 | 000,117,784 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\libegl.dll
MOD - [2012/05/23 11:55:24 | 000,134,696 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\avutil-51.dll
MOD - [2012/05/23 11:55:23 | 000,250,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\avformat-54.dll
MOD - [2012/05/23 11:55:21 | 002,375,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll
MOD - [2012/05/12 14:17:46 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\e72d56a0f58bcf95890614700f925609\System.Management.ni.dll
MOD - [2012/05/12 14:15:28 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\ac5d04fd61df57da0f9976440a8c6c58\System.Runtime.DurableInstancing.ni.dll
MOD - [2012/05/12 14:15:27 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4dd48e938a8834fe950cf0cd11603c71\SMDiagnostics.ni.dll
MOD - [2012/05/12 14:15:26 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\3fe3910474b3e2a08fca9b09330a74f7\System.Runtime.Serialization.ni.dll
MOD - [2012/05/12 14:15:24 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8f0cf05d2b1e46a772312143227cb6ed\System.Xml.Linq.ni.dll
MOD - [2012/05/12 14:14:58 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a181199f8dec15116e1c2eb4a79ec22b\System.Xaml.ni.dll
MOD - [2012/05/11 23:07:09 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\142c428042c2dba4d5ac72495142f58c\PresentationFramework.ni.dll
MOD - [2012/05/11 23:06:53 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\5c18a8cca40f5abb3617826e529a4be9\PresentationCore.ni.dll
MOD - [2012/05/11 23:06:42 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dac2093a24d7582eaee5ebd24ba1d06a\WindowsBase.ni.dll
MOD - [2012/05/11 23:06:42 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3263fe38362543170c1682381eeac25a\PresentationFramework.Aero.ni.dll
MOD - [2012/05/11 23:03:33 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\71109720564155295fbaaff1202a33c0\System.Windows.Forms.ni.dll
MOD - [2012/05/11 23:03:27 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5be779e4d55a04c3b86644505facbe9a\System.Drawing.ni.dll
MOD - [2012/05/11 23:03:23 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3e4f9b3b78f0f13b7469a14e69d756ef\System.Core.ni.dll
MOD - [2012/05/11 23:03:22 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6711765f90c0082ec393943b924ed277\System.Configuration.ni.dll
MOD - [2012/05/11 23:03:21 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bd2433e160ce2f19acc8ebe10babae8d\System.Xml.ni.dll
MOD - [2012/05/11 23:03:18 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9cf67ed1b743fbc3dd6b78fbc0595236\System.ni.dll
MOD - [2012/05/11 23:03:12 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll
MOD - [2011/11/01 22:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 22:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/14 08:19:06 | 008,500,224 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2011/09/14 08:19:06 | 002,348,544 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2006/07/04 06:16:32 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/01 17:42:24 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/09/12 00:40:22 | 002,287,360 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/05/05 18:03:07 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/09 19:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/11/12 10:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/08/13 21:25:00 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/05/11 14:32:08 | 003,703,816 | ---- | M] (Matrox Graphics Inc) [Auto | Running] -- C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Services.exe -- (Matrox.Pdesk3.ServicesHost)
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [On_Demand | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2010/11/20 22:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 22:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 22:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/05/01 16:08:33 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\ProShowProducer\scsiaccess.exe -- (ScsiAccess)
SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/11 07:51:05 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/10/31 19:31:48 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/18 12:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/08 14:55:05 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/05/15 12:50:18 | 000,094,208 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 16:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/05/20 20:04:32 | 000,017,496 | ---- | M] (CH Products) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\chdrvr03.sys -- (chdrvr03)
DRV:64bit: - [2011/05/20 20:04:30 | 000,013,016 | ---- | M] (CH Products) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\chdrvr02.sys -- (chdrvr02)
DRV:64bit: - [2011/05/20 20:04:28 | 000,251,224 | ---- | M] (CH Products) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\chdrvr01.sys -- (chdrvr01)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 16:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/03/04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2010/11/20 23:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/16 22:09:50 | 000,038,056 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/09/14 23:16:15 | 000,125,888 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010/07/09 13:19:02 | 000,021,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134)
DRV:64bit: - [2010/04/19 19:29:18 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2010/01/03 19:01:55 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/01/03 19:01:55 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/12/17 16:49:02 | 000,045,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npusbio_x64.sys -- (npusbio)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/08/03 10:12:00 | 001,289,216 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P17.sys -- (P17)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 06:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/12/08 13:48:44 | 000,023,040 | ---- | M] (GoFlight, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gfvknt64.sys -- (gfvknt)
DRV:64bit: - [2008/06/27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007/04/04 12:28:40 | 001,495,936 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbVM302.sys -- (ZSMC301b) Vimicro USB PC Camera (ZC0302)
DRV:64bit: - [2007/03/18 08:43:28 | 000,301,824 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vvftav302.sys -- (vvftav302)
DRV:64bit: - [2006/11/10 23:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SysTool64.sys -- (SysTool)
DRV - [2012/04/28 13:16:22 | 000,021,872 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2012/04/28 13:16:20 | 000,033,184 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2012/01/05 18:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2010/09/14 23:16:15 | 000,125,888 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/12/18 10:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\JohnLani\Documents\NSWFB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D2 AB BC A3 00 5A CA 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@abr.gov.au/KeyMgmtPlugin: C:\Program Files (x86)\ABR\Plug-In\bin\npAUSkeyPlugin.dll (Commonwealth Government of Australia)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@csi.business.gov.au/CsiPlugin: C:\Program Files (x86)\Common-Use Signing Interface\bin\npCsiPlugin.dll (Commonwealth Government of Australia)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/18 08:16:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/02/02 15:51:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/06/08 15:10:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/06/08 15:10:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/11 20:05:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/11 20:05:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/18 08:16:01 | 000,000,000 | ---D | M]

[2011/03/21 09:07:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JohnLani\AppData\Roaming\Mozilla\Extensions
[2010/08/02 14:01:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JohnLani\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/11/01 10:11:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JohnLani\AppData\Roaming\Mozilla\Firefox\extensions
[2009/11/01 10:13:41 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\JohnLani\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2012/05/19 22:15:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JohnLani\AppData\Roaming\Mozilla\Firefox\Profiles\q7fmh5uv.default\extensions
[2011/08/28 03:22:00 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\JohnLani\AppData\Roaming\Mozilla\Firefox\Profiles\q7fmh5uv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/08 15:10:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/08 13:53:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/08 14:55:53 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak2
[2012/02/02 15:51:34 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\JohnLani\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ABR_AUSkey Mozilla Plugin (Enabled) = C:\Program Files (x86)\ABR\Plug-In\bin\npAUSkeyPlugin.dll
CHR - plugin: CSI Mozilla Plugin (Enabled) = C:\Program Files (x86)\Common-Use Signing Interface\bin\npCsiPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Raindrops = C:\Users\JohnLani\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcipapbfhdnmgihoimbjiadmhpcgcnil\1.0.0.2_0\
CHR - Extension: YouTube = C:\Users\JohnLani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\JohnLani\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\JohnLani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Virtual Keyboard = C:\Users\JohnLani\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Gmail = C:\Users\JohnLani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\JohnLani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2012/06/10 10:21:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BigDogPath] C:\Windows\VM302Snap.exe (Vimicro)
O4 - HKLM..\Run: [Domino] C:\Windows\Domino.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Matrox PowerDesk] C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Startup.exe (Matrox Graphics Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Creative Software Update] C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [CreativeTaskScheduler] C:\Program Files (x86)\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Download with ImTOO iPhone Transfer Platinum - C:\Program Files (x86)\ImTOO\iPhone Transfer Platinum\upod_link.HTM File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download with ImTOO iPhone Transfer Platinum - C:\Program Files (x86)\ImTOO\iPhone Transfer Platinum\upod_link.HTM File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: abr.gov.au ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ato.gov.au ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bussiness.gov.au ([www] https in Trusted sites)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ent_4.3.1.0.cab (SysInfo Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} http://www.systemreq...reqlab_test.cab (System Requirements Lab Class)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.1.66.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F6A85D9-39A3-425A-9D6F-C812C3F19B3A}: DhcpNameServer = 139.130.4.4 203.50.2.71
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63C57A69-2348-4299-8E70-76FED20EB0D0}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/10 10:29:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/10 10:21:36 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/06/10 10:07:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/10 10:07:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/10 10:07:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/10 10:03:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/06/10 10:02:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/10 09:39:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/09 10:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/09 10:00:12 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/09 10:00:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/09 09:48:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/06/08 20:02:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/06/08 20:02:46 | 000,000,000 | ---D | C] -- C:\Users\JohnLani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/06/08 19:27:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2012/06/08 19:27:00 | 000,000,000 | ---D | C] -- C:\Users\JohnLani\AppData\Roaming\IObit
[2012/06/08 19:21:58 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/08 14:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2012
[2012/06/08 14:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/06/08 14:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/06/08 14:55:05 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/06/08 14:26:17 | 004,539,885 | R--- | C] (Swearware) -- C:\Users\JohnLani\Desktop\ComboFix.exe
[2012/06/08 14:13:03 | 000,000,000 | ---D | C] -- C:\Users\JohnLani\AppData\Roaming\Malwarebytes
[2012/06/08 14:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/06 14:21:51 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/06/03 18:43:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wings of POWER II
[2012/06/03 18:43:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wings of POWER II
[2012/06/01 19:39:20 | 000,000,000 | ---D | C] -- C:\Users\JohnLani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CLS A330_A340
[2012/05/28 13:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navigraph
[2012/05/28 13:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Navigraph
[2012/05/27 22:20:10 | 000,000,000 | ---D | C] -- C:\Users\JohnLani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PollyPot Software
[2012/05/21 16:40:50 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\JohnLani\Desktop\TDSSKiller.exe
[2012/05/15 12:50:18 | 000,094,208 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\rzudd.sys
[2012/05/15 12:36:12 | 000,142,848 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysWow64\rztouchdll.dll
[2012/05/15 12:36:02 | 000,354,816 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysWow64\rzdevicedll.dll
[2012/05/15 12:36:00 | 000,165,888 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysWow64\rzaudiodll.dll
[2012/05/13 22:38:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/13 22:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/13 22:37:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/12 12:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2012/05/12 12:55:14 | 000,000,000 | ---D | C] -- C:\Users\JohnLani\AppData\Local\Razer
[2012/05/12 12:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2012/05/12 12:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer

========== Files - Modified Within 30 Days ==========

[2012/06/10 10:40:59 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/10 10:40:59 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/10 10:32:48 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/10 10:32:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/10 10:32:23 | 3168,862,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/10 10:32:21 | 001,091,192 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2012/06/10 10:21:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/10 10:04:20 | 004,539,885 | R--- | M] (Swearware) -- C:\Users\JohnLani\Desktop\ComboFix.exe
[2012/06/10 10:02:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/10 09:56:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/10 09:39:21 | 000,001,257 | ---- | M] () -- C:\Users\JohnLani\Desktop\OTL - Shortcut.lnk
[2012/06/09 10:02:15 | 000,001,155 | ---- | M] () -- C:\Users\JohnLani\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/09 10:02:15 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/09 09:48:51 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/09 09:48:35 | 000,827,546 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/09 09:48:35 | 000,680,250 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/09 09:48:35 | 000,135,102 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/08 22:57:33 | 003,077,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/08 20:02:46 | 000,003,023 | ---- | M] () -- C:\Users\JohnLani\Desktop\HiJackThis.lnk
[2012/06/08 19:27:17 | 000,001,189 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2012/06/08 15:12:45 | 000,002,521 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/06/08 15:10:33 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/06/08 15:10:27 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/06/08 14:56:20 | 000,017,408 | ---- | M] () -- C:\Users\JohnLani\AppData\Local\WebpageIcons.db
[2012/06/08 14:55:05 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/06/07 19:04:20 | 000,000,181 | ---- | M] () -- C:\Windows\MYOBP.INI
[2012/06/07 19:03:54 | 000,000,041 | ---- | M] () -- C:\Windows\MYOB.INI
[2012/06/06 16:54:09 | 000,000,581 | ---- | M] () -- C:\Users\JohnLani\Desktop\Traffic - Shortcut.lnk
[2012/06/03 21:07:15 | 000,000,786 | ---- | M] () -- C:\Windows\axisConfig.cfg
[2012/06/03 19:55:44 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\A2A Message Boards.lnk
[2012/05/31 19:42:02 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\REX Essential.lnk
[2012/05/28 13:22:37 | 000,002,773 | ---- | M] () -- C:\Users\Public\Desktop\Navigraph nDAC 3.lnk
[2012/05/27 22:20:10 | 000,003,085 | ---- | M] () -- C:\Users\JohnLani\Desktop\GoFlight PMDG Interface.lnk
[2012/05/25 20:22:03 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/05/21 16:40:50 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\JohnLani\Desktop\TDSSKiller.exe
[2012/05/19 22:11:19 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/05/15 12:50:18 | 000,094,208 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\rzudd.sys
[2012/05/15 12:36:12 | 000,142,848 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysWow64\rztouchdll.dll
[2012/05/15 12:36:02 | 000,354,816 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysWow64\rzdevicedll.dll
[2012/05/15 12:36:00 | 000,165,888 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysWow64\rzaudiodll.dll
[2012/05/13 12:37:42 | 000,007,598 | ---- | M] () -- C:\Users\JohnLani\AppData\Local\Resmon.ResmonCfg
[2012/05/12 13:15:19 | 000,002,011 | ---- | M] () -- C:\Users\JohnLani\Desktop\Razer Synapse 2.0.lnk
[2012/05/12 13:01:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf
[2012/05/11 23:05:46 | 000,827,766 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2012/06/10 10:07:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/10 10:07:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/10 10:07:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/10 10:07:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/10 10:07:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/10 09:39:21 | 000,001,257 | ---- | C] () -- C:\Users\JohnLani\Desktop\OTL - Shortcut.lnk
[2012/06/09 10:00:23 | 000,001,155 | ---- | C] () -- C:\Users\JohnLani\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/09 10:00:23 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/09 09:48:46 | 000,001,931 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/08 20:02:46 | 000,003,023 | ---- | C] () -- C:\Users\JohnLani\Desktop\HiJackThis.lnk
[2012/06/08 19:27:17 | 000,001,189 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2012/06/08 14:56:19 | 000,017,408 | ---- | C] () -- C:\Users\JohnLani\AppData\Local\WebpageIcons.db
[2012/06/08 14:55:57 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/06/08 14:55:57 | 000,107,177 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/06/06 16:54:09 | 000,000,581 | ---- | C] () -- C:\Users\JohnLani\Desktop\Traffic - Shortcut.lnk
[2012/06/03 20:30:15 | 000,000,786 | ---- | C] () -- C:\Windows\axisConfig.cfg
[2012/06/03 19:55:44 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\A2A Message Boards.lnk
[2012/05/31 19:42:02 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\REX Essential.lnk
[2012/05/28 13:22:37 | 000,002,773 | ---- | C] () -- C:\Users\Public\Desktop\Navigraph nDAC 3.lnk
[2012/05/27 22:20:10 | 000,003,085 | ---- | C] () -- C:\Users\JohnLani\Desktop\GoFlight PMDG Interface.lnk
[2012/05/19 22:11:19 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012/05/12 13:15:19 | 000,002,011 | ---- | C] () -- C:\Users\JohnLani\Desktop\Razer Synapse 2.0.lnk
[2012/05/12 13:01:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf
[2012/03/14 19:28:03 | 000,184,320 | ---- | C] () -- C:\Windows\SysWow64\dbcmdb32.dll
[2012/03/14 19:28:03 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\dbcjpg32.dll
[2012/03/14 19:28:03 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\DBCMEM32.DLL
[2012/03/14 19:28:03 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\dbcgeo32.dll
[2012/02/09 19:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/12/01 21:58:24 | 000,000,080 | ---- | C] () -- C:\Users\JohnLani\AppData\Local\X-Plane Installer.prf
[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/05/18 08:14:19 | 000,164,600 | ---- | C] () -- C:\Windows\hpoins27.dat.temp
[2011/05/18 08:14:19 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl27.dat.temp
[2011/05/11 10:26:48 | 003,751,424 | ---- | C] () -- C:\Windows\SysWow64\MtxApi.dll
[2011/04/08 15:44:10 | 000,552,960 | ---- | C] () -- C:\Windows\SysWow64\FS2AUDIO.dll
[2011/03/21 09:07:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/03/10 18:01:07 | 000,001,447 | ---- | C] () -- C:\Windows\aeroSystems.ini
[2011/01/22 07:58:59 | 000,212,776 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/11/08 13:51:05 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/09/17 17:20:55 | 000,782,056 | ---- | C] () -- C:\Windows\SysWow64\unins000.exe
[2010/09/17 17:20:55 | 000,031,779 | ---- | C] () -- C:\Windows\SysWow64\unins000.dat
[2010/08/30 11:32:00 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/07/31 22:26:15 | 000,054,404 | ---- | C] () -- C:\Windows\SysWow64\sndspeed.dll
[2010/07/17 08:58:56 | 000,007,598 | ---- | C] () -- C:\Users\JohnLani\AppData\Local\Resmon.ResmonCfg

========== LOP Check ==========

[2011/10/26 15:54:45 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\.BitTornado
[2011/01/04 16:33:41 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Alternative Software Ltd
[2012/01/03 16:05:07 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\AUSkey
[2011/10/08 20:31:36 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\CleanMyPC Software
[2011/01/15 22:07:44 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\com.bigfatsimulations.airportmadness3.3A85083A650345D1ADAB4572C5816AD2DC9802A3.1
[2009/11/01 17:24:04 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\DAEMON Tools Lite
[2011/03/20 09:11:34 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\DiskAid
[2012/04/12 22:58:20 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\EZCA
[2011/12/31 16:13:03 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\FlyingWSimulation
[2012/04/13 18:08:21 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\FS2Crew2010
[2010/09/17 17:20:55 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\FSWidgets
[2011/07/23 17:31:42 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\gtk-2.0
[2012/02/25 17:45:15 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\HiFi
[2011/03/20 09:26:39 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\ImTOO
[2010/08/15 18:56:37 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\InfraRecorder
[2010/02/07 11:07:56 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Internal Workings
[2012/06/08 19:27:00 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\IObit
[2012/01/04 21:05:54 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Jürgen Treml
[2011/08/22 14:33:53 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Kalypso Media
[2010/07/07 09:52:59 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Leadertech
[2011/05/04 09:03:28 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\LogMate
[2011/03/20 09:10:17 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\MobileSyncBrowser
[2010/03/27 12:45:14 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Multi Crew Experience
[2011/12/31 21:52:16 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\MyTraffic
[2010/05/01 16:08:36 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Netscape
[2010/09/21 17:25:23 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\nHancer
[2009/11/22 14:57:04 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Nokia
[2009/11/01 11:03:17 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Participatory Culture Foundation
[2009/10/31 19:32:48 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\PC Suite
[2012/01/27 19:32:42 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\PCF-VLC
[2010/05/01 16:08:16 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Photodex
[2012/06/07 19:10:43 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\PrimoPDF
[2011/06/27 10:27:56 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Publish Providers
[2010/01/03 09:00:53 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\SIGMA
[2011/05/09 16:20:28 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\SmartDraw
[2011/06/27 10:27:54 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Sony
[2011/07/08 17:28:44 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\The Creative Assembly
[2011/12/05 09:10:04 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Ubisoft
[2011/07/25 19:24:11 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Unity
[2012/06/09 10:13:50 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\uTorrent
[2012/02/26 16:03:39 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Virtuali
[2010/08/30 16:51:50 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\WinBatch
[2010/10/30 09:10:04 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Windows Live Writer
[2010/08/09 16:34:32 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Windows NT
[2010/08/02 17:14:21 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Windows SideBar
[2012/03/12 12:40:59 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Z-Software
[2012/06/09 10:46:20 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:ECF54A0E
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:A31FAD21
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:CE2C623F
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:74603393

< End of report >
  • 0

#9
godawgs
Posted 09 June 2012 - 08:21 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi jblb2009,

I'm glad that Kaspersky has stopped the virus notifications. But please don't go away. There are still several issues on your computer that we need to deal with.

I am in the process of reviewing the last logs. It looks like there are some stragglers we are going to need to deal with. I'll be back with a fix soon.
In the meantime, did you run the FixIt on the Microsoft Site? It was Step 4 in my last post.
  • 0

#10
jblb2009
Posted 10 June 2012 - 05:21 AM

jblb2009

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
ok no worries, thanks for letting me know.

Yes i did run fix it.
  • 0

#11
godawgs
Posted 10 June 2012 - 10:16 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi jblb2009,

Before I can prepare the next fix I need to get a couple of files scanned. I need you to answer a couple of questions. And give you some information about a couple of programs you may want to uninstall.

1. Did you turn the User Account Control off on purpose?


You have two antivirus programs on the computer: Microsoft Security Essentials and Kaspersky Anti-Virus 2012. Microsoft is running and Kaspersky is not.

You should only have one anti-virus program installed. Anti-virus programs run in the background providing continuous protection of your system. It's called Real-Time Protection, or scanning, and it uses system resources as it runs. Two or more anti-virus programs running at the same time will use 2 or 3 times the amount of system resources, or more. Because each program wants control of the system, there will be conflicts caused, including false positives. The end result is actually LESS anti-virus protection.

2. Which antivirus do you want left on the system?


Step-1.

File Scanner
There are some files I need you to upload for checking

  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • c:\windows\system32\drivers\feuorkjv.sys
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
Repeat steps 2 through 6 for the following file(s):
  • c:\windows\system32\drivers\ozuuiixh.sys


Let's try to reset the Winsock manually.


Step-2.

Reset/Renew TCP/IP connection

  • Open an elevated command prompt. To do that:
    • Click the Start Orb
    • In the Start Search box type cmd.exe. A program named cmd.exe will be listed at the top of the menu list under Programs
    • Right click on cmd.exe and click Run as Administrator. A black command window will open up.
  • At the blinking cursor type the following commands, pressing the Enter key after each command typed:
    • ipconfig /release
    Back at the blinking cursor tpye the following command, and press the Enter key.
    • ipconfig /renew
  • Back at the blinking cursor type Exit and press the Enter key. This will close the command window.
  • Reboot the computer


Reset Winsock on Vista / 7

  • Open an elevated command prompt. To do that:
    • Click the Start Orb
    • In the Start Search box type cmd.exe. A program named cmd.exe will be listed at the top of the menu list under Programs
    • Right click on cmd.exe and click Run as Administrator. A black command window will open up.
  • At the blinking cursor type the following commands, pressing the Enter key after each command typed:
    • netsh winsock reset catalog
    You should see an entry in the command window similar to the image below:
    Posted Image

    Back at the blinking cursor tpye the following command, and press the Enter key.
    • netsh int ip reset reset.log hit
    You may get a response similar to the one in the image below:
    Posted Image
  • Back at the blinking cursor type Exit and press the Enter key. This will close the command window.
  • Reboot the computer



Step-3.

You have the following Peer-to-Peer program(s) showing in the Programs Installed list in Control Panel. I don't see evidence that they are still installed. As a result you may not be able to uninstall them using the Control Panel but you need to try. If the uninstaller files are gone you will get a Windows message telling you so. In that case we can use Revo Uninstaller to remove the entries left on the system.


PunkBuster Services
uTorrent

GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.

Description of Peer-to-Peer (P2P) software.

P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing. We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.

All programs, folders and files listed below in this color are optional removals, but if you uninstall the program(s) you must delete the folders and files in the corresponding colors.


Optional Removals

1. Please click the Start Orb, click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

PunkBuster Services
uTorrent

3. Click on each program to highlight it and click Change/Remove. (Vista/7 users: right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Users\JohnLani\AppData\Roaming\uTorrent

2. Close Windows Explorer.


Registry Cleaning Tools

Also I see CleanMyPC registry cleaner in the list of installed programs but I don't see any evidence that it is still on the system. You need to try to uninstall the program through the Control Panel and delete the C:\Users\JohnLani\AppData\Roaming\CleanMyPC Software folder. If it can't be uninstalled we can use Revo Uninstaller on it also.

GeeksToGo does not recommend the use of registry cleaning tools.
A registry cleaner will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable.
We strongly advise that people stay away from any of the registry cleaners out there.
Go HERE to get more information about why registry cleaners aren't needed.


IObit Software

  • Please go to Start >> Control Panel >> Add/Remove Programs >>Uninstall:
    • IObit Malware Fighter
  • Delete the following folders:
    C:\Users\JohnLani\AppData\Roaming\IObit
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
    C:\Program Files (x86)\IObit
    C:\users\JohnLani\AppData\Roaming\IObit
These products and all the IOBIT products consume resources unnecessarily and often try to get you to buy the paid version to fix any real issue.
We have alternates that we will use and recommend that do not do that.


Step-4.

  • Re-open OTL on the desktop.
  • Click the QuickScan button.
  • Paste the OTL.txt file in your next reply.


Step-5.

Things For Your Next Post:
1. Answer to the question about the UAC
2. Answer to the question about the antivirus
3. The results from Virscan
4. The new OTL.txt log
  • 0

#12
jblb2009
Posted 10 June 2012 - 07:29 PM

jblb2009

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
1. Did you turn the User Account Control off on purpose? Yes, a while ago i did to remove the pop ups every time I started a program.


You have two antivirus programs on the computer: Microsoft Security Essentials and Kaspersky Anti-Virus 2012. Microsoft is running and Kaspersky is not.

You should only have one anti-virus program installed. Anti-virus programs run in the background providing continuous protection of your system. It's called Real-Time Protection, or scanning, and it uses system resources as it runs. Two or more anti-virus programs running at the same time will use 2 or 3 times the amount of system resources, or more. Because each program wants control of the system, there will be conflicts caused, including false positives. The end result is actually LESS anti-virus protection.

2. Which antivirus do you want left on the system? I will use Microsoft Security Essential, I put Kaspersky on there recetly as a second way to find out what virus I had.





Step-1.

File Scanner
There are some files I need you to upload for checking

Please go to VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
c:\windows\system32\drivers\feuorkjv.sys

Click on the Upload button
If a pop-up appears saying the file has been scanned already, please select the ReScan button.
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

Repeat steps 2 through 6 for the following file(s):
c:\windows\system32\drivers\ozuuiixh.sys


I searched for these files on my system but could not find them at all.

Regarding punk buster and utorrent I have decided to remove bunkbuster but have left utorrent on there so you are aware.
  • 0

#13
jblb2009
Posted 10 June 2012 - 07:45 PM

jblb2009

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OTL logfile created on: 11/06/2012 11:34:33 AM - Run 4
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\JohnLani\Documents\NSWFB
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.93 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 60.44% Memory free
7.87 Gb Paging File | 6.26 Gb Available in Paging File | 79.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 23.44 Gb Free Space | 23.44% Space Free | Partition Type: NTFS
Drive D: | 300.00 Gb Total Space | 45.92 Gb Free Space | 15.31% Space Free | Partition Type: NTFS
Drive E: | 65.76 Gb Total Space | 24.66 Gb Free Space | 37.49% Space Free | Partition Type: NTFS

Computer Name: JOHNLANI-PC | User Name: JohnLani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/09 22:58:03 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\JohnLani\My Documents\NSWFB\OTL.exe
PRC - [2012/05/29 18:21:44 | 000,313,768 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
PRC - [2012/05/23 11:56:51 | 001,240,088 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/02/09 19:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/01/03 23:10:50 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011/11/12 11:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2011/11/12 10:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/05/11 14:32:08 | 007,535,112 | ---- | M] (Matrox Graphics Inc.) -- C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Core.exe
PRC - [2011/05/11 14:32:08 | 003,703,816 | ---- | M] (Matrox Graphics Inc) -- C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Services.exe
PRC - [2011/05/11 14:32:08 | 000,884,744 | ---- | M] (Matrox Graphics Inc.) -- C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Startup.exe
PRC - [2010/05/01 16:08:33 | 000,186,760 | ---- | M] () -- C:\Program Files (x86)\Photodex\ProShowProducer\scsiaccess.exe
PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2008/11/18 12:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2007/03/27 09:24:06 | 000,049,152 | ---- | M] (Vimicro) -- C:\Windows\VM302Snap.exe
PRC - [2006/11/17 16:42:46 | 000,053,341 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
PRC - [2006/07/04 06:16:32 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/23 11:56:50 | 000,441,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppgooglenaclpluginchrome.dll
MOD - [2012/05/23 11:56:49 | 003,922,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll
MOD - [2012/05/23 11:55:35 | 000,553,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\libglesv2.dll
MOD - [2012/05/23 11:55:33 | 000,117,784 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\libegl.dll
MOD - [2012/05/23 11:55:24 | 000,134,696 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\avutil-51.dll
MOD - [2012/05/23 11:55:23 | 000,250,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\avformat-54.dll
MOD - [2012/05/23 11:55:21 | 002,375,720 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll
MOD - [2012/05/12 14:17:46 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\e72d56a0f58bcf95890614700f925609\System.Management.ni.dll
MOD - [2012/05/12 14:15:28 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\ac5d04fd61df57da0f9976440a8c6c58\System.Runtime.DurableInstancing.ni.dll
MOD - [2012/05/12 14:15:27 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4dd48e938a8834fe950cf0cd11603c71\SMDiagnostics.ni.dll
MOD - [2012/05/12 14:15:26 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\3fe3910474b3e2a08fca9b09330a74f7\System.Runtime.Serialization.ni.dll
MOD - [2012/05/12 14:15:24 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8f0cf05d2b1e46a772312143227cb6ed\System.Xml.Linq.ni.dll
MOD - [2012/05/12 14:14:58 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a181199f8dec15116e1c2eb4a79ec22b\System.Xaml.ni.dll
MOD - [2012/05/11 23:07:09 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\142c428042c2dba4d5ac72495142f58c\PresentationFramework.ni.dll
MOD - [2012/05/11 23:06:53 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\5c18a8cca40f5abb3617826e529a4be9\PresentationCore.ni.dll
MOD - [2012/05/11 23:06:42 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dac2093a24d7582eaee5ebd24ba1d06a\WindowsBase.ni.dll
MOD - [2012/05/11 23:06:42 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3263fe38362543170c1682381eeac25a\PresentationFramework.Aero.ni.dll
MOD - [2012/05/11 23:03:33 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\71109720564155295fbaaff1202a33c0\System.Windows.Forms.ni.dll
MOD - [2012/05/11 23:03:27 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5be779e4d55a04c3b86644505facbe9a\System.Drawing.ni.dll
MOD - [2012/05/11 23:03:23 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3e4f9b3b78f0f13b7469a14e69d756ef\System.Core.ni.dll
MOD - [2012/05/11 23:03:22 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6711765f90c0082ec393943b924ed277\System.Configuration.ni.dll
MOD - [2012/05/11 23:03:21 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bd2433e160ce2f19acc8ebe10babae8d\System.Xml.ni.dll
MOD - [2012/05/11 23:03:18 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9cf67ed1b743fbc3dd6b78fbc0595236\System.ni.dll
MOD - [2012/05/11 23:03:12 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll
MOD - [2011/11/01 22:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 22:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/14 08:19:06 | 008,500,224 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2011/09/14 08:19:06 | 002,348,544 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2006/07/04 06:16:32 | 000,049,152 | ---- | M] () -- C:\Windows\Domino.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/01 17:42:24 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/09/12 00:40:22 | 002,287,360 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/05/05 18:03:07 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/09 19:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/11/12 10:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/08/13 21:25:00 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/05/11 14:32:08 | 003,703,816 | ---- | M] (Matrox Graphics Inc) [Auto | Running] -- C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Services.exe -- (Matrox.Pdesk3.ServicesHost)
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [On_Demand | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2010/11/20 22:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 22:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 22:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/05/01 16:08:33 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\ProShowProducer\scsiaccess.exe -- (ScsiAccess)
SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/11 07:51:05 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/10/31 19:31:48 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/18 12:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/08 14:55:05 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/05/15 12:50:18 | 000,094,208 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 16:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/05/20 20:04:32 | 000,017,496 | ---- | M] (CH Products) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\chdrvr03.sys -- (chdrvr03)
DRV:64bit: - [2011/05/20 20:04:30 | 000,013,016 | ---- | M] (CH Products) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\chdrvr02.sys -- (chdrvr02)
DRV:64bit: - [2011/05/20 20:04:28 | 000,251,224 | ---- | M] (CH Products) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\chdrvr01.sys -- (chdrvr01)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 16:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/03/04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2010/11/20 23:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/16 22:09:50 | 000,038,056 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/09/14 23:16:15 | 000,125,888 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010/07/09 13:19:02 | 000,021,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134)
DRV:64bit: - [2010/04/19 19:29:18 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2010/01/03 19:01:55 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/01/03 19:01:55 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/12/17 16:49:02 | 000,045,600 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\npusbio_x64.sys -- (npusbio)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/08/03 10:12:00 | 001,289,216 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P17.sys -- (P17)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 06:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/12/08 13:48:44 | 000,023,040 | ---- | M] (GoFlight, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gfvknt64.sys -- (gfvknt)
DRV:64bit: - [2008/06/27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007/04/04 12:28:40 | 001,495,936 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbVM302.sys -- (ZSMC301b) Vimicro USB PC Camera (ZC0302)
DRV:64bit: - [2007/03/18 08:43:28 | 000,301,824 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vvftav302.sys -- (vvftav302)
DRV:64bit: - [2006/11/10 23:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SysTool64.sys -- (SysTool)
DRV - [2010/09/14 23:16:15 | 000,125,888 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/12/18 10:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\JohnLani\Documents\NSWFB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D2 AB BC A3 00 5A CA 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@abr.gov.au/KeyMgmtPlugin: C:\Program Files (x86)\ABR\Plug-In\bin\npAUSkeyPlugin.dll (Commonwealth Government of Australia)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@csi.business.gov.au/CsiPlugin: C:\Program Files (x86)\Common-Use Signing Interface\bin\npCsiPlugin.dll (Commonwealth Government of Australia)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/18 08:16:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/02/02 15:51:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/06/08 15:10:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/06/08 15:10:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/11 20:05:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/11 20:05:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/18 08:16:01 | 000,000,000 | ---D | M]

[2011/03/21 09:07:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JohnLani\AppData\Roaming\Mozilla\Extensions
[2010/08/02 14:01:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JohnLani\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/11/01 10:11:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JohnLani\AppData\Roaming\Mozilla\Firefox\extensions
[2009/11/01 10:13:41 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\JohnLani\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2012/05/19 22:15:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JohnLani\AppData\Roaming\Mozilla\Firefox\Profiles\q7fmh5uv.default\extensions
[2011/08/28 03:22:00 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\JohnLani\AppData\Roaming\Mozilla\Firefox\Profiles\q7fmh5uv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/08 15:10:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/08 13:53:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/08 14:55:53 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak2
[2012/02/02 15:51:34 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\JohnLani\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ABR_AUSkey Mozilla Plugin (Enabled) = C:\Program Files (x86)\ABR\Plug-In\bin\npAUSkeyPlugin.dll
CHR - plugin: CSI Mozilla Plugin (Enabled) = C:\Program Files (x86)\Common-Use Signing Interface\bin\npCsiPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Raindrops = C:\Users\JohnLani\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcipapbfhdnmgihoimbjiadmhpcgcnil\1.0.0.2_0\
CHR - Extension: YouTube = C:\Users\JohnLani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\JohnLani\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\JohnLani\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Virtual Keyboard = C:\Users\JohnLani\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Gmail = C:\Users\JohnLani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\JohnLani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2012/06/10 10:21:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BigDogPath] C:\Windows\VM302Snap.exe (Vimicro)
O4 - HKLM..\Run: [Domino] C:\Windows\Domino.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Matrox PowerDesk] C:\Program Files (x86)\Matrox Graphics\PowerDesk\Matrox.PDesk.Startup.exe (Matrox Graphics Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Creative Software Update] C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [CreativeTaskScheduler] C:\Program Files (x86)\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Download with ImTOO iPhone Transfer Platinum - C:\Program Files (x86)\ImTOO\iPhone Transfer Platinum\upod_link.HTM File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download with ImTOO iPhone Transfer Platinum - C:\Program Files (x86)\ImTOO\iPhone Transfer Platinum\upod_link.HTM File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: abr.gov.au ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ato.gov.au ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bussiness.gov.au ([www] https in Trusted sites)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ent_4.3.1.0.cab (SysInfo Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} http://www.systemreq...reqlab_test.cab (System Requirements Lab Class)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.1.66.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F6A85D9-39A3-425A-9D6F-C812C3F19B3A}: DhcpNameServer = 139.130.4.4 203.50.2.71
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63C57A69-2348-4299-8E70-76FED20EB0D0}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/10 15:36:39 | 000,000,000 | ---D | C] -- C:\Users\JohnLani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AivlaSoft
[2012/06/10 10:29:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/10 10:21:36 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/06/10 10:07:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/10 10:07:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/10 10:07:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/10 10:03:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/06/10 10:02:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/10 09:39:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/09 10:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/09 10:00:12 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/09 10:00:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/09 09:48:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/06/08 20:02:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/06/08 20:02:46 | 000,000,000 | ---D | C] -- C:\Users\JohnLani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/06/08 19:21:58 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/08 14:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2012
[2012/06/08 14:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/06/08 14:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/06/08 14:55:05 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/06/08 14:26:17 | 004,539,885 | R--- | C] (Swearware) -- C:\Users\JohnLani\Desktop\ComboFix.exe
[2012/06/08 14:13:03 | 000,000,000 | ---D | C] -- C:\Users\JohnLani\AppData\Roaming\Malwarebytes
[2012/06/08 14:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/06 14:21:51 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/06/03 18:43:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wings of POWER II
[2012/06/03 18:43:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wings of POWER II
[2012/06/01 19:39:20 | 000,000,000 | ---D | C] -- C:\Users\JohnLani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CLS A330_A340
[2012/05/28 13:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Navigraph
[2012/05/27 22:20:10 | 000,000,000 | ---D | C] -- C:\Users\JohnLani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PollyPot Software
[2012/05/21 16:40:50 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\JohnLani\Desktop\TDSSKiller.exe
[2012/05/15 12:50:18 | 000,094,208 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\rzudd.sys
[2012/05/15 12:36:12 | 000,142,848 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysWow64\rztouchdll.dll
[2012/05/15 12:36:02 | 000,354,816 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysWow64\rzdevicedll.dll
[2012/05/15 12:36:00 | 000,165,888 | ---- | C] (Razer USA Ltd) -- C:\Windows\SysWow64\rzaudiodll.dll
[2012/05/13 22:38:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/13 22:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/13 22:37:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/12 12:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2012/05/12 12:55:14 | 000,000,000 | ---D | C] -- C:\Users\JohnLani\AppData\Local\Razer
[2012/05/12 12:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2012/05/12 12:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer

========== Files - Modified Within 30 Days ==========

[2012/06/11 11:38:48 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/11 11:38:48 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/11 11:31:16 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/11 11:30:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/11 11:30:30 | 3168,862,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/11 11:30:30 | 001,096,296 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2012/06/11 11:02:07 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/11 10:56:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/10 15:36:43 | 000,000,870 | ---- | M] () -- C:\Users\JohnLani\Desktop\AivlaSoft EFB DisplayUnit.lnk
[2012/06/10 15:36:40 | 000,000,873 | ---- | M] () -- C:\Users\JohnLani\Desktop\AivlaSoft EFB DataProvider.lnk
[2012/06/10 10:21:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/10 10:04:20 | 004,539,885 | R--- | M] (Swearware) -- C:\Users\JohnLani\Desktop\ComboFix.exe
[2012/06/10 09:39:21 | 000,001,257 | ---- | M] () -- C:\Users\JohnLani\Desktop\OTL - Shortcut.lnk
[2012/06/09 10:02:15 | 000,001,155 | ---- | M] () -- C:\Users\JohnLani\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/09 10:02:15 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/09 09:48:51 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/09 09:48:35 | 000,827,546 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/09 09:48:35 | 000,680,250 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/09 09:48:35 | 000,135,102 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/08 22:57:33 | 003,077,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/08 20:02:46 | 000,003,023 | ---- | M] () -- C:\Users\JohnLani\Desktop\HiJackThis.lnk
[2012/06/08 15:12:45 | 000,002,521 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/06/08 15:10:33 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/06/08 15:10:27 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/06/08 14:56:20 | 000,017,408 | ---- | M] () -- C:\Users\JohnLani\AppData\Local\WebpageIcons.db
[2012/06/08 14:55:05 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/06/07 19:04:20 | 000,000,181 | ---- | M] () -- C:\Windows\MYOBP.INI
[2012/06/07 19:03:54 | 000,000,041 | ---- | M] () -- C:\Windows\MYOB.INI
[2012/06/06 16:54:09 | 000,000,581 | ---- | M] () -- C:\Users\JohnLani\Desktop\Traffic - Shortcut.lnk
[2012/06/03 21:07:15 | 000,000,786 | ---- | M] () -- C:\Windows\axisConfig.cfg
[2012/06/03 19:55:44 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\A2A Message Boards.lnk
[2012/05/31 19:42:02 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\REX Essential.lnk
[2012/05/28 13:22:37 | 000,002,773 | ---- | M] () -- C:\Users\Public\Desktop\Navigraph nDAC 3.lnk
[2012/05/27 22:20:10 | 000,003,085 | ---- | M] () -- C:\Users\JohnLani\Desktop\GoFlight PMDG Interface.lnk
[2012/05/25 20:22:03 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/05/21 16:40:50 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\JohnLani\Desktop\TDSSKiller.exe
[2012/05/19 22:11:19 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/05/15 12:50:18 | 000,094,208 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysNative\drivers\rzudd.sys
[2012/05/15 12:36:12 | 000,142,848 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysWow64\rztouchdll.dll
[2012/05/15 12:36:02 | 000,354,816 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysWow64\rzdevicedll.dll
[2012/05/15 12:36:00 | 000,165,888 | ---- | M] (Razer USA Ltd) -- C:\Windows\SysWow64\rzaudiodll.dll
[2012/05/13 12:37:42 | 000,007,598 | ---- | M] () -- C:\Users\JohnLani\AppData\Local\Resmon.ResmonCfg
[2012/05/12 13:15:19 | 000,002,011 | ---- | M] () -- C:\Users\JohnLani\Desktop\Razer Synapse 2.0.lnk
[2012/05/12 13:01:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf

========== Files Created - No Company Name ==========

[2012/06/10 15:36:43 | 000,000,870 | ---- | C] () -- C:\Users\JohnLani\Desktop\AivlaSoft EFB DisplayUnit.lnk
[2012/06/10 15:36:40 | 000,000,873 | ---- | C] () -- C:\Users\JohnLani\Desktop\AivlaSoft EFB DataProvider.lnk
[2012/06/10 10:07:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/10 10:07:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/10 10:07:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/10 10:07:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/10 10:07:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/10 09:39:21 | 000,001,257 | ---- | C] () -- C:\Users\JohnLani\Desktop\OTL - Shortcut.lnk
[2012/06/09 10:00:23 | 000,001,155 | ---- | C] () -- C:\Users\JohnLani\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/09 10:00:23 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/09 09:48:46 | 000,001,931 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/08 20:02:46 | 000,003,023 | ---- | C] () -- C:\Users\JohnLani\Desktop\HiJackThis.lnk
[2012/06/08 14:56:19 | 000,017,408 | ---- | C] () -- C:\Users\JohnLani\AppData\Local\WebpageIcons.db
[2012/06/08 14:55:57 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/06/08 14:55:57 | 000,107,177 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/06/06 16:54:09 | 000,000,581 | ---- | C] () -- C:\Users\JohnLani\Desktop\Traffic - Shortcut.lnk
[2012/06/03 20:30:15 | 000,000,786 | ---- | C] () -- C:\Windows\axisConfig.cfg
[2012/06/03 19:55:44 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\A2A Message Boards.lnk
[2012/05/31 19:42:02 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\REX Essential.lnk
[2012/05/28 13:22:37 | 000,002,773 | ---- | C] () -- C:\Users\Public\Desktop\Navigraph nDAC 3.lnk
[2012/05/27 22:20:10 | 000,003,085 | ---- | C] () -- C:\Users\JohnLani\Desktop\GoFlight PMDG Interface.lnk
[2012/05/19 22:11:19 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012/05/12 13:15:19 | 000,002,011 | ---- | C] () -- C:\Users\JohnLani\Desktop\Razer Synapse 2.0.lnk
[2012/05/12 13:01:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf
[2012/03/14 19:28:03 | 000,184,320 | ---- | C] () -- C:\Windows\SysWow64\dbcmdb32.dll
[2012/03/14 19:28:03 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\dbcjpg32.dll
[2012/03/14 19:28:03 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\DBCMEM32.DLL
[2012/03/14 19:28:03 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\dbcgeo32.dll
[2012/02/09 19:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/12/01 21:58:24 | 000,000,080 | ---- | C] () -- C:\Users\JohnLani\AppData\Local\X-Plane Installer.prf
[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/05/18 08:14:19 | 000,164,600 | ---- | C] () -- C:\Windows\hpoins27.dat.temp
[2011/05/18 08:14:19 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl27.dat.temp
[2011/05/11 10:26:48 | 003,751,424 | ---- | C] () -- C:\Windows\SysWow64\MtxApi.dll
[2011/04/08 15:44:10 | 000,552,960 | ---- | C] () -- C:\Windows\SysWow64\FS2AUDIO.dll
[2011/03/21 09:07:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/03/10 18:01:07 | 000,001,447 | ---- | C] () -- C:\Windows\aeroSystems.ini
[2011/01/22 07:58:59 | 000,212,776 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/11/08 13:51:05 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/09/17 17:20:55 | 000,782,056 | ---- | C] () -- C:\Windows\SysWow64\unins000.exe
[2010/09/17 17:20:55 | 000,031,779 | ---- | C] () -- C:\Windows\SysWow64\unins000.dat
[2010/08/30 11:32:00 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/07/31 22:26:15 | 000,054,404 | ---- | C] () -- C:\Windows\SysWow64\sndspeed.dll
[2010/07/17 08:58:56 | 000,007,598 | ---- | C] () -- C:\Users\JohnLani\AppData\Local\Resmon.ResmonCfg

========== LOP Check ==========

[2011/10/26 15:54:45 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\.BitTornado
[2011/01/04 16:33:41 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Alternative Software Ltd
[2012/01/03 16:05:07 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\AUSkey
[2011/01/15 22:07:44 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\com.bigfatsimulations.airportmadness3.3A85083A650345D1ADAB4572C5816AD2DC9802A3.1
[2009/11/01 17:24:04 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\DAEMON Tools Lite
[2011/03/20 09:11:34 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\DiskAid
[2012/04/12 22:58:20 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\EZCA
[2011/12/31 16:13:03 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\FlyingWSimulation
[2012/04/13 18:08:21 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\FS2Crew2010
[2010/09/17 17:20:55 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\FSWidgets
[2011/07/23 17:31:42 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\gtk-2.0
[2012/02/25 17:45:15 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\HiFi
[2011/03/20 09:26:39 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\ImTOO
[2010/08/15 18:56:37 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\InfraRecorder
[2010/02/07 11:07:56 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Internal Workings
[2012/01/04 21:05:54 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Jürgen Treml
[2011/08/22 14:33:53 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Kalypso Media
[2010/07/07 09:52:59 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Leadertech
[2011/05/04 09:03:28 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\LogMate
[2011/03/20 09:10:17 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\MobileSyncBrowser
[2010/03/27 12:45:14 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Multi Crew Experience
[2011/12/31 21:52:16 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\MyTraffic
[2010/05/01 16:08:36 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Netscape
[2010/09/21 17:25:23 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\nHancer
[2009/11/22 14:57:04 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Nokia
[2009/11/01 11:03:17 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Participatory Culture Foundation
[2009/10/31 19:32:48 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\PC Suite
[2012/01/27 19:32:42 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\PCF-VLC
[2010/05/01 16:08:16 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Photodex
[2012/06/07 19:10:43 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\PrimoPDF
[2011/06/27 10:27:56 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Publish Providers
[2010/01/03 09:00:53 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\SIGMA
[2011/05/09 16:20:28 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\SmartDraw
[2011/06/27 10:27:54 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Sony
[2011/07/08 17:28:44 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\The Creative Assembly
[2011/12/05 09:10:04 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Ubisoft
[2011/07/25 19:24:11 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Unity
[2012/06/10 19:11:08 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\uTorrent
[2012/02/26 16:03:39 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Virtuali
[2010/08/30 16:51:50 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\WinBatch
[2010/10/30 09:10:04 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Windows Live Writer
[2010/08/09 16:34:32 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Windows NT
[2010/08/02 17:14:21 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Windows SideBar
[2012/03/12 12:40:59 | 000,000,000 | ---D | M] -- C:\Users\JohnLani\AppData\Roaming\Z-Software
[2012/06/09 10:46:20 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:ECF54A0E
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:A31FAD21
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:CE2C623F
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:74603393

< End of report >
  • 0

#14
godawgs
Posted 11 June 2012 - 08:39 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi jblb2009,

Did you turn the User Account Control off on purpose? Yes, a while ago i did to remove the pop ups every time I started a program.

Since we have killed the main infection I want you to turn the UAC back on just to be sure that the pop-ups aren't occuring anymore. Once you've verified that, it's your decision whether you want to turn UAC back off. But I would recommend that you leave it on.


2. Which antivirus do you want left on the system? I will use Microsoft Security Essential

Then we'll remove Kaspersky.


I searched for these files on my system but could not find them at all.

That may be because the system files are hidden. Let's unhide the system files. Then search for the two files and if you find them have them scanned at Virscan.

  • Click the Start Orb and click Windows Explorer at the top of the list. The explorer window will open.
  • In the Menu bar at the top of the window click Tools, then click Folder Options.... A Folder Options window will open.
  • click the View tab.
  • Under Files and Folders look for Hide protected operating system files(Recommended). If the box beside it has a check mark, click it to remove the check mark.
  • Under Hidden files and folders look for Show hidden files and folders. If the radio button beside it doesn't have a dot in it, click the radio button to put a dot in it.
  • Click Apply, then OK
  • Close the explorer window.


Regarding punk buster and utorrent I have decided to remove bunkbuster but have left utorrent on there so you are aware.

Fair enough. Just please don't use uTorrent until we are done.


The Winsock has been reset. The OTL log looks good. Now we will remove the Kaspersky antivirus. Then we will scan for malware remnants. Once these are done we should be able to wrap this puppy up.


Step-1.

Uninstall Kaspersky Anti Virus 2012

1. Please click the Start Orb, click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

Kaspersky Anti-Virus 2012

3. Click on each program to highlight it and click Change/Remove. (Vista/7 users: right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files (x86)\Kaspersky Lab
C:\ProgramData\Kaspersky Lab
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2012

2. Close Windows Explorer.


Step-2.

Run the Kaspersky Removal Tool

  • Download the Kaspersky Removal Tool and save it to the desktop.
  • Right click the kavremover.exe file and click Run as Administrator to run the program.
  • Enter the code from the picture. If you cannot read the code from the picture, click on the button next to the picture to generate a new code.
    Posted Image
  • In the Following products were detected section select the required product to be uninstalled.
    • Kaspersky Anti-Virus 2012
  • Click on the Remove button.

    Warning!! The Remove all known products option is recommended to be used ONLY when you do not know which Kaspersky Lab product was installed and the utility does not detect any Kaspersky Lab product.
  • The removal process may take some minutes.
  • Wait until a dialog window appears to inform you that the product was successfully removed.
  • On the open dialog window, click on the OK button.
  • Reboot your computer.


Step-3.

Posted ImageMalwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Once downloaded, close all programs and browsers on your computer.

Double Click the mbam-setup.exe file to install the application. (Windows Vista/7 users will need to right click on the file and click Run As Administrator, then click the Continue button on the UAC window.)
  • When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings.
  • When the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan.
  • As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.

    Posted Image
  • On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
  • MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image
    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked, and click Remove Selected.<---Very Important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

I would suggest that you keep this antimalware program. Run a Quick Scan frequently and a Full Scan every week or so. Update the definition files before running a scan. Click the Update tab and update from there.


Step-4.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Step-5.

Things For Your Next Post:
1. The Virscan results (if you found the files)
2. The MalwareBytes log
3. The ESET scan log
4. Let me know if any problems remain
  • 0

#15
Essexboy
Posted 16 June 2012 - 05:34 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP