Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Getting weird search redirects

Started by Chucklebun , Jul 21 2012 09:31 PM

Please log in to reply

#1
Chucklebun

Posted 21 July 2012 - 09:31 PM

Member

Member
94 posts

While surfing, I was notified that there was a flash update, but when I allowed it to install, it ran and then gave me an error message that it was an older version than the one I had installed. Shortly thereafter I did a google search and got redirected to several websites that were not the anticipated search results, which worried me, but it stopped so I hopefully figured maybe it was something briefly affecting my ISP's DNS. Then tabs started opening on their own in IE. I'm guessing I got stung here. This is an example of one of the tabs that opened (probably a bad idea to attempt to open this link, I'll malform it so it won't parse):

h**p://8.26.70.252/see/display.php?q=crop+movies+windows+live+movie+maker&affsub=46734-229&subid=e10

Thanks in advance for your assistance guys, I know you're very busy.

With no further ado, here is the OTL log:

OTL logfile created on: 7/21/2012 11:15:08 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Goblin\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.29 Gb Available Physical Memory | 66.11% Memory free
16.20 Gb Paging File | 13.02 Gb Available in Paging File | 80.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685.08 Gb Total Space | 269.26 Gb Free Space | 39.30% Space Free | Partition Type: NTFS
Drive D: | 13.56 Gb Total Space | 1.86 Gb Free Space | 13.71% Space Free | Partition Type: NTFS

Computer Name: MEDIA-PC | User Name: Goblin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/21 23:14:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Goblin\Desktop\OTL.exe
PRC - [2012/07/11 19:12:14 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
PRC - [2012/06/25 18:48:35 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/06 17:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/12/06 17:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/10/01 14:28:01 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2011/10/01 14:27:56 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/08/02 19:54:38 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2010/10/05 10:32:58 | 001,811,800 | ---- | M] (Logitech©) -- C:\Program Files (x86)\Logitech\G35\G35.exe
PRC - [2009/12/15 11:17:08 | 003,278,728 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Mamba\RazerTray.exe
PRC - [2009/09/09 14:26:36 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/11/03 18:21:18 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/11/03 18:21:16 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/10/17 20:56:54 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/09/30 22:59:26 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
PRC - [2007/05/07 10:52:12 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
PRC - [2007/04/18 11:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/03/05 18:17:56 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Tarantula\razertra.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/25 18:48:35 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/06/25 18:48:34 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/06/25 18:48:34 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/06/25 18:48:34 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/06/25 18:48:34 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2011/12/06 17:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2009/04/11 02:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2007/07/19 12:50:12 | 000,104,520 | ---- | M] () -- C:\Windows\SysWOW64\OSD.dll
MOD - [2007/03/05 18:17:56 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Tarantula\razertra.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/06 20:32:20 | 000,086,016 | ---- | M] (Highresolution Enterprises) [Auto | Running] -- C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe -- (XMouseButton Launcher)
SRV:64bit: - [2010/10/28 06:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2012/07/11 20:12:09 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/25 18:48:35 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/04/05 15:50:06 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/06 17:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/10/01 14:28:01 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2011/10/01 14:27:56 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/03 18:21:18 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/09/30 22:59:26 | 000,192,512 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe -- (HPBtnSrv)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/18 13:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/09/29 12:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ladfSBVMamd64.sys -- (LADF_SBVM)
DRV:64bit: - [2010/09/29 12:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ladfDHP2amd64.sys -- (LADF_DHP2)
DRV:64bit: - [2010/08/24 13:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt)
DRV:64bit: - [2010/08/24 13:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/08/24 13:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/01/20 06:49:48 | 000,195,584 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/12/29 23:59:42 | 001,185,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/12/04 20:48:52 | 000,407,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/12/03 22:20:24 | 001,686,528 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2008/12/03 22:20:24 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/09/09 21:19:36 | 000,025,888 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000})
DRV:64bit: - [2008/01/20 22:47:28 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avc.sys -- (Avc)
DRV:64bit: - [2008/01/20 22:46:57 | 000,058,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\61883.sys -- (61883)
DRV:64bit: - [2008/01/20 22:46:53 | 000,061,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\msdv.sys -- (MSDV)
DRV:64bit: - [2007/04/11 16:23:48 | 000,049,664 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (TarFltr)
DRV:64bit: - [2007/01/24 17:24:12 | 000,046,616 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\rcblan.sys -- (RemoteControl-USBLAN)
DRV:64bit: - [2005/10/21 17:01:22 | 000,019,200 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbicp.sys -- (uisp)
DRV - [2009/09/09 14:26:06 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/05/30 08:24:16] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2005/12/21 11:23:26 | 000,014,592 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Usbicp.sys -- (uisp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {92733719-8085-42C7-AA36-0FA1EF22A58D}
IE:64bit: - HKLM\..\SearchScopes\{92733719-8085-42C7-AA36-0FA1EF22A58D}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{D7224172-D300-41D8-8655-8905A8DC1F7B}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {92733719-8085-42C7-AA36-0FA1EF22A58D}
IE - HKLM\..\SearchScopes\{92733719-8085-42C7-AA36-0FA1EF22A58D}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE - HKLM\..\SearchScopes\{D7224172-D300-41D8-8655-8905A8DC1F7B}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {3D265792-EFA5-43A4-90B8-16C74752E318}
IE - HKCU\..\SearchScopes\{3D265792-EFA5-43A4-90B8-16C74752E318}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{92733719-8085-42C7-AA36-0FA1EF22A58D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{D7224172-D300-41D8-8655-8905A8DC1F7B}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9051303c-7e41-4311-a783-d6fe5ef2832d}: C:\Program Files (x86)\FVD Suite\addons\Firefox [2012/02/24 23:34:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/24 22:57:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/02/24 22:58:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Goblin\AppData\Roaming\Mozilla\Extensions
[2012/02/24 23:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Goblin\AppData\Roaming\Mozilla\Firefox\Profiles\y3f98c6f.default\extensions
[2012/02/24 22:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/24 23:27:41 | 000,160,151 | ---- | M] () (No name found) -- C:\USERS\GOBLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y3F98C6F.DEFAULT\EXTENSIONS\[email protected]
[2012/02/16 10:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/16 06:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/16 06:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/10/11 17:22:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Open FVD Suite Toolbar) - {2B171655-A69C-5c18-B693-6CB5DC269D44} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (FVD Suite Toolbar) - {2B171655-A69C-5c18-B693-6CB5DC269D41} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech©)
O4 - HKLM..\Run: [Razer Mamba Driver] C:\Program Files (x86)\Razer\Mamba\RazerTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [Tarantula] C:\Program Files (x86)\Razer\Tarantula\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} http://www.systemreq...reqlab_test.cab (System Requirements Lab Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} http://192.168.1.115...yerWeb11gv2.cab (NetCamPlayerWeb11gv2 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEA4456F-6A10-427D-A32B-7080522BDBA2}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Goblin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Goblin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/21 23:14:03 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Goblin\Desktop\OTL.exe
[2012/07/21 21:37:30 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{A8579F99-6409-4A67-BA35-2B1428F98D50}
[2012/07/21 21:37:05 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{FD4130AC-2836-440D-B135-D9B1519395C2}
[2012/07/21 21:35:49 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{C2A0CADF-8FCB-495E-984C-A5C7B2A3BBC1}
[2012/07/21 21:35:34 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{0D4D9A62-B07B-42FC-98C9-68279F1F05E5}
[2012/07/21 21:26:21 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/19 21:19:58 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/07/19 21:11:32 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{1669EE96-67DB-40EE-9953-8A3AC66B1764}
[2012/07/19 21:11:10 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{C402BD79-E70D-453C-8B0B-FBD9435A32F7}
[2012/07/19 21:10:46 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{DD63D3C6-EEF4-411E-A516-90ABB7AB0E7D}
[2012/07/19 21:10:36 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{3B2B997A-4E8B-4136-825A-478C8A986987}
[2012/07/19 21:10:26 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{1838A1FC-E26D-4CE4-9366-16442E278F39}
[2012/07/19 21:10:03 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{E5AE4588-6A6C-4F80-BDDA-6E3D90D3A327}
[2012/07/18 16:53:37 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\Logitech-LS
[2012/07/09 17:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/07/01 18:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/07/01 18:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/07/01 00:46:50 | 000,000,000 | ---D | C] -- C:\Users\Goblin\Desktop\West Playlist
[2012/06/29 22:41:27 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Roaming\Motorola
[2012/06/29 22:36:05 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Inc
[2012/06/26 22:18:40 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{322FA743-3393-49F9-BF27-297B5F1B6022}
[2012/06/24 23:45:56 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{306760A2-8D70-4BEE-A773-4A80E89489EB}
[2012/06/24 23:43:04 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{373675BD-DCB8-46BD-92B4-DD8D36B70A3D}

========== Files - Modified Within 30 Days ==========

File not found -- C:\Windows\SysNative\
[2012/07/21 23:20:00 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{11C99D3A-08FE-4241-9D45-14B895A5BF78}.job
[2012/07/21 23:14:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Goblin\Desktop\OTL.exe
[2012/07/21 23:12:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/21 22:24:04 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/21 22:24:04 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/21 21:44:25 | 000,114,176 | ---- | M] () -- C:\Users\Goblin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/21 21:44:23 | 000,309,437 | ---- | M] () -- C:\Users\Goblin\Desktop\lightning.wmv
[2012/07/21 21:37:20 | 000,812,424 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/21 21:37:20 | 000,679,040 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/21 21:37:20 | 000,134,810 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/21 16:24:17 | 000,007,916 | ---- | M] () -- C:\Users\Goblin\AppData\Local\d3d9caps.dat
[2012/07/21 16:23:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/19 21:29:52 | 000,065,631 | ---- | M] () -- C:\Users\Goblin\Desktop\313964_10150953217648931_79626354_n.jpg
[2012/07/11 21:29:40 | 000,327,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/08 12:08:27 | 2412,598,313 | ---- | M] () -- C:\Users\Goblin\Desktop\GO010082.MP4
[2012/07/01 18:23:31 | 000,001,460 | ---- | M] () -- C:\Users\Goblin\AppData\Local\d3d9caps64.dat
[2012/07/01 12:03:27 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2012/06/27 20:34:02 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGoblin.job
[2012/06/26 16:36:17 | 3936,071,900 | ---- | M] () -- C:\Users\Goblin\Desktop\GOPR0082.MP4
[2012/06/23 15:41:34 | 000,000,064 | ---- | M] () -- C:\Users\Goblin\AppData\Local\Images.fl

========== Files Created - No Company Name ==========

File not found -- C:\Windows\SysNative\
[2012/07/21 21:44:19 | 000,309,437 | ---- | C] () -- C:\Users\Goblin\Desktop\lightning.wmv
[2012/07/21 21:20:28 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{b69aec1d-ef91-8223-95b5-e9ceb2d62692}\U\00000008.@
[2012/07/21 21:20:27 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{b69aec1d-ef91-8223-95b5-e9ceb2d62692}\U\80000032.@
[2012/07/21 21:20:26 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{b69aec1d-ef91-8223-95b5-e9ceb2d62692}\U\80000064.@
[2012/07/21 21:20:26 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{b69aec1d-ef91-8223-95b5-e9ceb2d62692}\U\80000000.@
[2012/07/21 21:20:26 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{b69aec1d-ef91-8223-95b5-e9ceb2d62692}\L\00000004.@
[2012/07/21 21:20:25 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{b69aec1d-ef91-8223-95b5-e9ceb2d62692}\U\00000004.@
[2012/07/21 21:20:25 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{b69aec1d-ef91-8223-95b5-e9ceb2d62692}\U\000000cb.@
[2012/07/19 21:29:51 | 000,065,631 | ---- | C] () -- C:\Users\Goblin\Desktop\313964_10150953217648931_79626354_n.jpg
[2012/07/13 16:25:59 | 000,007,916 | ---- | C] () -- C:\Users\Goblin\AppData\Local\d3d9caps.dat
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/05/09 23:14:03 | 057,963,681 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpSCAN0006.0
[2012/05/09 23:14:00 | 057,963,681 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpSCAN0006.JPG
[2012/04/14 09:09:39 | 000,156,862 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpRESAMPLED_2012-04-14_08-53-04_144.0
[2012/04/14 09:09:39 | 000,144,403 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpRESAMPLED_2012-04-14_08-53-04_144.JPG
[2012/01/11 13:08:55 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{b69aec1d-ef91-8223-95b5-e9ceb2d62692}\@
[2012/01/11 13:08:55 | 000,002,048 | -HS- | C] () -- C:\Users\Goblin\AppData\Local\{b69aec1d-ef91-8223-95b5-e9ceb2d62692}\@
[2011/12/11 13:04:31 | 000,631,641 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpTRUNKSHOW.JPG
[2011/12/11 13:04:30 | 002,354,424 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpTRUNKSHOW.0
[2011/10/01 14:27:57 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/10/01 14:27:56 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/04/25 18:44:59 | 000,001,778 | ---- | C] () -- C:\Users\Goblin\AppData\Roaming\Profile1.dat
[2011/04/25 18:44:59 | 000,001,770 | ---- | C] () -- C:\Users\Goblin\AppData\Roaming\Profile0.dat
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/12/28 16:02:48 | 000,000,108 | ---- | C] () -- C:\Windows\VSWizard.ini
[2010/10/15 19:37:33 | 000,000,064 | ---- | C] () -- C:\Users\Goblin\AppData\Local\Images.fl
[2010/05/19 20:11:24 | 000,001,460 | ---- | C] () -- C:\Users\Goblin\AppData\Local\d3d9caps64.dat
[2010/04/26 20:59:54 | 000,022,738 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpKARIZA3.JPG
[2009/12/12 15:13:15 | 000,000,760 | ---- | C] () -- C:\Users\Goblin\AppData\Roaming\setup_ldm.iss
[2009/11/02 22:34:22 | 000,000,082 | ---- | C] () -- C:\Users\Goblin\AppData\Local\X-Plane Installer.prf
[2009/09/07 00:21:56 | 000,000,394 | ---- | C] () -- C:\Users\Goblin\AppData\Roaming\wklnhst.dat
[2009/07/17 18:59:32 | 000,007,688 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpCORE SYNERGISTICS_navi.JPG
[2009/07/17 18:59:29 | 000,683,013 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpCORE SYNERGISTICS.JPG
[2009/03/07 13:50:06 | 000,114,176 | ---- | C] () -- C:\Users\Goblin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/21 14:43:50 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/01/14 19:20:13 | 000,000,094 | ---- | C] () -- C:\Users\Goblin\AppData\Local\fusioncache.dat

========== LOP Check ==========

[2012/04/25 17:29:59 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\!minecrafts
[2012/03/19 23:10:37 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\.minecraft
[2012/02/21 20:58:58 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\.minecraft_xray
[2011/06/21 17:56:23 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\AtomZombieData
[2010/12/27 23:16:09 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Beat Hazard
[2009/04/14 22:35:32 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Braid
[2009/04/04 09:56:57 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Broken Rules
[2009/05/27 20:31:16 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Crayon Physics Deluxe
[2012/02/24 23:34:10 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\FVDToolbar
[2011/07/04 08:58:33 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\GridRunnerRev
[2011/03/14 20:48:51 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Highresolution Enterprises
[2011/10/30 18:30:02 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Kalypso Media
[2009/04/13 22:53:42 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Larva Mortus Demo
[2010/11/25 21:34:30 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Leadertech
[2012/05/02 22:55:25 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\LightFish
[2011/08/27 11:07:39 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\MinMaxGames
[2012/06/29 22:41:27 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Motorola
[2009/01/26 20:41:43 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Mount&Blade
[2012/06/25 20:01:59 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Mumble
[2011/10/01 13:30:51 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Origin
[2009/01/14 17:39:52 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\PictureMover
[2009/04/21 23:28:06 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Slam Dunk Studios, LLC
[2009/06/08 18:03:58 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Stardock
[2011/12/30 21:04:10 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\System
[2009/09/07 00:22:20 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Template
[2009/01/14 20:19:43 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Turbine
[2012/07/03 18:59:11 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\uTorrent
[2012/06/23 15:54:18 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\VSO
[2009/01/14 19:55:14 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\WildTangent
[2009/04/27 13:47:00 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\WinBatch
[2011/05/11 21:23:34 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Windows Live Writer
[2011/12/30 21:05:15 | 000,000,000 | -HSD | M] -- C:\Users\Goblin\AppData\Roaming\wyUpdate AU
[2011/02/27 21:12:52 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\ZombieDriver
[2012/07/01 12:03:27 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012/07/21 12:13:28 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/07/21 23:20:00 | 000,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{11C99D3A-08FE-4241-9D45-14B895A5BF78}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Goblin\Desktop\GOPR0082.MP4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Goblin\Desktop\GO010082.MP4:TOC.WMV
@Alternate Data Stream - 184 bytes -> C:\ProgramData\Temp:D20FFA63

< End of report >

#2
RKinner

Posted 21 July 2012 - 11:46 PM

Malware Expert

Expert
24,625 posts

This is the latest zero Access infection.

Copy the text in the code box by highlighting and Ctrl + c


:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
[2012/07/21 21:26:21 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/01 12:03:27 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job

:files
reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters %userprofile%\Desktop\winsock2.reg /c
C:\Windows\Installer\{b69aec1d-ef91-8223-95b5-e9ceb2d62692}
C:\Users\Goblin\AppData\Local\{b69aec1d-ef91-8223-95b5-e9ceb2d62692}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini


:reg
[HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
""="%systemroot%\system32\wbem\wbemess.dll"
[-HKCU\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}]
[-HKCU\Software\Classes\clsid\{b69aec1d-ef91-8223-95b5-e9ceb2d62692}]

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. This will also create a file winsock2.reg on your desktop. It is an insurance file. If you can't get on the Internet after the fix, try right clicking on the winsock2.reg and Merge then reboot. If that doesn't help then do a System Restore.

Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Right click on TDSSKiller.exe and select Run As Administrator to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron

#3
Chucklebun

Posted 22 July 2012 - 10:05 AM

Member

Topic Starter
Member
94 posts

Thanks Ron. Scans etc complete. Logs begin below. I will attempt to put them in order.

OTL did NOT generate a log on the first run. It rebooted but didn't generate a log. The only log I had was the one I posted. I renamed that for the next scan in case the problem was that OTL couldn't append or overwrite the previous log.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-22 09:17:22
-----------------------------
09:17:22.614 OS Version: Windows x64 6.0.6002 Service Pack 2
09:17:22.614 Number of processors: 4 586 0x170A
09:17:22.614 ComputerName: MEDIA-PC UserName: Goblin
09:17:25.921 Initialize success
09:17:30.243 AVAST engine defs: 12072200
09:17:41.428 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:17:41.428 Disk 0 Vendor: ST375063 HP26 Size: 715404MB BusType: 8
09:17:41.490 Disk 0 MBR read successfully
09:17:41.490 Disk 0 MBR scan
09:17:41.506 Disk 0 Windows VISTA default MBR code
09:17:41.521 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 701518 MB offset 63
09:17:41.553 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13884 MB offset 1436709015
09:17:41.677 Disk 0 scanning C:\Windows\system32\drivers
09:18:13.804 Service scanning
09:18:33.304 Modules scanning
09:18:33.304 Disk 0 trace - called modules:
09:18:33.351 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
09:18:33.351 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007f92790]
09:18:33.866 3 CLASSPNP.SYS[fffffa6000fd2c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007c98050]
09:18:38.670 AVAST engine scan C:\Windows
09:20:04.301 AVAST engine scan C:\Windows\system32
09:25:17.125 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
09:25:23.474 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
09:28:51.797 AVAST engine scan C:\Windows\system32\drivers
09:29:31.562 AVAST engine scan C:\Users\Goblin
09:36:19.564 Disk 0 MBR has been saved successfully to "C:\Users\Goblin\Desktop\MBR.dat"
09:36:19.564 The log file has been saved successfully to "C:\Users\Goblin\Desktop\aswMBR.txt"

ComboFix 12-07-21.01 - Goblin 07/22/2012 9:41.2.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.6288 [GMT -4:00]
Running from: c:\users\Goblin\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
.
c:\windows\system32\Services.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))
.
.
2012-07-22 14:15 . 2012-07-22 14:17 -------- d-----w- c:\users\Goblin\AppData\Local\temp
2012-07-22 14:15 . 2012-07-22 14:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-22 14:15 . 2012-07-22 14:15 -------- d-----w- c:\users\Mcx2-MEDIA-PC\AppData\Local\temp
2012-07-22 14:15 . 2012-07-22 14:15 -------- d-----w- c:\users\Mcx1-MEDIA-PC\AppData\Local\temp
2012-07-22 14:15 . 2012-07-22 14:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-22 12:48 . 2012-07-22 12:48 -------- d-----w- C:\_OTL
2012-07-20 01:19 . 2012-07-20 01:19 -------- d-----w- c:\windows\en
2012-07-20 01:17 . 2012-03-08 22:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-07-20 01:16 . 2012-07-20 01:16 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-20 01:13 . 2012-07-20 01:13 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ced733e91cd661402\DXSETUP.exe
2012-07-20 01:13 . 2012-07-20 01:13 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\cf16d4f91cd661403\MeshBetaRemover.exe
2012-07-20 01:13 . 2012-07-20 01:13 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ced733e91cd661402\DSETUP.dll
2012-07-20 01:13 . 2012-07-20 01:13 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ced733e91cd661402\dsetup32.dll
2012-07-18 20:53 . 2012-07-18 20:53 -------- d-----w- c:\users\Goblin\AppData\Local\Logitech-LS
2012-07-11 20:50 . 2012-06-05 16:47 708608 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-09 21:14 . 2012-07-09 21:14 -------- d-----w- c:\programdata\McAfee
2012-07-01 22:30 . 2012-07-01 22:30 -------- d-----w- c:\users\UpdatusUser
2012-07-01 22:27 . 2012-05-15 09:29 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-07-01 22:27 . 2012-05-15 09:29 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-07-01 22:27 . 2012-05-15 09:29 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-07-01 22:27 . 2012-05-15 09:29 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-07-01 22:27 . 2012-05-15 09:28 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-07-01 22:27 . 2012-07-01 22:27 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-07-01 22:25 . 2012-05-15 10:48 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-07-01 22:25 . 2012-05-15 10:48 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-07-01 22:25 . 2012-05-15 10:48 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-07-01 22:25 . 2012-05-15 10:48 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-07-01 22:25 . 2012-05-15 10:48 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-07-01 22:25 . 2012-05-15 10:48 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-07-01 22:25 . 2012-05-15 10:48 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-07-01 22:25 . 2012-05-15 10:48 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-07-01 22:25 . 2012-05-15 10:48 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-07-01 22:25 . 2012-05-15 10:48 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-07-01 22:25 . 2012-05-15 10:48 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-07-01 22:25 . 2012-05-15 10:48 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-07-01 22:24 . 2012-05-15 10:48 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-07-01 22:24 . 2012-05-15 10:48 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-07-01 22:24 . 2012-05-15 10:48 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-07-01 22:24 . 2012-05-15 10:48 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-07-01 22:24 . 2012-05-15 10:48 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-07-01 22:24 . 2012-05-15 10:48 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-07-01 22:24 . 2012-05-15 10:48 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-07-01 20:18 . 2012-04-18 17:08 31040 ----a-w- c:\windows\system32\nvhdap64.dll
2012-07-01 20:18 . 2012-04-18 17:08 188736 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2012-06-30 02:41 . 2012-06-30 02:41 -------- d-----w- c:\users\Goblin\AppData\Roaming\Motorola
2012-06-30 02:36 . 2012-06-30 02:36 -------- d-----w- c:\program files\Motorola Inc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 00:12 . 2012-04-03 20:46 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 00:12 . 2011-05-19 02:07 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 23:02 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
2012-06-29 10:04 . 2012-07-20 18:53 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8767FAA5-9670-49ED-A405-6143499A2297}\mpengine.dll
2012-06-02 22:19 . 2012-06-21 20:01 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 20:02 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 20:02 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 20:02 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 20:01 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-21 20:01 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 20:01 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-21 20:02 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 20:01 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-21 20:01 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 19:19 . 2012-06-21 20:01 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:19 . 2012-06-21 20:01 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 20:01 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 19:12 . 2012-06-21 20:01 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-05-31 16:25 . 2009-10-02 22:53 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-15 10:48 . 2009-11-21 02:34 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2009-11-21 02:34 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 06:21 . 2012-05-15 06:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-01 14:29 . 2012-06-12 19:08 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-04-11 . BC81150939BD52DBC7A08C245F1FB229 . 384512 . . [6.0.6000.16386] .. c:\windows\system32\services.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-11-25 152064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-10-18 1152296]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-09-09 1148200]
"Logitech G35"="c:\program files (x86)\Logitech\G35\G35.exe" [2010-10-05 1811800]
"Tarantula"="c:\program files (x86)\Razer\Tarantula\razerhid.exe" [2007-05-07 159744]
"Razer Mamba Driver"="c:\program files (x86)\Razer\Mamba\RazerTray.exe" [2009-12-15 3278728]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2008-9-8 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 00:12]
.
2012-06-28 c:\windows\Tasks\HPCeeScheduleForGoblin.job
- c:\program files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-11-25 19:12]
.
2012-07-22 c:\windows\Tasks\User_Feed_Synchronization-{11C99D3A-08FE-4241-9D45-14B895A5BF78}.job
- c:\windows\system32\msfeedssync.exe [2011-03-27 23:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-11-03 182808]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.254
DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_test.cab
DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} - hxxp://192.168.1.115/NetCamPlayerWeb11gv2.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Goblin\AppData\Roaming\Mozilla\Firefox\Profiles\y3f98c6f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-sp44626 - c:\hp\Softpaq\sp44626\sp44626.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{8AAF211B-043E02A9-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3278837656-438446475-2892754016-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3278837656-438446475-2892754016-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2012-07-22 10:25:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-22 14:25
.
Pre-Run: 289,061,486,592 bytes free
Post-Run: 289,728,024,576 bytes free
.
- - End Of File - - FDF538D766A64D7ADA33441B446217F7

10:34:07.0103 4040 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
10:34:07.0509 4040 ============================================================
10:34:07.0509 4040 Current date / time: 2012/07/22 10:34:07.0509
10:34:07.0509 4040 SystemInfo:
10:34:07.0509 4040
10:34:07.0509 4040 OS Version: 6.0.6002 ServicePack: 2.0
10:34:07.0509 4040 Product type: Workstation
10:34:07.0509 4040 ComputerName: MEDIA-PC
10:34:07.0510 4040 UserName: Goblin
10:34:07.0510 4040 Windows directory: C:\Windows
10:34:07.0510 4040 System windows directory: C:\Windows
10:34:07.0510 4040 Running under WOW64
10:34:07.0510 4040 Processor architecture: Intel x64
10:34:07.0510 4040 Number of processors: 4
10:34:07.0510 4040 Page size: 0x1000
10:34:07.0510 4040 Boot type: Normal boot
10:34:07.0510 4040 ============================================================
10:34:08.0372 4040 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:34:08.0395 4040 ============================================================
10:34:08.0395 4040 \Device\Harddisk0\DR0:
10:34:08.0396 4040 MBR partitions:
10:34:08.0396 4040 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x55A27058
10:34:08.0396 4040 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x55A27097, BlocksNum 0x1B1E26A
10:34:08.0396 4040 ============================================================
10:34:08.0540 4040 C: <-> \Device\Harddisk0\DR0\Partition0
10:34:08.0621 4040 D: <-> \Device\Harddisk0\DR0\Partition1
10:34:08.0621 4040 ============================================================
10:34:08.0621 4040 Initialize success
10:34:08.0621 4040 ============================================================
10:34:16.0060 1120 ============================================================
10:34:16.0060 1120 Scan started
10:34:16.0060 1120 Mode: Manual;
10:34:16.0060 1120 ============================================================
10:34:17.0815 1120 61883 (78e902fb660bd5003fe726b9bef300b6) C:\Windows\system32\DRIVERS\61883.sys
10:34:17.0816 1120 61883 - ok
10:34:17.0881 1120 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
10:34:17.0896 1120 ACPI - ok
10:34:18.0087 1120 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:34:18.0087 1120 AdobeARMservice - ok
10:34:18.0546 1120 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:34:18.0548 1120 AdobeFlashPlayerUpdateSvc - ok
10:34:18.0921 1120 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
10:34:18.0955 1120 adp94xx - ok
10:34:18.0991 1120 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
10:34:19.0008 1120 adpahci - ok
10:34:19.0030 1120 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
10:34:19.0033 1120 adpu160m - ok
10:34:19.0059 1120 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
10:34:19.0063 1120 adpu320 - ok
10:34:19.0094 1120 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
10:34:19.0094 1120 AeLookupSvc - ok
10:34:19.0145 1120 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
10:34:19.0161 1120 AFD - ok
10:34:19.0214 1120 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
10:34:19.0215 1120 agp440 - ok
10:34:19.0280 1120 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
10:34:19.0282 1120 aic78xx - ok
10:34:19.0326 1120 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
10:34:19.0327 1120 ALG - ok
10:34:19.0415 1120 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
10:34:19.0416 1120 aliide - ok
10:34:19.0450 1120 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
10:34:19.0452 1120 amdide - ok
10:34:19.0478 1120 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
10:34:19.0482 1120 AmdK8 - ok
10:34:19.0522 1120 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
10:34:19.0524 1120 Appinfo - ok
10:34:19.0560 1120 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
10:34:19.0562 1120 arc - ok
10:34:19.0577 1120 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
10:34:19.0580 1120 arcsas - ok
10:34:19.0879 1120 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:34:19.0880 1120 aspnet_state - ok
10:34:19.0974 1120 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
10:34:19.0975 1120 AsyncMac - ok
10:34:20.0003 1120 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
10:34:20.0003 1120 atapi - ok
10:34:20.0126 1120 athr (3cc9f98e01e0b4f4657e1149c14ec6e0) C:\Windows\system32\DRIVERS\athrx.sys
10:34:20.0172 1120 athr - ok
10:34:20.0222 1120 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
10:34:20.0266 1120 AudioEndpointBuilder - ok
10:34:20.0270 1120 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
10:34:20.0272 1120 AudioSrv - ok
10:34:20.0319 1120 Avc (295fa2878ff499c0edfa0ebcc8c6ec66) C:\Windows\system32\DRIVERS\avc.sys
10:34:20.0320 1120 Avc - ok
10:34:20.0376 1120 Beep - ok
10:34:20.0426 1120 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
10:34:20.0442 1120 BFE - ok
10:34:20.0496 1120 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
10:34:20.0502 1120 BITS - ok
10:34:20.0538 1120 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
10:34:20.0539 1120 blbdrive - ok
10:34:20.0587 1120 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
10:34:20.0590 1120 bowser - ok
10:34:20.0617 1120 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
10:34:20.0619 1120 BrFiltLo - ok
10:34:20.0638 1120 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
10:34:20.0639 1120 BrFiltUp - ok
10:34:20.0677 1120 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
10:34:20.0677 1120 Browser - ok
10:34:20.0780 1120 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
10:34:20.0782 1120 Brserid - ok
10:34:20.0818 1120 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
10:34:20.0819 1120 BrSerWdm - ok
10:34:20.0851 1120 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
10:34:20.0851 1120 BrUsbMdm - ok
10:34:20.0885 1120 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
10:34:20.0890 1120 BrUsbSer - ok
10:34:20.0925 1120 BTCFilterService - ok
10:34:20.0947 1120 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
10:34:20.0948 1120 BTHMODEM - ok
10:34:20.0978 1120 catchme - ok
10:34:20.0997 1120 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
10:34:20.0999 1120 cdfs - ok
10:34:21.0018 1120 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
10:34:21.0020 1120 cdrom - ok
10:34:21.0037 1120 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
10:34:21.0039 1120 CertPropSvc - ok
10:34:21.0050 1120 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
10:34:21.0052 1120 circlass - ok
10:34:21.0099 1120 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
10:34:21.0146 1120 CLFS - ok
10:34:21.0219 1120 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:34:21.0221 1120 clr_optimization_v2.0.50727_32 - ok
10:34:21.0315 1120 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:34:21.0317 1120 clr_optimization_v2.0.50727_64 - ok
10:34:21.0507 1120 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:34:21.0522 1120 clr_optimization_v4.0.30319_32 - ok
10:34:21.0565 1120 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:34:21.0568 1120 clr_optimization_v4.0.30319_64 - ok
10:34:21.0621 1120 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
10:34:21.0623 1120 cmdide - ok
10:34:21.0636 1120 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
10:34:21.0637 1120 Compbatt - ok
10:34:21.0641 1120 COMSysApp - ok
10:34:21.0667 1120 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
10:34:21.0667 1120 crcdisk - ok
10:34:21.0709 1120 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
10:34:21.0710 1120 CryptSvc - ok
10:34:21.0767 1120 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
10:34:21.0773 1120 DcomLaunch - ok
10:34:21.0798 1120 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
10:34:21.0800 1120 DfsC - ok
10:34:21.0946 1120 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
10:34:22.0014 1120 DFSR - ok
10:34:22.0160 1120 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
10:34:22.0183 1120 Dhcp - ok
10:34:22.0217 1120 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
10:34:22.0219 1120 disk - ok
10:34:22.0249 1120 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
10:34:22.0251 1120 Dnscache - ok
10:34:22.0284 1120 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
10:34:22.0288 1120 dot3svc - ok
10:34:22.0312 1120 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
10:34:22.0316 1120 DPS - ok
10:34:22.0353 1120 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
10:34:22.0355 1120 drmkaud - ok
10:34:22.0459 1120 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
10:34:22.0463 1120 DXGKrnl - ok
10:34:22.0557 1120 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
10:34:22.0561 1120 E1G60 - ok
10:34:22.0587 1120 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
10:34:22.0589 1120 EapHost - ok
10:34:22.0607 1120 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
10:34:22.0611 1120 Ecache - ok
10:34:22.0664 1120 ehRecvr (33510be001ccdb5a01fcc88f4dd8dfc7) C:\Windows\ehome\ehRecvr.exe
10:34:22.0683 1120 ehRecvr - ok
10:34:22.0695 1120 ehSched (1abc6436b0edaa3d496d9c827f92820d) C:\Windows\ehome\ehsched.exe
10:34:22.0697 1120 ehSched - ok
10:34:22.0718 1120 ehstart (08f48cb2cd4019afb0456869b49cd76f) C:\Windows\ehome\ehstart.dll
10:34:22.0718 1120 ehstart - ok
10:34:22.0761 1120 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
10:34:22.0778 1120 elxstor - ok
10:34:22.0832 1120 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
10:34:22.0870 1120 EMDMgmt - ok
10:34:22.0905 1120 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
10:34:22.0906 1120 ErrDev - ok
10:34:22.0954 1120 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
10:34:22.0956 1120 EventSystem - ok
10:34:22.0973 1120 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
10:34:22.0977 1120 exfat - ok
10:34:23.0016 1120 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
10:34:23.0020 1120 fastfat - ok
10:34:23.0040 1120 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
10:34:23.0042 1120 fdc - ok
10:34:23.0056 1120 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
10:34:23.0057 1120 fdPHost - ok
10:34:23.0072 1120 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
10:34:23.0074 1120 FDResPub - ok
10:34:23.0088 1120 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
10:34:23.0090 1120 FileInfo - ok
10:34:23.0114 1120 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
10:34:23.0115 1120 Filetrace - ok
10:34:23.0139 1120 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
10:34:23.0141 1120 flpydisk - ok
10:34:23.0183 1120 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
10:34:23.0193 1120 FltMgr - ok
10:34:23.0334 1120 FontCache (de67b1afab1ddb6ca0bba89a776f26fa) C:\Windows\system32\FntCache.dll
10:34:23.0360 1120 FontCache - ok
10:34:23.0433 1120 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:34:23.0435 1120 FontCache3.0.0.0 - ok
10:34:23.0607 1120 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
10:34:23.0608 1120 fssfltr - ok
10:34:23.0775 1120 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
10:34:23.0941 1120 fsssvc - ok
10:34:24.0037 1120 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
10:34:24.0038 1120 Fs_Rec - ok
10:34:24.0080 1120 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
10:34:24.0083 1120 gagp30kx - ok
10:34:24.0186 1120 GameConsoleService (5c147bb6b6ade83363fa08c77dde15cd) C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
10:34:24.0190 1120 GameConsoleService - ok
10:34:24.0257 1120 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
10:34:24.0277 1120 gpsvc - ok
10:34:24.0384 1120 HCW85BDA (49b940bad9f1b1e707dcf27684b6c7fb) C:\Windows\system32\drivers\HCW85BDA.sys
10:34:24.0418 1120 HCW85BDA - ok
10:34:24.0575 1120 hcw85cir (b6c86ac0ca60c10b6f46155a5e09d4a9) C:\Windows\system32\drivers\hcw85cir.sys
10:34:24.0576 1120 hcw85cir - ok
10:34:24.0650 1120 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
10:34:24.0655 1120 HdAudAddService - ok
10:34:24.0721 1120 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:34:24.0743 1120 HDAudBus - ok
10:34:24.0767 1120 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
10:34:24.0769 1120 HidBth - ok
10:34:24.0796 1120 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
10:34:24.0798 1120 HidIr - ok
10:34:24.0833 1120 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
10:34:24.0836 1120 hidserv - ok
10:34:24.0861 1120 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
10:34:24.0862 1120 HidUsb - ok
10:34:24.0909 1120 HiPatchService (5a457c3d00c1c701230a12aa1580114d) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
10:34:24.0909 1120 HiPatchService - ok
10:34:24.0938 1120 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
10:34:24.0941 1120 hkmsvc - ok
10:34:24.0998 1120 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
10:34:24.0999 1120 HP Health Check Service - ok
10:34:25.0020 1120 HPBtnSrv (deab3bf5aefbdc3f9ac0e020926ec81d) C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
10:34:25.0024 1120 HPBtnSrv - ok
10:34:25.0054 1120 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
10:34:25.0056 1120 HpCISSs - ok
10:34:25.0117 1120 hpqcxs08 (682358f730b84b63e09c6b4edc1de7ae) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
10:34:25.0120 1120 hpqcxs08 - ok
10:34:25.0133 1120 hpqddsvc (2e7bee4aa776cf1c37836b26d1d29403) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
10:34:25.0136 1120 hpqddsvc - ok
10:34:25.0175 1120 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
10:34:25.0192 1120 HTTP - ok
10:34:25.0217 1120 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
10:34:25.0219 1120 i2omp - ok
10:34:25.0255 1120 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
10:34:25.0257 1120 i8042prt - ok
10:34:25.0304 1120 IAANTMON (1117af8c53aa278a4c5b7ef1b00e08f4) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
10:34:25.0319 1120 IAANTMON - ok
10:34:25.0353 1120 iaStor (8eacf469269fb1509561961a3188f670) C:\Windows\system32\drivers\iastor.sys
10:34:25.0356 1120 iaStor - ok
10:34:25.0377 1120 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
10:34:25.0393 1120 iaStorV - ok
10:34:25.0494 1120 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:34:25.0551 1120 idsvc - ok
10:34:25.0571 1120 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
10:34:25.0573 1120 iirsp - ok
10:34:25.0623 1120 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
10:34:25.0639 1120 IKEEXT - ok
10:34:25.0738 1120 IntcAzAudAddService (1edab7f9b9de4424beccdef950ce2ff0) C:\Windows\system32\drivers\RTKVHD64.sys
10:34:25.0746 1120 IntcAzAudAddService - ok
10:34:25.0874 1120 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
10:34:25.0876 1120 intelide - ok
10:34:25.0897 1120 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
10:34:25.0898 1120 intelppm - ok
10:34:25.0932 1120 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
10:34:25.0935 1120 IPBusEnum - ok
10:34:25.0960 1120 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:34:25.0963 1120 IpFilterDriver - ok
10:34:26.0018 1120 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
10:34:26.0023 1120 iphlpsvc - ok
10:34:26.0027 1120 IpInIp - ok
10:34:26.0053 1120 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
10:34:26.0055 1120 IPMIDRV - ok
10:34:26.0085 1120 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
10:34:26.0087 1120 IPNAT - ok
10:34:26.0107 1120 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
10:34:26.0108 1120 IRENUM - ok
10:34:26.0142 1120 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
10:34:26.0143 1120 isapnp - ok
10:34:26.0177 1120 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
10:34:26.0178 1120 iScsiPrt - ok
10:34:26.0205 1120 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
10:34:26.0207 1120 iteatapi - ok
10:34:26.0214 1120 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
10:34:26.0215 1120 iteraid - ok
10:34:26.0231 1120 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
10:34:26.0232 1120 kbdclass - ok
10:34:26.0260 1120 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
10:34:26.0262 1120 kbdhid - ok
10:34:26.0271 1120 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
10:34:26.0272 1120 KeyIso - ok
10:34:26.0309 1120 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys
10:34:26.0323 1120 KSecDD - ok
10:34:26.0342 1120 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
10:34:26.0344 1120 ksthunk - ok
10:34:26.0381 1120 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
10:34:26.0396 1120 KtmRm - ok
10:34:26.0430 1120 LADF_DHP2 (86dcbf8a41c78561a1da07ab5e7b1ccc) C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys
10:34:26.0433 1120 LADF_DHP2 - ok
10:34:26.0485 1120 LADF_SBVM (175c04c7813ce64616b5cb046e5e1383) C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys
10:34:26.0527 1120 LADF_SBVM - ok
10:34:26.0568 1120 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
10:34:26.0573 1120 LanmanServer - ok
10:34:26.0608 1120 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
10:34:26.0624 1120 LanmanWorkstation - ok
10:34:26.0715 1120 LBTServ (4adc135f525d38a498f83b089228cc2d) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
10:34:26.0721 1120 LBTServ - ok
10:34:26.0784 1120 LHidFilt (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys
10:34:26.0786 1120 LHidFilt - ok
10:34:26.0846 1120 LightScribeService (dfeff67508d3a9aeb1a85d7b0f513b24) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
10:34:26.0848 1120 LightScribeService - ok
10:34:26.0868 1120 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
10:34:26.0870 1120 lltdio - ok
10:34:26.0903 1120 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
10:34:26.0919 1120 lltdsvc - ok
10:34:26.0933 1120 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
10:34:26.0935 1120 lmhosts - ok
10:34:26.0956 1120 LMouFilt (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys
10:34:26.0958 1120 LMouFilt - ok
10:34:26.0989 1120 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
10:34:26.0992 1120 LSI_FC - ok
10:34:27.0024 1120 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
10:34:27.0027 1120 LSI_SAS - ok
10:34:27.0059 1120 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
10:34:27.0062 1120 LSI_SCSI - ok
10:34:27.0082 1120 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
10:34:27.0085 1120 luafv - ok
10:34:27.0107 1120 LUsbFilt (b8be35421b9e8dc1ab4b0cb7b9b0328b) C:\Windows\system32\Drivers\LUsbFilt.Sys
10:34:27.0109 1120 LUsbFilt - ok
10:34:27.0151 1120 Mcx2Svc (6da30c0de0cc8525e89d612c5063cac1) C:\Windows\system32\Mcx2Svc.dll
10:34:27.0154 1120 Mcx2Svc - ok
10:34:27.0176 1120 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
10:34:27.0178 1120 megasas - ok
10:34:27.0213 1120 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
10:34:27.0229 1120 MegaSR - ok
10:34:27.0255 1120 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
10:34:27.0257 1120 MMCSS - ok
10:34:27.0275 1120 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
10:34:27.0277 1120 Modem - ok
10:34:27.0309 1120 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
10:34:27.0310 1120 monitor - ok
10:34:27.0335 1120 motccgp - ok
10:34:27.0339 1120 motccgpfl - ok
10:34:27.0344 1120 motmodem - ok
10:34:27.0416 1120 MotoHelper (9dfd34e6841c460b5d992a1c5327ae69) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
10:34:27.0419 1120 MotoHelper - ok
10:34:27.0421 1120 MotoSwitchService - ok
10:34:27.0431 1120 Motousbnet - ok
10:34:27.0437 1120 motusbdevice - ok
10:34:27.0450 1120 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
10:34:27.0450 1120 mouclass - ok
10:34:27.0470 1120 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
10:34:27.0481 1120 mouhid - ok
10:34:27.0513 1120 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
10:34:27.0515 1120 MountMgr - ok
10:34:27.0533 1120 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
10:34:27.0536 1120 mpio - ok
10:34:27.0555 1120 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
10:34:27.0557 1120 mpsdrv - ok
10:34:27.0608 1120 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
10:34:27.0628 1120 MpsSvc - ok
10:34:27.0644 1120 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
10:34:27.0646 1120 Mraid35x - ok
10:34:27.0679 1120 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
10:34:27.0683 1120 MRxDAV - ok
10:34:27.0709 1120 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:34:27.0713 1120 mrxsmb - ok
10:34:27.0749 1120 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:34:27.0759 1120 mrxsmb10 - ok
10:34:27.0776 1120 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:34:27.0780 1120 mrxsmb20 - ok
10:34:27.0806 1120 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
10:34:27.0808 1120 msahci - ok
10:34:27.0841 1120 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
10:34:27.0849 1120 msdsm - ok
10:34:27.0893 1120 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
10:34:27.0896 1120 MSDTC - ok
10:34:27.0968 1120 MSDV (df674ba7da5a4753d839a905b66d2fd9) C:\Windows\system32\DRIVERS\msdv.sys
10:34:27.0970 1120 MSDV - ok
10:34:28.0002 1120 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
10:34:28.0003 1120 Msfs - ok
10:34:28.0026 1120 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
10:34:28.0026 1120 msisadrv - ok
10:34:28.0055 1120 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
10:34:28.0059 1120 MSiSCSI - ok
10:34:28.0062 1120 msiserver - ok
10:34:28.0104 1120 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
10:34:28.0105 1120 MSKSSRV - ok
10:34:28.0118 1120 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
10:34:28.0120 1120 MSPCLOCK - ok
10:34:28.0176 1120 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
10:34:28.0178 1120 MSPQM - ok
10:34:28.0301 1120 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
10:34:28.0308 1120 MsRPC - ok
10:34:28.0338 1120 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
10:34:28.0338 1120 mssmbios - ok
10:34:28.0370 1120 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
10:34:28.0371 1120 MSTEE - ok
10:34:28.0407 1120 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
10:34:28.0409 1120 Mup - ok
10:34:28.0442 1120 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
10:34:28.0491 1120 napagent - ok
10:34:28.0589 1120 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
10:34:28.0636 1120 NativeWifiP - ok
10:34:28.0711 1120 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
10:34:28.0715 1120 NDIS - ok
10:34:28.0753 1120 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
10:34:28.0754 1120 NdisTapi - ok
10:34:28.0856 1120 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
10:34:28.0858 1120 Ndisuio - ok
10:34:28.0881 1120 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
10:34:28.0885 1120 NdisWan - ok
10:34:28.0895 1120 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
10:34:28.0898 1120 NDProxy - ok
10:34:28.0938 1120 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
10:34:28.0941 1120 Net Driver HPZ12 - ok
10:34:28.0953 1120 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
10:34:28.0955 1120 NetBIOS - ok
10:34:28.0976 1120 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
10:34:28.0980 1120 netbt - ok
10:34:29.0001 1120 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
10:34:29.0002 1120 Netlogon - ok
10:34:29.0197 1120 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
10:34:29.0200 1120 Netman - ok
10:34:29.0310 1120 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:34:29.0313 1120 NetMsmqActivator - ok
10:34:29.0333 1120 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:34:29.0334 1120 NetPipeActivator - ok
10:34:29.0360 1120 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
10:34:29.0375 1120 netprofm - ok
10:34:29.0388 1120 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:34:29.0389 1120 NetTcpActivator - ok
10:34:29.0394 1120 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:34:29.0395 1120 NetTcpPortSharing - ok
10:34:29.0426 1120 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
10:34:29.0429 1120 nfrd960 - ok
10:34:29.0451 1120 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
10:34:29.0456 1120 NlaSvc - ok
10:34:29.0479 1120 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
10:34:29.0484 1120 Npfs - ok
10:34:29.0543 1120 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
10:34:29.0545 1120 nsi - ok
10:34:29.0551 1120 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
10:34:29.0552 1120 nsiproxy - ok
10:34:29.0628 1120 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
10:34:29.0637 1120 Ntfs - ok
10:34:29.0726 1120 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
10:34:29.0726 1120 Null - ok
10:34:29.0787 1120 NVHDA (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys
10:34:29.0788 1120 NVHDA - ok
10:34:30.0408 1120 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:34:30.0487 1120 nvlddmkm - ok
10:34:30.0570 1120 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
10:34:30.0573 1120 nvraid - ok
10:34:30.0599 1120 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
10:34:30.0601 1120 nvstor - ok
10:34:30.0692 1120 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
10:34:30.0715 1120 nvsvc - ok
10:34:30.0846 1120 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:34:30.0916 1120 nvUpdatusService - ok
10:34:30.0996 1120 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
10:34:30.0999 1120 nv_agp - ok
10:34:31.0002 1120 NwlnkFlt - ok
10:34:31.0009 1120 NwlnkFwd - ok
10:34:31.0069 1120 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
10:34:31.0071 1120 ohci1394 - ok
10:34:31.0119 1120 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
10:34:31.0142 1120 p2pimsvc - ok
10:34:31.0149 1120 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
10:34:31.0154 1120 p2psvc - ok
10:34:31.0187 1120 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
10:34:31.0189 1120 Parport - ok
10:34:31.0231 1120 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
10:34:31.0233 1120 partmgr - ok
10:34:31.0259 1120 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
10:34:31.0262 1120 PcaSvc - ok
10:34:31.0357 1120 PCD5SRVC{8AAF211B-043E02A9-05040000} (7204f835a4355d1ab2853e57c9ff177c) C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms
10:34:31.0401 1120 PCD5SRVC{8AAF211B-043E02A9-05040000} - ok
10:34:31.0445 1120 PcdrNdisuio - ok
10:34:31.0562 1120 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
10:34:31.0566 1120 pci - ok
10:34:31.0596 1120 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
10:34:31.0597 1120 pciide - ok
10:34:31.0619 1120 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
10:34:31.0624 1120 pcmcia - ok
10:34:31.0670 1120 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
10:34:31.0689 1120 PEAUTH - ok
10:34:31.0745 1120 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
10:34:31.0748 1120 PerfHost - ok
10:34:31.0828 1120 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
10:34:31.0888 1120 pla - ok
10:34:31.0919 1120 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
10:34:31.0936 1120 PlugPlay - ok
10:34:31.0987 1120 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
10:34:31.0990 1120 Pml Driver HPZ12 - ok
10:34:32.0005 1120 PnkBstrA - ok
10:34:32.0010 1120 PnkBstrB - ok
10:34:32.0060 1120 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
10:34:32.0065 1120 PNRPAutoReg - ok
10:34:32.0072 1120 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
10:34:32.0078 1120 PNRPsvc - ok
10:34:32.0112 1120 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
10:34:32.0131 1120 PolicyAgent - ok
10:34:32.0169 1120 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
10:34:32.0172 1120 PptpMiniport - ok
10:34:32.0209 1120 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
10:34:32.0211 1120 Processor - ok
10:34:32.0253 1120 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
10:34:32.0258 1120 ProfSvc - ok
10:34:32.0275 1120 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
10:34:32.0276 1120 ProtectedStorage - ok
10:34:32.0320 1120 Ps2 (1d0a3f565397d08707f3d75b88586645) C:\Windows\system32\DRIVERS\PS2.sys
10:34:32.0321 1120 Ps2 - ok
10:34:32.0363 1120 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
10:34:32.0366 1120 PSched - ok
10:34:32.0435 1120 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
10:34:32.0463 1120 ql2300 - ok
10:34:32.0498 1120 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
10:34:32.0520 1120 ql40xx - ok
10:34:32.0558 1120 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
10:34:32.0574 1120 QWAVE - ok
10:34:32.0591 1120 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
10:34:32.0598 1120 QWAVEdrv - ok
10:34:32.0613 1120 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
10:34:32.0614 1120 RasAcd - ok
10:34:32.0633 1120 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
10:34:32.0636 1120 RasAuto - ok
10:34:32.0653 1120 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:34:32.0666 1120 Rasl2tp - ok
10:34:32.0690 1120 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
10:34:32.0706 1120 RasMan - ok
10:34:32.0729 1120 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
10:34:32.0731 1120 RasPppoe - ok
10:34:32.0746 1120 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
10:34:32.0747 1120 RasSstp - ok
10:34:32.0777 1120 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
10:34:32.0793 1120 rdbss - ok
10:34:32.0807 1120 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:34:32.0809 1120 RDPCDD - ok
10:34:32.0871 1120 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
10:34:32.0885 1120 rdpdr - ok
10:34:32.0889 1120 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
10:34:32.0890 1120 RDPENCDD - ok
10:34:32.0930 1120 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
10:34:32.0933 1120 RDPWD - ok
10:34:32.0957 1120 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
10:34:32.0960 1120 RemoteAccess - ok
10:34:33.0006 1120 RemoteControl-USBLAN (bfa4873cd96d7144dc0059a70e1e358f) C:\Windows\system32\DRIVERS\rcblan.sys
10:34:33.0009 1120 RemoteControl-USBLAN - ok
10:34:33.0033 1120 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
10:34:33.0035 1120 RemoteRegistry - ok
10:34:33.0049 1120 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
10:34:33.0052 1120 RpcLocator - ok
10:34:33.0086 1120 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\System32\rpcss.dll
10:34:33.0092 1120 RpcSs - ok
10:34:33.0105 1120 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
10:34:33.0108 1120 rspndr - ok
10:34:33.0139 1120 RTL8169 (d53c84ec99ab4d78a90001e5ce5386ec) C:\Windows\system32\DRIVERS\Rtlh64.sys
10:34:33.0144 1120 RTL8169 - ok
10:34:33.0166 1120 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
10:34:33.0167 1120 SamSs - ok
10:34:33.0190 1120 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
10:34:33.0193 1120 sbp2port - ok
10:34:33.0238 1120 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
10:34:33.0243 1120 SCardSvr - ok
10:34:33.0294 1120 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
10:34:33.0301 1120 Schedule - ok
10:34:33.0314 1120 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
10:34:33.0315 1120 SCPolicySvc - ok
10:34:33.0344 1120 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
10:34:33.0348 1120 SDRSVC - ok
10:34:33.0359 1120 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:34:33.0361 1120 secdrv - ok
10:34:33.0370 1120 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
10:34:33.0373 1120 seclogon - ok
10:34:33.0387 1120 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
10:34:33.0391 1120 SENS - ok
10:34:33.0410 1120 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
10:34:33.0412 1120 Serenum - ok
10:34:33.0425 1120 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
10:34:33.0427 1120 Serial - ok
10:34:33.0446 1120 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
10:34:33.0448 1120 sermouse - ok
10:34:33.0481 1120 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
10:34:33.0486 1120 SessionEnv - ok
10:34:33.0512 1120 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
10:34:33.0549 1120 sffdisk - ok
10:34:33.0581 1120 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
10:34:33.0582 1120 sffp_mmc - ok
10:34:33.0603 1120 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
10:34:33.0606 1120 sffp_sd - ok
10:34:33.0685 1120 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
10:34:33.0685 1120 sfloppy - ok
10:34:33.0769 1120 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
10:34:33.0784 1120 SharedAccess - ok
10:34:33.0835 1120 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
10:34:33.0838 1120 ShellHWDetection - ok
10:34:33.0874 1120 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
10:34:33.0876 1120 SiSRaid2 - ok
10:34:33.0891 1120 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
10:34:33.0893 1120 SiSRaid4 - ok
10:34:34.0015 1120 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
10:34:34.0061 1120 slsvc - ok
10:34:34.0133 1120 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
10:34:34.0136 1120 SLUINotify - ok
10:34:34.0170 1120 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
10:34:34.0173 1120 Smb - ok
10:34:34.0192 1120 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
10:34:34.0194 1120 SNMPTRAP - ok
10:34:34.0214 1120 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
10:34:34.0214 1120 spldr - ok
10:34:34.0241 1120 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
10:34:34.0243 1120 Spooler - ok
10:34:34.0279 1120 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
10:34:34.0294 1120 srv - ok
10:34:34.0326 1120 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
10:34:34.0330 1120 srv2 - ok
10:34:34.0349 1120 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
10:34:34.0352 1120 srvnet - ok
10:34:34.0371 1120 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
10:34:34.0373 1120 SSDPSRV - ok
10:34:34.0407 1120 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
10:34:34.0411 1120 SstpSvc - ok
10:34:34.0457 1120 Steam Client Service - ok
10:34:34.0548 1120 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:34:34.0563 1120 Stereo Service - ok
10:34:34.0596 1120 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
10:34:34.0614 1120 stisvc - ok
10:34:34.0649 1120 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
10:34:34.0649 1120 swenum - ok
10:34:34.0691 1120 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
10:34:34.0705 1120 swprv - ok
10:34:34.0720 1120 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
10:34:34.0722 1120 Symc8xx - ok
10:34:34.0740 1120 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
10:34:34.0742 1120 Sym_hi - ok
10:34:34.0756 1120 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
10:34:34.0759 1120 Sym_u3 - ok
10:34:34.0822 1120 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
10:34:34.0869 1120 SysMain - ok
10:34:34.0893 1120 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
10:34:34.0897 1120 TabletInputService - ok
10:34:34.0940 1120 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
10:34:34.0943 1120 TapiSrv - ok
10:34:34.0971 1120 TarFltr (827f682e9d2d9b2a49691c3a9697a3bb) C:\Windows\system32\drivers\UsbFltr.sys
10:34:34.0973 1120 TarFltr - ok
10:34:34.0987 1120 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
10:34:34.0988 1120 TBS - ok
10:34:35.0056 1120 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
10:34:35.0063 1120 Tcpip - ok
10:34:35.0172 1120 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
10:34:35.0179 1120 Tcpip6 - ok
10:34:35.0242 1120 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
10:34:35.0244 1120 tcpipreg - ok
10:34:35.0268 1120 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
10:34:35.0270 1120 TDPIPE - ok
10:34:35.0291 1120 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
10:34:35.0293 1120 TDTCP - ok
10:34:35.0308 1120 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
10:34:35.0309 1120 tdx - ok
10:34:35.0335 1120 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
10:34:35.0336 1120 TermDD - ok
10:34:35.0365 1120 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
10:34:35.0368 1120 TermService - ok
10:34:35.0418 1120 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
10:34:35.0420 1120 Themes - ok
10:34:35.0434 1120 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
10:34:35.0435 1120 THREADORDER - ok
10:34:35.0461 1120 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
10:34:35.0500 1120 TrkWks - ok
10:34:35.0531 1120 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
10:34:35.0533 1120 TrustedInstaller - ok
10:34:35.0551 1120 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:34:35.0553 1120 tssecsrv - ok
10:34:35.0557 1120 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
10:34:35.0559 1120 tunmp - ok
10:34:35.0592 1120 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
10:34:35.0594 1120 tunnel - ok
10:34:35.0612 1120 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
10:34:35.0614 1120 uagp35 - ok
10:34:35.0647 1120 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
10:34:35.0653 1120 udfs - ok
10:34:35.0663 1120 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
10:34:35.0665 1120 UI0Detect - ok
10:34:35.0727 1120 uisp (75894b827b8ca53fc2bb991c91b6728c) C:\Windows\system32\Drivers\usbicp.sys
10:34:35.0729 1120 uisp - ok
10:34:35.0750 1120 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
10:34:35.0771 1120 uliagpkx - ok
10:34:35.0802 1120 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
10:34:35.0813 1120 uliahci - ok
10:34:35.0836 1120 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
10:34:35.0843 1120 UlSata - ok
10:34:35.0879 1120 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
10:34:35.0883 1120 ulsata2 - ok
10:34:35.0903 1120 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
10:34:35.0905 1120 umbus - ok
10:34:35.0926 1120 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys
10:34:35.0927 1120 UMPass - ok
10:34:35.0966 1120 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
10:34:35.0981 1120 upnphost - ok
10:34:36.0013 1120 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
10:34:36.0016 1120 usbaudio - ok
10:34:36.0060 1120 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
10:34:36.0063 1120 usbccgp - ok
10:34:36.0084 1120 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
10:34:36.0087 1120 usbcir - ok
10:34:36.0108 1120 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
10:34:36.0110 1120 usbehci - ok
10:34:36.0133 1120 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
10:34:36.0145 1120 usbhub - ok
10:34:36.0168 1120 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
10:34:36.0170 1120 usbohci - ok
10:34:36.0191 1120 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
10:34:36.0192 1120 usbprint - ok
10:34:36.0224 1120 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:34:36.0227 1120 USBSTOR - ok
10:34:36.0240 1120 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
10:34:36.0243 1120 usbuhci - ok
10:34:36.0261 1120 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
10:34:36.0264 1120 UxSms - ok
10:34:36.0302 1120 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
10:34:36.0317 1120 vds - ok
10:34:36.0339 1120 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
10:34:36.0341 1120 vga - ok
10:34:36.0357 1120 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
10:34:36.0358 1120 VgaSave - ok
10:34:36.0382 1120 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
10:34:36.0384 1120 viaide - ok
10:34:36.0392 1120 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
10:34:36.0394 1120 volmgr - ok
10:34:36.0446 1120 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
10:34:36.0462 1120 volmgrx - ok
10:34:36.0520 1120 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
10:34:36.0535 1120 volsnap - ok
10:34:36.0570 1120 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
10:34:36.0574 1120 vsmraid - ok
10:34:36.0654 1120 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
10:34:36.0683 1120 VSS - ok
10:34:36.0760 1120 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
10:34:36.0777 1120 W32Time - ok
10:34:36.0812 1120 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
10:34:36.0814 1120 WacomPen - ok
10:34:36.0882 1120 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
10:34:36.0885 1120 Wanarp - ok
10:34:36.0888 1120 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
10:34:36.0889 1120 Wanarpv6 - ok
10:34:36.0920 1120 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
10:34:36.0941 1120 wcncsvc - ok
10:34:36.0964 1120 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
10:34:36.0967 1120 WcsPlugInService - ok
10:34:37.0002 1120 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
10:34:37.0003 1120 Wd - ok
10:34:37.0074 1120 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
10:34:37.0094 1120 Wdf01000 - ok
10:34:37.0110 1120 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
10:34:37.0114 1120 WdiServiceHost - ok
10:34:37.0116 1120 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
10:34:37.0118 1120 WdiSystemHost - ok
10:34:37.0140 1120 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
10:34:37.0153 1120 WebClient - ok
10:34:37.0179 1120 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
10:34:37.0184 1120 Wecsvc - ok
10:34:37.0194 1120 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
10:34:37.0197 1120 wercplsupport - ok
10:34:37.0214 1120 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
10:34:37.0227 1120 WerSvc - ok
10:34:37.0256 1120 WinDefend - ok
10:34:37.0264 1120 WinHttpAutoProxySvc - ok
10:34:37.0347 1120 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
10:34:37.0352 1120 Winmgmt - ok
10:34:37.0440 1120 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
10:34:37.0480 1120 WinRM - ok
10:34:37.0608 1120 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
10:34:37.0626 1120 Wlansvc - ok
10:34:37.0673 1120 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:34:37.0676 1120 wlcrasvc - ok
10:34:37.0787 1120 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:34:37.0830 1120 wlidsvc - ok
10:34:37.0934 1120 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
10:34:37.0936 1120 WmiAcpi - ok
10:34:38.0016 1120 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
10:34:38.0021 1120 wmiApSrv - ok
10:34:38.0035 1120 WMPNetworkSvc - ok
10:34:38.0064 1120 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
10:34:38.0067 1120 WPCSvc - ok
10:34:38.0093 1120 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
10:34:38.0098 1120 WPDBusEnum - ok
10:34:38.0134 1120 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
10:34:38.0136 1120 WpdUsb - ok
10:34:38.0257 1120 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:34:38.0279 1120 WPFFontCache_v0400 - ok
10:34:38.0295 1120 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
10:34:38.0297 1120 ws2ifsl - ok
10:34:38.0317 1120 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
10:34:38.0320 1120 wscsvc - ok
10:34:38.0323 1120 WSearch - ok
10:34:38.0494 1120 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
10:34:38.0563 1120 wuauserv - ok
10:34:38.0821 1120 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:34:38.0859 1120 WUDFRd - ok
10:34:38.0872 1120 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
10:34:38.0876 1120 wudfsvc - ok
10:34:38.0933 1120 XMouseButton Launcher (21d33794b5f312040022787590fd61d7) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe
10:34:38.0934 1120 XMouseButton Launcher - ok
10:34:39.0001 1120 {55662437-DA8C-40c0-AADA-2C816A897A49} (74983addca2d9618512c088d856d6615) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
10:34:39.0002 1120 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
10:34:39.0039 1120 MBR (0x1B8) (43468b9f16d47988074d2245984e9d31) \Device\Harddisk0\DR0
10:34:39.0249 1120 \Device\Harddisk0\DR0 - ok
10:34:39.0252 1120 Boot (0x1200) (6bb75942d2a92549b83770c897b1e255) \Device\Harddisk0\DR0\Partition0
10:34:39.0254 1120 \Device\Harddisk0\DR0\Partition0 - ok
10:34:39.0277 1120 Boot (0x1200) (b07332e908f840860db726b57e448d0d) \Device\Harddisk0\DR0\Partition1
10:34:39.0279 1120 \Device\Harddisk0\DR0\Partition1 - ok
10:34:39.0280 1120 ============================================================
10:34:39.0280 1120 Scan finished
10:34:39.0280 1120 ============================================================
10:34:39.0289 2360 Detected object count: 0
10:34:39.0289 2360 Actual detected object count: 0
10:35:20.0356 4888 ============================================================
10:35:20.0356 4888 Scan started
10:35:20.0356 4888 Mode: Manual; SigCheck; TDLFS;
10:35:20.0356 4888 ============================================================
10:35:20.0747 4888 61883 (78e902fb660bd5003fe726b9bef300b6) C:\Windows\system32\DRIVERS\61883.sys
10:35:21.0023 4888 61883 - ok
10:35:21.0158 4888 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
10:35:21.0173 4888 ACPI - ok
10:35:21.0360 4888 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:35:21.0369 4888 AdobeARMservice - ok
10:35:21.0775 4888 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:35:21.0786 4888 AdobeFlashPlayerUpdateSvc - ok
10:35:22.0115 4888 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
10:35:22.0135 4888 adp94xx - ok
10:35:22.0334 4888 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
10:35:22.0350 4888 adpahci - ok
10:35:22.0414 4888 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
10:35:22.0426 4888 adpu160m - ok
10:35:22.0501 4888 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
10:35:22.0512 4888 adpu320 - ok
10:35:22.0542 4888 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
10:35:22.0591 4888 AeLookupSvc - ok
10:35:22.0627 4888 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
10:35:22.0710 4888 AFD - ok
10:35:22.0736 4888 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
10:35:22.0746 4888 agp440 - ok
10:35:22.0779 4888 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
10:35:22.0790 4888 aic78xx - ok
10:35:22.0847 4888 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
10:35:22.0875 4888 ALG - ok
10:35:22.0951 4888 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
10:35:22.0960 4888 aliide - ok
10:35:23.0003 4888 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
10:35:23.0012 4888 amdide - ok
10:35:23.0057 4888 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
10:35:23.0085 4888 AmdK8 - ok
10:35:23.0184 4888 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
10:35:23.0243 4888 Appinfo - ok
10:35:23.0259 4888 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
10:35:23.0269 4888 arc - ok
10:35:23.0387 4888 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
10:35:23.0397 4888 arcsas - ok
10:35:23.0836 4888 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:35:23.0845 4888 aspnet_state - ok
10:35:23.0903 4888 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
10:35:23.0984 4888 AsyncMac - ok
10:35:24.0004 4888 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
10:35:24.0014 4888 atapi - ok
10:35:24.0522 4888 athr (3cc9f98e01e0b4f4657e1149c14ec6e0) C:\Windows\system32\DRIVERS\athrx.sys
10:35:24.0573 4888 athr - ok
10:35:24.0622 4888 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
10:35:24.0650 4888 AudioEndpointBuilder - ok
10:35:24.0655 4888 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
10:35:24.0681 4888 AudioSrv - ok
10:35:24.0843 4888 Avc (295fa2878ff499c0edfa0ebcc8c6ec66) C:\Windows\system32\DRIVERS\avc.sys
10:35:24.0872 4888 Avc - ok
10:35:24.0877 4888 Beep - ok
10:35:25.0139 4888 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
10:35:25.0183 4888 BFE - ok
10:35:25.0510 4888 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
10:35:25.0546 4888 BITS - ok
10:35:25.0712 4888 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
10:35:25.0740 4888 blbdrive - ok
10:35:25.0860 4888 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
10:35:25.0926 4888 bowser - ok
10:35:25.0940 4888 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
10:35:25.0960 4888 BrFiltLo - ok
10:35:25.0989 4888 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
10:35:26.0009 4888 BrFiltUp - ok
10:35:26.0126 4888 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
10:35:26.0154 4888 Browser - ok
10:35:26.0187 4888 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
10:35:26.0372 4888 Brserid - ok
10:35:26.0397 4888 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
10:35:26.0439 4888 BrSerWdm - ok
10:35:26.0456 4888 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
10:35:26.0499 4888 BrUsbMdm - ok
10:35:26.0524 4888 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
10:35:26.0605 4888 BrUsbSer - ok
10:35:26.0608 4888 BTCFilterService - ok
10:35:26.0813 4888 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
10:35:26.0856 4888 BTHMODEM - ok
10:35:26.0892 4888 catchme - ok
10:35:26.0979 4888 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
10:35:27.0007 4888 cdfs - ok
10:35:27.0049 4888 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
10:35:27.0070 4888 cdrom - ok
10:35:27.0124 4888 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
10:35:27.0144 4888 CertPropSvc - ok
10:35:27.0202 4888 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
10:35:27.0230 4888 circlass - ok
10:35:27.0371 4888 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
10:35:27.0389 4888 CLFS - ok
10:35:27.0517 4888 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:35:27.0526 4888 clr_optimization_v2.0.50727_32 - ok
10:35:27.0685 4888 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:35:27.0693 4888 clr_optimization_v2.0.50727_64 - ok
10:35:27.0890 4888 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:35:27.0899 4888 clr_optimization_v4.0.30319_32 - ok
10:35:28.0087 4888 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:35:28.0097 4888 clr_optimization_v4.0.30319_64 - ok
10:35:28.0154 4888 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
10:35:28.0162 4888 cmdide - ok
10:35:28.0203 4888 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
10:35:28.0213 4888 Compbatt - ok
10:35:28.0215 4888 COMSysApp - ok
10:35:28.0332 4888 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
10:35:28.0342 4888 crcdisk - ok
10:35:28.0456 4888 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
10:35:28.0469 4888 CryptSvc - ok
10:35:28.0672 4888 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
10:35:28.0740 4888 DcomLaunch - ok
10:35:28.0860 4888 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
10:35:28.0923 4888 DfsC - ok
10:35:29.0937 4888 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
10:35:30.0099 4888 DFSR - ok
10:35:30.0485 4888 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
10:35:30.0508 4888 Dhcp - ok
10:35:30.0570 4888 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
10:35:30.0581 4888 disk - ok
10:35:30.0769 4888 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
10:35:30.0803 4888 Dnscache - ok
10:35:30.0940 4888 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
10:35:31.0011 4888 dot3svc - ok
10:35:31.0189 4888 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
10:35:31.0218 4888 DPS - ok
10:35:31.0282 4888 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
10:35:31.0303 4888 drmkaud - ok
10:35:31.0599 4888 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
10:35:31.0639 4888 DXGKrnl - ok
10:35:31.0783 4888 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
10:35:31.0812 4888 E1G60 - ok
10:35:31.0941 4888 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
10:35:32.0018 4888 EapHost - ok
10:35:32.0044 4888 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
10:35:32.0056 4888 Ecache - ok
10:35:32.0383 4888 ehRecvr (33510be001ccdb5a01fcc88f4dd8dfc7) C:\Windows\ehome\ehRecvr.exe
10:35:32.0460 4888 ehRecvr - ok
10:35:32.0551 4888 ehSched (1abc6436b0edaa3d496d9c827f92820d) C:\Windows\ehome\ehsched.exe
10:35:32.0561 4888 ehSched - ok
10:35:32.0575 4888 ehstart (08f48cb2cd4019afb0456869b49cd76f) C:\Windows\ehome\ehstart.dll
10:35:32.0584 4888 ehstart - ok
10:35:32.0833 4888 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
10:35:32.0851 4888 elxstor - ok
10:35:33.0128 4888 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
10:35:33.0227 4888 EMDMgmt - ok
10:35:33.0250 4888 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
10:35:33.0293 4888 ErrDev - ok
10:35:33.0333 4888 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
10:35:33.0368 4888 EventSystem - ok
10:35:33.0499 4888 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
10:35:33.0582 4888 exfat - ok
10:35:33.0655 4888 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
10:35:33.0677 4888 fastfat - ok
10:35:33.0715 4888 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
10:35:33.0806 4888 fdc - ok
10:35:33.0823 4888 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
10:35:33.0875 4888 fdPHost - ok
10:35:33.0903 4888 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
10:35:33.0946 4888 FDResPub - ok
10:35:33.0990 4888 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
10:35:34.0000 4888 FileInfo - ok
10:35:34.0042 4888 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
10:35:34.0070 4888 Filetrace - ok
10:35:34.0113 4888 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
10:35:34.0141 4888 flpydisk - ok
10:35:34.0445 4888 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
10:35:34.0459 4888 FltMgr - ok
10:35:34.0870 4888 FontCache (de67b1afab1ddb6ca0bba89a776f26fa) C:\Windows\system32\FntCache.dll
10:35:34.0931 4888 FontCache - ok
10:35:35.0383 4888 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:35:35.0391 4888 FontCache3.0.0.0 - ok
10:35:35.0530 4888 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
10:35:35.0539 4888 fssfltr - ok
10:35:35.0907 4888 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
10:35:35.0956 4888 fsssvc - ok
10:35:36.0676 4888 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
10:35:36.0747 4888 Fs_Rec - ok
10:35:36.0808 4888 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
10:35:36.0818 4888 gagp30kx - ok
10:35:37.0221 4888 GameConsoleService (5c147bb6b6ade83363fa08c77dde15cd) C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
10:35:37.0231 4888 GameConsoleService - ok
10:35:37.0509 4888 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
10:35:37.0539 4888 gpsvc - ok
10:35:38.0360 4888 HCW85BDA (49b940bad9f1b1e707dcf27684b6c7fb) C:\Windows\system32\drivers\HCW85BDA.sys
10:35:38.0461 4888 HCW85BDA - ok
10:35:38.0876 4888 hcw85cir (b6c86ac0ca60c10b6f46155a5e09d4a9) C:\Windows\system32\drivers\hcw85cir.sys
10:35:38.0884 4888 hcw85cir - ok
10:35:39.0020 4888 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
10:35:39.0088 4888 HdAudAddService - ok
10:35:39.0415 4888 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:35:39.0483 4888 HDAudBus - ok
10:35:39.0605 4888 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
10:35:39.0648 4888 HidBth - ok
10:35:39.0743 4888 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
10:35:39.0821 4888 HidIr - ok
10:35:39.0842 4888 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
10:35:39.0876 4888 hidserv - ok
10:35:39.0907 4888 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
10:35:39.0927 4888 HidUsb - ok
10:35:40.0118 4888 HiPatchService (5a457c3d00c1c701230a12aa1580114d) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
10:35:40.0121 4888 HiPatchService ( UnsignedFile.Multi.Generic ) - warning
10:35:40.0121 4888 HiPatchService - detected UnsignedFile.Multi.Generic (1)
10:35:40.0327 4888 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
10:35:40.0356 4888 hkmsvc - ok
10:35:40.0728 4888 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
10:35:40.0772 4888 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
10:35:40.0772 4888 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
10:35:40.0796 4888 HPBtnSrv (deab3bf5aefbdc3f9ac0e020926ec81d) C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
10:35:40.0798 4888 HPBtnSrv ( UnsignedFile.Multi.Generic ) - warning
10:35:40.0798 4888 HPBtnSrv - detected UnsignedFile.Multi.Generic (1)
10:35:40.0826 4888 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
10:35:40.0837 4888 HpCISSs - ok
10:35:41.0032 4888 hpqcxs08 (682358f730b84b63e09c6b4edc1de7ae) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
10:35:41.0081 4888 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
10:35:41.0081 4888 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
10:35:41.0101 4888 hpqddsvc (2e7bee4aa776cf1c37836b26d1d29403) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
10:35:41.0110 4888 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
10:35:41.0110 4888 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
10:35:41.0259 4888 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
10:35:41.0327 4888 HTTP - ok
10:35:41.0342 4888 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
10:35:41.0352 4888 i2omp - ok
10:35:41.0377 4888 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
10:35:41.0434 4888 i8042prt - ok
10:35:41.0685 4888 IAANTMON (1117af8c53aa278a4c5b7ef1b00e08f4) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
10:35:41.0725 4888 IAANTMON - ok
10:35:41.0770 4888 iaStor (8eacf469269fb1509561961a3188f670) C:\Windows\system32\drivers\iastor.sys
10:35:41.0787 4888 iaStor - ok
10:35:41.0811 4888 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
10:35:41.0824 4888 iaStorV - ok
10:35:42.0453 4888 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:35:42.0480 4888 idsvc - ok
10:35:42.0534 4888 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
10:35:42.0543 4888 iirsp - ok
10:35:42.0739 4888 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
10:35:42.0776 4888 IKEEXT - ok
10:35:43.0415 4888 IntcAzAudAddService (1edab7f9b9de4424beccdef950ce2ff0) C:\Windows\system32\drivers\RTKVHD64.sys
10:35:43.0631 4888 IntcAzAudAddService - ok
10:35:44.0043 4888 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
10:35:44.0053 4888 intelide - ok
10:35:44.0147 4888 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
10:35:44.0280 4888 intelppm - ok
10:35:44.0406 4888 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
10:35:44.0484 4888 IPBusEnum - ok
10:35:44.0575 4888 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:35:44.0639 4888 IpFilterDriver - ok
10:35:44.0667 4888 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
10:35:44.0727 4888 iphlpsvc - ok
10:35:44.0729 4888 IpInIp - ok
10:35:44.0758 4888 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
10:35:44.0804 4888 IPMIDRV - ok
10:35:44.0885 4888 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
10:35:44.0913 4888 IPNAT - ok
10:35:44.0985 4888 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
10:35:45.0057 4888 IRENUM - ok
10:35:45.0077 4888 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
10:35:45.0087 4888 isapnp - ok
10:35:45.0268 4888 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
10:35:45.0280 4888 iScsiPrt - ok
10:35:45.0325 4888 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
10:35:45.0334 4888 iteatapi - ok
10:35:45.0385 4888 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
10:35:45.0394 4888 iteraid - ok
10:35:45.0451 4888 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
10:35:45.0461 4888 kbdclass - ok
10:35:45.0553 4888 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
10:35:45.0574 4888 kbdhid - ok
10:35:45.0687 4888 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
10:35:45.0698 4888 KeyIso - ok
10:35:45.0922 4888 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys
10:35:45.0942 4888 KSecDD - ok
10:35:45.0974 4888 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
10:35:46.0011 4888 ksthunk - ok
10:35:46.0301 4888 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
10:35:46.0339 4888 KtmRm - ok
10:35:46.0452 4888 LADF_DHP2 (86dcbf8a41c78561a1da07ab5e7b1ccc) C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys
10:35:46.0460 4888 LADF_DHP2 - ok
10:35:46.0673 4888 LADF_SBVM (175c04c7813ce64616b5cb046e5e1383) C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys
10:35:46.0700 4888 LADF_SBVM - ok
10:35:46.0843 4888 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
10:35:46.0892 4888 LanmanServer - ok
10:35:46.0929 4888 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
10:35:46.0943 4888 LanmanWorkstation - ok
10:35:47.0359 4888 LBTServ (4adc135f525d38a498f83b089228cc2d) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
10:35:47.0374 4888 LBTServ - ok
10:35:47.0454 4888 LHidFilt (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys
10:35:47.0461 4888 LHidFilt - ok
10:35:47.0763 4888 LightScribeService (dfeff67508d3a9aeb1a85d7b0f513b24) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
10:35:47.0834 4888 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
10:35:47.0834 4888 LightScribeService - detected UnsignedFile.Multi.Generic (1)
10:35:47.0857 4888 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
10:35:47.0895 4888 lltdio - ok
10:35:48.0020 4888 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
10:35:48.0051 4888 lltdsvc - ok
10:35:48.0092 4888 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
10:35:48.0121 4888 lmhosts - ok
10:35:48.0250 4888 LMouFilt (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys
10:35:48.0257 4888 LMouFilt - ok
10:35:48.0402 4888 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
10:35:48.0413 4888 LSI_FC - ok
10:35:48.0514 4888 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
10:35:48.0524 4888 LSI_SAS - ok
10:35:48.0557 4888 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
10:35:48.0568 4888 LSI_SCSI - ok
10:35:48.0616 4888 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
10:35:48.0698 4888 luafv - ok
10:35:48.0733 4888 LUsbFilt (b8be35421b9e8dc1ab4b0cb7b9b0328b) C:\Windows\system32\Drivers\LUsbFilt.Sys
10:35:48.0741 4888 LUsbFilt - ok
10:35:48.0797 4888 Mcx2Svc (6da30c0de0cc8525e89d612c5063cac1) C:\Windows\system32\Mcx2Svc.dll
10:35:48.0881 4888 Mcx2Svc - ok
10:35:48.0898 4888 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
10:35:48.0909 4888 megasas - ok
10:35:49.0161 4888 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
10:35:49.0178 4888 MegaSR - ok
10:35:49.0248 4888 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
10:35:49.0313 4888 MMCSS - ok
10:35:49.0335 4888 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
10:35:49.0386 4888 Modem - ok
10:35:49.0419 4888 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
10:35:49.0502 4888 monitor - ok
10:35:49.0504 4888 motccgp - ok
10:35:49.0508 4888 motccgpfl - ok
10:35:49.0513 4888 motmodem - ok
10:35:49.0842 4888 MotoHelper (9dfd34e6841c460b5d992a1c5327ae69) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
10:35:49.0852 4888 MotoHelper - ok
10:35:49.0854 4888 MotoSwitchService - ok
10:35:49.0859 4888 Motousbnet - ok
10:35:49.0863 4888 motusbdevice - ok
10:35:49.0918 4888 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
10:35:49.0928 4888 mouclass - ok
10:35:49.0987 4888 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
10:35:50.0015 4888 mouhid - ok
10:35:50.0051 4888 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
10:35:50.0062 4888 MountMgr - ok
10:35:50.0142 4888 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
10:35:50.0153 4888 mpio - ok
10:35:50.0221 4888 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
10:35:50.0241 4888 mpsdrv - ok
10:35:50.0507 4888 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
10:35:50.0542 4888 MpsSvc - ok
10:35:50.0566 4888 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
10:35:50.0575 4888 Mraid35x - ok
10:35:50.0626 4888 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
10:35:50.0639 4888 MRxDAV - ok
10:35:50.0724 4888 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:35:50.0768 4888 mrxsmb - ok
10:35:50.0867 4888 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:35:50.0880 4888 mrxsmb10 - ok
10:35:50.0923 4888 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:35:50.0934 4888 mrxsmb20 - ok
10:35:51.0023 4888 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
10:35:51.0033 4888 msahci - ok
10:35:51.0081 4888 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
10:35:51.0092 4888 msdsm - ok
10:35:51.0314 4888 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
10:35:51.0393 4888 MSDTC - ok
10:35:51.0455 4888 MSDV (df674ba7da5a4753d839a905b66d2fd9) C:\Windows\system32\DRIVERS\msdv.sys
10:35:51.0483 4888 MSDV - ok
10:35:51.0515 4888 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
10:35:51.0556 4888 Msfs - ok
10:35:51.0572 4888 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
10:35:51.0582 4888 msisadrv - ok
10:35:51.0743 4888 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
10:35:51.0802 4888 MSiSCSI - ok
10:35:51.0805 4888 msiserver - ok
10:35:51.0828 4888 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
10:35:51.0891 4888 MSKSSRV - ok
10:35:51.0915 4888 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
10:35:51.0942 4888 MSPCLOCK - ok
10:35:52.0021 4888 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
10:35:52.0102 4888 MSPQM - ok
10:35:52.0212 4888 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
10:35:52.0226 4888 MsRPC - ok
10:35:52.0271 4888 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
10:35:52.0281 4888 mssmbios - ok
10:35:52.0323 4888 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
10:35:52.0403 4888 MSTEE - ok
10:35:52.0459 4888 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
10:35:52.0470 4888 Mup - ok
10:35:52.0804 4888 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
10:35:52.0868 4888 napagent - ok
10:35:52.0906 4888 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
10:35:52.0920 4888 NativeWifiP - ok
10:35:53.0340 4888 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
10:35:53.0369 4888 NDIS - ok
10:35:53.0473 4888 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
10:35:53.0541 4888 NdisTapi - ok
10:35:53.0556 4888 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
10:35:53.0584 4888 Ndisuio - ok
10:35:53.0718 4888 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
10:35:53.0739 4888 NdisWan - ok
10:35:53.0788 4888 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
10:35:53.0845 4888 NDProxy - ok
10:35:53.0915 4888 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
10:35:53.0918 4888 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:35:53.0918 4888 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:35:54.0036 4888 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
10:35:54.0063 4888 NetBIOS - ok
10:35:54.0373 4888 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
10:35:54.0396 4888 netbt - ok
10:35:54.0414 4888 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
10:35:54.0425 4888 Netlogon - ok
10:35:54.0743 4888 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
10:35:54.0819 4888 Netman - ok
10:35:55.0080 4888 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:35:55.0090 4888 NetMsmqActivator - ok
10:35:55.0093 4888 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:35:55.0104 4888 NetPipeActivator - ok
10:35:55.0266 4888 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
10:35:55.0341 4888 netprofm - ok
10:35:55.0344 4888 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:35:55.0355 4888 NetTcpActivator - ok
10:35:55.0358 4888 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:35:55.0367 4888 NetTcpPortSharing - ok
10:35:55.0444 4888 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
10:35:55.0454 4888 nfrd960 - ok
10:35:55.0537 4888 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
10:35:55.0567 4888 NlaSvc - ok
10:35:55.0856 4888 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
10:35:55.0886 4888 Npfs - ok
10:35:56.0009 4888 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
10:35:56.0102 4888 nsi - ok
10:35:56.0113 4888 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
10:35:56.0142 4888 nsiproxy - ok
10:35:56.0646 4888 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
10:35:56.0698 4888 Ntfs - ok
10:35:57.0329 4888 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
10:35:57.0410 4888 Null - ok
10:35:57.0508 4888 NVHDA (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys
10:35:57.0519 4888 NVHDA - ok
10:36:02.0652 4888 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:36:03.0274 4888 nvlddmkm - ok
10:36:03.0824 4888 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
10:36:03.0835 4888 nvraid - ok
10:36:03.0949 4888 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
10:36:03.0960 4888 nvstor - ok
10:36:04.0434 4888 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
10:36:04.0461 4888 nvsvc - ok
10:36:05.0279 4888 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:36:05.0329 4888 nvUpdatusService - ok
10:36:06.0216 4888 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
10:36:06.0227 4888 nv_agp - ok
10:36:06.0230 4888 NwlnkFlt - ok
10:36:06.0235 4888 NwlnkFwd - ok
10:36:06.0309 4888 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
10:36:06.0330 4888 ohci1394 - ok
10:36:06.0851 4888 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
10:36:06.0945 4888 p2pimsvc - ok
10:36:06.0952 4888 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
10:36:06.0975 4888 p2psvc - ok
10:36:07.0101 4888 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
10:36:07.0145 4888 Parport - ok
10:36:07.0210 4888 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
10:36:07.0222 4888 partmgr - ok
10:36:07.0462 4888 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
10:36:07.0585 4888 PcaSvc - ok
10:36:08.0199 4888 PCD5SRVC{8AAF211B-043E02A9-05040000} (7204f835a4355d1ab2853e57c9ff177c) C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms
10:36:08.0250 4888 PCD5SRVC{8AAF211B-043E02A9-05040000} ( UnsignedFile.Multi.Generic ) - warning
10:36:08.0250 4888 PCD5SRVC{8AAF211B-043E02A9-05040000} - detected UnsignedFile.Multi.Generic (1)
10:36:08.0523 4888 PcdrNdisuio - ok
10:36:08.0659 4888 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
10:36:08.0673 4888 pci - ok
10:36:08.0710 4888 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
10:36:08.0719 4888 pciide - ok
10:36:08.0742 4888 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
10:36:08.0754 4888 pcmcia - ok
10:36:08.0810 4888 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
10:36:08.0881 4888 PEAUTH - ok
10:36:08.0934 4888 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
10:36:08.0997 4888 PerfHost - ok
10:36:09.0098 4888 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
10:36:09.0141 4888 pla - ok
10:36:09.0258 4888 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
10:36:09.0282 4888 PlugPlay - ok
10:36:09.0316 4888 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
10:36:09.0319 4888 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:36:09.0319 4888 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:36:09.0323 4888 PnkBstrA - ok
10:36:09.0327 4888 PnkBstrB - ok
10:36:09.0502 4888 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
10:36:09.0524 4888 PNRPAutoReg - ok
10:36:09.0530 4888 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
10:36:09.0553 4888 PNRPsvc - ok
10:36:09.0731 4888 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
10:36:09.0761 4888 PolicyAgent - ok
10:36:09.0816 4888 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
10:36:09.0886 4888 PptpMiniport - ok
10:36:09.0928 4888 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
10:36:09.0956 4888 Processor - ok
10:36:10.0026 4888 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
10:36:10.0048 4888 ProfSvc - ok
10:36:10.0063 4888 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
10:36:10.0074 4888 ProtectedStorage - ok
10:36:10.0117 4888 Ps2 (1d0a3f565397d08707f3d75b88586645) C:\Windows\system32\DRIVERS\PS2.sys
10:36:10.0141 4888 Ps2 - ok
10:36:10.0168 4888 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
10:36:10.0189 4888 PSched - ok
10:36:10.0266 4888 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
10:36:10.0323 4888 ql2300 - ok
10:36:10.0377 4888 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
10:36:10.0389 4888 ql40xx - ok
10:36:10.0429 4888 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
10:36:10.0451 4888 QWAVE - ok
10:36:10.0465 4888 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
10:36:10.0477 4888 QWAVEdrv - ok
10:36:10.0527 4888 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
10:36:10.0554 4888 RasAcd - ok
10:36:10.0572 4888 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
10:36:10.0601 4888 RasAuto - ok
10:36:10.0626 4888 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:36:10.0648 4888 Rasl2tp - ok
10:36:10.0671 4888 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
10:36:10.0700 4888 RasMan - ok
10:36:10.0717 4888 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
10:36:10.0748 4888 RasPppoe - ok
10:36:10.0768 4888 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
10:36:10.0779 4888 RasSstp - ok
10:36:10.0808 4888 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
10:36:10.0831 4888 rdbss - ok
10:36:10.0863 4888 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:36:10.0891 4888 RDPCDD - ok
10:36:10.0929 4888 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
10:36:10.0960 4888 rdpdr - ok
10:36:10.0964 4888 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
10:36:10.0993 4888 RDPENCDD - ok
10:36:11.0035 4888 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
10:36:11.0062 4888 RDPWD - ok
10:36:11.0087 4888 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
10:36:11.0121 4888 RemoteAccess - ok
10:36:11.0145 4888 RemoteControl-USBLAN (bfa4873cd96d7144dc0059a70e1e358f) C:\Windows\system32\DRIVERS\rcblan.sys
10:36:11.0154 4888 RemoteControl-USBLAN - ok
10:36:11.0172 4888 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
10:36:11.0195 4888 RemoteRegistry - ok
10:36:11.0222 4888 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
10:36:11.0250 4888 RpcLocator - ok
10:36:11.0291 4888 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\System32\rpcss.dll
10:36:11.0324 4888 RpcSs - ok
10:36:11.0334 4888 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
10:36:11.0362 4888 rspndr - ok
10:36:11.0403 4888 RTL8169 (d53c84ec99ab4d78a90001e5ce5386ec) C:\Windows\system32\DRIVERS\Rtlh64.sys
10:36:11.0456 4888 RTL8169 - ok
10:36:11.0529 4888 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
10:36:11.0540 4888 SamSs - ok
10:36:11.0562 4888 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
10:36:11.0572 4888 sbp2port - ok
10:36:11.0618 4888 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
10:36:11.0650 4888 SCardSvr - ok
10:36:11.0698 4888 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
10:36:11.0743 4888 Schedule - ok
10:36:11.0786 4888 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
10:36:11.0806 4888 SCPolicySvc - ok
10:36:11.0832 4888 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
10:36:11.0870 4888 SDRSVC - ok
10:36:11.0897 4888 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:36:11.0940 4888 secdrv - ok
10:36:11.0950 4888 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
10:36:11.0979 4888 seclogon - ok
10:36:11.0992 4888 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
10:36:12.0035 4888 SENS - ok
10:36:12.0057 4888 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
10:36:12.0100 4888 Serenum - ok
10:36:12.0113 4888 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
10:36:12.0158 4888 Serial - ok
10:36:12.0176 4888 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
10:36:12.0239 4888 sermouse - ok
10:36:12.0261 4888 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
10:36:12.0291 4888 SessionEnv - ok
10:36:12.0305 4888 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
10:36:12.0334 4888 sffdisk - ok
10:36:12.0349 4888 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
10:36:12.0386 4888 sffp_mmc - ok
10:36:12.0408 4888 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
10:36:12.0435 4888 sffp_sd - ok
10:36:12.0464 4888 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
10:36:12.0507 4888 sfloppy - ok
10:36:12.0541 4888 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
10:36:12.0612 4888 SharedAccess - ok
10:36:12.0665 4888 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
10:36:12.0691 4888 ShellHWDetection - ok
10:36:12.0712 4888 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
10:36:12.0723 4888 SiSRaid2 - ok
10:36:12.0737 4888 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
10:36:12.0747 4888 SiSRaid4 - ok
10:36:12.0872 4888 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
10:36:12.0945 4888 slsvc - ok
10:36:13.0046 4888 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
10:36:13.0085 4888 SLUINotify - ok
10:36:13.0133 4888 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
10:36:13.0154 4888 Smb - ok
10:36:13.0172 4888 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
10:36:13.0191 4888 SNMPTRAP - ok
10:36:13.0210 4888 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
10:36:13.0221 4888 spldr - ok
10:36:13.0246 4888 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
10:36:13.0282 4888 Spooler - ok
10:36:13.0333 4888 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
10:36:13.0369 4888 srv - ok
10:36:13.0406 4888 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
10:36:13.0432 4888 srv2 - ok
10:36:13.0462 4888 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
10:36:13.0475 4888 srvnet - ok
10:36:13.0493 4888 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
10:36:13.0554 4888 SSDPSRV - ok
10:36:13.0587 4888 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
10:36:13.0600 4888 SstpSvc - ok
10:36:13.0629 4888 Steam Client Service - ok
10:36:13.0957 4888 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:36:13.0972 4888 Stereo Service - ok
10:36:14.0109 4888 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
10:36:14.0129 4888 stisvc - ok
10:36:14.0950 4888 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
10:36:14.0959 4888 swenum - ok
10:36:15.0575 4888 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
10:36:15.0613 4888 swprv - ok
10:36:15.0654 4888 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
10:36:15.0663 4888 Symc8xx - ok
10:36:15.0925 4888 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
10:36:15.0935 4888 Sym_hi - ok
10:36:16.0140 4888 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
10:36:16.0149 4888 Sym_u3 - ok
10:36:17.0031 4888 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
10:36:17.0074 4888 SysMain - ok
10:36:17.0169 4888 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
10:36:17.0213 4888 TabletInputService - ok
10:36:17.0243 4888 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
10:36:17.0268 4888 TapiSrv - ok
10:36:17.0570 4888 TarFltr (827f682e9d2d9b2a49691c3a9697a3bb) C:\Windows\system32\drivers\UsbFltr.sys
10:36:17.0637 4888 TarFltr - ok
10:36:17.0664 4888 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
10:36:17.0693 4888 TBS - ok
10:36:18.0758 4888 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
10:36:18.0847 4888 Tcpip - ok
10:36:18.0849 4888 Scan interrupted by user!
10:36:18.0849 4888 Scan interrupted by user!
10:36:18.0849 4888 Scan interrupted by user!
10:36:18.0849 4888 ============================================================
10:36:18.0849 4888 Scan finished
10:36:18.0849 4888 ============================================================
10:36:18.0856 4376 Detected object count: 9
10:36:18.0856 4376 Actual detected object count: 9
10:36:30.0931 4376 HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
10:36:30.0932 4376 HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:36:30.0933 4376 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:36:30.0933 4376 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:36:30.0935 4376 HPBtnSrv ( UnsignedFile.Multi.Generic ) - skipped by user
10:36:30.0935 4376 HPBtnSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:36:30.0937 4376 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
10:36:30.0937 4376 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:36:30.0938 4376 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:36:30.0938 4376 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:36:30.0940 4376 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
10:36:30.0940 4376 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:36:30.0942 4376 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:36:30.0942 4376 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:36:30.0944 4376 PCD5SRVC{8AAF211B-043E02A9-05040000} ( UnsignedFile.Multi.Generic ) - skipped by user
10:36:30.0944 4376 PCD5SRVC{8AAF211B-043E02A9-05040000} ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:36:30.0946 4376 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:36:30.0946 4376 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:36:48.0019 4396 ============================================================
10:36:48.0019 4396 Scan started
10:36:48.0019 4396 Mode: Manual; SigCheck; TDLFS;
10:36:48.0019 4396 ============================================================
10:36:48.0900 4396 61883 (78e902fb660bd5003fe726b9bef300b6) C:\Windows\system32\DRIVERS\61883.sys
10:36:48.0936 4396 61883 - ok
10:36:49.0186 4396 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
10:36:49.0201 4396 ACPI - ok
10:36:49.0639 4396 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:36:49.0649 4396 AdobeARMservice - ok
10:36:50.0186 4396 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:36:50.0197 4396 AdobeFlashPlayerUpdateSvc - ok
10:36:50.0487 4396 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
10:36:50.0506 4396 adp94xx - ok
10:36:50.0542 4396 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
10:36:50.0559 4396 adpahci - ok
10:36:50.0685 4396 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
10:36:50.0696 4396 adpu160m - ok
10:36:50.0767 4396 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
10:36:50.0779 4396 adpu320 - ok
10:36:50.0840 4396 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
10:36:50.0861 4396 AeLookupSvc - ok
10:36:51.0052 4396 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
10:36:51.0069 4396 AFD - ok
10:36:51.0116 4396 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
10:36:51.0126 4396 agp440 - ok
10:36:51.0339 4396 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
10:36:51.0350 4396 aic78xx - ok
10:36:51.0408 4396 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
10:36:51.0436 4396 ALG - ok
10:36:51.0555 4396 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
10:36:51.0564 4396 aliide - ok
10:36:51.0604 4396 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
10:36:51.0612 4396 amdide - ok
10:36:51.0660 4396 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
10:36:51.0687 4396 AmdK8 - ok
10:36:51.0729 4396 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
10:36:51.0739 4396 Appinfo - ok
10:36:51.0795 4396 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
10:36:51.0805 4396 arc - ok
10:36:51.0854 4396 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
10:36:51.0864 4396 arcsas - ok
10:36:52.0161 4396 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:36:52.0170 4396 aspnet_state - ok
10:36:52.0213 4396 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
10:36:52.0240 4396 AsyncMac - ok
10:36:52.0282 4396 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
10:36:52.0292 4396 atapi - ok
10:36:52.0981 4396 athr (3cc9f98e01e0b4f4657e1149c14ec6e0) C:\Windows\system32\DRIVERS\athrx.sys
10:36:53.0020 4396 athr - ok
10:36:53.0296 4396 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
10:36:53.0322 4396 AudioEndpointBuilder - ok
10:36:53.0326 4396 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
10:36:53.0352 4396 AudioSrv - ok
10:36:53.0461 4396 Avc (295fa2878ff499c0edfa0ebcc8c6ec66) C:\Windows\system32\DRIVERS\avc.sys
10:36:53.0489 4396 Avc - ok
10:36:53.0494 4396 Beep - ok
10:36:53.0707 4396 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
10:36:53.0733 4396 BFE - ok
10:36:54.0232 4396 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
10:36:54.0277 4396 BITS - ok
10:36:54.0523 4396 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
10:36:54.0551 4396 blbdrive - ok
10:36:54.0765 4396 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
10:36:54.0777 4396 bowser - ok
10:36:54.0837 4396 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
10:36:54.0857 4396 BrFiltLo - ok
10:36:54.0891 4396 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
10:36:54.0911 4396 BrFiltUp - ok
10:36:55.0036 4396 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
10:36:55.0064 4396 Browser - ok
10:36:55.0195 4396 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
10:36:55.0238 4396 Brserid - ok
10:36:55.0267 4396 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
10:36:55.0310 4396 BrSerWdm - ok
10:36:55.0325 4396 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
10:36:55.0367 4396 BrUsbMdm - ok
10:36:55.0412 4396 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
10:36:55.0454 4396 BrUsbSer - ok
10:36:55.0457 4396 BTCFilterService - ok
10:36:55.0501 4396 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
10:36:55.0543 4396 BTHMODEM - ok
10:36:55.0577 4396 catchme - ok
10:36:55.0656 4396 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
10:36:55.0685 4396 cdfs - ok
10:36:55.0758 4396 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
10:36:55.0779 4396 cdrom - ok
10:36:55.0834 4396 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
10:36:55.0854 4396 CertPropSvc - ok
10:36:55.0891 4396 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
10:36:55.0919 4396 circlass - ok
10:36:56.0078 4396 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
10:36:56.0095 4396 CLFS - ok
10:36:56.0390 4396 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:36:56.0399 4396 clr_optimization_v2.0.50727_32 - ok
10:36:56.0559 4396 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:36:56.0567 4396 clr_optimization_v2.0.50727_64 - ok
10:36:56.0903 4396 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:36:56.0912 4396 clr_optimization_v4.0.30319_32 - ok
10:36:57.0047 4396 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:36:57.0056 4396 clr_optimization_v4.0.30319_64 - ok
10:36:57.0123 4396 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
10:36:57.0132 4396 cmdide - ok
10:36:57.0187 4396 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
10:36:57.0197 4396 Compbatt - ok
10:36:57.0199 4396 COMSysApp - ok
10:36:57.0319 4396 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
10:36:57.0328 4396 crcdisk - ok
10:36:57.0432 4396 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
10:36:57.0444 4396 CryptSvc - ok
10:36:57.0862 4396 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
10:36:57.0902 4396 DcomLaunch - ok
10:36:57.0953 4396 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
10:36:57.0964 4396 DfsC - ok
10:36:59.0644 4396 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
10:36:59.0737 4396 DFSR - ok
10:37:00.0271 4396 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
10:37:00.0294 4396 Dhcp - ok
10:37:00.0389 4396 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
10:37:00.0400 4396 disk - ok
10:37:00.0540 4396 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
10:37:00.0551 4396 Dnscache - ok
10:37:00.0766 4396 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
10:37:00.0788 4396 dot3svc - ok
10:37:00.0893 4396 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
10:37:00.0923 4396 DPS - ok
10:37:01.0000 4396 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
10:37:01.0020 4396 drmkaud - ok
10:37:01.0632 4396 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
10:37:01.0660 4396 DXGKrnl - ok
10:37:01.0819 4396 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
10:37:01.0848 4396 E1G60 - ok
10:37:01.0967 4396 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
10:37:01.0989 4396 EapHost - ok
10:37:02.0127 4396 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
10:37:02.0139 4396 Ecache - ok
10:37:02.0573 4396 ehRecvr (33510be001ccdb5a01fcc88f4dd8dfc7) C:\Windows\ehome\ehRecvr.exe
10:37:02.0592 4396 ehRecvr - ok
10:37:02.0646 4396 ehSched (1abc6436b0edaa3d496d9c827f92820d) C:\Windows\ehome\ehsched.exe
10:37:02.0656 4396 ehSched - ok
10:37:02.0660 4396 ehstart (08f48cb2cd4019afb0456869b49cd76f) C:\Windows\ehome\ehstart.dll
10:37:02.0669 4396 ehstart - ok
10:37:02.0887 4396 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
10:37:02.0908 4396 elxstor - ok
10:37:03.0117 4396 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
10:37:03.0140 4396 EMDMgmt - ok
10:37:03.0196 4396 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
10:37:03.0205 4396 ErrDev - ok
10:37:03.0445 4396 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
10:37:03.0471 4396 EventSystem - ok
10:37:03.0538 4396 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
10:37:03.0549 4396 exfat - ok
10:37:03.0738 4396 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
10:37:03.0759 4396 fastfat - ok
10:37:03.0800 4396 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
10:37:03.0827 4396 fdc - ok
10:37:03.0945 4396 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
10:37:03.0973 4396 fdPHost - ok
10:37:04.0023 4396 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
10:37:04.0066 4396 FDResPub - ok
10:37:04.0218 4396 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
10:37:04.0228 4396 FileInfo - ok
10:37:04.0290 4396 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
10:37:04.0317 4396 Filetrace - ok
10:37:04.0355 4396 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
10:37:04.0383 4396 flpydisk - ok
10:37:04.0568 4396 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
10:37:04.0582 4396 FltMgr - ok
10:37:05.0177 4396 FontCache (de67b1afab1ddb6ca0bba89a776f26fa) C:\Windows\system32\FntCache.dll
10:37:05.0210 4396 FontCache - ok
10:37:05.0453 4396 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:37:05.0461 4396 FontCache3.0.0.0 - ok
10:37:05.0695 4396 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
10:37:05.0704 4396 fssfltr - ok
10:37:06.0724 4396 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
10:37:06.0774 4396 fsssvc - ok
10:37:07.0135 4396 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
10:37:07.0145 4396 Fs_Rec - ok
10:37:07.0282 4396 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
10:37:07.0293 4396 gagp30kx - ok
10:37:07.0726 4396 GameConsoleService (5c147bb6b6ade83363fa08c77dde15cd) C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
10:37:07.0736 4396 GameConsoleService - ok
10:37:08.0235 4396 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
10:37:08.0273 4396 gpsvc - ok
10:37:09.0260 4396 HCW85BDA (49b940bad9f1b1e707dcf27684b6c7fb) C:\Windows\system32\drivers\HCW85BDA.sys
10:37:09.0311 4396 HCW85BDA - ok
10:37:10.0040 4396 hcw85cir (b6c86ac0ca60c10b6f46155a5e09d4a9) C:\Windows\system32\drivers\hcw85cir.sys
10:37:10.0048 4396 hcw85cir - ok
10:37:10.0377 4396 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
10:37:10.0390 4396 HdAudAddService - ok
10:37:10.0647 4396 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:37:10.0682 4396 HDAudBus - ok
10:37:10.0714 4396 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
10:37:10.0756 4396 HidBth - ok
10:37:10.0826 4396 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
10:37:10.0846 4396 HidIr - ok
10:37:10.0925 4396 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
10:37:10.0945 4396 hidserv - ok
10:37:11.0041 4396 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
10:37:11.0060 4396 HidUsb - ok
10:37:11.0319 4396 HiPatchService (5a457c3d00c1c701230a12aa1580114d) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
10:37:11.0321 4396 HiPatchService ( UnsignedFile.Multi.Generic ) - warning
10:37:11.0321 4396 HiPatchService - detected UnsignedFile.Multi.Generic (1)
10:37:11.0407 4396 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
10:37:11.0435 4396 hkmsvc - ok
10:37:11.0609 4396 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
10:37:11.0612 4396 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
10:37:11.0612 4396 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
10:37:11.0769 4396 HPBtnSrv (deab3bf5aefbdc3f9ac0e020926ec81d) C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
10:37:11.0771 4396 HPBtnSrv ( UnsignedFile.Multi.Generic ) - warning
10:37:11.0771 4396 HPBtnSrv - detected UnsignedFile.Multi.Generic (1)
10:37:11.0844 4396 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
10:37:11.0854 4396 HpCISSs - ok
10:37:12.0183 4396 hpqcxs08 (682358f730b84b63e09c6b4edc1de7ae) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
10:37:12.0188 4396 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
10:37:12.0188 4396 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
10:37:12.0238 4396 hpqddsvc (2e7bee4aa776cf1c37836b26d1d29403) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
10:37:12.0242 4396 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
10:37:12.0242 4396 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
10:37:12.0641 4396 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
10:37:12.0666 4396 HTTP - ok
10:37:12.0730 4396 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
10:37:12.0740 4396 i2omp - ok
10:37:12.0804 4396 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
10:37:12.0824 4396 i8042prt - ok
10:37:13.0110 4396 IAANTMON (1117af8c53aa278a4c5b7ef1b00e08f4) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
10:37:13.0124 4396 IAANTMON - ok
10:37:13.0191 4396 iaStor (8eacf469269fb1509561961a3188f670) C:\Windows\system32\drivers\iastor.sys
10:37:13.0205 4396 iaStor - ok
10:37:13.0275 4396 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
10:37:13.0288 4396 iaStorV - ok
10:37:13.0929 4396 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:37:13.0953 4396 idsvc - ok
10:37:13.0993 4396 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
10:37:14.0002 4396 iirsp - ok
10:37:14.0241 4396 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
10:37:14.0275 4396 IKEEXT - ok
10:37:14.0926 4396 IntcAzAudAddService (1edab7f9b9de4424beccdef950ce2ff0) C:\Windows\system32\drivers\RTKVHD64.sys
10:37:14.0978 4396 IntcAzAudAddService - ok
10:37:15.0605 4396 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
10:37:15.0614 4396 intelide - ok
10:37:15.0810 4396 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
10:37:15.0837 4396 intelppm - ok
10:37:15.0920 4396 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
10:37:15.0948 4396 IPBusEnum - ok
10:37:16.0058 4396 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:37:16.0079 4396 IpFilterDriver - ok
10:37:16.0260 4396 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
10:37:16.0272 4396 iphlpsvc - ok
10:37:16.0275 4396 IpInIp - ok
10:37:16.0327 4396 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
10:37:16.0355 4396 IPMIDRV - ok
10:37:16.0398 4396 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
10:37:16.0426 4396 IPNAT - ok
10:37:16.0468 4396 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
10:37:16.0495 4396 IRENUM - ok
10:37:16.0528 4396 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
10:37:16.0537 4396 isapnp - ok
10:37:16.0757 4396 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
10:37:16.0770 4396 iScsiPrt - ok
10:37:16.0809 4396 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
10:37:16.0818 4396 iteatapi - ok
10:37:16.0892 4396 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
10:37:16.0901 4396 iteraid - ok
10:37:16.0972 4396 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
10:37:16.0982 4396 kbdclass - ok
10:37:17.0139 4396 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
10:37:17.0158 4396 kbdhid - ok
10:37:17.0206 4396 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
10:37:17.0216 4396 KeyIso - ok
10:37:17.0554 4396 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys
10:37:17.0575 4396 KSecDD - ok
10:37:17.0616 4396 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
10:37:17.0643 4396 ksthunk - ok
10:37:17.0946 4396 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
10:37:17.0981 4396 KtmRm - ok
10:37:18.0027 4396 LADF_DHP2 (86dcbf8a41c78561a1da07ab5e7b1ccc) C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys
10:37:18.0034 4396 LADF_DHP2 - ok
10:37:18.0300 4396 LADF_SBVM (175c04c7813ce64616b5cb046e5e1383) C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys
10:37:18.0314 4396 LADF_SBVM - ok
10:37:18.0593 4396 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
10:37:18.0606 4396 LanmanServer - ok
10:37:18.0788 4396 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
10:37:18.0800 4396 LanmanWorkstation - ok
10:37:19.0246 4396 LBTServ (4adc135f525d38a498f83b089228cc2d) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
10:37:19.0261 4396 LBTServ - ok
10:37:19.0318 4396 LHidFilt (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys
10:37:19.0325 4396 LHidFilt - ok
10:37:19.0617 4396 LightScribeService (dfeff67508d3a9aeb1a85d7b0f513b24) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
10:37:19.0620 4396 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
10:37:19.0621 4396 LightScribeService - detected UnsignedFile.Multi.Generic (1)
10:37:19.0756 4396 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
10:37:19.0784 4396 lltdio - ok
10:37:19.0946 4396 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
10:37:19.0976 4396 lltdsvc - ok
10:37:20.0009 4396 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
10:37:20.0037 4396 lmhosts - ok
10:37:20.0084 4396 LMouFilt (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys
10:37:20.0092 4396 LMouFilt - ok
10:37:20.0147 4396 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
10:37:20.0157 4396 LSI_FC - ok
10:37:20.0289 4396 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
10:37:20.0300 4396 LSI_SAS - ok
10:37:20.0350 4396 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
10:37:20.0360 4396 LSI_SCSI - ok
10:37:20.0517 4396 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
10:37:20.0546 4396 luafv - ok
10:37:20.0585 4396 LUsbFilt (b8be35421b9e8dc1ab4b0cb7b9b0328b) C:\Windows\system32\Drivers\LUsbFilt.Sys
10:37:20.0592 4396 LUsbFilt - ok
10:37:20.0692 4396 Mcx2Svc (6da30c0de0cc8525e89d612c5063cac1) C:\Windows\system32\Mcx2Svc.dll
10:37:20.0702 4396 Mcx2Svc - ok
10:37:20.0735 4396 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
10:37:20.0745 4396 megasas - ok
10:37:20.0965 4396 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
10:37:20.0981 4396 MegaSR - ok
10:37:21.0082 4396 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
10:37:21.0110 4396 MMCSS - ok
10:37:21.0161 4396 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
10:37:21.0189 4396 Modem - ok
10:37:21.0246 4396 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
10:37:21.0274 4396 monitor - ok
10:37:21.0276 4396 motccgp - ok
10:37:21.0281 4396 motccgpfl - ok
10:37:21.0286 4396 motmodem - ok
10:37:21.0631 4396 MotoHelper (9dfd34e6841c460b5d992a1c5327ae69) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
10:37:21.0641 4396 MotoHelper - ok
10:37:21.0644 4396 MotoSwitchService - ok
10:37:21.0648 4396 Motousbnet - ok
10:37:21.0652 4396 motusbdevice - ok
10:37:21.0685 4396 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
10:37:21.0694 4396 mouclass - ok
10:37:21.0763 4396 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
10:37:21.0791 4396 mouhid - ok
10:37:21.0859 4396 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
10:37:21.0869 4396 MountMgr - ok
10:37:21.0926 4396 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
10:37:21.0937 4396 mpio - ok
10:37:22.0001 4396 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
10:37:22.0021 4396 mpsdrv - ok
10:37:22.0398 4396 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
10:37:22.0435 4396 MpsSvc - ok
10:37:22.0470 4396 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
10:37:22.0480 4396 Mraid35x - ok
10:37:22.0606 4396 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
10:37:22.0618 4396 MRxDAV - ok
10:37:22.0684 4396 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:37:22.0695 4396 mrxsmb - ok
10:37:22.0941 4396 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:37:22.0953 4396 mrxsmb10 - ok
10:37:23.0041 4396 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:37:23.0051 4396 mrxsmb20 - ok
10:37:23.0149 4396 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
10:37:23.0159 4396 msahci - ok
10:37:23.0403 4396 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
10:37:23.0413 4396 msdsm - ok
10:37:23.0532 4396 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
10:37:23.0561 4396 MSDTC - ok
10:37:23.0630 4396 MSDV (df674ba7da5a4753d839a905b66d2fd9) C:\Windows\system32\DRIVERS\msdv.sys
10:37:23.0657 4396 MSDV - ok
10:37:23.0693 4396 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
10:37:23.0720 4396 Msfs - ok
10:37:23.0767 4396 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
10:37:23.0777 4396 msisadrv - ok
10:37:23.0930 4396 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
10:37:23.0959 4396 MSiSCSI - ok
10:37:23.0962 4396 msiserver - ok
10:37:24.0002 4396 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
10:37:24.0029 4396 MSKSSRV - ok
10:37:24.0067 4396 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
10:37:24.0094 4396 MSPCLOCK - ok
10:37:24.0130 4396 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
10:37:24.0158 4396 MSPQM - ok
10:37:24.0321 4396 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
10:37:24.0335 4396 MsRPC - ok
10:37:24.0389 4396 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
10:37:24.0399 4396 mssmbios - ok
10:37:24.0448 4396 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
10:37:24.0475 4396 MSTEE - ok
10:37:24.0526 4396 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
10:37:24.0537 4396 Mup - ok
10:37:24.0746 4396 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
10:37:24.0787 4396 napagent - ok
10:37:24.0835 4396 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
10:37:24.0847 4396 NativeWifiP - ok
10:37:25.0103 4396 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
10:37:25.0130 4396 NDIS - ok
10:37:25.0306 4396 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
10:37:25.0327 4396 NdisTapi - ok
10:37:25.0371 4396 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
10:37:25.0399 4396 Ndisuio - ok
10:37:25.0549 4396 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
10:37:25.0570 4396 NdisWan - ok
10:37:25.0648 4396 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
10:37:25.0668 4396 NDProxy - ok
10:37:25.0784 4396 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
10:37:25.0788 4396 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:37:25.0788 4396 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:37:25.0871 4396 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
10:37:25.0899 4396 NetBIOS - ok
10:37:26.0050 4396 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
10:37:26.0072 4396 netbt - ok
10:37:26.0124 4396 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
10:37:26.0134 4396 Netlogon - ok
10:37:26.0399 4396 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
10:37:26.0431 4396 Netman - ok
10:37:26.0650 4396 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:37:26.0659 4396 NetMsmqActivator - ok
10:37:26.0662 4396 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:37:26.0671 4396 NetPipeActivator - ok
10:37:26.0833 4396 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
10:37:26.0863 4396 netprofm - ok
10:37:26.0866 4396 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:37:26.0875 4396 NetTcpActivator - ok
10:37:26.0878 4396 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:37:26.0887 4396 NetTcpPortSharing - ok
10:37:26.0936 4396 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
10:37:26.0945 4396 nfrd960 - ok
10:37:27.0105 4396 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
10:37:27.0134 4396 NlaSvc - ok
10:37:27.0238 4396 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
10:37:27.0258 4396 Npfs - ok
10:37:27.0409 4396 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
10:37:27.0437 4396 nsi - ok
10:37:27.0484 4396 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
10:37:27.0511 4396 nsiproxy - ok
10:37:28.0200 4396 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
10:37:28.0258 4396 Ntfs - ok
10:37:29.0012 4396 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
10:37:29.0040 4396 Null - ok
10:37:29.0220 4396 NVHDA (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys
10:37:29.0230 4396 NVHDA - ok
10:37:35.0886 4396 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:37:36.0194 4396 nvlddmkm - ok
10:37:36.0913 4396 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
10:37:36.0924 4396 nvraid - ok
10:37:36.0964 4396 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
10:37:36.0974 4396 nvstor - ok
10:37:37.0446 4396 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
10:37:37.0478 4396 nvsvc - ok
10:37:38.0211 4396 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:37:38.0254 4396 nvUpdatusService - ok
10:37:38.0942 4396 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
10:37:38.0953 4396 nv_agp - ok
10:37:38.0956 4396 NwlnkFlt - ok
10:37:38.0960 4396 NwlnkFwd - ok
10:37:39.0147 4396 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
10:37:39.0168 4396 ohci1394 - ok
10:37:39.0359 4396 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
10:37:39.0381 4396 p2pimsvc - ok
10:37:39.0389 4396 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
10:37:39.0412 4396 p2psvc - ok
10:37:39.0487 4396 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
10:37:39.0532 4396 Parport - ok
10:37:39.0569 4396 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
10:37:39.0579 4396 partmgr - ok
10:37:39.0627 4396 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
10:37:39.0639 4396 PcaSvc - ok
10:37:40.0099 4396 PCD5SRVC{8AAF211B-043E02A9-05040000} (7204f835a4355d1ab2853e57c9ff177c) C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms
10:37:40.0105 4396 PCD5SRVC{8AAF211B-043E02A9-05040000} ( UnsignedFile.Multi.Generic ) - warning
10:37:40.0105 4396 PCD5SRVC{8AAF211B-043E02A9-05040000} - detected UnsignedFile.Multi.Generic (1)
10:37:40.0382 4396 PcdrNdisuio - ok
10:37:40.0609 4396 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
10:37:40.0621 4396 pci - ok
10:37:40.0687 4396 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
10:37:40.0696 4396 pciide - ok
10:37:40.0815 4396 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
10:37:40.0826 4396 pcmcia - ok
10:37:40.0943 4396 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
10:37:40.0996 4396 PEAUTH - ok
10:37:41.0128 4396 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
10:37:41.0156 4396 PerfHost - ok
10:37:41.0452 4396 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
10:37:41.0498 4396 pla - ok
10:37:41.0711 4396 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
10:37:41.0734 4396 PlugPlay - ok
10:37:41.0824 4396 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
10:37:41.0828 4396 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:37:41.0828 4396 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:37:41.0831 4396 PnkBstrA - ok
10:37:41.0835 4396 PnkBstrB - ok
10:37:42.0021 4396 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
10:37:42.0045 4396 PNRPAutoReg - ok
10:37:42.0051 4396 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
10:37:42.0073 4396 PNRPsvc - ok
10:37:42.0137 4396 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
10:37:42.0164 4396 PolicyAgent - ok
10:37:42.0316 4396 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
10:37:42.0337 4396 PptpMiniport - ok
10:37:42.0395 4396 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
10:37:42.0422 4396 Processor - ok
10:37:42.0497 4396 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
10:37:42.0519 4396 ProfSvc - ok
10:37:42.0599 4396 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
10:37:42.0609 4396 ProtectedStorage - ok
10:37:42.0686 4396 Ps2 (1d0a3f565397d08707f3d75b88586645) C:\Windows\system32\DRIVERS\PS2.sys
10:37:42.0694 4396 Ps2 - ok
10:37:42.0807 4396 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
10:37:42.0827 4396 PSched - ok
10:37:43.0271 4396 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
10:37:43.0309 4396 ql2300 - ok
10:37:43.0361 4396 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
10:37:43.0371 4396 ql40xx - ok
10:37:43.0500 4396 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
10:37:43.0514 4396 QWAVE - ok
10:37:43.0607 4396 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
10:37:43.0620 4396 QWAVEdrv - ok
10:37:43.0645 4396 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
10:37:43.0673 4396 RasAcd - ok
10:37:43.0728 4396 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
10:37:43.0757 4396 RasAuto - ok
10:37:43.0869 4396 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:37:43.0889 4396 Rasl2tp - ok
10:37:44.0147 4396 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
10:37:44.0170 4396 RasMan - ok
10:37:44.0222 4396 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
10:37:44.0243 4396 RasPppoe - ok
10:37:44.0286 4396 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
10:37:44.0296 4396 RasSstp - ok
10:37:44.0446 4396 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
10:37:44.0468 4396 rdbss - ok
10:37:44.0479 4396 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:37:44.0506 4396 RDPCDD - ok
10:37:44.0627 4396 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
10:37:44.0657 4396 rdpdr - ok
10:37:44.0661 4396 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
10:37:44.0689 4396 RDPENCDD - ok
10:37:44.0784 4396 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
10:37:44.0796 4396 RDPWD - ok
10:37:44.0918 4396 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
10:37:44.0948 4396 RemoteAccess - ok
10:37:45.0006 4396 RemoteControl-USBLAN (bfa4873cd96d7144dc0059a70e1e358f) C:\Windows\system32\DRIVERS\rcblan.sys
10:37:45.0015 4396 RemoteControl-USBLAN - ok
10:37:45.0118 4396 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
10:37:45.0140 4396 RemoteRegistry - ok
10:37:45.0223 4396 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
10:37:45.0234 4396 RpcLocator - ok
10:37:45.0406 4396 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\System32\rpcss.dll
10:37:45.0442 4396 RpcSs - ok
10:37:45.0476 4396 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
10:37:45.0504 4396 rspndr - ok
10:37:45.0595 4396 RTL8169 (d53c84ec99ab4d78a90001e5ce5386ec) C:\Windows\system32\DRIVERS\Rtlh64.sys
10:37:45.0616 4396 RTL8169 - ok
10:37:45.0706 4396 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
10:37:45.0716 4396 SamSs - ok
10:37:45.0751 4396 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
10:37:45.0761 4396 sbp2port - ok
10:37:45.0920 4396 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
10:37:45.0941 4396 SCardSvr - ok
10:37:46.0188 4396 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
10:37:46.0217 4396 Schedule - ok
10:37:46.0256 4396 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
10:37:46.0276 4396 SCPolicySvc - ok
10:37:46.0368 4396 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
10:37:46.0380 4396 SDRSVC - ok
10:37:46.0433 4396 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:37:46.0475 4396 secdrv - ok
10:37:46.0494 4396 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
10:37:46.0522 4396 seclogon - ok
10:37:46.0566 4396 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
10:37:46.0594 4396 SENS - ok
10:37:46.0618 4396 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
10:37:46.0660 4396 Serenum - ok
10:37:46.0713 4396 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
10:37:46.0756 4396 Serial - ok
10:37:46.0879 4396 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
10:37:46.0906 4396 sermouse - ok
10:37:46.0959 4396 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
10:37:46.0988 4396 SessionEnv - ok
10:37:47.0048 4396 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
10:37:47.0075 4396 sffdisk - ok
10:37:47.0110 4396 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
10:37:47.0137 4396 sffp_mmc - ok
10:37:47.0184 4396 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
10:37:47.0212 4396 sffp_sd - ok
10:37:47.0247 4396 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
10:37:47.0289 4396 sfloppy - ok
10:37:47.0459 4396 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
10:37:47.0491 4396 SharedAccess - ok
10:37:47.0566 4396 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
10:37:47.0579 4396 ShellHWDetection - ok
10:37:47.0615 4396 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
10:37:47.0625 4396 SiSRaid2 - ok
10:37:47.0666 4396 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
10:37:47.0677 4396 SiSRaid4 - ok
10:37:48.0226 4396 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
10:37:48.0293 4396 slsvc - ok
10:37:48.0634 4396 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
10:37:48.0655 4396 SLUINotify - ok
10:37:48.0814 4396 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
10:37:48.0834 4396 Smb - ok
10:37:48.0868 4396 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
10:37:48.0878 4396 SNMPTRAP - ok
10:37:48.0903 4396 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
10:37:48.0913 4396 spldr - ok
10:37:48.0969 4396 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
10:37:48.0982 4396 Spooler - ok
10:37:49.0154 4396 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
10:37:49.0170 4396 srv - ok
10:37:49.0212 4396 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
10:37:49.0223 4396 srv2 - ok
10:37:49.0300 4396 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
10:37:49.0311 4396 srvnet - ok
10:37:49.0353 4396 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
10:37:49.0383 4396 SSDPSRV - ok
10:37:49.0432 4396 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
10:37:49.0444 4396 SstpSvc - ok
10:37:49.0535 4396 Steam Client Service - ok
10:37:49.0779 4396 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:37:49.0794 4396 Stereo Service - ok
10:37:49.0866 4396 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
10:37:49.0885 4396 stisvc - ok
10:37:49.0918 4396 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
10:37:49.0927 4396 swenum - ok
10:37:50.0079 4396 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
10:37:50.0106 4396 swprv - ok
10:37:50.0131 4396 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
10:37:50.0140 4396 Symc8xx - ok
10:37:50.0172 4396 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
10:37:50.0181 4396 Sym_hi - ok
10:37:50.0238 4396 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
10:37:50.0247 4396 Sym_u3 - ok
10:37:50.0428 4396 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
10:37:50.0464 4396 SysMain - ok
10:37:50.0534 4396 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
10:37:50.0547 4396 TabletInputService - ok
10:37:50.0663 4396 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
10:37:50.0686 4396 TapiSrv - ok
10:37:50.0778 4396 TarFltr (827f682e9d2d9b2a49691c3a9697a3bb) C:\Windows\system32\drivers\UsbFltr.sys
10:37:50.0786 4396 TarFltr - ok
10:37:50.0822 4396 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
10:37:50.0850 4396 TBS - ok
10:37:51.0054 4396 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
10:37:51.0098 4396 Tcpip - ok
10:37:51.0575 4396 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
10:37:51.0630 4396 Tcpip6 - ok
10:37:51.0960 4396 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
10:37:51.0993 4396 tcpipreg - ok
10:37:52.0020 4396 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
10:37:52.0090 4396 TDPIPE - ok
10:37:52.0104 4396 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
10:37:52.0174 4396 TDTCP - ok
10:37:52.0202 4396 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
10:37:52.0223 4396 tdx - ok
10:37:52.0291 4396 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
10:37:52.0301 4396 TermDD - ok
10:37:52.0480 4396 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
10:37:52.0508 4396 TermService - ok
10:37:52.0670 4396 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
10:37:52.0683 4396 Themes - ok
10:37:52.0720 4396 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
10:37:52.0747 4396 THREADORDER - ok
10:37:52.0795 4396 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
10:37:52.0824 4396 TrkWks - ok
10:37:52.0895 4396 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
10:37:52.0929 4396 TrustedInstaller - ok
10:37:52.0945 4396 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:37:52.0995 4396 tssecsrv - ok
10:37:53.0022 4396 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
10:37:53.0033 4396 tunmp - ok
10:37:53.0072 4396 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
10:37:53.0083 4396 tunnel - ok
10:37:53.0113 4396 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
10:37:53.0124 4396 uagp35 - ok
10:37:53.0263 4396 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
10:37:53.0300 4396 udfs - ok
10:37:53.0323 4396 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
10:37:53.0351 4396 UI0Detect - ok
10:37:53.0398 4396 uisp (75894b827b8ca53fc2bb991c91b6728c) C:\Windows\system32\Drivers\usbicp.sys
10:37:53.0406 4396 uisp - ok
10:37:53.0455 4396 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
10:37:53.0465 4396 uliagpkx - ok
10:37:53.0601 4396 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
10:37:53.0614 4396 uliahci - ok
10:37:53.0664 4396 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
10:37:53.0674 4396 UlSata - ok
10:37:53.0745 4396 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
10:37:53.0756 4396 ulsata2 - ok
10:37:53.0807 4396 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
10:37:53.0834 4396 umbus - ok
10:37:53.0862 4396 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys
10:37:53.0889 4396 UMPass - ok
10:37:54.0008 4396 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
10:37:54.0043 4396 upnphost - ok
10:37:54.0081 4396 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
10:37:54.0114 4396 usbaudio - ok
10:37:54.0145 4396 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
10:37:54.0165 4396 usbccgp - ok
10:37:54.0185 4396 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
10:37:54.0228 4396 usbcir - ok
10:37:54.0265 4396 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
10:37:54.0285 4396 usbehci - ok
10:37:54.0354 4396 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
10:37:54.0376 4396 usbhub - ok
10:37:54.0398 4396 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
10:37:54.0441 4396 usbohci - ok
10:37:54.0478 4396 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
10:37:54.0556 4396 usbprint - ok
10:37:54.0583 4396 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:37:54.0604 4396 USBSTOR - ok
10:37:54.0620 4396 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
10:37:54.0640 4396 usbuhci - ok
10:37:54.0675 4396 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
10:37:54.0696 4396 UxSms - ok
10:37:54.0869 4396 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
10:37:54.0915 4396 vds - ok
10:37:54.0940 4396 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
10:37:54.0983 4396 vga - ok
10:37:54.0999 4396 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
10:37:55.0039 4396 VgaSave - ok
10:37:55.0061 4396 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
10:37:55.0070 4396 viaide - ok
10:37:55.0130 4396 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
10:37:55.0141 4396 volmgr - ok
10:37:55.0281 4396 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
10:37:55.0299 4396 volmgrx - ok
10:37:55.0347 4396 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
10:37:55.0361 4396 volsnap - ok
10:37:55.0420 4396 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
10:37:55.0432 4396 vsmraid - ok
10:37:56.0028 4396 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
10:37:56.0086 4396 VSS - ok
10:37:56.0435 4396 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
10:37:56.0464 4396 W32Time - ok
10:37:56.0512 4396 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
10:37:56.0554 4396 WacomPen - ok
10:37:56.0609 4396 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
10:37:56.0655 4396 Wanarp - ok
10:37:56.0658 4396 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
10:37:56.0680 4396 Wanarpv6 - ok
10:37:56.0820 4396 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
10:37:56.0859 4396 wcncsvc - ok
10:37:56.0881 4396 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
10:37:56.0950 4396 WcsPlugInService - ok
10:37:56.0985 4396 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
10:37:56.0994 4396 Wd - ok
10:37:57.0237 4396 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
10:37:57.0265 4396 Wdf01000 - ok
10:37:57.0295 4396 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
10:37:57.0349 4396 WdiServiceHost - ok
10:37:57.0352 4396 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
10:37:57.0382 4396 WdiSystemHost - ok
10:37:57.0443 4396 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
10:37:57.0457 4396 WebClient - ok
10:37:57.0573 4396 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
10:37:57.0626 4396 Wecsvc - ok
10:37:57.0654 4396 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
10:37:57.0675 4396 wercplsupport - ok
10:37:57.0690 4396 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
10:37:57.0712 4396 WerSvc - ok
10:37:57.0774 4396 WinDefend - ok
10:37:57.0783 4396 WinHttpAutoProxySvc - ok
10:37:57.0942 4396 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
10:37:58.0005 4396 Winmgmt - ok
10:37:58.0411 4396 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
10:37:58.0509 4396 WinRM - ok
10:37:58.0832 4396 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
10:37:58.0897 4396 Wlansvc - ok
10:37:58.0964 4396 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:37:58.0973 4396 wlcrasvc - ok
10:37:59.0566 4396 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:37:59.0624 4396 wlidsvc - ok
10:38:00.0011 4396 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
10:38:00.0020 4396 WmiAcpi - ok
10:38:00.0105 4396 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
10:38:00.0126 4396 wmiApSrv - ok
10:38:00.0201 4396 WMPNetworkSvc - ok
10:38:00.0243 4396 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
10:38:00.0270 4396 WPCSvc - ok
10:38:00.0292 4396 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
10:38:00.0329 4396 WPDBusEnum - ok
10:38:00.0350 4396 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
10:38:00.0360 4396 WpdUsb - ok
10:38:00.0711 4396 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:38:00.0738 4396 WPFFontCache_v0400 - ok
10:38:00.0769 4396 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
10:38:00.0804 4396 ws2ifsl - ok
10:38:00.0825 4396 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
10:38:00.0868 4396 wscsvc - ok
10:38:00.0871 4396 WSearch - ok
10:38:01.0177 4396 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
10:38:01.0380 4396 wuauserv - ok
10:38:01.0651 4396 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:38:01.0679 4396 WUDFRd - ok
10:38:01.0801 4396 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
10:38:01.0830 4396 wudfsvc - ok
10:38:01.0912 4396 XMouseButton Launcher (21d33794b5f312040022787590fd61d7) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe
10:38:01.0938 4396 XMouseButton Launcher ( UnsignedFile.Multi.Generic ) - warning
10:38:01.0938 4396 XMouseButton Launcher - detected UnsignedFile.Multi.Generic (1)
10:38:02.0072 4396 {55662437-DA8C-40c0-AADA-2C816A897A49} (74983addca2d9618512c088d856d6615) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
10:38:02.0082 4396 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
10:38:02.0138 4396 MBR (0x1B8) (43468b9f16d47988074d2245984e9d31) \Device\Harddisk0\DR0
10:38:03.0415 4396 \Device\Harddisk0\DR0 - ok
10:38:03.0418 4396 Boot (0x1200) (6bb75942d2a92549b83770c897b1e255) \Device\Harddisk0\DR0\Partition0
10:38:03.0420 4396 \Device\Harddisk0\DR0\Partition0 - ok
10:38:03.0442 4396 Boot (0x1200) (b07332e908f840860db726b57e448d0d) \Device\Harddisk0\DR0\Partition1
10:38:03.0445 4396 \Device\Harddisk0\DR0\Partition1 - ok
10:38:03.0445 4396 ============================================================
10:38:03.0445 4396 Scan finished
10:38:03.0445 4396 ============================================================
10:38:03.0453 3588 Detected object count: 10
10:38:03.0453 3588 Actual detected object count: 10
10:39:33.0417 3588 HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
10:39:33.0417 3588 HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:39:33.0418 3588 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:39:33.0418 3588 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:39:33.0420 3588 HPBtnSrv ( UnsignedFile.Multi.Generic ) - skipped by user
10:39:33.0420 3588 HPBtnSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:39:33.0422 3588 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
10:39:33.0422 3588 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:39:33.0424 3588 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:39:33.0424 3588 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:39:33.0426 3588 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
10:39:33.0427 3588 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:39:33.0428 3588 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:39:33.0428 3588 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:39:33.0430 3588 PCD5SRVC{8AAF211B-043E02A9-05040000} ( UnsignedFile.Multi.Generic ) - skipped by user
10:39:33.0430 3588 PCD5SRVC{8AAF211B-043E02A9-05040000} ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:39:33.0432 3588 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:39:33.0432 3588 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:39:33.0434 3588 XMouseButton Launcher ( UnsignedFile.Multi.Generic ) - skipped by user
10:39:33.0434 3588 XMouseButton Launcher ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:39:38.0625 4652 Deinitialize success

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.22.07

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Goblin :: MEDIA-PC [administrator]

7/22/2012 10:53:49 AM
mbam-log-2012-07-22 (10-53-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 246601
Time elapsed: 2 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 22/07/2012 11:31:31 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 22/07/2012 3:09:59 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Beep i8042prt

Log: 'System' Date/Time: 22/07/2012 3:09:16 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register with DCOM within the required timeout.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 22/07/2012 3:07:09 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 22/07/2012 11:33:15 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 22/07/2012 3:09:59 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL logfile created on: 7/22/2012 11:39:14 AM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Goblin\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.04 Gb Available Physical Memory | 75.48% Memory free
16.18 Gb Paging File | 14.09 Gb Available in Paging File | 87.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685.08 Gb Total Space | 269.78 Gb Free Space | 39.38% Space Free | Partition Type: NTFS
Drive D: | 13.56 Gb Total Space | 1.86 Gb Free Space | 13.71% Space Free | Partition Type: NTFS

Computer Name: MEDIA-PC | User Name: Goblin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/21 23:14:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Goblin\Desktop\OTL.exe
PRC - [2012/07/11 19:12:14 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
PRC - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/06 17:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/12/06 17:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/10/01 14:28:01 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2011/10/01 14:27:56 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/10/05 10:32:58 | 001,811,800 | ---- | M] (Logitech©) -- C:\Program Files (x86)\Logitech\G35\G35.exe
PRC - [2009/12/15 11:17:08 | 003,278,728 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Mamba\RazerTray.exe
PRC - [2009/09/09 14:26:36 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/11/03 18:21:18 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/11/03 18:21:16 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/10/17 20:56:54 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/09/30 22:59:26 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
PRC - [2007/05/07 10:52:12 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
PRC - [2007/04/18 11:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/03/05 18:17:56 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Tarantula\razertra.exe

========== Modules (No Company Name) ==========

MOD - [2011/12/06 17:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2009/04/11 02:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2007/07/19 12:50:12 | 000,104,520 | ---- | M] () -- C:\Windows\SysWOW64\OSD.dll
MOD - [2007/03/05 18:17:56 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Tarantula\razertra.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/06 20:32:20 | 000,086,016 | ---- | M] (Highresolution Enterprises) [Auto | Running] -- C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe -- (XMouseButton Launcher)
SRV:64bit: - [2010/10/28 06:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/11 20:12:09 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/25 18:48:35 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/04/05 15:50:06 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/06 17:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/10/01 14:28:01 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2011/10/01 14:27:56 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/03 18:21:18 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/09/30 22:59:26 | 000,192,512 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe -- (HPBtnSrv)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/18 13:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/09/29 12:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ladfSBVMamd64.sys -- (LADF_SBVM)
DRV:64bit: - [2010/09/29 12:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ladfDHP2amd64.sys -- (LADF_DHP2)
DRV:64bit: - [2010/08/24 13:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt)
DRV:64bit: - [2010/08/24 13:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/08/24 13:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/01/20 06:49:48 | 000,195,584 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/12/29 23:59:42 | 001,185,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/12/04 20:48:52 | 000,407,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/12/03 22:20:24 | 001,686,528 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2008/12/03 22:20:24 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/09/09 21:19:36 | 000,025,888 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000})
DRV:64bit: - [2008/01/20 22:47:28 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avc.sys -- (Avc)
DRV:64bit: - [2008/01/20 22:46:57 | 000,058,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\61883.sys -- (61883)
DRV:64bit: - [2008/01/20 22:46:53 | 000,061,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\msdv.sys -- (MSDV)
DRV:64bit: - [2007/04/11 16:23:48 | 000,049,664 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (TarFltr)
DRV:64bit: - [2007/01/24 17:24:12 | 000,046,616 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\rcblan.sys -- (RemoteControl-USBLAN)
DRV:64bit: - [2005/10/21 17:01:22 | 000,019,200 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbicp.sys -- (uisp)
DRV - [2009/09/09 14:26:06 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/05/30 08:24:16] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2005/12/21 11:23:26 | 000,014,592 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Usbicp.sys -- (uisp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {92733719-8085-42C7-AA36-0FA1EF22A58D}
IE:64bit: - HKLM\..\SearchScopes\{92733719-8085-42C7-AA36-0FA1EF22A58D}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{D7224172-D300-41D8-8655-8905A8DC1F7B}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {92733719-8085-42C7-AA36-0FA1EF22A58D}
IE - HKLM\..\SearchScopes\{92733719-8085-42C7-AA36-0FA1EF22A58D}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE - HKLM\..\SearchScopes\{D7224172-D300-41D8-8655-8905A8DC1F7B}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {3D265792-EFA5-43A4-90B8-16C74752E318}
IE - HKCU\..\SearchScopes\{3D265792-EFA5-43A4-90B8-16C74752E318}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{92733719-8085-42C7-AA36-0FA1EF22A58D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{D7224172-D300-41D8-8655-8905A8DC1F7B}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9051303c-7e41-4311-a783-d6fe5ef2832d}: C:\Program Files (x86)\FVD Suite\addons\Firefox [2012/02/24 23:34:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/24 22:57:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/02/24 22:58:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Goblin\AppData\Roaming\Mozilla\Extensions
[2012/02/24 23:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Goblin\AppData\Roaming\Mozilla\Firefox\Profiles\y3f98c6f.default\extensions
[2012/02/24 22:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/24 23:27:41 | 000,160,151 | ---- | M] () (No name found) -- C:\USERS\GOBLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y3F98C6F.DEFAULT\EXTENSIONS\[email protected]
[2012/02/16 10:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/16 06:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/16 06:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/22 10:17:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Open FVD Suite Toolbar) - {2B171655-A69C-5c18-B693-6CB5DC269D44} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (FVD Suite Toolbar) - {2B171655-A69C-5c18-B693-6CB5DC269D41} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech©)
O4 - HKLM..\Run: [Razer Mamba Driver] C:\Program Files (x86)\Razer\Mamba\RazerTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [Tarantula] C:\Program Files (x86)\Razer\Tarantula\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} http://www.systemreq...reqlab_test.cab (System Requirements Lab Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} http://192.168.1.115...yerWeb11gv2.cab (NetCamPlayerWeb11gv2 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEA4456F-6A10-427D-A32B-7080522BDBA2}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Goblin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Goblin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

MsConfig:64bit - StartUpReg: CLMLServer for HP TouchSmart - hkey= - key= - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
MsConfig:64bit - StartUpReg: SmartMenu - hkey= - key= - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/22 10:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/22 10:43:22 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/22 10:42:15 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Goblin\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/22 10:33:03 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Goblin\Desktop\tdsskiller.exe
[2012/07/22 10:25:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/22 10:17:20 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/07/22 10:15:25 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\temp
[2012/07/22 09:39:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/22 09:39:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/22 09:39:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/22 09:39:26 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/07/22 09:39:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/22 09:24:20 | 004,582,474 | R--- | C] (Swearware) -- C:\Users\Goblin\Desktop\ComboFix.exe
[2012/07/22 08:55:06 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Goblin\Desktop\aswMBR.exe
[2012/07/22 08:48:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/21 23:14:03 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Goblin\Desktop\OTL.exe
[2012/07/21 21:37:30 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{A8579F99-6409-4A67-BA35-2B1428F98D50}
[2012/07/21 21:37:05 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{FD4130AC-2836-440D-B135-D9B1519395C2}
[2012/07/21 21:35:49 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{C2A0CADF-8FCB-495E-984C-A5C7B2A3BBC1}
[2012/07/21 21:35:34 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{0D4D9A62-B07B-42FC-98C9-68279F1F05E5}
[2012/07/19 21:19:58 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/07/19 21:17:01 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2012/07/19 21:11:32 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{1669EE96-67DB-40EE-9953-8A3AC66B1764}
[2012/07/19 21:11:10 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{C402BD79-E70D-453C-8B0B-FBD9435A32F7}
[2012/07/19 21:10:46 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{DD63D3C6-EEF4-411E-A516-90ABB7AB0E7D}
[2012/07/19 21:10:36 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{3B2B997A-4E8B-4136-825A-478C8A986987}
[2012/07/19 21:10:26 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{1838A1FC-E26D-4CE4-9366-16442E278F39}
[2012/07/19 21:10:03 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{E5AE4588-6A6C-4F80-BDDA-6E3D90D3A327}
[2012/07/18 16:53:37 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\Logitech-LS
[2012/07/18 16:50:22 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capicom.dll
[2012/07/11 19:00:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/11 19:00:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/11 19:00:55 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/11 19:00:55 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/11 19:00:54 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/11 19:00:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/11 19:00:54 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/11 19:00:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/11 19:00:52 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/11 19:00:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/11 19:00:51 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/11 19:00:49 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/11 19:00:49 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/11 16:50:47 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/11 16:50:16 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/07/11 16:50:16 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/07/09 17:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/07/01 18:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/07/01 18:27:54 | 003,149,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012/07/01 18:27:54 | 000,063,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012/07/01 18:27:53 | 006,151,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012/07/01 18:27:53 | 000,118,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012/07/01 18:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/07/01 18:25:07 | 010,194,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012/07/01 18:25:06 | 008,105,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012/07/01 18:25:05 | 025,743,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/07/01 18:25:04 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/07/01 18:25:03 | 001,468,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012/07/01 18:25:02 | 001,738,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012/07/01 18:25:01 | 018,044,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012/07/01 18:25:01 | 015,322,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012/07/01 18:25:00 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/07/01 18:25:00 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/07/01 18:25:00 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/07/01 18:24:59 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/07/01 18:24:59 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/07/01 18:24:59 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/07/01 18:24:56 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/07/01 18:24:55 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/07/01 18:24:55 | 002,741,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012/07/01 18:24:55 | 002,368,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/07/01 16:18:30 | 000,188,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012/07/01 16:18:30 | 000,031,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012/07/01 00:46:50 | 000,000,000 | ---D | C] -- C:\Users\Goblin\Desktop\West Playlist
[2012/06/29 22:41:27 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Roaming\Motorola
[2012/06/29 22:36:05 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Inc
[2012/06/26 22:18:40 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{322FA743-3393-49F9-BF27-297B5F1B6022}
[2012/06/24 23:45:56 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{306760A2-8D70-4BEE-A773-4A80E89489EB}
[2012/06/24 23:43:04 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{373675BD-DCB8-46BD-92B4-DD8D36B70A3D}

========== Files - Modified Within 30 Days ==========

[2012/07/22 11:40:00 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{11C99D3A-08FE-4241-9D45-14B895A5BF78}.job
[2012/07/22 11:29:54 | 000,061,440 | ---- | M] ( ) -- C:\Users\Goblin\Desktop\VEW.exe
[2012/07/22 11:14:29 | 000,812,424 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/22 11:14:29 | 000,679,040 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/22 11:14:29 | 000,134,810 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/22 11:12:20 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/22 11:08:22 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 11:08:22 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 11:08:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/22 11:06:21 | 020,975,616 | ---- | M] () -- C:\Users\Goblin\Documents\application log.evtx
[2012/07/22 11:05:50 | 000,069,632 | ---- | M] () -- C:\Users\Goblin\Documents\System log 7-22.evtx
[2012/07/22 10:43:23 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/22 10:42:18 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Goblin\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/22 10:33:17 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Goblin\Desktop\tdsskiller.exe
[2012/07/22 10:30:09 | 000,020,397 | ---- | M] () -- C:\Users\Goblin\Desktop\error message.jpg
[2012/07/22 10:17:17 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/22 09:36:19 | 000,000,512 | ---- | M] () -- C:\Users\Goblin\Desktop\MBR.dat
[2012/07/22 09:24:33 | 004,582,474 | R--- | M] (Swearware) -- C:\Users\Goblin\Desktop\ComboFix.exe
[2012/07/22 08:55:25 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Goblin\Desktop\aswMBR.exe
[2012/07/22 08:50:55 | 000,007,916 | ---- | M] () -- C:\Users\Goblin\AppData\Local\d3d9caps.dat
[2012/07/22 08:48:32 | 000,137,422 | ---- | M] () -- C:\Users\Goblin\Desktop\winsock2.reg
[2012/07/21 23:14:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Goblin\Desktop\OTL.exe
[2012/07/21 21:44:25 | 000,114,176 | ---- | M] () -- C:\Users\Goblin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/11 21:29:40 | 000,327,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/11 20:12:09 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/11 20:12:09 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/08 12:08:27 | 2412,598,313 | ---- | M] () -- C:\Users\Goblin\Desktop\GO010082.MP4
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/01 18:23:31 | 000,001,460 | ---- | M] () -- C:\Users\Goblin\AppData\Local\d3d9caps64.dat
[2012/06/27 20:34:02 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGoblin.job
[2012/06/26 16:36:17 | 3936,071,900 | ---- | M] () -- C:\Users\Goblin\Desktop\GOPR0082.MP4
[2012/06/23 15:41:34 | 000,000,064 | ---- | M] () -- C:\Users\Goblin\AppData\Local\Images.fl

========== Files Created - No Company Name ==========

[2012/07/22 11:29:54 | 000,061,440 | ---- | C] ( ) -- C:\Users\Goblin\Desktop\VEW.exe
[2012/07/22 11:06:21 | 020,975,616 | ---- | C] () -- C:\Users\Goblin\Documents\application log.evtx
[2012/07/22 11:04:49 | 000,069,632 | ---- | C] () -- C:\Users\Goblin\Documents\System log 7-22.evtx
[2012/07/22 10:43:23 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/22 10:28:40 | 000,020,397 | ---- | C] () -- C:\Users\Goblin\Desktop\error message.jpg
[2012/07/22 09:39:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/22 09:39:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/22 09:39:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/22 09:39:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/22 09:39:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/22 09:13:11 | 000,000,512 | ---- | C] () -- C:\Users\Goblin\Desktop\MBR.dat
[2012/07/22 08:48:32 | 000,137,422 | ---- | C] () -- C:\Users\Goblin\Desktop\winsock2.reg
[2012/07/13 16:25:59 | 000,007,916 | ---- | C] () -- C:\Users\Goblin\AppData\Local\d3d9caps.dat
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/05/09 23:14:03 | 057,963,681 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpSCAN0006.0
[2012/05/09 23:14:00 | 057,963,681 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpSCAN0006.JPG
[2012/04/14 09:09:39 | 000,156,862 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpRESAMPLED_2012-04-14_08-53-04_144.0
[2012/04/14 09:09:39 | 000,144,403 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpRESAMPLED_2012-04-14_08-53-04_144.JPG
[2011/12/11 13:04:31 | 000,631,641 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpTRUNKSHOW.JPG
[2011/12/11 13:04:30 | 002,354,424 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpTRUNKSHOW.0
[2011/10/01 14:27:57 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/10/01 14:27:56 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/04/25 18:44:59 | 000,001,778 | ---- | C] () -- C:\Users\Goblin\AppData\Roaming\Profile1.dat
[2011/04/25 18:44:59 | 000,001,770 | ---- | C] () -- C:\Users\Goblin\AppData\Roaming\Profile0.dat
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/12/28 16:02:48 | 000,000,108 | ---- | C] () -- C:\Windows\VSWizard.ini
[2010/10/15 19:37:33 | 000,000,064 | ---- | C] () -- C:\Users\Goblin\AppData\Local\Images.fl
[2010/05/19 20:11:24 | 000,001,460 | ---- | C] () -- C:\Users\Goblin\AppData\Local\d3d9caps64.dat
[2010/04/26 20:59:54 | 000,022,738 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpKARIZA3.JPG
[2009/12/12 15:13:15 | 000,000,760 | ---- | C] () -- C:\Users\Goblin\AppData\Roaming\setup_ldm.iss
[2009/11/02 22:34:22 | 000,000,082 | ---- | C] () -- C:\Users\Goblin\AppData\Local\X-Plane Installer.prf
[2009/09/07 00:21:56 | 000,000,394 | ---- | C] () -- C:\Users\Goblin\AppData\Roaming\wklnhst.dat
[2009/07/17 18:59:32 | 000,007,688 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpCORE SYNERGISTICS_navi.JPG
[2009/07/17 18:59:29 | 000,683,013 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpCORE SYNERGISTICS.JPG
[2009/03/07 13:50:06 | 000,114,176 | ---- | C] () -- C:\Users\Goblin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/21 14:43:50 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/01/14 19:20:13 | 000,000,094 | ---- | C] () -- C:\Users\Goblin\AppData\Local\fusioncache.dat

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: SCSI
Media Type: Fixed hard disk media
Model: ST3750630AS
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic- Compact Flash USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Generic- SM/xD-Picture USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Generic- SD/MMC USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Generic- MS/MS-Pro USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 685.00GB
Starting Offset: 32256
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 14.00GB
Starting Offset: 735595015680
Hidden sectors: 0

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >
[2012/07/22 11:08:32 | 000,005,120 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini

< %systemroot%\assembly\GAC_64\*.ini >
[2012/07/22 11:08:32 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/04/25 17:29:59 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\!minecrafts
[2012/03/19 23:10:37 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\.minecraft
[2012/02/21 20:58:58 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\.minecraft_xray
[2009/03/30 17:45:29 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\AccurateRip
[2011/10/16 11:05:56 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Adobe
[2011/06/21 17:56:23 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\AtomZombieData
[2010/12/27 23:16:09 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Beat Hazard
[2009/04/14 22:35:32 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Braid
[2009/04/04 09:56:57 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Broken Rules
[2009/05/27 20:31:16 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Crayon Physics Deluxe
[2009/08/23 16:08:57 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\CyberLink
[2012/02/24 23:34:10 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\FVDToolbar
[2011/07/04 08:58:33 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\GridRunnerRev
[2009/01/14 17:39:54 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Hewlett-Packard
[2011/03/14 20:48:51 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Highresolution Enterprises
[2009/01/14 17:15:35 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\HP TCS
[2011/08/05 20:57:05 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\HpUpdate
[2009/01/14 17:39:22 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Identities
[2009/01/14 17:14:27 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\InstallShield
[2011/10/30 18:30:02 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Kalypso Media
[2009/04/13 22:53:42 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Larva Mortus Demo
[2010/11/25 21:34:30 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Leadertech
[2012/05/02 22:55:25 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\LightFish
[2011/03/14 21:51:25 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Logishrd
[2011/03/14 21:51:19 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Logitech
[2009/01/14 19:55:18 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Macromedia
[2011/10/04 21:47:07 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Malwarebytes
[2006/11/02 11:07:25 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Media Center Programs
[2011/10/30 11:12:23 | 000,000,000 | --SD | M] -- C:\Users\Goblin\AppData\Roaming\Microsoft
[2011/08/27 11:07:39 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\MinMaxGames
[2012/06/29 22:41:27 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Motorola
[2009/01/26 20:41:43 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Mount&Blade
[2012/02/24 22:58:02 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Mozilla
[2012/06/25 20:01:59 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Mumble
[2012/05/23 17:29:02 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\NVIDIA
[2011/10/01 13:30:51 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Origin
[2009/01/14 17:39:52 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\PictureMover
[2009/12/13 00:08:56 | 000,000,000 | RH-D | M] -- C:\Users\Goblin\AppData\Roaming\SecuROM
[2009/04/21 23:28:06 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Slam Dunk Studios, LLC
[2009/06/08 18:03:58 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Stardock
[2011/12/30 21:04:10 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\System
[2009/09/07 00:22:20 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Template
[2009/01/14 20:19:43 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Turbine
[2012/07/03 18:59:11 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\uTorrent
[2009/01/29 21:15:37 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Ventrilo
[2012/06/23 15:54:18 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\VSO
[2009/01/14 19:55:14 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\WildTangent
[2009/04/27 13:47:00 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\WinBatch
[2011/05/11 21:23:34 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Windows Live Writer
[2009/08/26 18:05:01 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\WinRAR
[2011/12/30 21:05:15 | 000,000,000 | -HSD | M] -- C:\Users\Goblin\AppData\Roaming\wyUpdate AU
[2011/02/27 21:12:52 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\ZombieDriver

< MD5 for: ATAPI.SYS >
[2008/01/20 22:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\ERDNT\cache64\atapi.sys
[2008/01/20 22:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\SysNative\drivers\atapi.sys
[2008/01/20 22:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/11 03:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/01/20 22:49:57 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=B4ABE68596B173FF2AB2076BC7C35EB4 -- C:\Windows\SysNative\csrss.exe
[2008/01/20 22:49:57 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=B4ABE68596B173FF2AB2076BC7C35EB4 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_b5027f5b9c731f82\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 02:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\ERDNT\cache86\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 22:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 02:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 01:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 22:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 22:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2008/01/20 22:50:56 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=66306D7E90650EBE667811C1AF010BAC -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_1471f289e5a92fc4\mswsock.dll
[2009/04/11 02:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\ERDNT\cache86\mswsock.dll
[2009/04/11 02:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\SysWOW64\mswsock.dll
[2009/04/11 02:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/20 22:48:39 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
[2009/04/11 03:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\ERDNT\cache64\mswsock.dll
[2009/04/11 03:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\SysNative\mswsock.dll
[2009/04/11 03:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_165d6b95e2cafb10\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2008/01/20 22:49:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=062972C53BDC6819CE0BAAAA5382F758 -- C:\Windows\SysNative\NapiNSP.dll
[2008/01/20 22:49:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=062972C53BDC6819CE0BAAAA5382F758 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_083bdc4c478e57f6\NapiNSP.dll
[2008/01/20 22:49:49 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\SysWOW64\NapiNSP.dll
[2008/01/20 22:49:49 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_ac1d40c88f30e6c0\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2008/01/20 22:50:27 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=C5EDECA7546B009484B23FAD0E9724C1 -- C:\Windows\SysNative\nlaapi.dll
[2008/01/20 22:50:27 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=C5EDECA7546B009484B23FAD0E9724C1 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_c3a4914ac347b69b\nlaapi.dll
[2008/01/20 22:51:08 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\SysWOW64\nlaapi.dll
[2008/01/20 22:51:08 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_cdf93b9cf7a87896\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2008/01/20 22:52:02 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2008/01/20 22:52:02 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_d7f25b890f32c83a\pnrpnsp.dll
[2008/01/20 22:52:02 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=E1BAEEE7949ED5019259E69393367400 -- C:\Windows\SysNative\pnrpnsp.dll
[2008/01/20 22:52:02 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=E1BAEEE7949ED5019259E69393367400 -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_cd9db136dad2063f\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2008/01/20 22:50:34 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 03:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\ERDNT\cache64\services.exe
[2009/04/11 03:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009/04/11 03:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=BC81150939BD52DBC7A08C245F1FB229 -- C:\Windows\SysNative\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SysWOW64\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2008/01/20 22:49:44 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=DFAC660F0F139276CC9299812DE42719 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache86\svchost.exe
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\ERDNT\cache64\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache86\userinit.exe
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\ERDNT\cache64\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 22:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/20 22:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINRNR.DLL >
[2008/01/20 22:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\Windows\SysNative\winrnr.dll
[2008/01/20 22:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6001.18000_none_b56cee730873a8a0\winrnr.dll
[2008/01/20 22:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_b758677f059573ec\winrnr.dll
[2009/04/11 02:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\SysWOW64\winrnr.dll
[2009/04/11 02:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll
[2006/11/02 05:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6001.18000_none_594e52ef5016376a\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2006/11/02 05:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\SysWOW64\wshelper.dll
[2006/11/02 05:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_6af84843e4192e9a\wshelper.dll
[2006/11/02 07:19:11 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=20AEE159BD1CE0664796EDF48AF201B8 -- C:\Windows\SysNative\wshelper.dll
[2006/11/02 07:19:11 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=20AEE159BD1CE0664796EDF48AF201B8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_60a39df1afb86c9f\wshelper.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/16 10:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/16 10:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/16 10:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/02/16 10:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/02/16 10:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/16 10:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011/03/27 19:57:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011/03/27 19:57:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011/03/27 19:57:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/03/27 19:57:30 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/03/27 19:57:30 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/03/27 19:57:30 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/06/02 05:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Goblin\Desktop\GOPR0082.MP4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Goblin\Desktop\GO010082.MP4:TOC.WMV
@Alternate Data Stream - 184 bytes -> C:\ProgramData\Temp:D20FFA63

< End of report >

OTL Extras logfile created on: 7/22/2012 11:39:14 AM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Goblin\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.04 Gb Available Physical Memory | 75.48% Memory free
16.18 Gb Paging File | 14.09 Gb Available in Paging File | 87.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685.08 Gb Total Space | 269.78 Gb Free Space | 39.38% Space Free | Partition Type: NTFS
Drive D: | 13.56 Gb Total Space | 1.86 Gb Free Space | 13.71% Space Free | Partition Type: NTFS

Computer Name: MEDIA-PC | User Name: Goblin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWOW64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\SysWOW64\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\SysWOW64\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\SysWOW64\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = AF 50 E2 AD 20 C6 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | [email protected],-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | [email protected],-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | [email protected],-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | [email protected],-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java™ 7 (64-bit)
"{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}" = Logitech G35
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CDA735E-D099-4ee8-94FC-2681BF33966C}" = SF_CDA_ToolboxIni64
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}" = PlayReady PC runtime
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981DE354-9301-440f-AAFC-025AA2354A93}" = HP Deskjet & Photosmart Printer Driver Software 8.0.A
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0C6CCC9-0BAB-4636-A06F-B43B6FBC25DF}" = Motorola Mobile Drivers Installation 5.4.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"sp6" = Logitech SetPoint 6.20
"UDK-2b449d79-0ba5-4be1-a9cc-666e8af4407d" = Sanctum Demo
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend Closed Beta
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{45C8D17D-B5E0-4e93-8370-4329AB16D2A0}" = Battlefield 3™ Open Beta
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FAB5122-775E-4418-B8D9-E2873BC93570}" = Microsoft Live Search Toolbar
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5BD0CB24-11AF-4BA8-A198-38D25257C656}" = LightScribe Template Labeler
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5DBCC860-02F1-182F-7528-42B8ED9E4C5C}" = muvee Reveal
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{6009F2FC-EC56-4e28-B91C-0BA5104D6419}" = SF_CDA_Software
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{64B9E2F5-558E-4C56-B419-A1679518F6E7}" = HP Customer Experience Enhancements
"{655B9514-3963-490B-9EE1-431E80444889}" = Razer Tarantula
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67431FA8-4B89-42DD-A68E-30D77F6C8D99}_is1" = HP Easy Backup
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73E80655-FB3C-46F4-BE00-62D248BC490A}" = Visual C++ 2008 Runtime (x64)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE49DA7-EDA4-4C63-AA06-DCDF6858C3F3}" = Razer Mamba
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{80E4B2D6-BFF2-402C-96C4-3942DF24CABB}_is1" = FVD Suite 2.7.3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117080787}" = Plants vs Zombies
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8969CD6F-5B75-40B9-8701-86ECA4C1F263}_is1" = VSO Image Resizer 4.0.1.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97099A77-2CD0-4C2C-8931-7F0B73CFE0FA}" = SoftMCE Encoder
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B17B1D8F-D822-42E1-A72C-7D9E84CF7B29}" = UT3 Domination (CBP Edition)
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F827B95C-1BF5-43B4-9E26-CDC596ECE3AE}" = HP Demo
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™: Shadows of Angmar™ v07.12.30.54
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 1.2.6
"Cataclysm" = Cataclysm
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2010-10-10
"Descent3" = Descent 3
"Descent3 Mercenary" = Descent 3: Mercenary
"Diablo III" = Diablo III
"ESET Online Scanner" = ESET Online Scanner v3
"Eufloria_is1" = Eufloria v2.01
"Exact Audio Copy" = Exact Audio Copy 0.99pb4
"FileHippo.com" = FileHippo.com Update Checker
"Freelancer Trial 1.0" = Freelancer Trial
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.26268)
"Homeworld" = Homeworld
"Homeworld2" = Homeworld2
"Impulse" = Impulse
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MotoHelper" = MotoHelper 2.1.32 Driver 5.4.0
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Sins of a Solar Empire" = Sins of a Solar Empire
"sp44626" = sp44626
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 10430" = Universe at War: Earth Assault
"Steam App 105800" = PixelJunk Eden
"Steam App 107200" = Space Pirates and Zombies
"Steam App 107900" = War Inc. Battlezone
"Steam App 11450" = Overlord
"Steam App 12710" = Overlord: Raising [bleep]
"Steam App 12810" = Overlord II
"Steam App 1500" = Darwinia
"Steam App 1520" = DEFCON
"Steam App 15520" = AaAaAA!!! - A Reckless Disregard for Gravity
"Steam App 17410" = Mirror's Edge
"Steam App 18110" = Shattered Horizon
"Steam App 18500" = Defense Grid: The Awakening
"Steam App 200550" = DUNGEONS - The Dark Lord (Steam Special Edition)
"Steam App 202070" = Choplifter HD
"Steam App 20700" = Starscape
"Steam App 208600" = Lunar Flight
"Steam App 240" = Counter-Strike: Source
"Steam App 26500" = Cogs
"Steam App 27810" = GridRunner Revolution
"Steam App 31410" = Zombie Driver
"Steam App 32200" = Metal Drift
"Steam App 33460" = From Dust
"Steam App 3700" = Sniper Elite
"Steam App 400" = Portal
"Steam App 40100" = Supreme Commander 2
"Steam App 40410" = AI War: Fleet Command - Demo
"Steam App 41210" = Eufloria
"Steam App 41300" = Altitude
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Steam App 440" = Team Fortress 2
"Steam App 44100" = Super Laser Racer
"Steam App 44200" = Galcon Fusion
"Steam App 49320" = Woody Two-Legs Attack of the Zombie Pirates
"Steam App 49900" = Plain Sight
"Steam App 50000" = Nimbus
"Steam App 550" = Left 4 Dead 2
"Steam App 55040" = Atom Zombie Smasher
"Steam App 61310" = Fractal: Make Blooms Not War
"Steam App 63500" = Swords and Soldiers HD
"Steam App 6600" = Bullet Candy
"Steam App 70300" = VVVVVV
"Steam App 70900" = Star Ruler
"Steam App 7200" = TrackMania United
"Steam App 72200" = Universe Sandbox
"Steam App 8400" = Geometry Wars: Retro Evolved
"Steam App 91100" = SkyDrift
"Steam App 91900" = Post Apocalyptic Mayhem
"Steam App 92300" = A.R.E.S.
"Steam App 95300" = Capsized
"Steam App 97000" = Solar 2
"Steam App 9900" = Star Trek Online
"SystemRequirementsLab" = System Requirements Lab
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"X3TerranConflict_is1" = X3 Terran Conflict v2.5
"X-Mouse Button Control" = X-Mouse Button Control 1.53

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/22/2012 11:09:59 AM | Computer Name = Media-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 4/5/2009 12:36:26 PM | Computer Name = Media-PC | Source = McrMgr | ID = 109
Description =

Error - 4/5/2009 12:43:40 PM | Computer Name = Media-PC | Source = McrMgr | ID = 109
Description =

Error - 10/13/2009 3:51:30 PM | Computer Name = Media-PC | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (3208.1128)

Error - 10/13/2009 3:51:30 PM | Computer Name = Media-PC | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (3208.1129)

[ System Events ]
Error - 7/22/2012 11:09:16 AM | Computer Name = Media-PC | Source = DCOM | ID = 10010
Description =

Error - 7/22/2012 11:09:59 AM | Computer Name = Media-PC | Source = Service Control Manager | ID = 7026
Description =

< End of report >

#4
Chucklebun

Posted 22 July 2012 - 10:10 AM

Member

Topic Starter
Member
94 posts

Also, this error message was popping up persistently at one point early on after I ran the first OTL fix. (see attachment)

Attached Thumbnails

#5
RKinner

Posted 22 July 2012 - 12:04 PM

Malware Expert

Expert
24,625 posts

The error should go away after a reboot. Not sure why it happened. Didn't think we had touched it.

Let's try to replace your services.exe file that CF said was infected:

Copy the text in the code box by highlighting and Ctrl + c


:files
reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters %userprofile%\Desktop\winsock2a.reg /c
C:\Windows\Installer\{22490271-46a9-cce7-3c0c-eb5e153f8e40}
C:\Users\rang\AppData\Local\{22490271-46a9-cce7-3c0c-eb5e153f8e40}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\SysNative\services.exe|C:\Windows\ERDNT\cache64\services.exe /replace
netsh winsock reset catalog /c

:reg
[HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
""="%systemroot%\system32\wbem\wbemess.dll"
[-HKCU\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}]
[-HKCU\Software\Classes\clsid\{22490271-46a9-cce7-3c0c-eb5e153f8e40}]

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

#6
Chucklebun

Posted 22 July 2012 - 05:20 PM

Member

Topic Starter
Member
94 posts

Sorry for the delay, storm went thru and knocked my fence over...so my dog went walkabout. Dog found. Fence fixed. Scans run:

========== FILES ==========
< reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters %userprofile%\Desktop\winsock2a.reg /c >
The operation completed successfully.
C:\Users\Goblin\Desktop\cmd.bat deleted successfully.
C:\Users\Goblin\Desktop\cmd.txt deleted successfully.
File\Folder C:\Windows\Installer\{22490271-46a9-cce7-3c0c-eb5e153f8e40} not found.
File\Folder C:\Users\rang\AppData\Local\{22490271-46a9-cce7-3c0c-eb5e153f8e40} not found.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
Unable to replace file: C:\Windows\SysNative\services.exe with C:\Windows\ERDNT\cache64\services.exe without a reboot.
< netsh winsock reset catalog /c >
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: winsock reset catalog.
C:\Users\Goblin\Desktop\cmd.bat deleted successfully.
C:\Users\Goblin\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\""|"%systemroot%\system32\wbem\wbemess.dll" /E : value set successfully!
Registry key HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Classes\clsid\{22490271-46a9-cce7-3c0c-eb5e153f8e40}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22490271-46a9-cce7-3c0c-eb5e153f8e40}\ not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Goblin
->Flash cache emptied: 865 bytes

User: Mcx1-MEDIA-PC

User: Mcx2-MEDIA-PC

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Goblin
->Java cache emptied: 0 bytes

User: Mcx1-MEDIA-PC

User: Mcx2-MEDIA-PC

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.54.0 log created on 07222012_143014

Files\Folders moved on Reboot...

PendingFileRenameOperations files...
[2009/04/11 03:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) C:\Windows\SysNative\services.exe : MD5=934E0B7D77FF78C18D9F8891221B6DE3

Registry entries deleted on Reboot...

OTL logfile created on: 7/22/2012 2:36:15 PM - Run 3
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Goblin\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.06 Gb Available Physical Memory | 75.81% Memory free
16.05 Gb Paging File | 14.04 Gb Available in Paging File | 87.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685.08 Gb Total Space | 266.38 Gb Free Space | 38.88% Space Free | Partition Type: NTFS
Drive D: | 13.56 Gb Total Space | 1.86 Gb Free Space | 13.71% Space Free | Partition Type: NTFS

Computer Name: MEDIA-PC | User Name: Goblin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/21 23:14:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Goblin\Desktop\OTL.exe
PRC - [2012/07/11 19:12:14 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
PRC - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/06 17:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/12/06 17:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/10/01 14:28:01 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2011/10/01 14:27:56 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/10/05 10:32:58 | 001,811,800 | ---- | M] (Logitech©) -- C:\Program Files (x86)\Logitech\G35\G35.exe
PRC - [2009/12/15 11:17:08 | 003,278,728 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Mamba\RazerTray.exe
PRC - [2009/09/09 14:26:36 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/11/03 18:21:18 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/11/03 18:21:16 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/10/17 20:56:54 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/09/30 22:59:26 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
PRC - [2007/05/07 10:52:12 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
PRC - [2007/04/18 11:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/03/05 18:17:56 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Tarantula\razertra.exe

========== Modules (No Company Name) ==========

MOD - [2011/12/06 17:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2007/07/19 12:50:12 | 000,104,520 | ---- | M] () -- C:\Windows\SysWOW64\OSD.dll
MOD - [2007/03/05 18:17:56 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Tarantula\razertra.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/06 20:32:20 | 000,086,016 | ---- | M] (Highresolution Enterprises) [Auto | Running] -- C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe -- (XMouseButton Launcher)
SRV:64bit: - [2010/10/28 06:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/11 20:12:09 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/25 18:48:35 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/04/05 15:50:06 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/06 17:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/10/01 14:28:01 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2011/10/01 14:27:56 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/03 18:21:18 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/09/30 22:59:26 | 000,192,512 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe -- (HPBtnSrv)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/18 13:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/09/29 12:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ladfSBVMamd64.sys -- (LADF_SBVM)
DRV:64bit: - [2010/09/29 12:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ladfDHP2amd64.sys -- (LADF_DHP2)
DRV:64bit: - [2010/08/24 13:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt)
DRV:64bit: - [2010/08/24 13:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/08/24 13:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/01/20 06:49:48 | 000,195,584 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/12/29 23:59:42 | 001,185,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/12/04 20:48:52 | 000,407,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/12/03 22:20:24 | 001,686,528 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2008/12/03 22:20:24 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/09/09 21:19:36 | 000,025,888 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000})
DRV:64bit: - [2008/01/20 22:47:28 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avc.sys -- (Avc)
DRV:64bit: - [2008/01/20 22:46:57 | 000,058,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\61883.sys -- (61883)
DRV:64bit: - [2008/01/20 22:46:53 | 000,061,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\msdv.sys -- (MSDV)
DRV:64bit: - [2007/04/11 16:23:48 | 000,049,664 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (TarFltr)
DRV:64bit: - [2007/01/24 17:24:12 | 000,046,616 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\rcblan.sys -- (RemoteControl-USBLAN)
DRV:64bit: - [2005/10/21 17:01:22 | 000,019,200 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbicp.sys -- (uisp)
DRV - [2009/09/09 14:26:06 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/05/30 08:24:16] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2005/12/21 11:23:26 | 000,014,592 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Usbicp.sys -- (uisp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {92733719-8085-42C7-AA36-0FA1EF22A58D}
IE:64bit: - HKLM\..\SearchScopes\{92733719-8085-42C7-AA36-0FA1EF22A58D}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{D7224172-D300-41D8-8655-8905A8DC1F7B}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {92733719-8085-42C7-AA36-0FA1EF22A58D}
IE - HKLM\..\SearchScopes\{92733719-8085-42C7-AA36-0FA1EF22A58D}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE - HKLM\..\SearchScopes\{D7224172-D300-41D8-8655-8905A8DC1F7B}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {3D265792-EFA5-43A4-90B8-16C74752E318}
IE - HKCU\..\SearchScopes\{3D265792-EFA5-43A4-90B8-16C74752E318}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{92733719-8085-42C7-AA36-0FA1EF22A58D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{D7224172-D300-41D8-8655-8905A8DC1F7B}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9051303c-7e41-4311-a783-d6fe5ef2832d}: C:\Program Files (x86)\FVD Suite\addons\Firefox [2012/02/24 23:34:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/24 22:57:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/02/24 22:58:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Goblin\AppData\Roaming\Mozilla\Extensions
[2012/02/24 23:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Goblin\AppData\Roaming\Mozilla\Firefox\Profiles\y3f98c6f.default\extensions
[2012/02/24 22:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/24 23:27:41 | 000,160,151 | ---- | M] () (No name found) -- C:\USERS\GOBLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y3F98C6F.DEFAULT\EXTENSIONS\[email protected]
[2012/02/16 10:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/16 06:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/16 06:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/22 10:17:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Open FVD Suite Toolbar) - {2B171655-A69C-5c18-B693-6CB5DC269D44} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (FVD Suite Toolbar) - {2B171655-A69C-5c18-B693-6CB5DC269D41} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech©)
O4 - HKLM..\Run: [Razer Mamba Driver] C:\Program Files (x86)\Razer\Mamba\RazerTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [Tarantula] C:\Program Files (x86)\Razer\Tarantula\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} http://www.systemreq...reqlab_test.cab (System Requirements Lab Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} http://192.168.1.115...yerWeb11gv2.cab (NetCamPlayerWeb11gv2 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEA4456F-6A10-427D-A32B-7080522BDBA2}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Goblin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Goblin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/22 10:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/22 10:43:22 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/22 10:42:15 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Goblin\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/22 10:33:03 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Goblin\Desktop\tdsskiller.exe
[2012/07/22 10:25:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/22 10:17:20 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/07/22 10:15:25 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\temp
[2012/07/22 09:39:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/22 09:39:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/22 09:39:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/22 09:39:26 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/07/22 09:39:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/22 09:24:20 | 004,582,474 | R--- | C] (Swearware) -- C:\Users\Goblin\Desktop\ComboFix.exe
[2012/07/22 08:55:06 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Goblin\Desktop\aswMBR.exe
[2012/07/22 08:48:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/21 23:14:03 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Goblin\Desktop\OTL.exe
[2012/07/21 21:37:30 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{A8579F99-6409-4A67-BA35-2B1428F98D50}
[2012/07/21 21:37:05 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{FD4130AC-2836-440D-B135-D9B1519395C2}
[2012/07/21 21:35:49 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{C2A0CADF-8FCB-495E-984C-A5C7B2A3BBC1}
[2012/07/21 21:35:34 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{0D4D9A62-B07B-42FC-98C9-68279F1F05E5}
[2012/07/19 21:19:58 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/07/19 21:17:01 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2012/07/19 21:11:32 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{1669EE96-67DB-40EE-9953-8A3AC66B1764}
[2012/07/19 21:11:10 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{C402BD79-E70D-453C-8B0B-FBD9435A32F7}
[2012/07/19 21:10:46 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{DD63D3C6-EEF4-411E-A516-90ABB7AB0E7D}
[2012/07/19 21:10:36 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{3B2B997A-4E8B-4136-825A-478C8A986987}
[2012/07/19 21:10:26 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{1838A1FC-E26D-4CE4-9366-16442E278F39}
[2012/07/19 21:10:03 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{E5AE4588-6A6C-4F80-BDDA-6E3D90D3A327}
[2012/07/18 16:53:37 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\Logitech-LS
[2012/07/18 16:50:22 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capicom.dll
[2012/07/11 19:00:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/11 19:00:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/11 19:00:55 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/11 19:00:55 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/11 19:00:54 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/11 19:00:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/11 19:00:54 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/11 19:00:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/11 19:00:52 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/11 19:00:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/11 19:00:51 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/11 19:00:49 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/11 19:00:49 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/11 16:50:47 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/11 16:50:16 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/07/11 16:50:16 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/07/09 17:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/07/01 18:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/07/01 18:27:54 | 003,149,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012/07/01 18:27:54 | 000,063,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012/07/01 18:27:53 | 006,151,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012/07/01 18:27:53 | 000,118,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012/07/01 18:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/07/01 18:25:07 | 010,194,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012/07/01 18:25:06 | 008,105,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012/07/01 18:25:05 | 025,743,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/07/01 18:25:04 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/07/01 18:25:03 | 001,468,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012/07/01 18:25:02 | 001,738,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012/07/01 18:25:01 | 018,044,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012/07/01 18:25:01 | 015,322,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012/07/01 18:25:00 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/07/01 18:25:00 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/07/01 18:25:00 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/07/01 18:24:59 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/07/01 18:24:59 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/07/01 18:24:59 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/07/01 18:24:56 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/07/01 18:24:55 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/07/01 18:24:55 | 002,741,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012/07/01 18:24:55 | 002,368,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/07/01 16:18:30 | 000,188,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012/07/01 16:18:30 | 000,031,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012/07/01 00:46:50 | 000,000,000 | ---D | C] -- C:\Users\Goblin\Desktop\West Playlist
[2012/06/29 22:41:27 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Roaming\Motorola
[2012/06/29 22:36:05 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Inc
[2012/06/26 22:18:40 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{322FA743-3393-49F9-BF27-297B5F1B6022}
[2012/06/24 23:45:56 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{306760A2-8D70-4BEE-A773-4A80E89489EB}
[2012/06/24 23:43:04 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{373675BD-DCB8-46BD-92B4-DD8D36B70A3D}

========== Files - Modified Within 30 Days ==========

[2012/07/22 14:40:00 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{11C99D3A-08FE-4241-9D45-14B895A5BF78}.job
[2012/07/22 14:38:30 | 000,812,424 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/22 14:38:30 | 000,679,040 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/22 14:38:30 | 000,134,810 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/22 14:32:29 | 000,007,916 | ---- | M] () -- C:\Users\Goblin\AppData\Local\d3d9caps.dat
[2012/07/22 14:32:08 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 14:32:08 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 14:32:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/22 14:30:14 | 000,250,880 | ---- | M] () -- C:\Users\Goblin\Desktop\winsock2a.reg
[2012/07/22 14:12:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/22 11:29:54 | 000,061,440 | ---- | M] ( ) -- C:\Users\Goblin\Desktop\VEW.exe
[2012/07/22 11:06:21 | 020,975,616 | ---- | M] () -- C:\Users\Goblin\Documents\application log.evtx
[2012/07/22 11:05:50 | 000,069,632 | ---- | M] () -- C:\Users\Goblin\Documents\System log 7-22.evtx
[2012/07/22 10:43:23 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/22 10:42:18 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Goblin\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/22 10:33:17 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Goblin\Desktop\tdsskiller.exe
[2012/07/22 10:30:09 | 000,020,397 | ---- | M] () -- C:\Users\Goblin\Desktop\error message.jpg
[2012/07/22 10:17:17 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/22 09:36:19 | 000,000,512 | ---- | M] () -- C:\Users\Goblin\Desktop\MBR.dat
[2012/07/22 09:24:33 | 004,582,474 | R--- | M] (Swearware) -- C:\Users\Goblin\Desktop\ComboFix.exe
[2012/07/22 08:55:25 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Goblin\Desktop\aswMBR.exe
[2012/07/22 08:48:32 | 000,137,422 | ---- | M] () -- C:\Users\Goblin\Desktop\winsock2 old.reg
[2012/07/21 23:14:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Goblin\Desktop\OTL.exe
[2012/07/21 21:44:25 | 000,114,176 | ---- | M] () -- C:\Users\Goblin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/11 21:29:40 | 000,327,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/11 20:12:09 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/11 20:12:09 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/08 12:08:27 | 2412,598,313 | ---- | M] () -- C:\Users\Goblin\Desktop\GO010082.MP4
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/01 18:23:31 | 000,001,460 | ---- | M] () -- C:\Users\Goblin\AppData\Local\d3d9caps64.dat
[2012/06/27 20:34:02 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGoblin.job
[2012/06/26 16:36:17 | 3936,071,900 | ---- | M] () -- C:\Users\Goblin\Desktop\GOPR0082.MP4
[2012/06/23 15:41:34 | 000,000,064 | ---- | M] () -- C:\Users\Goblin\AppData\Local\Images.fl

========== Files Created - No Company Name ==========

[2012/07/22 14:30:14 | 000,250,880 | ---- | C] () -- C:\Users\Goblin\Desktop\winsock2a.reg
[2012/07/22 11:29:54 | 000,061,440 | ---- | C] ( ) -- C:\Users\Goblin\Desktop\VEW.exe
[2012/07/22 11:06:21 | 020,975,616 | ---- | C] () -- C:\Users\Goblin\Documents\application log.evtx
[2012/07/22 11:04:49 | 000,069,632 | ---- | C] () -- C:\Users\Goblin\Documents\System log 7-22.evtx
[2012/07/22 10:43:23 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/22 10:28:40 | 000,020,397 | ---- | C] () -- C:\Users\Goblin\Desktop\error message.jpg
[2012/07/22 09:39:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/22 09:39:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/22 09:39:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/22 09:39:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/22 09:39:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/22 09:13:11 | 000,000,512 | ---- | C] () -- C:\Users\Goblin\Desktop\MBR.dat
[2012/07/22 08:48:32 | 000,137,422 | ---- | C] () -- C:\Users\Goblin\Desktop\winsock2 old.reg
[2012/07/13 16:25:59 | 000,007,916 | ---- | C] () -- C:\Users\Goblin\AppData\Local\d3d9caps.dat
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/05/09 23:14:03 | 057,963,681 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpSCAN0006.0
[2012/05/09 23:14:00 | 057,963,681 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpSCAN0006.JPG
[2012/04/14 09:09:39 | 000,156,862 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpRESAMPLED_2012-04-14_08-53-04_144.0
[2012/04/14 09:09:39 | 000,144,403 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpRESAMPLED_2012-04-14_08-53-04_144.JPG
[2011/12/11 13:04:31 | 000,631,641 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpTRUNKSHOW.JPG
[2011/12/11 13:04:30 | 002,354,424 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpTRUNKSHOW.0
[2011/10/01 14:27:57 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/10/01 14:27:56 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/04/25 18:44:59 | 000,001,778 | ---- | C] () -- C:\Users\Goblin\AppData\Roaming\Profile1.dat
[2011/04/25 18:44:59 | 000,001,770 | ---- | C] () -- C:\Users\Goblin\AppData\Roaming\Profile0.dat
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/12/28 16:02:48 | 000,000,108 | ---- | C] () -- C:\Windows\VSWizard.ini
[2010/10/15 19:37:33 | 000,000,064 | ---- | C] () -- C:\Users\Goblin\AppData\Local\Images.fl
[2010/05/19 20:11:24 | 000,001,460 | ---- | C] () -- C:\Users\Goblin\AppData\Local\d3d9caps64.dat
[2010/04/26 20:59:54 | 000,022,738 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpKARIZA3.JPG
[2009/12/12 15:13:15 | 000,000,760 | ---- | C] () -- C:\Users\Goblin\AppData\Roaming\setup_ldm.iss
[2009/11/02 22:34:22 | 000,000,082 | ---- | C] () -- C:\Users\Goblin\AppData\Local\X-Plane Installer.prf
[2009/09/07 00:21:56 | 000,000,394 | ---- | C] () -- C:\Users\Goblin\AppData\Roaming\wklnhst.dat
[2009/07/17 18:59:32 | 000,007,688 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpCORE SYNERGISTICS_navi.JPG
[2009/07/17 18:59:29 | 000,683,013 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpCORE SYNERGISTICS.JPG
[2009/03/07 13:50:06 | 000,114,176 | ---- | C] () -- C:\Users\Goblin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/21 14:43:50 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/01/14 19:20:13 | 000,000,094 | ---- | C] () -- C:\Users\Goblin\AppData\Local\fusioncache.dat

========== Custom Scans ==========

< MD5 for: MSWSOCK.DLL >
[2008/01/20 22:50:56 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=66306D7E90650EBE667811C1AF010BAC -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_1471f289e5a92fc4\mswsock.dll
[2009/04/11 02:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\ERDNT\cache86\mswsock.dll
[2009/04/11 02:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\SysWOW64\mswsock.dll
[2009/04/11 02:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/20 22:48:39 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
[2009/04/11 03:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\ERDNT\cache64\mswsock.dll
[2009/04/11 03:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\SysNative\mswsock.dll
[2009/04/11 03:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_165d6b95e2cafb10\mswsock.dll

< MD5 for: SERVICES.EXE >
[2008/01/20 22:50:34 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 03:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\ERDNT\cache64\services.exe
[2009/04/11 03:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\SysNative\services.exe
[2009/04/11 03:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SysWOW64\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2008/01/20 22:49:44 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=DFAC660F0F139276CC9299812DE42719 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe

< MD5 for: WINRNR.DLL >
[2008/01/20 22:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\Windows\SysNative\winrnr.dll
[2008/01/20 22:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6001.18000_none_b56cee730873a8a0\winrnr.dll
[2008/01/20 22:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_b758677f059573ec\winrnr.dll
[2009/04/11 02:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\SysWOW64\winrnr.dll
[2009/04/11 02:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll
[2006/11/02 05:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6001.18000_none_594e52ef5016376a\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2006/11/02 05:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\SysWOW64\wshelper.dll
[2006/11/02 05:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_6af84843e4192e9a\wshelper.dll
[2006/11/02 07:19:11 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=20AEE159BD1CE0664796EDF48AF201B8 -- C:\Windows\SysNative\wshelper.dll
[2006/11/02 07:19:11 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=20AEE159BD1CE0664796EDF48AF201B8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_60a39df1afb86c9f\wshelper.dll

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Goblin\Desktop\GOPR0082.MP4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Goblin\Desktop\GO010082.MP4:TOC.WMV
@Alternate Data Stream - 184 bytes -> C:\ProgramData\Temp:D20FFA63

< End of report >

#7
RKinner

Posted 23 July 2012 - 12:18 AM

Malware Expert

Expert
24,625 posts

Don't worry about delays. I don't keep track and I'm not on all of the time anyway. (Glad your dog is OK.)

We are making progress. services.exe is now good. Looks like the malware ate your ifmon.dll file so we can't reset winsock. Let's see if you have another we can use:

Copy the text in the code box:


/md5start
ifmon.dll
msvcrt.dll
ntdll.dll
netcfgx.dll
netshell.dll
ADVAPI32.dll
iphlpapi.dll
KERNEL32.dll
MPRAPI.dll
NETSH.EXE
ole32.dll
USER32.dll
WS2_32.dll
MSWSOCK.dll
/md5stop

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

then Run Scan.

You should get 1 log. Please copy and paste it to a reply.

Also attach the winsock2a.reg file that should be on your desktop.

#8
Chucklebun

Posted 23 July 2012 - 02:32 PM

Member

Topic Starter
Member
94 posts

Ok. Here we go. For the record, there is another winsock file other than the winsock2a but as requested I attached the 2a version:

OTL logfile created on: 7/23/2012 4:06:03 PM - Run 4
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Goblin\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.08 Gb Available Physical Memory | 75.99% Memory free
16.05 Gb Paging File | 14.09 Gb Available in Paging File | 87.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685.08 Gb Total Space | 266.42 Gb Free Space | 38.89% Space Free | Partition Type: NTFS
Drive D: | 13.56 Gb Total Space | 1.86 Gb Free Space | 13.71% Space Free | Partition Type: NTFS

Computer Name: MEDIA-PC | User Name: Goblin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/21 23:14:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Goblin\Desktop\OTL.exe
PRC - [2012/07/11 19:12:14 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
PRC - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/06 17:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/12/06 17:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/10/01 14:28:01 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2011/10/01 14:27:56 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/10/05 10:32:58 | 001,811,800 | ---- | M] (Logitech©) -- C:\Program Files (x86)\Logitech\G35\G35.exe
PRC - [2009/12/15 11:17:08 | 003,278,728 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Mamba\RazerTray.exe
PRC - [2009/09/09 14:26:36 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/11/03 18:21:18 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/11/03 18:21:16 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/10/17 20:56:54 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/09/30 22:59:26 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
PRC - [2007/05/07 10:52:12 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
PRC - [2007/04/18 11:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/03/05 18:17:56 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Tarantula\razertra.exe

========== Modules (No Company Name) ==========

MOD - [2011/12/06 17:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2007/07/19 12:50:12 | 000,104,520 | ---- | M] () -- C:\Windows\SysWOW64\OSD.dll
MOD - [2007/03/05 18:17:56 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Tarantula\razertra.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/06 20:32:20 | 000,086,016 | ---- | M] (Highresolution Enterprises) [Auto | Running] -- C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe -- (XMouseButton Launcher)
SRV:64bit: - [2010/10/28 06:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/11 20:12:09 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/25 18:48:35 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/04/05 15:50:06 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/06 17:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/10/01 14:28:01 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2011/10/01 14:27:56 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/03 18:21:18 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/09/30 22:59:26 | 000,192,512 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe -- (HPBtnSrv)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/18 13:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/09/29 12:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ladfSBVMamd64.sys -- (LADF_SBVM)
DRV:64bit: - [2010/09/29 12:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ladfDHP2amd64.sys -- (LADF_DHP2)
DRV:64bit: - [2010/08/24 13:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt)
DRV:64bit: - [2010/08/24 13:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/08/24 13:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/01/20 06:49:48 | 000,195,584 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/12/29 23:59:42 | 001,185,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/12/04 20:48:52 | 000,407,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/12/03 22:20:24 | 001,686,528 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2008/12/03 22:20:24 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/09/09 21:19:36 | 000,025,888 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000})
DRV:64bit: - [2008/01/20 22:47:28 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avc.sys -- (Avc)
DRV:64bit: - [2008/01/20 22:46:57 | 000,058,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\61883.sys -- (61883)
DRV:64bit: - [2008/01/20 22:46:53 | 000,061,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\msdv.sys -- (MSDV)
DRV:64bit: - [2007/04/11 16:23:48 | 000,049,664 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (TarFltr)
DRV:64bit: - [2007/01/24 17:24:12 | 000,046,616 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\rcblan.sys -- (RemoteControl-USBLAN)
DRV:64bit: - [2005/10/21 17:01:22 | 000,019,200 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbicp.sys -- (uisp)
DRV - [2009/09/09 14:26:06 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/05/30 08:24:16] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2005/12/21 11:23:26 | 000,014,592 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Usbicp.sys -- (uisp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {92733719-8085-42C7-AA36-0FA1EF22A58D}
IE:64bit: - HKLM\..\SearchScopes\{92733719-8085-42C7-AA36-0FA1EF22A58D}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{D7224172-D300-41D8-8655-8905A8DC1F7B}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {92733719-8085-42C7-AA36-0FA1EF22A58D}
IE - HKLM\..\SearchScopes\{92733719-8085-42C7-AA36-0FA1EF22A58D}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE - HKLM\..\SearchScopes\{D7224172-D300-41D8-8655-8905A8DC1F7B}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {3D265792-EFA5-43A4-90B8-16C74752E318}
IE - HKCU\..\SearchScopes\{3D265792-EFA5-43A4-90B8-16C74752E318}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{92733719-8085-42C7-AA36-0FA1EF22A58D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{D7224172-D300-41D8-8655-8905A8DC1F7B}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9051303c-7e41-4311-a783-d6fe5ef2832d}: C:\Program Files (x86)\FVD Suite\addons\Firefox [2012/02/24 23:34:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/24 22:57:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/02/24 22:58:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Goblin\AppData\Roaming\Mozilla\Extensions
[2012/02/24 23:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Goblin\AppData\Roaming\Mozilla\Firefox\Profiles\y3f98c6f.default\extensions
[2012/02/24 22:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/24 23:27:41 | 000,160,151 | ---- | M] () (No name found) -- C:\USERS\GOBLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y3F98C6F.DEFAULT\EXTENSIONS\[email protected]
[2012/02/16 10:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/16 06:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/16 06:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/22 10:17:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Open FVD Suite Toolbar) - {2B171655-A69C-5c18-B693-6CB5DC269D44} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (FVD Suite Toolbar) - {2B171655-A69C-5c18-B693-6CB5DC269D41} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech©)
O4 - HKLM..\Run: [Razer Mamba Driver] C:\Program Files (x86)\Razer\Mamba\RazerTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [Tarantula] C:\Program Files (x86)\Razer\Tarantula\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} http://www.systemreq...reqlab_test.cab (System Requirements Lab Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} http://192.168.1.115...yerWeb11gv2.cab (NetCamPlayerWeb11gv2 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEA4456F-6A10-427D-A32B-7080522BDBA2}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Goblin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Goblin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/23 16:04:12 | 000,000,000 | ---D | C] -- C:\Users\Goblin\Desktop\Winsock things
[2012/07/22 10:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/22 10:43:22 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/22 10:42:15 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Goblin\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/22 10:33:03 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Goblin\Desktop\tdsskiller.exe
[2012/07/22 10:25:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/22 10:17:20 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/07/22 10:15:25 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\temp
[2012/07/22 09:39:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/22 09:39:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/22 09:39:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/22 09:39:26 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/07/22 09:39:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/22 09:24:20 | 004,582,474 | R--- | C] (Swearware) -- C:\Users\Goblin\Desktop\ComboFix.exe
[2012/07/22 08:55:06 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Goblin\Desktop\aswMBR.exe
[2012/07/22 08:48:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/21 23:14:03 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Goblin\Desktop\OTL.exe
[2012/07/21 21:37:30 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{A8579F99-6409-4A67-BA35-2B1428F98D50}
[2012/07/21 21:37:05 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{FD4130AC-2836-440D-B135-D9B1519395C2}
[2012/07/21 21:35:49 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{C2A0CADF-8FCB-495E-984C-A5C7B2A3BBC1}
[2012/07/21 21:35:34 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{0D4D9A62-B07B-42FC-98C9-68279F1F05E5}
[2012/07/19 21:19:58 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/07/19 21:17:01 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2012/07/19 21:11:32 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{1669EE96-67DB-40EE-9953-8A3AC66B1764}
[2012/07/19 21:11:10 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{C402BD79-E70D-453C-8B0B-FBD9435A32F7}
[2012/07/19 21:10:46 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{DD63D3C6-EEF4-411E-A516-90ABB7AB0E7D}
[2012/07/19 21:10:36 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{3B2B997A-4E8B-4136-825A-478C8A986987}
[2012/07/19 21:10:26 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{1838A1FC-E26D-4CE4-9366-16442E278F39}
[2012/07/19 21:10:03 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{E5AE4588-6A6C-4F80-BDDA-6E3D90D3A327}
[2012/07/18 16:53:37 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\Logitech-LS
[2012/07/18 16:50:22 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capicom.dll
[2012/07/11 19:00:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/11 19:00:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/11 19:00:55 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/11 19:00:55 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/11 19:00:54 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/11 19:00:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/11 19:00:54 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/11 19:00:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/11 19:00:52 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/11 19:00:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/11 19:00:51 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/11 19:00:49 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/11 19:00:49 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/11 16:50:47 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/11 16:50:16 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/07/11 16:50:16 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/07/09 17:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/07/01 18:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/07/01 18:27:54 | 003,149,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012/07/01 18:27:54 | 000,063,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012/07/01 18:27:53 | 006,151,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012/07/01 18:27:53 | 000,118,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012/07/01 18:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/07/01 18:25:07 | 010,194,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012/07/01 18:25:06 | 008,105,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012/07/01 18:25:05 | 025,743,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/07/01 18:25:04 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/07/01 18:25:03 | 001,468,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012/07/01 18:25:02 | 001,738,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012/07/01 18:25:01 | 018,044,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012/07/01 18:25:01 | 015,322,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012/07/01 18:25:00 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/07/01 18:25:00 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/07/01 18:25:00 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/07/01 18:24:59 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/07/01 18:24:59 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/07/01 18:24:59 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/07/01 18:24:56 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/07/01 18:24:55 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/07/01 18:24:55 | 002,741,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012/07/01 18:24:55 | 002,368,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/07/01 16:18:30 | 000,188,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012/07/01 16:18:30 | 000,031,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012/07/01 00:46:50 | 000,000,000 | ---D | C] -- C:\Users\Goblin\Desktop\West Playlist
[2012/06/29 22:41:27 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Roaming\Motorola
[2012/06/29 22:36:05 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Inc
[2012/06/26 22:18:40 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{322FA743-3393-49F9-BF27-297B5F1B6022}
[2012/06/24 23:45:56 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{306760A2-8D70-4BEE-A773-4A80E89489EB}
[2012/06/24 23:43:04 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{373675BD-DCB8-46BD-92B4-DD8D36B70A3D}

========== Files - Modified Within 30 Days ==========

[2012/07/23 16:10:00 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{11C99D3A-08FE-4241-9D45-14B895A5BF78}.job
[2012/07/23 15:56:00 | 000,812,424 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/23 15:56:00 | 000,679,040 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/23 15:56:00 | 000,134,810 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/23 15:49:57 | 000,007,916 | ---- | M] () -- C:\Users\Goblin\AppData\Local\d3d9caps.dat
[2012/07/23 15:49:38 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/23 15:49:38 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/23 15:49:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/22 19:12:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/22 14:30:14 | 000,250,880 | ---- | M] () -- C:\Users\Goblin\Desktop\winsock2a.reg
[2012/07/22 11:29:54 | 000,061,440 | ---- | M] ( ) -- C:\Users\Goblin\Desktop\VEW.exe
[2012/07/22 11:06:21 | 020,975,616 | ---- | M] () -- C:\Users\Goblin\Documents\application log.evtx
[2012/07/22 11:05:50 | 000,069,632 | ---- | M] () -- C:\Users\Goblin\Documents\System log 7-22.evtx
[2012/07/22 10:43:23 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/22 10:42:18 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Goblin\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/22 10:33:17 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Goblin\Desktop\tdsskiller.exe
[2012/07/22 10:30:09 | 000,020,397 | ---- | M] () -- C:\Users\Goblin\Desktop\error message.jpg
[2012/07/22 10:17:17 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/22 09:36:19 | 000,000,512 | ---- | M] () -- C:\Users\Goblin\Desktop\MBR.dat
[2012/07/22 09:24:33 | 004,582,474 | R--- | M] (Swearware) -- C:\Users\Goblin\Desktop\ComboFix.exe
[2012/07/22 08:55:25 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Goblin\Desktop\aswMBR.exe
[2012/07/21 23:14:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Goblin\Desktop\OTL.exe
[2012/07/21 21:44:25 | 000,114,176 | ---- | M] () -- C:\Users\Goblin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/11 21:29:40 | 000,327,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/11 20:12:09 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/11 20:12:09 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/08 12:08:27 | 2412,598,313 | ---- | M] () -- C:\Users\Goblin\Desktop\GO010082.MP4
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/01 18:23:31 | 000,001,460 | ---- | M] () -- C:\Users\Goblin\AppData\Local\d3d9caps64.dat
[2012/06/27 20:34:02 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGoblin.job
[2012/06/26 16:36:17 | 3936,071,900 | ---- | M] () -- C:\Users\Goblin\Desktop\GOPR0082.MP4

========== Files Created - No Company Name ==========

[2012/07/22 14:30:14 | 000,250,880 | ---- | C] () -- C:\Users\Goblin\Desktop\winsock2a.reg
[2012/07/22 11:29:54 | 000,061,440 | ---- | C] ( ) -- C:\Users\Goblin\Desktop\VEW.exe
[2012/07/22 11:06:21 | 020,975,616 | ---- | C] () -- C:\Users\Goblin\Documents\application log.evtx
[2012/07/22 11:04:49 | 000,069,632 | ---- | C] () -- C:\Users\Goblin\Documents\System log 7-22.evtx
[2012/07/22 10:43:23 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/22 10:28:40 | 000,020,397 | ---- | C] () -- C:\Users\Goblin\Desktop\error message.jpg
[2012/07/22 09:39:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/22 09:39:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/22 09:39:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/22 09:39:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/22 09:39:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/22 09:13:11 | 000,000,512 | ---- | C] () -- C:\Users\Goblin\Desktop\MBR.dat
[2012/07/13 16:25:59 | 000,007,916 | ---- | C] () -- C:\Users\Goblin\AppData\Local\d3d9caps.dat
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/05/09 23:14:03 | 057,963,681 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpSCAN0006.0
[2012/05/09 23:14:00 | 057,963,681 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpSCAN0006.JPG
[2012/04/14 09:09:39 | 000,156,862 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpRESAMPLED_2012-04-14_08-53-04_144.0
[2012/04/14 09:09:39 | 000,144,403 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpRESAMPLED_2012-04-14_08-53-04_144.JPG
[2011/12/11 13:04:31 | 000,631,641 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpTRUNKSHOW.JPG
[2011/12/11 13:04:30 | 002,354,424 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpTRUNKSHOW.0
[2011/10/01 14:27:57 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/10/01 14:27:56 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/04/25 18:44:59 | 000,001,778 | ---- | C] () -- C:\Users\Goblin\AppData\Roaming\Profile1.dat
[2011/04/25 18:44:59 | 000,001,770 | ---- | C] () -- C:\Users\Goblin\AppData\Roaming\Profile0.dat
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/12/28 16:02:48 | 000,000,108 | ---- | C] () -- C:\Windows\VSWizard.ini
[2010/10/15 19:37:33 | 000,000,064 | ---- | C] () -- C:\Users\Goblin\AppData\Local\Images.fl
[2010/05/19 20:11:24 | 000,001,460 | ---- | C] () -- C:\Users\Goblin\AppData\Local\d3d9caps64.dat
[2010/04/26 20:59:54 | 000,022,738 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpKARIZA3.JPG
[2009/12/12 15:13:15 | 000,000,760 | ---- | C] () -- C:\Users\Goblin\AppData\Roaming\setup_ldm.iss
[2009/11/02 22:34:22 | 000,000,082 | ---- | C] () -- C:\Users\Goblin\AppData\Local\X-Plane Installer.prf
[2009/09/07 00:21:56 | 000,000,394 | ---- | C] () -- C:\Users\Goblin\AppData\Roaming\wklnhst.dat
[2009/07/17 18:59:32 | 000,007,688 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpCORE SYNERGISTICS_navi.JPG
[2009/07/17 18:59:29 | 000,683,013 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpCORE SYNERGISTICS.JPG
[2009/03/07 13:50:06 | 000,114,176 | ---- | C] () -- C:\Users\Goblin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/21 14:43:50 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/01/14 19:20:13 | 000,000,094 | ---- | C] () -- C:\Users\Goblin\AppData\Local\fusioncache.dat

========== Custom Scans ==========

< MD5 for: ADVAPI32.DLL >
[2009/04/11 02:28:17 | 000,800,768 | ---- | M] (Microsoft Corporation) MD5=50CAA7072C171B9887215C83D52069E4 -- C:\Windows\SysWOW64\advapi32.dll
[2009/04/11 02:28:17 | 000,800,768 | ---- | M] (Microsoft Corporation) MD5=50CAA7072C171B9887215C83D52069E4 -- C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.0.6002.18005_none_e533cab683a383fc\advapi32.dll
[2008/01/20 22:48:55 | 001,062,400 | ---- | M] (Microsoft Corporation) MD5=AFD158883501B64DB2C506B6E089AF2D -- C:\Windows\winsxs\amd64_microsoft-windows-advapi32_31bf3856ad364e35_6.0.6001.18000_none_3f66ed2e3edf29e6\advapi32.dll
[2009/04/11 03:11:13 | 001,065,472 | ---- | M] (Microsoft Corporation) MD5=BB8C4784AA400BDC3D51B6ACAA077E96 -- C:\Windows\SysNative\advapi32.dll
[2009/04/11 03:11:13 | 001,065,472 | ---- | M] (Microsoft Corporation) MD5=BB8C4784AA400BDC3D51B6ACAA077E96 -- C:\Windows\winsxs\amd64_microsoft-windows-advapi32_31bf3856ad364e35_6.0.6002.18005_none_4152663a3c00f532\advapi32.dll
[2008/01/20 22:49:45 | 000,798,720 | ---- | M] (Microsoft Corporation) MD5=C44A1766E93E506EE2102A305799E1A1 -- C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.0.6001.18000_none_e34851aa8681b8b0\advapi32.dll

< MD5 for: IFMON.DLL >
[2009/04/11 02:28:19 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=17CBA378C42E4525A3BC9DDD77EF5DD2 -- C:\Windows\SysWOW64\ifmon.dll
[2009/04/11 02:28:19 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=17CBA378C42E4525A3BC9DDD77EF5DD2 -- C:\Windows\winsxs\x86_microsoft-windows-rasifmon_31bf3856ad364e35_6.0.6002.18005_none_ccbb42deea504b23\ifmon.dll
[2008/01/20 22:50:03 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=2F74FECDE5E16E8C42F612FBAC785C20 -- C:\Windows\winsxs\amd64_microsoft-windows-rasifmon_31bf3856ad364e35_6.0.6001.18000_none_26ee6556a58bf10d\ifmon.dll
[2008/01/20 22:51:01 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=CAA1B5B3F7A20C93EBF71879B2C92FA1 -- C:\Windows\winsxs\x86_microsoft-windows-rasifmon_31bf3856ad364e35_6.0.6001.18000_none_cacfc9d2ed2e7fd7\ifmon.dll
[2009/04/11 03:11:15 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=DD49BE6A0BB0136BBAE9AF0A0BD15F52 -- C:\Windows\SysNative\ifmon.dll
[2009/04/11 03:11:15 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=DD49BE6A0BB0136BBAE9AF0A0BD15F52 -- C:\Windows\winsxs\amd64_microsoft-windows-rasifmon_31bf3856ad364e35_6.0.6002.18005_none_28d9de62a2adbc59\ifmon.dll

< MD5 for: IPHLPAPI.DLL >
[2008/01/20 22:49:56 | 000,091,648 | ---- | M] (Microsoft Corporation) MD5=3E7978C513204CAA21E455D0F31F7F61 -- C:\Windows\winsxs\x86_microsoft-windows-t..-platform-libraries_31bf3856ad364e35_6.0.6001.18000_none_ea70eae59b4e2b12\IPHLPAPI.DLL
[2009/04/11 02:28:20 | 000,091,648 | ---- | M] (Microsoft Corporation) MD5=4FE8425F21B3F0F8C4B4726351D43EAA -- C:\Windows\SysWOW64\IPHLPAPI.DLL
[2009/04/11 02:28:20 | 000,091,648 | ---- | M] (Microsoft Corporation) MD5=4FE8425F21B3F0F8C4B4726351D43EAA -- C:\Windows\winsxs\x86_microsoft-windows-t..-platform-libraries_31bf3856ad364e35_6.0.6002.18005_none_ec5c63f1986ff65e\IPHLPAPI.DLL
[2009/04/11 03:11:15 | 000,126,976 | ---- | M] (Microsoft Corporation) MD5=A9D70295BA8F31D5EA118B0A6B74183E -- C:\Windows\SysNative\IPHLPAPI.DLL
[2009/04/11 03:11:15 | 000,126,976 | ---- | M] (Microsoft Corporation) MD5=A9D70295BA8F31D5EA118B0A6B74183E -- C:\Windows\winsxs\amd64_microsoft-windows-t..-platform-libraries_31bf3856ad364e35_6.0.6002.18005_none_487aff7550cd6794\IPHLPAPI.DLL
[2008/01/20 22:49:08 | 000,126,976 | ---- | M] (Microsoft Corporation) MD5=EF930D0A78117359A5C67BCE3521B305 -- C:\Windows\winsxs\amd64_microsoft-windows-t..-platform-libraries_31bf3856ad364e35_6.0.6001.18000_none_468f866953ab9c48\IPHLPAPI.DLL

< MD5 for: KERNEL32.DLL >
[2009/02/13 03:24:13 | 001,233,920 | ---- | M] (Microsoft Corporation) MD5=08E8EF6A8D18BD1D89896903DCD103D2 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_ee74eaec2aa8523e\kernel32.dll
[2008/01/20 22:48:14 | 001,213,952 | ---- | M] (Microsoft Corporation) MD5=1122C8BE4BC4F392598A9543DC1014E0 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_efdc80c50ea8f9e4\kernel32.dll
[2009/02/13 03:47:27 | 001,233,408 | ---- | M] (Microsoft Corporation) MD5=1A5CE3CDE414ED758D4E1616F422C20B -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_ede0a61311929b23\kernel32.dll
[2009/02/13 04:19:50 | 000,858,112 | ---- | M] (Microsoft Corporation) MD5=1B5BE39A927C36B3162ADA23B6CA001E -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_fa751df65c5ab198\kernel32.dll
[2009/02/13 04:54:16 | 001,210,880 | ---- | M] (Microsoft Corporation) MD5=2EEE45C483BA534A84CACC9D8001FE0E -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_f02073a427f9ef9d\kernel32.dll
[2009/02/13 03:16:20 | 000,841,216 | ---- | M] (Microsoft Corporation) MD5=4118366CDDA655F8AEDB20CD03DEBAE9 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_f8c9953e5f091439\kernel32.dll
[2009/02/13 03:25:34 | 000,840,704 | ---- | M] (Microsoft Corporation) MD5=444A00544B4EDFEDD8FCCD281EDE3ED4 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_f835506545f35d1e\kernel32.dll
[2008/01/20 22:48:58 | 000,855,552 | ---- | M] (Microsoft Corporation) MD5=799EEDF377F3B72DB30192AD9FD3C7F3 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_fa312b174309bbdf\kernel32.dll
[2009/02/13 04:57:39 | 001,208,832 | ---- | M] (Microsoft Corporation) MD5=8331C9E592358DE5157169699BD836D7 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_efd6b6170eac8ed6\kernel32.dll
[2009/04/11 03:11:15 | 001,217,536 | ---- | M] (Microsoft Corporation) MD5=A1489655AB04BBB5290C3FC274D33E57 -- C:\Windows\ERDNT\cache64\kernel32.dll
[2009/04/11 03:11:15 | 001,217,536 | ---- | M] (Microsoft Corporation) MD5=A1489655AB04BBB5290C3FC274D33E57 -- C:\Windows\SysNative\kernel32.dll
[2009/04/11 03:11:15 | 001,217,536 | ---- | M] (Microsoft Corporation) MD5=A1489655AB04BBB5290C3FC274D33E57 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18005_none_f1c7f9d10bcac530\kernel32.dll
[2009/04/11 02:26:44 | 000,858,112 | ---- | M] (Microsoft Corporation) MD5=A5830F679B5B38AE9700A72087178745 -- C:\Windows\ERDNT\cache86\kernel32.dll
[2009/04/11 02:26:44 | 000,858,112 | ---- | M] (Microsoft Corporation) MD5=A5830F679B5B38AE9700A72087178745 -- C:\Windows\SysWOW64\kernel32.dll
[2009/04/11 02:26:44 | 000,858,112 | ---- | M] (Microsoft Corporation) MD5=A5830F679B5B38AE9700A72087178745 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18005_none_fc1ca423402b872b\kernel32.dll
[2009/02/13 04:47:47 | 000,855,552 | ---- | M] (Microsoft Corporation) MD5=D4902D1DC60CB71197EFE4474A582841 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_fa2b6069430d50d1\kernel32.dll

< MD5 for: MPRAPI.DLL >
[2008/01/20 22:49:08 | 000,097,792 | ---- | M] (Microsoft Corporation) MD5=3DBFEBE4DDF9CE3D647FAAFC1D15F3C6 -- C:\Windows\winsxs\x86_microsoft-windows-mprapi_31bf3856ad364e35_6.0.6001.18000_none_140c84ec53049b39\mprapi.dll
[2009/04/11 02:28:20 | 000,097,792 | ---- | M] (Microsoft Corporation) MD5=56E315ACFB08A177B4D01E42B9044DB5 -- C:\Windows\SysWOW64\mprapi.dll
[2009/04/11 02:28:20 | 000,097,792 | ---- | M] (Microsoft Corporation) MD5=56E315ACFB08A177B4D01E42B9044DB5 -- C:\Windows\winsxs\x86_microsoft-windows-mprapi_31bf3856ad364e35_6.0.6002.18005_none_15f7fdf850266685\mprapi.dll
[2008/01/20 22:48:11 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=66A6F96D7984EA269994DED18EEB910F -- C:\Windows\winsxs\amd64_microsoft-windows-mprapi_31bf3856ad364e35_6.0.6001.18000_none_702b20700b620c6f\mprapi.dll
[2009/04/11 03:11:15 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=F77B49A32331FA80F11C86877A6700DB -- C:\Windows\SysNative\mprapi.dll
[2009/04/11 03:11:15 | 000,129,536 | ---- | M] (Microsoft Corporation) MD5=F77B49A32331FA80F11C86877A6700DB -- C:\Windows\winsxs\amd64_microsoft-windows-mprapi_31bf3856ad364e35_6.0.6002.18005_none_7216997c0883d7bb\mprapi.dll

< MD5 for: MSVCRT.DLL >
[2008/01/20 22:49:58 | 000,680,448 | ---- | M] (Microsoft Corporation) MD5=04CBEAA089B6A752B3EB660BEE8C4964 -- C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_d15536209ee61dad\msvcrt.dll
[2008/01/20 22:49:12 | 000,621,056 | ---- | M] (Microsoft Corporation) MD5=11DB261E8EE318CA41498300327CB5F2 -- C:\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_2d73d1a457438ee3\msvcrt.dll
[2011/12/14 12:17:47 | 000,680,448 | ---- | M] (Microsoft Corporation) MD5=17AF64D727545F2804F6E6D998327E3F -- C:\Windows\ERDNT\cache86\msvcrt.dll
[2011/12/14 12:17:47 | 000,680,448 | ---- | M] (Microsoft Corporation) MD5=17AF64D727545F2804F6E6D998327E3F -- C:\Windows\SysWOW64\msvcrt.dll
[2011/12/14 12:17:47 | 000,680,448 | ---- | M] (Microsoft Corporation) MD5=17AF64D727545F2804F6E6D998327E3F -- C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18551_none_d306a7e69c340115\msvcrt.dll
[2008/10/07 22:02:28 | 000,278,581 | ---- | M] (Microsoft Corporation) MD5=1E7D17A025E1503E4BAC906AA3DE3F3E -- C:\Program Files (x86)\Common Files\muvee Technologies\MainConcept3(muvee)\msvcrt.dll
[2011/12/14 12:38:07 | 000,621,056 | ---- | M] (Microsoft Corporation) MD5=2C74308C8A20F3F3A2226DFE36914CBF -- C:\Windows\ERDNT\cache64\msvcrt.dll
[2011/12/14 12:38:07 | 000,621,056 | ---- | M] (Microsoft Corporation) MD5=2C74308C8A20F3F3A2226DFE36914CBF -- C:\Windows\SysNative\msvcrt.dll
[2011/12/14 12:38:07 | 000,621,056 | ---- | M] (Microsoft Corporation) MD5=2C74308C8A20F3F3A2226DFE36914CBF -- C:\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18551_none_2f25436a5491724b\msvcrt.dll
[2009/04/11 03:11:16 | 000,621,056 | ---- | M] (Microsoft Corporation) MD5=37B71108BFD6E276695CE24171F2889B -- C:\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_2f5f4ab054655a2f\msvcrt.dll
[2011/12/14 12:29:16 | 000,621,056 | ---- | M] (Microsoft Corporation) MD5=4B2F10ED918CA8B29A04B8B1B34D9349 -- C:\Windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.22755_none_2fb2e3436dab7498\msvcrt.dll
[2012/02/19 02:21:46 | 000,266,293 | ---- | M] (Microsoft Corporation) MD5=63DA4613383EC70E047B4CD5C48F0B05 -- C:\Program Files (x86)\Java\jre6\bin\msvcrt.dll
[2011/12/14 12:04:07 | 000,680,448 | ---- | M] (Microsoft Corporation) MD5=A807F65718C263442F0C3613F9BFD267 -- C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.22755_none_d39447bfb54e0362\msvcrt.dll
[2009/04/11 02:28:22 | 000,679,936 | ---- | M] (Microsoft Corporation) MD5=F5E991236960137B1F5449C5E5DF4656 -- C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6002.18005_none_d340af2c9c07e8f9\msvcrt.dll

< MD5 for: MSWSOCK.DLL >
[2008/01/20 22:50:56 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=66306D7E90650EBE667811C1AF010BAC -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_1471f289e5a92fc4\mswsock.dll
[2009/04/11 02:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\ERDNT\cache86\mswsock.dll
[2009/04/11 02:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\SysWOW64\mswsock.dll
[2009/04/11 02:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/20 22:48:39 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
[2009/04/11 03:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\ERDNT\cache64\mswsock.dll
[2009/04/11 03:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\SysNative\mswsock.dll
[2009/04/11 03:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_165d6b95e2cafb10\mswsock.dll

< MD5 for: NETCFGX.DLL >
[2008/01/20 22:48:28 | 000,386,560 | ---- | M] (Microsoft Corporation) MD5=6BC5FCEF351E4CB5A269C1E84B5A06DA -- C:\Windows\SysWOW64\netcfgx.dll
[2008/01/20 22:48:28 | 000,386,560 | ---- | M] (Microsoft Corporation) MD5=6BC5FCEF351E4CB5A269C1E84B5A06DA -- C:\Windows\winsxs\x86_microsoft-windows-ndis-tdi-bindingengine_31bf3856ad364e35_6.0.6001.18000_none_3e14e7642587c68e\netcfgx.dll
[2008/01/20 22:50:45 | 000,503,808 | ---- | M] (Microsoft Corporation) MD5=C1AE82B8F60ADB630C00DCE48E571CDD -- C:\Windows\SysNative\netcfgx.dll
[2008/01/20 22:50:45 | 000,503,808 | ---- | M] (Microsoft Corporation) MD5=C1AE82B8F60ADB630C00DCE48E571CDD -- C:\Windows\winsxs\amd64_microsoft-windows-ndis-tdi-bindingengine_31bf3856ad364e35_6.0.6001.18000_none_9a3382e7dde537c4\netcfgx.dll

< MD5 for: NETSH.EXE >
[2006/11/02 05:45:30 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=A1AAC0D6828D2A69A952321AA9950A47 -- C:\Windows\SysWOW64\netsh.exe
[2006/11/02 05:45:30 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=A1AAC0D6828D2A69A952321AA9950A47 -- C:\Windows\winsxs\x86_microsoft-windows-netsh_31bf3856ad364e35_6.0.6000.16386_none_5d6a3441faedc17e\netsh.exe
[2006/11/02 07:16:01 | 000,088,576 | ---- | M] (Microsoft Corporation) MD5=E2A310EEAA9BD32CBC6F01800EF3B249 -- C:\Windows\SysNative\netsh.exe
[2006/11/02 07:16:01 | 000,088,576 | ---- | M] (Microsoft Corporation) MD5=E2A310EEAA9BD32CBC6F01800EF3B249 -- C:\Windows\winsxs\amd64_microsoft-windows-netsh_31bf3856ad364e35_6.0.6000.16386_none_b988cfc5b34b32b4\netsh.exe

< MD5 for: NETSHELL.DLL >
[2008/01/20 22:50:29 | 003,341,312 | ---- | M] (Microsoft Corporation) MD5=1DA9A97633442FF5349B742FDCFD3E2C -- C:\Windows\winsxs\amd64_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_31a20656c6683a63\netshell.dll
[2008/01/20 22:48:13 | 003,173,376 | ---- | M] (Microsoft Corporation) MD5=5AA18E7840E880E10789DE414BF3131A -- C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\netshell.dll
[2009/04/11 03:11:16 | 003,341,312 | ---- | M] (Microsoft Corporation) MD5=AA6FAA30D3D0D4424DBA3D74D1CA1E14 -- C:\Windows\SysNative\netshell.dll
[2009/04/11 03:11:16 | 003,341,312 | ---- | M] (Microsoft Corporation) MD5=AA6FAA30D3D0D4424DBA3D74D1CA1E14 -- C:\Windows\winsxs\amd64_microsoft-windows-netshell_31bf3856ad364e35_6.0.6002.18005_none_338d7f62c38a05af\netshell.dll
[2009/04/11 02:28:23 | 003,174,400 | ---- | M] (Microsoft Corporation) MD5=E98E402067978DB38282158F9E8609CA -- C:\Windows\SysWOW64\netshell.dll
[2009/04/11 02:28:23 | 003,174,400 | ---- | M] (Microsoft Corporation) MD5=E98E402067978DB38282158F9E8609CA -- C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6002.18005_none_d76ee3df0b2c9479\netshell.dll

< MD5 for: NTDLL.DLL >
[2010/10/15 09:43:21 | 001,168,512 | ---- | M] (Microsoft Corporation) MD5=151B102E92D534B33A69C71EA8D0F8AA -- C:\Windows\winsxs\wow64_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6002.22505_none_c1bf4186ff2b3ef9\ntdll.dll
[2010/10/15 09:43:23 | 001,168,512 | ---- | M] (Microsoft Corporation) MD5=56007CFC52167C26E4A3F899B8D29CCD -- C:\Windows\winsxs\wow64_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6002.18327_none_c1220391e61c0c98\ntdll.dll
[2011/11/18 16:55:05 | 001,167,984 | ---- | M] (Microsoft Corporation) MD5=6AAF63A85181E39F94EC0641C55A4EF0 -- C:\Windows\SysWOW64\ntdll.dll
[2011/11/18 16:55:05 | 001,167,984 | ---- | M] (Microsoft Corporation) MD5=6AAF63A85181E39F94EC0641C55A4EF0 -- C:\Windows\winsxs\wow64_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6002.18541_none_c10665c9e631a6be\ntdll.dll
[2008/01/20 22:50:59 | 001,165,688 | ---- | M] (Microsoft Corporation) MD5=6C7CF95C22DD22CDAC17058E3C2B45F6 -- C:\Windows\winsxs\wow64_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6001.18000_none_bf4a2417e8ebdf47\ntdll.dll
[2009/04/11 02:27:50 | 001,165,088 | ---- | M] (Microsoft Corporation) MD5=6EF8A9B1E0B83DB8009B626F6627C63F -- C:\Windows\winsxs\wow64_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6002.18005_none_c1359d23e60daa93\ntdll.dll
[2011/11/18 16:55:05 | 001,585,152 | ---- | M] (Microsoft Corporation) MD5=784491AA0A781059AA3EC0BCB7AD760A -- C:\Windows\SysNative\ntdll.dll
[2011/11/18 16:55:05 | 001,585,152 | ---- | M] (Microsoft Corporation) MD5=784491AA0A781059AA3EC0BCB7AD760A -- C:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6002.18541_none_b6b1bb77b1d0e4c3\ntdll.dll
[2011/11/18 16:55:05 | 001,586,200 | ---- | M] (Microsoft Corporation) MD5=9152BC15B64DD0313A20CEA219519FAF -- C:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6002.22742_none_b73c5a72caed9b0b\ntdll.dll
[2011/11/18 16:55:05 | 001,168,496 | ---- | M] (Microsoft Corporation) MD5=96638E75B2B5CEB7C6620680FAA669F4 -- C:\Windows\winsxs\wow64_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6002.22742_none_c19104c4ff4e5d06\ntdll.dll
[2010/10/15 09:43:23 | 001,167,488 | ---- | M] (Microsoft Corporation) MD5=9EFF03AEBF5C90DB22FF15C6B0F3C26D -- C:\Windows\winsxs\wow64_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6001.18538_none_bf31c021e8fcef95\ntdll.dll
[2010/10/15 09:43:23 | 001,168,000 | ---- | M] (Microsoft Corporation) MD5=A0DF32D9753F571D3A9A09178EE73AA1 -- C:\Windows\winsxs\wow64_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6001.22777_none_bf8f1ed9023be2f3\ntdll.dll
[2010/10/15 09:43:22 | 001,585,704 | ---- | M] (Microsoft Corporation) MD5=ABEFD452213C6D9102931252BC1231BA -- C:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6002.22505_none_b76a9734caca7cfe\ntdll.dll
[2009/04/11 03:11:05 | 001,582,792 | ---- | M] (Microsoft Corporation) MD5=ACDD78D926AF8F357138FDC50D250F53 -- C:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6002.18005_none_b6e0f2d1b1ace898\ntdll.dll
[2010/10/15 09:43:22 | 001,562,008 | ---- | M] (Microsoft Corporation) MD5=AFE09688BD2ACFE5B7B69D3DD6AE8827 -- C:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6001.22777_none_b53a7486cddb20f8\ntdll.dll
[2010/10/15 09:43:22 | 001,560,960 | ---- | M] (Microsoft Corporation) MD5=C9DC1B889BA91EA1878336DA45C726F4 -- C:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6001.18538_none_b4dd15cfb49c2d9a\ntdll.dll
[2008/01/20 22:50:16 | 001,559,696 | ---- | M] (Microsoft Corporation) MD5=D8C3BAC8A34E71B635B395D611F7BB66 -- C:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6001.18000_none_b4f579c5b48b1d4c\ntdll.dll
[2010/10/15 09:43:22 | 001,585,168 | ---- | M] (Microsoft Corporation) MD5=E035492ACF0C65187A37DFB2D77734D9 -- C:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6002.18327_none_b6cd593fb1bb4a9d\ntdll.dll

< MD5 for: OLE32.DLL >
[2010/06/28 13:21:07 | 001,915,904 | ---- | M] (Microsoft Corporation) MD5=0CB93E3F36C4F4122E7CBBAA731F67D1 -- C:\Windows\ERDNT\cache64\ole32.dll
[2010/06/28 13:21:07 | 001,915,904 | ---- | M] (Microsoft Corporation) MD5=0CB93E3F36C4F4122E7CBBAA731F67D1 -- C:\Windows\SysNative\ole32.dll
[2010/06/28 13:21:07 | 001,915,904 | ---- | M] (Microsoft Corporation) MD5=0CB93E3F36C4F4122E7CBBAA731F67D1 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6002.18277_none_09de10d7a8078d99\ole32.dll
[2009/04/11 03:11:19 | 001,915,392 | ---- | M] (Microsoft Corporation) MD5=19915DB5B186D91CD4B459210C41741B -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6002.18005_none_0a27bbeba7d09d06\ole32.dll
[2008/01/20 22:51:04 | 001,315,328 | ---- | M] (Microsoft Corporation) MD5=3B634E4BE373D6D987EBF906B43FAAB3 -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6001.18000_none_ac1da75bf2516084\ole32.dll
[2010/06/28 13:41:25 | 001,916,928 | ---- | M] (Microsoft Corporation) MD5=48E49F1EFE1F20A078DD656DE81AFBA8 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6002.22433_none_0a8eee10c108556a\ole32.dll
[2010/06/28 12:29:14 | 001,315,840 | ---- | M] (Microsoft Corporation) MD5=64A319477AF21806B8A17E8A3A3FF8BC -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6001.22720_none_ac91afb30b7f271a\ole32.dll
[2010/06/28 12:40:30 | 001,922,560 | ---- | M] (Microsoft Corporation) MD5=6F9FBFDF627A958ECDD1CB65704CB846 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6001.22720_none_08b04b36c3dc9850\ole32.dll
[2010/06/28 13:37:08 | 001,316,864 | ---- | M] (Microsoft Corporation) MD5=7C6F74A11FCF5745B36CB8085B7DE3FB -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6002.22433_none_ae70528d08aae434\ole32.dll
[2010/06/28 13:00:21 | 001,316,864 | ---- | M] (Microsoft Corporation) MD5=9586E7CB2255A8B097A7E4538202585E -- C:\Windows\ERDNT\cache86\ole32.dll
[2010/06/28 13:00:21 | 001,316,864 | ---- | M] (Microsoft Corporation) MD5=9586E7CB2255A8B097A7E4538202585E -- C:\Windows\SysWOW64\ole32.dll
[2010/06/28 13:00:21 | 001,316,864 | ---- | M] (Microsoft Corporation) MD5=9586E7CB2255A8B097A7E4538202585E -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6002.18277_none_adbf7553efaa1c63\ole32.dll
[2010/06/28 12:15:53 | 001,315,840 | ---- | M] (Microsoft Corporation) MD5=AA406846DD60E3A4536DBAAB4037B685 -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6001.18498_none_abc461f7f2931b51\ole32.dll
[2009/04/11 02:28:23 | 001,316,864 | ---- | M] (Microsoft Corporation) MD5=C50A0AB19094BC362FBA69E105EBCCFD -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6002.18005_none_ae092067ef732bd0\ole32.dll
[2010/06/28 12:55:10 | 001,923,584 | ---- | M] (Microsoft Corporation) MD5=C7E11F8B2F3130FB7C3866F1816C4E7D -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6001.18498_none_07e2fd7baaf08c87\ole32.dll
[2008/01/20 22:50:07 | 001,923,072 | ---- | M] (Microsoft Corporation) MD5=F36E23B80AC04538726699670050121D -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6001.18000_none_083c42dfaaaed1ba\ole32.dll

< MD5 for: USER32.DLL >
[2008/01/20 22:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008/01/20 22:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009/04/11 02:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\ERDNT\cache86\user32.dll
[2009/04/11 02:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009/04/11 02:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009/04/11 03:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\ERDNT\cache64\user32.dll
[2009/04/11 03:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SysNative\user32.dll
[2009/04/11 03:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll

< MD5 for: WS2_32.DLL >
[2008/01/20 22:49:45 | 000,265,216 | ---- | M] (Microsoft Corporation) MD5=63944ECFE4878C1C4889689324CABFAB -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_4ed64c4686b376fa\ws2_32.dll
[2008/01/20 22:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\ERDNT\cache86\ws2_32.dll
[2008/01/20 22:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SysWOW64\ws2_32.dll
[2008/01/20 22:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll
[2008/01/20 22:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6002.18005_none_f4a329cecb77d110\ws2_32.dll
[2009/04/11 03:11:31 | 000,264,704 | ---- | M] (Microsoft Corporation) MD5=BAB10B35E2D5EE0DC3DE05A177C52C50 -- C:\Windows\ERDNT\cache64\ws2_32.dll
[2009/04/11 03:11:31 | 000,264,704 | ---- | M] (Microsoft Corporation) MD5=BAB10B35E2D5EE0DC3DE05A177C52C50 -- C:\Windows\SysNative\ws2_32.dll
[2009/04/11 03:11:31 | 000,264,704 | ---- | M] (Microsoft Corporation) MD5=BAB10B35E2D5EE0DC3DE05A177C52C50 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6002.18005_none_50c1c55283d54246\ws2_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Goblin\Desktop\GOPR0082.MP4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Goblin\Desktop\GO010082.MP4:TOC.WMV
@Alternate Data Stream - 184 bytes -> C:\ProgramData\Temp:D20FFA63

< End of report >

Attached Files

winsock2a.reg 245KB 146 downloads

#9
RKinner

Posted 24 July 2012 - 12:25 AM

Malware Expert

Expert
24,625 posts

< MD5 for: IFMON.DLL >
[2009/04/11 02:28:19 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=17CBA378C42E4525A3BC9DDD77EF5DD2 -- C:\Windows\SysWOW64\ifmon.dll
[2009/04/11 02:28:19 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=17CBA378C42E4525A3BC9DDD77EF5DD2 -- C:\Windows\winsxs\x86_microsoft-windows-rasifmon_31bf3856ad364e35_6.0.6002.18005_none_ccbb42deea504b23\ifmon.dll
[2008/01/20 22:50:03 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=2F74FECDE5E16E8C42F612FBAC785C20 -- C:\Windows\winsxs\amd64_microsoft-windows-rasifmon_31bf3856ad364e35_6.0.6001.18000_none_26ee6556a58bf10d\ifmon.dll
[2008/01/20 22:51:01 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=CAA1B5B3F7A20C93EBF71879B2C92FA1 -- C:\Windows\winsxs\x86_microsoft-windows-rasifmon_31bf3856ad364e35_6.0.6001.18000_none_cacfc9d2ed2e7fd7\ifmon.dll
[2009/04/11 03:11:15 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=DD49BE6A0BB0136BBAE9AF0A0BD15F52 -- C:\Windows\SysNative\ifmon.dll
[2009/04/11 03:11:15 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=DD49BE6A0BB0136BBAE9AF0A0BD15F52 -- C:\Windows\winsxs\amd64_microsoft-windows-rasifmon_31bf3856ad364e35_6.0.6002.18005_none_28d9de62a2adbc59\ifmon.dll

As you can see we have ifmon.dll in both SysNative (AKA System32) and SysWOW64 so I'm not sure why it says we don't have it.

Maybe the permissions are wrong on the files:

Please download GrantPerms.zip
http://download.blee.../GrantPerms.zip
and save it to your desktop.
Unzip the file and depending on the system run GrantPerms.exe or GrantPerms64.exe
Copy and paste the following in the edit box:


C:\Windows\SysWOW64\ifmon.dll
C:\Windows\SysNative\ifmon.dll

Click Unlock. When it is done click "OK".
Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.

Perhaps it needs to be registered.

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

c:\windows\syswow64\regsvr32.exe  C:\Windows\SysWOW64\ifmon.dll

c:\windows\syswow64\regsvr32.exe  C:\Windows\SysNative\ifmon.dll

netsh  winsock  reset  catalog

(Did either of the first two commands work or did they complain? Does it still say it can't find ifmon.dll?)

I don't have a 64 bit Windows to play with so I'm at a bit of a disadvantage. Looking at your winsock2a.reg I can't see where they ask for mmswsock.dll or %SystemRoot%\System32\winrnr.dll but there are differences between the normal hex code and the ones that OTL is flagging so I expect they are doing something in hex that I don't understand. If the netsh winsock reset catalog command still won't work we can try to manually repair the registry. I'll get a copy of a 64 bit winsock from a friend on the forum.

#10
Chucklebun

Posted 24 July 2012 - 04:17 AM

Member

Topic Starter
Member
94 posts

Both of the first two command-line operations failed with error messages (why can't you copy/paste windows error messages?). Different language in each but it boiled down to the file could not be found.
Third command ran fine, said I need to reboot.

GrantPerms by Farbar

Ran by Goblin (administrator) at 2012-07-24 06:12:12

===============================================
ERROR: Parsing the SD of <\\?\C:\Windows\SysWOW64\ifmon.dll > failed with: The system cannot find the file specified.

Operating system error message: The system cannot find the file specified.
\\?\C:\Windows\SysNative\ifmon.dll

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)

#11
RKinner

Posted 24 July 2012 - 09:14 AM

Malware Expert

Expert
24,625 posts

Actually you can copy the error message. They just make it hard for some reason. Right click on the Command Window and select Mark. Then it will let you highlight something in the window. Then hit Enter and the hgihlighted text will be on your clipboard and you can Edit, Paste or Ctrl + v it to a reply.

If the netsh command ran this time then I expect we have fixed the main problem. Run OTL, Quickscan, and post the log.

Are you still getting redirects?

Ron

PS. We are going off island to pick up a friend from the airport today. Won't be able to get back until tomorrow.

#12
Chucklebun

Posted 24 July 2012 - 02:50 PM

Member

Topic Starter
Member
94 posts

Thanks for your time again. OK here is the OTL log:

OTL logfile created on: 7/24/2012 4:39:15 PM - Run 5
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Goblin\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.04 Gb Available Physical Memory | 75.57% Memory free
16.05 Gb Paging File | 14.09 Gb Available in Paging File | 87.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685.08 Gb Total Space | 262.44 Gb Free Space | 38.31% Space Free | Partition Type: NTFS
Drive D: | 13.56 Gb Total Space | 1.86 Gb Free Space | 13.71% Space Free | Partition Type: NTFS

Computer Name: MEDIA-PC | User Name: Goblin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/21 23:14:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Goblin\Desktop\OTL.exe
PRC - [2012/07/11 19:12:14 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
PRC - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/06 17:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/12/06 17:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/10/01 14:28:01 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2011/10/01 14:27:56 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/10/05 10:32:58 | 001,811,800 | ---- | M] (Logitech©) -- C:\Program Files (x86)\Logitech\G35\G35.exe
PRC - [2009/12/15 11:17:08 | 003,278,728 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Mamba\RazerTray.exe
PRC - [2009/09/09 14:26:36 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/11/03 18:21:18 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/11/03 18:21:16 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/10/17 20:56:54 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/09/30 22:59:26 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
PRC - [2007/05/07 10:52:12 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
PRC - [2007/04/18 11:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/03/05 18:17:56 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Tarantula\razertra.exe

========== Modules (No Company Name) ==========

MOD - [2011/12/06 17:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2007/07/19 12:50:12 | 000,104,520 | ---- | M] () -- C:\Windows\SysWOW64\OSD.dll
MOD - [2007/03/05 18:17:56 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Tarantula\razertra.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/06 20:32:20 | 000,086,016 | ---- | M] (Highresolution Enterprises) [Auto | Running] -- C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe -- (XMouseButton Launcher)
SRV:64bit: - [2010/10/28 06:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/11 20:12:09 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/25 18:48:35 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/04/05 15:50:06 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/06 17:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/10/01 14:28:01 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2011/10/01 14:27:56 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/03 18:21:18 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/09/30 22:59:26 | 000,192,512 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe -- (HPBtnSrv)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/18 13:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/09/29 12:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ladfSBVMamd64.sys -- (LADF_SBVM)
DRV:64bit: - [2010/09/29 12:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ladfDHP2amd64.sys -- (LADF_DHP2)
DRV:64bit: - [2010/08/24 13:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt)
DRV:64bit: - [2010/08/24 13:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/08/24 13:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/01/20 06:49:48 | 000,195,584 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/12/29 23:59:42 | 001,185,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/12/04 20:48:52 | 000,407,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/12/03 22:20:24 | 001,686,528 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2008/12/03 22:20:24 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/09/09 21:19:36 | 000,025,888 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\PC-Doctor for Windows\pcd5srvc_x64.pkms -- (PCD5SRVC{8AAF211B-043E02A9-05040000})
DRV:64bit: - [2008/01/20 22:47:28 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avc.sys -- (Avc)
DRV:64bit: - [2008/01/20 22:46:57 | 000,058,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\61883.sys -- (61883)
DRV:64bit: - [2008/01/20 22:46:53 | 000,061,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\msdv.sys -- (MSDV)
DRV:64bit: - [2007/04/11 16:23:48 | 000,049,664 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (TarFltr)
DRV:64bit: - [2007/01/24 17:24:12 | 000,046,616 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\rcblan.sys -- (RemoteControl-USBLAN)
DRV:64bit: - [2005/10/21 17:01:22 | 000,019,200 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbicp.sys -- (uisp)
DRV - [2009/09/09 14:26:06 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/05/30 08:24:16] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2005/12/21 11:23:26 | 000,014,592 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Usbicp.sys -- (uisp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {92733719-8085-42C7-AA36-0FA1EF22A58D}
IE:64bit: - HKLM\..\SearchScopes\{92733719-8085-42C7-AA36-0FA1EF22A58D}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{D7224172-D300-41D8-8655-8905A8DC1F7B}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {92733719-8085-42C7-AA36-0FA1EF22A58D}
IE - HKLM\..\SearchScopes\{92733719-8085-42C7-AA36-0FA1EF22A58D}: "URL" = http://search.live.c...ms}&FORM=HPDTDF
IE - HKLM\..\SearchScopes\{D7224172-D300-41D8-8655-8905A8DC1F7B}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {3D265792-EFA5-43A4-90B8-16C74752E318}
IE - HKCU\..\SearchScopes\{3D265792-EFA5-43A4-90B8-16C74752E318}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{92733719-8085-42C7-AA36-0FA1EF22A58D}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{D7224172-D300-41D8-8655-8905A8DC1F7B}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9051303c-7e41-4311-a783-d6fe5ef2832d}: C:\Program Files (x86)\FVD Suite\addons\Firefox [2012/02/24 23:34:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/24 22:57:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/02/24 22:58:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Goblin\AppData\Roaming\Mozilla\Extensions
[2012/02/24 23:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Goblin\AppData\Roaming\Mozilla\Firefox\Profiles\y3f98c6f.default\extensions
[2012/02/24 22:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/24 23:27:41 | 000,160,151 | ---- | M] () (No name found) -- C:\USERS\GOBLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y3F98C6F.DEFAULT\EXTENSIONS\[email protected]
[2012/02/16 10:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/16 06:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/16 06:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/22 10:17:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Open FVD Suite Toolbar) - {2B171655-A69C-5c18-B693-6CB5DC269D44} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (FVD Suite Toolbar) - {2B171655-A69C-5c18-B693-6CB5DC269D41} - C:\Program Files (x86)\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech©)
O4 - HKLM..\Run: [Razer Mamba Driver] C:\Program Files (x86)\Razer\Mamba\RazerTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [Tarantula] C:\Program Files (x86)\Razer\Tarantula\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} http://www.systemreq...reqlab_test.cab (System Requirements Lab Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} http://192.168.1.115...yerWeb11gv2.cab (NetCamPlayerWeb11gv2 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEA4456F-6A10-427D-A32B-7080522BDBA2}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Goblin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Goblin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/24 16:37:41 | 000,000,000 | ---D | C] -- C:\Users\Goblin\Desktop\Malware logs etc
[2012/07/24 06:10:14 | 000,000,000 | ---D | C] -- C:\Users\Goblin\Desktop\GrantPerms
[2012/07/22 10:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/22 10:43:22 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/22 10:42:15 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Goblin\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/22 10:33:03 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Goblin\Desktop\tdsskiller.exe
[2012/07/22 10:25:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/22 10:17:20 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/07/22 10:15:25 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\temp
[2012/07/22 09:39:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/22 09:39:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/22 09:39:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/22 09:39:26 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/07/22 09:39:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/22 09:24:20 | 004,582,474 | R--- | C] (Swearware) -- C:\Users\Goblin\Desktop\ComboFix.exe
[2012/07/22 08:55:06 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Goblin\Desktop\aswMBR.exe
[2012/07/22 08:48:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/21 23:14:03 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Goblin\Desktop\OTL.exe
[2012/07/21 21:37:30 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{A8579F99-6409-4A67-BA35-2B1428F98D50}
[2012/07/21 21:37:05 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{FD4130AC-2836-440D-B135-D9B1519395C2}
[2012/07/21 21:35:49 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{C2A0CADF-8FCB-495E-984C-A5C7B2A3BBC1}
[2012/07/21 21:35:34 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{0D4D9A62-B07B-42FC-98C9-68279F1F05E5}
[2012/07/19 21:19:58 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/07/19 21:11:32 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{1669EE96-67DB-40EE-9953-8A3AC66B1764}
[2012/07/19 21:11:10 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{C402BD79-E70D-453C-8B0B-FBD9435A32F7}
[2012/07/19 21:10:46 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{DD63D3C6-EEF4-411E-A516-90ABB7AB0E7D}
[2012/07/19 21:10:36 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{3B2B997A-4E8B-4136-825A-478C8A986987}
[2012/07/19 21:10:26 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{1838A1FC-E26D-4CE4-9366-16442E278F39}
[2012/07/19 21:10:03 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{E5AE4588-6A6C-4F80-BDDA-6E3D90D3A327}
[2012/07/18 16:53:37 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\Logitech-LS
[2012/07/09 17:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/07/01 18:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/07/01 18:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/07/01 00:46:50 | 000,000,000 | ---D | C] -- C:\Users\Goblin\Desktop\West Playlist
[2012/06/29 22:41:27 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Roaming\Motorola
[2012/06/29 22:36:05 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Inc
[2012/06/26 22:18:40 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{322FA743-3393-49F9-BF27-297B5F1B6022}
[2012/06/24 23:45:56 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{306760A2-8D70-4BEE-A773-4A80E89489EB}
[2012/06/24 23:43:04 | 000,000,000 | ---D | C] -- C:\Users\Goblin\AppData\Local\{373675BD-DCB8-46BD-92B4-DD8D36B70A3D}

========== Files - Modified Within 30 Days ==========

[2012/07/24 16:40:00 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{11C99D3A-08FE-4241-9D45-14B895A5BF78}.job
[2012/07/24 16:26:20 | 000,812,424 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/24 16:26:20 | 000,679,040 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/24 16:26:20 | 000,134,810 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/24 16:20:19 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/24 16:20:19 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/24 16:20:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/24 06:12:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/23 15:49:57 | 000,007,916 | ---- | M] () -- C:\Users\Goblin\AppData\Local\d3d9caps.dat
[2012/07/22 11:29:54 | 000,061,440 | ---- | M] ( ) -- C:\Users\Goblin\Desktop\VEW.exe
[2012/07/22 11:06:21 | 020,975,616 | ---- | M] () -- C:\Users\Goblin\Documents\application log.evtx
[2012/07/22 11:05:50 | 000,069,632 | ---- | M] () -- C:\Users\Goblin\Documents\System log 7-22.evtx
[2012/07/22 10:43:23 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/22 10:42:18 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Goblin\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/22 10:33:17 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Goblin\Desktop\tdsskiller.exe
[2012/07/22 10:17:17 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/22 09:24:33 | 004,582,474 | R--- | M] (Swearware) -- C:\Users\Goblin\Desktop\ComboFix.exe
[2012/07/22 08:55:25 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Goblin\Desktop\aswMBR.exe
[2012/07/21 23:14:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Goblin\Desktop\OTL.exe
[2012/07/21 21:44:25 | 000,114,176 | ---- | M] () -- C:\Users\Goblin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/11 21:29:40 | 000,327,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/08 12:08:27 | 2412,598,313 | ---- | M] () -- C:\Users\Goblin\Desktop\GO010082.MP4
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/01 18:23:31 | 000,001,460 | ---- | M] () -- C:\Users\Goblin\AppData\Local\d3d9caps64.dat
[2012/06/27 20:34:02 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForGoblin.job
[2012/06/26 16:36:17 | 3936,071,900 | ---- | M] () -- C:\Users\Goblin\Desktop\GOPR0082.MP4

========== Files Created - No Company Name ==========

[2012/07/22 11:29:54 | 000,061,440 | ---- | C] ( ) -- C:\Users\Goblin\Desktop\VEW.exe
[2012/07/22 11:06:21 | 020,975,616 | ---- | C] () -- C:\Users\Goblin\Documents\application log.evtx
[2012/07/22 11:04:49 | 000,069,632 | ---- | C] () -- C:\Users\Goblin\Documents\System log 7-22.evtx
[2012/07/22 10:43:23 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/22 09:39:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/22 09:39:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/22 09:39:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/22 09:39:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/22 09:39:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/13 16:25:59 | 000,007,916 | ---- | C] () -- C:\Users\Goblin\AppData\Local\d3d9caps.dat
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/05/09 23:14:03 | 057,963,681 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpSCAN0006.0
[2012/05/09 23:14:00 | 057,963,681 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpSCAN0006.JPG
[2012/04/14 09:09:39 | 000,156,862 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpRESAMPLED_2012-04-14_08-53-04_144.0
[2012/04/14 09:09:39 | 000,144,403 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpRESAMPLED_2012-04-14_08-53-04_144.JPG
[2011/12/11 13:04:31 | 000,631,641 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpTRUNKSHOW.JPG
[2011/12/11 13:04:30 | 002,354,424 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpTRUNKSHOW.0
[2011/10/01 14:27:57 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/10/01 14:27:56 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/04/25 18:44:59 | 000,001,778 | ---- | C] () -- C:\Users\Goblin\AppData\Roaming\Profile1.dat
[2011/04/25 18:44:59 | 000,001,770 | ---- | C] () -- C:\Users\Goblin\AppData\Roaming\Profile0.dat
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/12/28 16:02:48 | 000,000,108 | ---- | C] () -- C:\Windows\VSWizard.ini
[2010/10/15 19:37:33 | 000,000,064 | ---- | C] () -- C:\Users\Goblin\AppData\Local\Images.fl
[2010/05/19 20:11:24 | 000,001,460 | ---- | C] () -- C:\Users\Goblin\AppData\Local\d3d9caps64.dat
[2010/04/26 20:59:54 | 000,022,738 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpKARIZA3.JPG
[2009/12/12 15:13:15 | 000,000,760 | ---- | C] () -- C:\Users\Goblin\AppData\Roaming\setup_ldm.iss
[2009/11/02 22:34:22 | 000,000,082 | ---- | C] () -- C:\Users\Goblin\AppData\Local\X-Plane Installer.prf
[2009/09/07 00:21:56 | 000,000,394 | ---- | C] () -- C:\Users\Goblin\AppData\Roaming\wklnhst.dat
[2009/07/17 18:59:32 | 000,007,688 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpCORE SYNERGISTICS_navi.JPG
[2009/07/17 18:59:29 | 000,683,013 | ---- | C] () -- C:\Users\Goblin\AppData\Local\tmpCORE SYNERGISTICS.JPG
[2009/03/07 13:50:06 | 000,114,176 | ---- | C] () -- C:\Users\Goblin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/21 14:43:50 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/01/14 19:20:13 | 000,000,094 | ---- | C] () -- C:\Users\Goblin\AppData\Local\fusioncache.dat

========== LOP Check ==========

[2012/04/25 17:29:59 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\!minecrafts
[2012/03/19 23:10:37 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\.minecraft
[2012/02/21 20:58:58 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\.minecraft_xray
[2011/06/21 17:56:23 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\AtomZombieData
[2010/12/27 23:16:09 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Beat Hazard
[2009/04/14 22:35:32 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Braid
[2009/04/04 09:56:57 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Broken Rules
[2009/05/27 20:31:16 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Crayon Physics Deluxe
[2012/02/24 23:34:10 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\FVDToolbar
[2011/07/04 08:58:33 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\GridRunnerRev
[2011/03/14 20:48:51 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Highresolution Enterprises
[2011/10/30 18:30:02 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Kalypso Media
[2009/04/13 22:53:42 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Larva Mortus Demo
[2010/11/25 21:34:30 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Leadertech
[2012/05/02 22:55:25 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\LightFish
[2011/08/27 11:07:39 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\MinMaxGames
[2012/06/29 22:41:27 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Motorola
[2009/01/26 20:41:43 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Mount&Blade
[2012/06/25 20:01:59 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Mumble
[2011/10/01 13:30:51 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Origin
[2009/01/14 17:39:52 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\PictureMover
[2009/04/21 23:28:06 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Slam Dunk Studios, LLC
[2009/06/08 18:03:58 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Stardock
[2011/12/30 21:04:10 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\System
[2009/09/07 00:22:20 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Template
[2009/01/14 20:19:43 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Turbine
[2012/07/03 18:59:11 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\uTorrent
[2012/06/23 15:54:18 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\VSO
[2009/01/14 19:55:14 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\WildTangent
[2009/04/27 13:47:00 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\WinBatch
[2011/05/11 21:23:34 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\Windows Live Writer
[2011/12/30 21:05:15 | 000,000,000 | -HSD | M] -- C:\Users\Goblin\AppData\Roaming\wyUpdate AU
[2011/02/27 21:12:52 | 000,000,000 | ---D | M] -- C:\Users\Goblin\AppData\Roaming\ZombieDriver
[2012/07/24 06:40:59 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/07/24 16:40:00 | 000,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{11C99D3A-08FE-4241-9D45-14B895A5BF78}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Goblin\Desktop\GOPR0082.MP4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Goblin\Desktop\GO010082.MP4:TOC.WMV
@Alternate Data Stream - 184 bytes -> C:\ProgramData\Temp:D20FFA63

< End of report >

#13
Chucklebun

Posted 25 July 2012 - 09:29 AM

Member

Topic Starter
Member
94 posts

I used the computer for about two hours yesterday, some of which was web browsing - I didn't see any redirects.

#14
RKinner

Posted 25 July 2012 - 08:18 PM

Malware Expert

Expert
24,625 posts

I think we're done then.

You should update your Java and adobe flash files. I see you have FileHippo's update checker. If you run it you should get the latest or you can go to java.com and adobe.com. Just be carefully as both tend to add foistware like McAfee Security Scan, Yahoo Toolbar or similar. They always allow you to uncheck them before you start the download so take a few seconds to make sure they aren't going to tack some garbage on.

We need to cleanup System Restore:

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron