Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Trojan Horse removal

Started by Contrails12 , Aug 04 2012 03:36 PM

Please log in to reply

#1
Contrails12

Posted 04 August 2012 - 03:36 PM

Member

Member
12 posts

Please help! Here is my OTL file

OTL logfile created on: 8/4/2012 5:03:59 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\wangtang\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 44.69% Memory free
5.50 Gb Paging File | 3.32 Gb Available in Paging File | 60.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.01 Gb Total Space | 507.18 Gb Free Space | 86.85% Space Free | Partition Type: NTFS
Drive D: | 12.06 Gb Total Space | 1.48 Gb Free Space | 12.23% Space Free | Partition Type: NTFS
Drive E: | 629.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: WANGTANG-HP | User Name: wangtang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/04 16:17:54 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\wangtang\Desktop\OTL.exe
PRC - [2012/08/03 11:41:13 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/05/24 16:40:32 | 000,424,848 | ---- | M] () -- C:\Users\wangtang\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
PRC - [2012/05/10 14:13:12 | 000,149,248 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\wangtang\AppData\Local\Amazon\Cloud Drive\jre\bin\javaw.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/06/12 21:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/01/18 13:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2009/10/14 18:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2009/05/01 13:52:24 | 000,082,600 | ---- | M] (Lexmark International Inc.) -- C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe
PRC - [2009/05/01 13:52:22 | 000,291,496 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2400 Series\lxcrmon.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/24 16:40:32 | 000,424,848 | ---- | M] () -- C:\Users\wangtang\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/26 14:10:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/11/20 08:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 08:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010/01/18 13:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MOD - [2009/05/01 13:52:22 | 000,291,496 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2400 Series\lxcrmon.exe
MOD - [2006/08/08 15:54:18 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2400 Series\lxcrscw.dll
MOD - [2006/05/25 16:20:44 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2400 Series\iptk.dll
MOD - [2005/12/29 11:34:22 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2400 Series\lxcrdrec.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010/05/11 11:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2006/12/11 12:12:22 | 000,566,192 | ---- | M] ( ) [On_Demand | Stopped] -- C:\Windows\SysNative\lxcrcoms.exe -- (lxcr_device)
SRV - [2012/08/03 12:33:09 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/06/12 21:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/14 18:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/11 12:12:06 | 000,537,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\Windows\SysWOW64\lxcrcoms.exe -- (lxcr_device)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/03 12:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 12:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 12:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 12:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 12:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/03 12:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/05/20 15:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/05/11 11:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/11 10:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 11:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/03/04 10:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/06 00:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/06 00:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/11/08 17:29:52 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/11/08 17:29:40 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {826C6A44-1A96-40F1-A185-3490539C6676}
IE:64bit: - HKLM\..\SearchScopes\{3BA3D337-67DE-4A79-BB13-5DC4382C3654}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{826C6A44-1A96-40F1-A185-3490539C6676}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{89A86127-0479-4E22-98F3-87BD0C62A2E0}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{A6623E09-2E4F-4AD8-AE58-9AF7546B9570}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {826C6A44-1A96-40F1-A185-3490539C6676}
IE - HKLM\..\SearchScopes\{3BA3D337-67DE-4A79-BB13-5DC4382C3654}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{826C6A44-1A96-40F1-A185-3490539C6676}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{89A86127-0479-4E22-98F3-87BD0C62A2E0}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{A6623E09-2E4F-4AD8-AE58-9AF7546B9570}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3977939673-1193234365-4132706239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-3977939673-1193234365-4132706239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3977939673-1193234365-4132706239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3977939673-1193234365-4132706239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3977939673-1193234365-4132706239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3977939673-1193234365-4132706239-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3977939673-1193234365-4132706239-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3977939673-1193234365-4132706239-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-3977939673-1193234365-4132706239-1000\..\SearchScopes\{5B078AF6-A2C6-4194-B078-3DA1B9B630B9}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3977939673-1193234365-4132706239-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searc}
IE - HKU\S-1-5-21-3977939673-1193234365-4132706239-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....fr&d=2012-08-04 16:32:56&v=12.1.0.21&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3977939673-1193234365-4132706239-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3977939673-1193234365-4132706239-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

========== Chrome ==========

CHR - Extension: No name found = C:\Users\wangtang\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: No name found = C:\Users\wangtang\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: No name found = C:\Users\wangtang\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: No name found = C:\Users\wangtang\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: No name found = C:\Users\wangtang\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: No name found = C:\Users\wangtang\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.17.50_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-3977939673-1193234365-4132706239-1000\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKU\S-1-5-21-3977939673-1193234365-4132706239-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-3977939673-1193234365-4132706239-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [LXCRCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCRtime.DLL (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [lxcrmon.exe] C:\Program Files (x86)\Lexmark 2400 Series\lxcrmon.exe ()
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EzPrint] C:\Program Files (x86) (x86)\Lexmark 2400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [lxcrmon.exe] C:\Program Files (x86) (x86)\Lexmark 2400 Series\lxcrmon.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3977939673-1193234365-4132706239-1000..\Run: [Amazon Cloud Drive] C:\Users\wangtang\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\wangtang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...aploader_v6.cab (PopCapLoader Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2425B90-1496-4F9B-BCED-ABDF220FD239}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/05/27 00:45:29 | 000,000,042 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{4a8d9ab1-e21c-11df-bc5f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4a8d9ab1-e21c-11df-bc5f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\STUB.EXE -- [2003/02/17 16:10:16 | 000,024,576 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/04 16:43:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/04 16:18:34 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\wangtang\Desktop\aswMBR.exe
[2012/08/04 16:17:54 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\wangtang\Desktop\OTL.exe
[2012/08/04 15:58:04 | 000,000,000 | ---D | C] -- C:\Users\wangtang\AppData\Roaming\AVG2012
[2012/08/04 15:56:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/08/04 15:55:01 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/08/04 15:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/08/04 15:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/08/04 13:23:56 | 000,000,000 | ---D | C] -- C:\Users\wangtang\AppData\Local\HuluDesktop
[2012/08/04 13:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/08/04 13:17:38 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/08/04 13:17:37 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/08/04 13:17:31 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/08/04 13:17:29 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/04 13:17:26 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/08/04 13:17:24 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/08/04 13:17:03 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/08/04 13:17:03 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/04 13:02:24 | 000,000,000 | ---D | C] -- C:\Users\wangtang\AppData\Roaming\NewspaperDirect
[2012/08/04 12:55:23 | 000,000,000 | ---D | C] -- C:\Users\wangtang\AppData\Roaming\Mozilla
[2012/08/04 12:37:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/08/04 12:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/08/04 12:35:33 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/08/04 12:35:33 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/08/04 12:35:07 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/04 12:35:07 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/04 12:32:45 | 000,000,000 | ---D | C] -- C:\Users\wangtang\Desktop\Computer Protection
[2012/08/04 12:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/07/27 12:11:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/07/27 12:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/07/27 12:11:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/07/27 12:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/07/27 11:56:10 | 000,000,000 | ---D | C] -- C:\Users\wangtang\Documents\Amazon MP3
[2012/07/27 11:56:10 | 000,000,000 | ---D | C] -- C:\Users\wangtang\AppData\Roaming\Amazon
[2012/07/27 11:54:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2012/07/14 01:11:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/07/14 01:01:32 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/13 22:28:13 | 000,000,000 | ---D | C] -- C:\Users\wangtang\AppData\Roaming\Malwarebytes
[2012/07/13 22:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/13 22:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/13 22:28:04 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/13 22:28:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/12 03:02:33 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/12 03:02:33 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/12 03:02:32 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/12 03:02:32 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/12 03:02:30 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/12 03:02:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/12 03:02:30 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/12 03:02:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/12 03:02:28 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/12 03:02:28 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/12 03:02:28 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/12 03:02:27 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/12 03:02:27 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/11 03:01:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/11 03:01:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/11 03:01:45 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/11 03:01:40 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/11 03:01:38 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/10 16:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\Google

========== Files - Modified Within 30 Days ==========

[2012/08/04 16:53:16 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/04 16:53:16 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/04 16:45:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/04 16:45:40 | 2214,027,264 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/04 16:33:07 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/04 16:20:00 | 001,552,896 | ---- | M] () -- C:\Users\wangtang\Desktop\RogueKiller.exe
[2012/08/04 16:18:55 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\wangtang\Desktop\aswMBR.exe
[2012/08/04 16:17:54 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\wangtang\Desktop\OTL.exe
[2012/08/04 16:08:45 | 000,027,520 | ---- | M] () -- C:\Users\wangtang\AppData\Local\dt.dat
[2012/08/04 13:17:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/08/04 13:12:24 | 000,299,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/04 13:01:17 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/04 13:01:17 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/04 12:35:00 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/04 12:35:00 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/03 12:33:09 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/03 12:33:09 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/30 16:02:33 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForwangtang.job
[2012/07/27 12:11:58 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/27 11:54:07 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk
[2012/07/16 21:40:34 | 000,727,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/05 22:06:48 | 000,227,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/07/05 22:06:30 | 000,772,544 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/07/05 22:06:20 | 000,687,544 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll

========== Files Created - No Company Name ==========

[2012/08/04 16:44:45 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{27d5b302-6bb6-22ad-3f89-0a73dd86941d}\U\00000008.@
[2012/08/04 16:39:53 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{27d5b302-6bb6-22ad-3f89-0a73dd86941d}\U\80000000.@
[2012/08/04 16:39:53 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{27d5b302-6bb6-22ad-3f89-0a73dd86941d}\U\00000004.@
[2012/08/04 16:19:59 | 001,552,896 | ---- | C] () -- C:\Users\wangtang\Desktop\RogueKiller.exe
[2012/08/04 16:08:45 | 000,027,520 | ---- | C] () -- C:\Users\wangtang\AppData\Local\dt.dat
[2012/07/27 12:11:58 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/27 11:54:07 | 000,002,217 | ---- | C] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk
[2012/07/14 00:48:52 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{27d5b302-6bb6-22ad-3f89-0a73dd86941d}\L\00000004.@
[2012/07/05 09:58:16 | 000,102,248 | ---- | C] () -- C:\Users\wangtang\GoToAssistDownloadHelper.exe
[2012/05/07 11:32:56 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrinpa.dll
[2012/05/07 11:32:56 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcrcomx.dll
[2012/05/07 11:32:56 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCRinst.dll
[2012/05/07 11:32:55 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrusb1.dll
[2012/05/07 11:32:55 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrpmui.dll
[2012/05/07 11:32:55 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcriesc.dll
[2012/05/07 11:32:54 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrserv.dll
[2012/05/07 11:32:54 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrcomc.dll
[2012/05/07 11:32:54 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrlmpm.dll
[2012/05/07 11:32:54 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrcoms.exe
[2012/05/07 11:32:54 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrcomm.dll
[2012/05/07 11:32:54 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrih.exe
[2012/05/07 11:32:54 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrppls.exe
[2012/05/07 11:32:54 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrprox.dll
[2012/05/07 11:32:54 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrpplc.dll
[2012/01/31 18:11:06 | 000,000,000 | ---- | C] () -- C:\Users\wangtang\AppData\Local\{ED749F5A-0DEF-42BF-B5D4-DB3D92B0C89D}
[2012/01/31 05:40:06 | 000,000,000 | ---- | C] () -- C:\Users\wangtang\AppData\Local\{12FEB10C-9B2E-416A-AB03-C209D8B545A3}
[2012/01/11 14:17:53 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{27d5b302-6bb6-22ad-3f89-0a73dd86941d}\@
[2012/01/11 14:17:53 | 000,002,048 | -HS- | C] () -- C:\Users\wangtang\AppData\Local\{27d5b302-6bb6-22ad-3f89-0a73dd86941d}\@
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/05/18 15:36:19 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/16 09:59:14 | 000,001,854 | ---- | C] () -- C:\Users\wangtang\AppData\Roaming\GhostObjGAFix.xml
[2011/03/28 12:50:51 | 000,004,608 | ---- | C] () -- C:\Users\wangtang\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/23 15:38:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/26 14:45:51 | 000,000,658 | ---- | C] () -- C:\Users\wangtang\wangtang - Shortcut.lnk
[2010/10/27 17:16:47 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/10/27 16:20:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2010/10/27 17:05:54 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/10/27 17:08:03 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/10/27 17:05:54 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/10/27 17:04:04 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/10/27 17:08:03 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/10/27 17:04:04 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/10/27 17:08:03 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/10/27 17:04:04 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/10/27 17:08:03 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/10/27 17:05:54 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/10/27 17:04:04 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/10/27 17:05:54 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/04/04 01:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=014A9CB92514E27C0107614DF764BC06 -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2012/07/29 08:21:34 | 000,000,351 | ---- | M] () MD5=A73E92E82949F07BF19B5D074EE3E81A -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SR9KC4X6\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.RDB >
[2011/01/17 18:52:22 | 000,237,568 | ---- | M] () MD5=507957679AE4579C15D57FA741EA6FFA -- C:\Program Files (x86)\OpenOffice.org 3\URE\misc\services.rdb
[2011/01/17 18:51:48 | 005,539,328 | ---- | M] () MD5=F2B666905F7FDAA80C86A101A7DE62F9 -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\services.rdb

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/10/27 17:08:03 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/10/27 17:08:03 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:9033BDFB

< End of report >

Attached Files

OTL.Txt 112.28KB 56 downloads

Edited by Contrails12, 04 August 2012 - 03:38 PM.

#2
RKinner

Posted 04 August 2012 - 03:56 PM

Malware Expert

Expert
24,624 posts

This is the latest zero Access infection.

Copy the text in the code box by highlighting and Ctrl + c


:OTL
[2012/07/14 01:01:32 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

:files
reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters %userprofile%\Desktop\winsock2.reg /c
C:\Windows\Installer\{27d5b302-6bb6-22ad-3f89-0a73dd86941d}
C:\Users\wangtang\AppData\Local\{ED749F5A-0DEF-42BF-B5D4-DB3D92B0C89D}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\SysNative\services.exe|C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

:reg
[HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
""="%systemroot%\system32\wbem\wbemess.dll"
[-HKCU\Software\Classes\clsid\{27d5b302-6bb6-22ad-3f89-0a73dd86941d}]

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. This will also create a file winsock2.reg on your desktop. It is an insurance file. If you can't get on the Internet after the fix, try right clicking on the winsock2.reg and Merge then reboot. If that doesn't help then do a System Restore.

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Right click on TDSSKiller.exe and select Run As Administrator to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron

#3
Contrails12

Posted 05 August 2012 - 01:38 PM

Member

Topic Starter
Member
12 posts

ComboFix 12-08-05.02 - wangtang 08/04/2012 19:06:47.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1830 [GMT -4:00]
Running from: c:\users\wangtang\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\wangtang\GoToAssistDownloadHelper.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-04 to 2012-08-04 )))))))))))))))))))))))))))))))
.
.
2012-08-04 23:13 . 2012-08-04 23:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-04 22:53 . 2012-08-04 22:53 -------- d-----w- C:\_OTL
2012-08-04 21:47 . 2012-08-04 21:47 -------- d-----w- c:\windows\PCHEALTH
2012-08-04 21:44 . 2012-08-04 21:44 -------- d-----w- c:\program files\Microsoft Office
2012-08-04 21:44 . 2012-08-04 21:44 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-08-04 21:43 . 2012-08-04 21:43 -------- d-----r- C:\MSOCache
2012-08-04 19:58 . 2012-08-04 19:58 -------- d-----w- c:\users\wangtang\AppData\Roaming\AVG2012
2012-08-04 19:55 . 2012-08-04 20:44 -------- d-----w- C:\$AVG
2012-08-04 19:55 . 2012-08-04 20:45 -------- d-----w- c:\programdata\AVG2012
2012-08-04 19:51 . 2012-08-04 20:44 -------- d-----w- c:\programdata\MFAData
2012-08-04 17:23 . 2012-08-04 17:23 -------- d-----w- c:\users\wangtang\AppData\Local\HuluDesktop
2012-08-04 17:17 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-04 17:17 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-04 17:17 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-04 17:17 . 2012-07-03 16:21 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-04 17:17 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-04 17:17 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-04 17:17 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-08-04 17:17 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-04 17:02 . 2012-08-04 17:02 -------- d-----w- c:\users\wangtang\AppData\Roaming\NewspaperDirect
2012-08-04 16:37 . 2012-08-04 16:37 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-04 16:36 . 2012-08-04 16:36 -------- d-----w- c:\program files (x86)\Oracle
2012-08-04 16:35 . 2012-07-06 02:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-04 16:32 . 2012-08-04 16:32 -------- d-----w- c:\programdata\McAfee
2012-07-27 16:11 . 2012-07-27 16:11 -------- d-----w- c:\program files\iTunes
2012-07-27 16:11 . 2012-07-27 16:11 -------- d-----w- c:\program files (x86)\iTunes
2012-07-27 16:11 . 2012-07-27 16:11 -------- d-----w- c:\program files\iPod
2012-07-27 15:56 . 2012-07-27 15:56 -------- d-----w- c:\users\wangtang\AppData\Roaming\Amazon
2012-07-14 05:11 . 2012-07-14 05:11 -------- d--h--w- c:\programdata\Common Files
2012-07-14 02:28 . 2012-07-14 02:28 -------- d-----w- c:\users\wangtang\AppData\Roaming\Malwarebytes
2012-07-14 02:28 . 2012-07-14 02:28 -------- d-----w- c:\programdata\Malwarebytes
2012-07-14 02:28 . 2012-07-14 02:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-14 02:28 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-12 07:08 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 07:01 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 20:41 . 2012-08-04 18:55 -------- d-----w- c:\program files\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 16:33 . 2012-04-11 11:17 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 16:33 . 2011-06-11 14:19 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 07:03 . 2011-11-17 20:40 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-06 02:06 . 2011-12-13 18:14 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-03 16:21 . 2011-01-26 06:13 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-02 22:19 . 2012-06-22 01:29 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 01:30 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 01:30 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 01:30 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 01:29 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 01:30 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 01:29 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-22 01:29 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-22 01:29 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 04:04 . 2012-07-12 07:14 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B2FA2068-20C9-4579-9F6D-5B8E4577D3E8}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-03 17417392]
"Amazon Cloud Drive"="c:\users\wangtang\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe" [2012-05-24 424848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"lxcrmon.exe"="c:\program files (x86) (x86)\Lexmark 2400 Series\lxcrmon.exe" [2009-05-01 291496]
"EzPrint"="c:\program files (x86) (x86)\Lexmark 2400 Series\ezprint.exe" [2009-05-01 82600]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-6-17 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-26 1255736]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-11 203264]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-11-08 517632]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-11 6790656]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-11 221184]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 36720]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 16:33]
.
2012-07-30 c:\windows\Tasks\HPCeeScheduleForwangtang.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
"lxcrmon.exe"="c:\program files (x86)\Lexmark 2400 Series\lxcrmon.exe" [2009-05-01 291496]
"EzPrint"="c:\program files (x86)\Lexmark 2400 Series\ezprint.exe" [2009-05-01 82600]
"LXCRCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCRtime.dll" [2006-11-21 31744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.254
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
.
**************************************************************************
.
Completion time: 2012-08-04 19:23:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-04 23:23
.
Pre-Run: 542,883,700,736 bytes free
Post-Run: 542,793,027,584 bytes free
.
- - End Of File - - E2D45CF26822912BA439F589896B7D91

#4
Contrails12

Posted 05 August 2012 - 01:39 PM

Member

Topic Starter
Member
12 posts

15:13:48.0681 3644 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
15:13:49.0071 3644 ============================================================
15:13:49.0071 3644 Current date / time: 2012/08/05 15:13:49.0071
15:13:49.0071 3644 SystemInfo:
15:13:49.0071 3644
15:13:49.0071 3644 OS Version: 6.1.7601 ServicePack: 1.0
15:13:49.0071 3644 Product type: Workstation
15:13:49.0071 3644 ComputerName: WANGTANG-HP
15:13:49.0071 3644 UserName: wangtang
15:13:49.0071 3644 Windows directory: C:\Windows
15:13:49.0071 3644 System windows directory: C:\Windows
15:13:49.0071 3644 Running under WOW64
15:13:49.0071 3644 Processor architecture: Intel x64
15:13:49.0071 3644 Number of processors: 2
15:13:49.0071 3644 Page size: 0x1000
15:13:49.0071 3644 Boot type: Normal boot
15:13:49.0071 3644 ============================================================
15:13:49.0965 3644 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:13:49.0985 3644 ============================================================
15:13:49.0985 3644 \Device\Harddisk0\DR0:
15:13:50.0005 3644 MBR partitions:
15:13:50.0005 3644 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:13:50.0005 3644 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x49004000
15:13:50.0005 3644 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x49036800, BlocksNum 0x1821000
15:13:50.0005 3644 ============================================================
15:13:50.0055 3644 C: <-> \Device\Harddisk0\DR0\Partition1
15:13:50.0105 3644 D: <-> \Device\Harddisk0\DR0\Partition2
15:13:50.0105 3644 ============================================================
15:13:50.0105 3644 Initialize success
15:13:50.0105 3644 ============================================================
15:13:55.0267 4572 ============================================================
15:13:55.0267 4572 Scan started
15:13:55.0267 4572 Mode: Manual;
15:13:55.0267 4572 ============================================================
15:13:56.0207 4572 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:13:56.0217 4572 1394ohci - ok
15:13:56.0277 4572 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:13:56.0287 4572 ACPI - ok
15:13:56.0317 4572 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:13:56.0317 4572 AcpiPmi - ok
15:13:56.0427 4572 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:13:56.0437 4572 AdobeARMservice - ok
15:13:56.0577 4572 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:13:56.0617 4572 AdobeFlashPlayerUpdateSvc - ok
15:13:56.0697 4572 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:13:56.0707 4572 adp94xx - ok
15:13:56.0757 4572 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:13:56.0767 4572 adpahci - ok
15:13:56.0797 4572 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:13:56.0807 4572 adpu320 - ok
15:13:56.0837 4572 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:13:56.0837 4572 AeLookupSvc - ok
15:13:56.0917 4572 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:13:56.0927 4572 AFD - ok
15:13:56.0977 4572 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:13:56.0987 4572 agp440 - ok
15:13:57.0007 4572 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:13:57.0027 4572 ALG - ok
15:13:57.0057 4572 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:13:57.0057 4572 aliide - ok
15:13:57.0097 4572 AMD External Events Utility (ca0d6c1390f4b3baf2a0a69d1a7f8332) C:\Windows\system32\atiesrxx.exe
15:13:57.0117 4572 AMD External Events Utility - ok
15:13:57.0137 4572 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:13:57.0137 4572 amdide - ok
15:13:57.0157 4572 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:13:57.0167 4572 AmdK8 - ok
15:13:57.0818 4572 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys
15:13:57.0888 4572 amdkmdag - ok
15:13:58.0008 4572 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys
15:13:58.0018 4572 amdkmdap - ok
15:13:58.0058 4572 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:13:58.0058 4572 AmdPPM - ok
15:13:58.0088 4572 amdsata (f747497a0ee5498f79b207f215b3d2d8) C:\Windows\system32\DRIVERS\amdsata.sys
15:13:58.0088 4572 amdsata - ok
15:13:58.0138 4572 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:13:58.0138 4572 amdsbs - ok
15:13:58.0158 4572 amdxata (2946d695e158615baaa16248e63c7adb) C:\Windows\system32\DRIVERS\amdxata.sys
15:13:58.0158 4572 amdxata - ok
15:13:58.0198 4572 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:13:58.0208 4572 AppID - ok
15:13:58.0229 4572 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:13:58.0229 4572 AppIDSvc - ok
15:13:58.0259 4572 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:13:58.0259 4572 Appinfo - ok
15:13:58.0369 4572 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:13:58.0369 4572 Apple Mobile Device - ok
15:13:58.0419 4572 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:13:58.0429 4572 arc - ok
15:13:58.0449 4572 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:13:58.0459 4572 arcsas - ok
15:13:58.0489 4572 aswFsBlk (df59b8e8df0bd2e0e303778a3806a17d) C:\Windows\system32\drivers\aswFsBlk.sys
15:13:58.0499 4572 aswFsBlk - ok
15:13:58.0559 4572 aswMonFlt (f8e6ab4f876feff69250f2e0c29ef004) C:\Windows\system32\drivers\aswMonFlt.sys
15:13:58.0579 4572 aswMonFlt - ok
15:13:58.0629 4572 aswRdr (aa92bc4bcba40ca3aa3ffd1be24f0c09) C:\Windows\System32\Drivers\aswrdr2.sys
15:13:58.0639 4572 aswRdr - ok
15:13:58.0761 4572 aswSnx (f06e230e1e8ca9437a6474b7b551cd37) C:\Windows\system32\drivers\aswSnx.sys
15:13:58.0771 4572 aswSnx - ok
15:13:58.0811 4572 aswSP (3610ca74a69e380424f0452dec5c1317) C:\Windows\system32\drivers\aswSP.sys
15:13:58.0811 4572 aswSP - ok
15:13:58.0851 4572 aswTdi (87de3e31cb0091d22351349869324065) C:\Windows\system32\drivers\aswTdi.sys
15:13:58.0851 4572 aswTdi - ok
15:13:58.0891 4572 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:13:58.0891 4572 AsyncMac - ok
15:13:58.0941 4572 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:13:58.0941 4572 atapi - ok
15:13:58.0971 4572 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
15:13:58.0981 4572 AtiPcie - ok
15:13:59.0071 4572 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:13:59.0081 4572 AudioEndpointBuilder - ok
15:13:59.0091 4572 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:13:59.0101 4572 AudioSrv - ok
15:13:59.0211 4572 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:13:59.0211 4572 avast! Antivirus - ok
15:13:59.0271 4572 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:13:59.0281 4572 AxInstSV - ok
15:13:59.0341 4572 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:13:59.0351 4572 b06bdrv - ok
15:13:59.0381 4572 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:13:59.0391 4572 b57nd60a - ok
15:13:59.0441 4572 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:13:59.0451 4572 BDESVC - ok
15:13:59.0471 4572 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:13:59.0471 4572 Beep - ok
15:13:59.0591 4572 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:13:59.0611 4572 BFE - ok
15:13:59.0651 4572 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:13:59.0651 4572 blbdrive - ok
15:13:59.0811 4572 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:13:59.0811 4572 Bonjour Service - ok
15:13:59.0901 4572 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:13:59.0911 4572 bowser - ok
15:13:59.0931 4572 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:13:59.0931 4572 BrFiltLo - ok
15:13:59.0941 4572 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:13:59.0941 4572 BrFiltUp - ok
15:13:59.0971 4572 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:13:59.0981 4572 BridgeMP - ok
15:14:00.0021 4572 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:14:00.0021 4572 Browser - ok
15:14:00.0061 4572 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:14:00.0081 4572 Brserid - ok
15:14:00.0081 4572 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:14:00.0091 4572 BrSerWdm - ok
15:14:00.0091 4572 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:14:00.0091 4572 BrUsbMdm - ok
15:14:00.0111 4572 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:14:00.0111 4572 BrUsbSer - ok
15:14:00.0121 4572 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:14:00.0121 4572 BTHMODEM - ok
15:14:00.0161 4572 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:14:00.0181 4572 bthserv - ok
15:14:00.0191 4572 catchme - ok
15:14:00.0221 4572 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:14:00.0221 4572 cdfs - ok
15:14:00.0291 4572 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:14:00.0291 4572 cdrom - ok
15:14:00.0341 4572 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:14:00.0351 4572 CertPropSvc - ok
15:14:00.0451 4572 CinemaNow Service (ea3333db9ab03106eec0d6d9d487ed01) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
15:14:00.0461 4572 CinemaNow Service - ok
15:14:00.0481 4572 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:14:00.0481 4572 circlass - ok
15:14:00.0551 4572 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:14:00.0571 4572 CLFS - ok
15:14:00.0721 4572 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:14:00.0731 4572 clr_optimization_v2.0.50727_32 - ok
15:14:00.0781 4572 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:14:00.0801 4572 clr_optimization_v2.0.50727_64 - ok
15:14:00.0891 4572 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:14:00.0891 4572 clr_optimization_v4.0.30319_32 - ok
15:14:00.0961 4572 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:14:00.0971 4572 clr_optimization_v4.0.30319_64 - ok
15:14:01.0021 4572 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:14:01.0021 4572 CmBatt - ok
15:14:01.0051 4572 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:14:01.0051 4572 cmdide - ok
15:14:01.0141 4572 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
15:14:01.0151 4572 CNG - ok
15:14:01.0161 4572 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:14:01.0161 4572 Compbatt - ok
15:14:01.0211 4572 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:14:01.0211 4572 CompositeBus - ok
15:14:01.0231 4572 COMSysApp - ok
15:14:01.0241 4572 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:14:01.0241 4572 crcdisk - ok
15:14:01.0301 4572 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
15:14:01.0311 4572 CryptSvc - ok
15:14:01.0381 4572 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:14:01.0391 4572 DcomLaunch - ok
15:14:01.0441 4572 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:14:01.0441 4572 defragsvc - ok
15:14:01.0491 4572 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:14:01.0501 4572 DfsC - ok
15:14:01.0561 4572 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:14:01.0571 4572 Dhcp - ok
15:14:01.0591 4572 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:14:01.0601 4572 discache - ok
15:14:01.0631 4572 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:14:01.0631 4572 Disk - ok
15:14:01.0681 4572 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:14:01.0691 4572 Dnscache - ok
15:14:01.0751 4572 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:14:01.0771 4572 dot3svc - ok
15:14:01.0821 4572 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:14:01.0831 4572 DPS - ok
15:14:01.0861 4572 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:14:01.0861 4572 drmkaud - ok
15:14:01.0981 4572 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:14:02.0001 4572 DXGKrnl - ok
15:14:02.0041 4572 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:14:02.0061 4572 EapHost - ok
15:14:02.0331 4572 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:14:02.0371 4572 ebdrv - ok
15:14:02.0501 4572 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:14:02.0521 4572 EFS - ok
15:14:02.0621 4572 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:14:02.0641 4572 ehRecvr - ok
15:14:02.0671 4572 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:14:02.0681 4572 ehSched - ok
15:14:02.0781 4572 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:14:02.0801 4572 elxstor - ok
15:14:02.0821 4572 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:14:02.0821 4572 ErrDev - ok
15:14:02.0891 4572 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:14:02.0911 4572 EventSystem - ok
15:14:02.0941 4572 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:14:02.0961 4572 exfat - ok
15:14:02.0981 4572 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:14:03.0001 4572 fastfat - ok
15:14:03.0101 4572 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:14:03.0111 4572 Fax - ok
15:14:03.0131 4572 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:14:03.0131 4572 fdc - ok
15:14:03.0151 4572 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:14:03.0151 4572 fdPHost - ok
15:14:03.0161 4572 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:14:03.0161 4572 FDResPub - ok
15:14:03.0191 4572 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:14:03.0191 4572 FileInfo - ok
15:14:03.0201 4572 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:14:03.0201 4572 Filetrace - ok
15:14:03.0211 4572 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:14:03.0211 4572 flpydisk - ok
15:14:03.0271 4572 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:14:03.0281 4572 FltMgr - ok
15:14:03.0431 4572 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:14:03.0451 4572 FontCache - ok
15:14:03.0501 4572 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:14:03.0501 4572 FontCache3.0.0.0 - ok
15:14:03.0531 4572 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:14:03.0541 4572 FsDepends - ok
15:14:03.0581 4572 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:14:03.0581 4572 Fs_Rec - ok
15:14:03.0641 4572 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:14:03.0651 4572 fvevol - ok
15:14:03.0671 4572 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:14:03.0681 4572 gagp30kx - ok
15:14:03.0751 4572 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:14:03.0751 4572 GEARAspiWDM - ok
15:14:03.0881 4572 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:14:03.0911 4572 gpsvc - ok
15:14:04.0001 4572 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:14:04.0021 4572 gusvc - ok
15:14:04.0041 4572 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:14:04.0041 4572 hcw85cir - ok
15:14:04.0121 4572 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:14:04.0131 4572 HdAudAddService - ok
15:14:04.0181 4572 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:14:04.0181 4572 HDAudBus - ok
15:14:04.0211 4572 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:14:04.0211 4572 HidBatt - ok
15:14:04.0221 4572 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:14:04.0221 4572 HidBth - ok
15:14:04.0231 4572 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:14:04.0241 4572 HidIr - ok
15:14:04.0261 4572 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:14:04.0261 4572 hidserv - ok
15:14:04.0291 4572 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:14:04.0291 4572 HidUsb - ok
15:14:04.0331 4572 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:14:04.0341 4572 hkmsvc - ok
15:14:04.0391 4572 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:14:04.0401 4572 HomeGroupListener - ok
15:14:04.0451 4572 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:14:04.0461 4572 HomeGroupProvider - ok
15:14:04.0551 4572 HP Support Assistant Service - ok
15:14:04.0561 4572 hpqwmiex - ok
15:14:04.0621 4572 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:14:04.0631 4572 HpSAMD - ok
15:14:04.0731 4572 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:14:04.0751 4572 HTTP - ok
15:14:04.0781 4572 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:14:04.0781 4572 hwpolicy - ok
15:14:04.0821 4572 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:14:04.0831 4572 i8042prt - ok
15:14:04.0901 4572 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:14:04.0911 4572 iaStorV - ok
15:14:05.0071 4572 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:14:05.0091 4572 idsvc - ok
15:14:05.0161 4572 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:14:05.0161 4572 iirsp - ok
15:14:05.0261 4572 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:14:05.0281 4572 IKEEXT - ok
15:14:05.0511 4572 IntcAzAudAddService (2b888bbdf6962e608a5e1a1d7a626adf) C:\Windows\system32\drivers\RTKVHD64.sys
15:14:05.0541 4572 IntcAzAudAddService - ok
15:14:05.0681 4572 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:14:05.0681 4572 intelide - ok
15:14:05.0711 4572 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:14:05.0711 4572 intelppm - ok
15:14:05.0901 4572 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:14:05.0911 4572 IPBusEnum - ok
15:14:05.0941 4572 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:14:05.0951 4572 IpFilterDriver - ok
15:14:06.0081 4572 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:14:06.0091 4572 iphlpsvc - ok
15:14:06.0141 4572 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:14:06.0141 4572 IPMIDRV - ok
15:14:06.0171 4572 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:14:06.0171 4572 IPNAT - ok
15:14:06.0371 4572 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
15:14:06.0381 4572 iPod Service - ok
15:14:06.0411 4572 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:14:06.0411 4572 IRENUM - ok
15:14:06.0441 4572 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:14:06.0451 4572 isapnp - ok
15:14:06.0491 4572 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:14:06.0501 4572 iScsiPrt - ok
15:14:06.0531 4572 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:14:06.0531 4572 kbdclass - ok
15:14:06.0561 4572 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:14:06.0571 4572 kbdhid - ok
15:14:06.0611 4572 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:14:06.0621 4572 KeyIso - ok
15:14:06.0661 4572 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
15:14:06.0671 4572 KSecDD - ok
15:14:06.0711 4572 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
15:14:06.0721 4572 KSecPkg - ok
15:14:06.0751 4572 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:14:06.0751 4572 ksthunk - ok
15:14:06.0801 4572 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:14:06.0811 4572 KtmRm - ok
15:14:06.0871 4572 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
15:14:06.0881 4572 LanmanServer - ok
15:14:06.0931 4572 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:14:06.0981 4572 LanmanWorkstation - ok
15:14:07.0161 4572 LightScribeService (7550d101bf49fdb1f92666a233ee36c4) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:14:07.0161 4572 LightScribeService - ok
15:14:07.0231 4572 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:14:07.0231 4572 lltdio - ok
15:14:07.0311 4572 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:14:07.0331 4572 lltdsvc - ok
15:14:07.0351 4572 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:14:07.0361 4572 lmhosts - ok
15:14:07.0391 4572 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:14:07.0401 4572 LSI_FC - ok
15:14:07.0421 4572 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:14:07.0431 4572 LSI_SAS - ok
15:14:07.0441 4572 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:14:07.0441 4572 LSI_SAS2 - ok
15:14:07.0461 4572 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:14:07.0481 4572 LSI_SCSI - ok
15:14:07.0511 4572 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:14:07.0521 4572 luafv - ok
15:14:07.0541 4572 lxcr_device - ok
15:14:07.0621 4572 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
15:14:07.0631 4572 McciCMService - ok
15:14:07.0791 4572 McciCMService64 (be3d584d7c021eb7d89166eecb83c341) C:\Program Files\Common Files\Motive\McciCMService.exe
15:14:07.0791 4572 McciCMService64 - ok
15:14:07.0913 4572 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:14:07.0913 4572 Mcx2Svc - ok
15:14:07.0923 4572 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:14:07.0923 4572 megasas - ok
15:14:07.0943 4572 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:14:07.0943 4572 MegaSR - ok
15:14:07.0973 4572 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:14:07.0983 4572 MMCSS - ok
15:14:07.0993 4572 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:14:07.0993 4572 Modem - ok
15:14:08.0033 4572 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:14:08.0033 4572 monitor - ok
15:14:08.0073 4572 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
15:14:08.0073 4572 mouclass - ok
15:14:08.0083 4572 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:14:08.0083 4572 mouhid - ok
15:14:08.0133 4572 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:14:08.0133 4572 mountmgr - ok
15:14:08.0183 4572 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:14:08.0203 4572 mpio - ok
15:14:08.0223 4572 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:14:08.0233 4572 mpsdrv - ok
15:14:08.0353 4572 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:14:08.0383 4572 MpsSvc - ok
15:14:08.0553 4572 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
15:14:08.0553 4572 MREMP50 - ok
15:14:08.0613 4572 MREMP50a64 - ok
15:14:08.0623 4572 MREMPR5 - ok
15:14:08.0633 4572 MRENDIS5 - ok
15:14:08.0673 4572 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
15:14:08.0673 4572 MRESP50 - ok
15:14:08.0673 4572 MRESP50a64 - ok
15:14:08.0713 4572 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:14:08.0723 4572 MRxDAV - ok
15:14:08.0763 4572 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:14:08.0773 4572 mrxsmb - ok
15:14:08.0813 4572 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:14:08.0823 4572 mrxsmb10 - ok
15:14:08.0843 4572 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:14:08.0853 4572 mrxsmb20 - ok
15:14:08.0883 4572 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:14:08.0883 4572 msahci - ok
15:14:08.0923 4572 MSCamSvc (a592a054d78750b4d73abaa4c94decdf) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
15:14:08.0943 4572 MSCamSvc - ok
15:14:08.0983 4572 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:14:08.0993 4572 msdsm - ok
15:14:09.0033 4572 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:14:09.0033 4572 MSDTC - ok
15:14:09.0063 4572 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:14:09.0063 4572 Msfs - ok
15:14:09.0083 4572 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:14:09.0083 4572 mshidkmdf - ok
15:14:09.0113 4572 MSHUSBVideo (55218f924e55fd2786ed40edf4ed79c3) C:\Windows\system32\Drivers\nx6000.sys
15:14:09.0113 4572 MSHUSBVideo - ok
15:14:09.0153 4572 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:14:09.0153 4572 msisadrv - ok
15:14:09.0213 4572 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:14:09.0243 4572 MSiSCSI - ok
15:14:09.0253 4572 msiserver - ok
15:14:09.0283 4572 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:14:09.0283 4572 MSKSSRV - ok
15:14:09.0303 4572 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:14:09.0303 4572 MSPCLOCK - ok
15:14:09.0313 4572 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:14:09.0313 4572 MSPQM - ok
15:14:09.0373 4572 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:14:09.0373 4572 MsRPC - ok
15:14:09.0393 4572 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:14:09.0393 4572 mssmbios - ok
15:14:09.0403 4572 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:14:09.0403 4572 MSTEE - ok
15:14:09.0413 4572 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:14:09.0413 4572 MTConfig - ok
15:14:09.0433 4572 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:14:09.0443 4572 Mup - ok
15:14:09.0513 4572 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:14:09.0533 4572 napagent - ok
15:14:09.0573 4572 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:14:09.0613 4572 NativeWifiP - ok
15:14:09.0733 4572 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:14:09.0753 4572 NDIS - ok
15:14:09.0783 4572 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:14:09.0783 4572 NdisCap - ok
15:14:09.0813 4572 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:14:09.0813 4572 NdisTapi - ok
15:14:09.0843 4572 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:14:09.0853 4572 Ndisuio - ok
15:14:09.0893 4572 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:14:09.0893 4572 NdisWan - ok
15:14:09.0923 4572 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:14:09.0923 4572 NDProxy - ok
15:14:09.0943 4572 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:14:09.0943 4572 NetBIOS - ok
15:14:09.0983 4572 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:14:09.0993 4572 NetBT - ok
15:14:10.0023 4572 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:14:10.0033 4572 Netlogon - ok
15:14:10.0093 4572 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:14:10.0103 4572 Netman - ok
15:14:10.0143 4572 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:14:10.0153 4572 netprofm - ok
15:14:10.0223 4572 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:14:10.0233 4572 NetTcpPortSharing - ok
15:14:10.0263 4572 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:14:10.0263 4572 nfrd960 - ok
15:14:10.0313 4572 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:14:10.0323 4572 NlaSvc - ok
15:14:10.0343 4572 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:14:10.0343 4572 Npfs - ok
15:14:10.0353 4572 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:14:10.0363 4572 nsi - ok
15:14:10.0373 4572 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:14:10.0373 4572 nsiproxy - ok
15:14:10.0573 4572 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:14:10.0593 4572 Ntfs - ok
15:14:10.0713 4572 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:14:10.0713 4572 Null - ok
15:14:10.0763 4572 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:14:10.0773 4572 nvraid - ok
15:14:10.0813 4572 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:14:10.0813 4572 nvstor - ok
15:14:10.0873 4572 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:14:10.0873 4572 nv_agp - ok
15:14:10.0993 4572 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:14:11.0033 4572 ohci1394 - ok
15:14:11.0213 4572 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:14:11.0223 4572 ose - ok
15:14:11.0793 4572 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:14:11.0863 4572 osppsvc - ok
15:14:12.0193 4572 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:14:12.0213 4572 p2pimsvc - ok
15:14:12.0274 4572 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:14:12.0284 4572 p2psvc - ok
15:14:12.0344 4572 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:14:12.0344 4572 Parport - ok
15:14:12.0384 4572 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:14:12.0404 4572 partmgr - ok
15:14:12.0424 4572 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:14:12.0454 4572 PcaSvc - ok
15:14:12.0504 4572 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:14:12.0514 4572 pci - ok
15:14:12.0554 4572 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:14:12.0554 4572 pciide - ok
15:14:12.0584 4572 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:14:12.0594 4572 pcmcia - ok
15:14:12.0624 4572 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:14:12.0624 4572 pcw - ok
15:14:12.0684 4572 pdfcDispatcher - ok
15:14:12.0774 4572 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:14:12.0804 4572 PEAUTH - ok
15:14:12.0904 4572 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:14:12.0914 4572 PerfHost - ok
15:14:13.0144 4572 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:14:13.0164 4572 pla - ok
15:14:13.0234 4572 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:14:13.0244 4572 PlugPlay - ok
15:14:13.0254 4572 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:14:13.0254 4572 PNRPAutoReg - ok
15:14:13.0284 4572 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:14:13.0294 4572 PNRPsvc - ok
15:14:13.0344 4572 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:14:13.0364 4572 PolicyAgent - ok
15:14:13.0394 4572 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:14:13.0394 4572 Power - ok
15:14:13.0464 4572 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:14:13.0474 4572 PptpMiniport - ok
15:14:13.0504 4572 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:14:13.0514 4572 Processor - ok
15:14:13.0544 4572 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
15:14:13.0564 4572 ProfSvc - ok
15:14:13.0594 4572 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:14:13.0594 4572 ProtectedStorage - ok
15:14:13.0674 4572 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:14:13.0734 4572 Psched - ok
15:14:13.0884 4572 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:14:13.0904 4572 ql2300 - ok
15:14:14.0134 4572 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:14:14.0134 4572 ql40xx - ok
15:14:14.0184 4572 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:14:14.0224 4572 QWAVE - ok
15:14:14.0244 4572 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:14:14.0254 4572 QWAVEdrv - ok
15:14:14.0254 4572 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:14:14.0264 4572 RasAcd - ok
15:14:14.0294 4572 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:14:14.0304 4572 RasAgileVpn - ok
15:14:14.0314 4572 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:14:14.0324 4572 RasAuto - ok
15:14:14.0364 4572 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:14:14.0374 4572 Rasl2tp - ok
15:14:14.0424 4572 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:14:14.0434 4572 RasMan - ok
15:14:14.0454 4572 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:14:14.0464 4572 RasPppoe - ok
15:14:14.0484 4572 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:14:14.0494 4572 RasSstp - ok
15:14:14.0584 4572 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:14:14.0604 4572 rdbss - ok
15:14:14.0614 4572 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:14:14.0614 4572 rdpbus - ok
15:14:14.0624 4572 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:14:14.0624 4572 RDPCDD - ok
15:14:14.0654 4572 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:14:14.0654 4572 RDPENCDD - ok
15:14:14.0664 4572 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:14:14.0664 4572 RDPREFMP - ok
15:14:14.0704 4572 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
15:14:14.0714 4572 RDPWD - ok
15:14:14.0774 4572 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:14:14.0784 4572 rdyboost - ok
15:14:14.0834 4572 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:14:14.0844 4572 RemoteAccess - ok
15:14:14.0874 4572 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:14:14.0894 4572 RemoteRegistry - ok
15:14:14.0904 4572 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:14:14.0904 4572 RpcEptMapper - ok
15:14:14.0924 4572 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:14:14.0924 4572 RpcLocator - ok
15:14:15.0004 4572 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
15:14:15.0004 4572 RpcSs - ok
15:14:15.0024 4572 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:14:15.0034 4572 rspndr - ok
15:14:15.0074 4572 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:14:15.0084 4572 RTL8167 - ok
15:14:15.0124 4572 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:14:15.0124 4572 SamSs - ok
15:14:15.0214 4572 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:14:15.0224 4572 sbp2port - ok
15:14:15.0274 4572 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:14:15.0294 4572 SCardSvr - ok
15:14:15.0324 4572 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:14:15.0334 4572 scfilter - ok
15:14:15.0564 4572 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:14:15.0594 4572 Schedule - ok
15:14:15.0634 4572 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:14:15.0634 4572 SCPolicySvc - ok
15:14:15.0714 4572 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:14:15.0764 4572 SDRSVC - ok
15:14:15.0834 4572 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:14:15.0834 4572 secdrv - ok
15:14:15.0864 4572 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:14:15.0864 4572 seclogon - ok
15:14:15.0904 4572 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
15:14:15.0904 4572 SENS - ok
15:14:15.0914 4572 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:14:15.0924 4572 SensrSvc - ok
15:14:15.0954 4572 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:14:15.0954 4572 Serenum - ok
15:14:15.0964 4572 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:14:15.0964 4572 Serial - ok
15:14:15.0994 4572 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:14:15.0994 4572 sermouse - ok
15:14:16.0284 4572 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:14:16.0314 4572 SessionEnv - ok
15:14:16.0374 4572 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:14:16.0374 4572 sffdisk - ok
15:14:16.0384 4572 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:14:16.0384 4572 sffp_mmc - ok
15:14:16.0394 4572 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:14:16.0394 4572 sffp_sd - ok
15:14:16.0404 4572 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:14:16.0414 4572 sfloppy - ok
15:14:16.0474 4572 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:14:16.0484 4572 SharedAccess - ok
15:14:16.0574 4572 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:14:16.0604 4572 ShellHWDetection - ok
15:14:16.0644 4572 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:14:16.0644 4572 SiSRaid2 - ok
15:14:16.0664 4572 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:14:16.0664 4572 SiSRaid4 - ok
15:14:16.0804 4572 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Program Files (x86)\Skype\Updater\Updater.exe
15:14:16.0804 4572 SkypeUpdate - ok
15:14:16.0864 4572 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:14:16.0874 4572 Smb - ok
15:14:16.0904 4572 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:14:16.0914 4572 SNMPTRAP - ok
15:14:16.0914 4572 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:14:16.0914 4572 spldr - ok
15:14:16.0984 4572 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:14:17.0004 4572 Spooler - ok
15:14:17.0415 4572 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:14:17.0455 4572 sppsvc - ok
15:14:17.0585 4572 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:14:17.0595 4572 sppuinotify - ok
15:14:17.0675 4572 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:14:17.0695 4572 srv - ok
15:14:17.0805 4572 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:14:17.0835 4572 srv2 - ok
15:14:17.0865 4572 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:14:17.0875 4572 srvnet - ok
15:14:17.0905 4572 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:14:17.0925 4572 SSDPSRV - ok
15:14:17.0935 4572 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:14:17.0955 4572 SstpSvc - ok
15:14:17.0975 4572 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:14:17.0975 4572 stexstor - ok
15:14:18.0085 4572 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:14:18.0115 4572 stisvc - ok
15:14:18.0145 4572 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:14:18.0145 4572 swenum - ok
15:14:18.0195 4572 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:14:18.0205 4572 swprv - ok
15:14:18.0465 4572 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:14:18.0485 4572 SysMain - ok
15:14:18.0605 4572 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:14:18.0625 4572 TabletInputService - ok
15:14:18.0685 4572 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:14:18.0705 4572 TapiSrv - ok
15:14:18.0735 4572 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:14:18.0745 4572 TBS - ok
15:14:18.0975 4572 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:14:18.0995 4572 Tcpip - ok
15:14:19.0285 4572 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:14:19.0285 4572 TCPIP6 - ok
15:14:19.0395 4572 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:14:19.0395 4572 tcpipreg - ok
15:14:19.0435 4572 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:14:19.0435 4572 TDPIPE - ok
15:14:19.0455 4572 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:14:19.0455 4572 TDTCP - ok
15:14:19.0495 4572 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:14:19.0495 4572 tdx - ok
15:14:19.0545 4572 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:14:19.0545 4572 TermDD - ok
15:14:19.0625 4572 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:14:19.0635 4572 TermService - ok
15:14:19.0655 4572 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:14:19.0665 4572 Themes - ok
15:14:19.0685 4572 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:14:19.0685 4572 THREADORDER - ok
15:14:19.0705 4572 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:14:19.0715 4572 TrkWks - ok
15:14:19.0775 4572 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:14:19.0785 4572 TrustedInstaller - ok
15:14:19.0835 4572 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:14:19.0835 4572 tssecsrv - ok
15:14:19.0915 4572 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:14:19.0925 4572 TsUsbFlt - ok
15:14:19.0985 4572 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:14:19.0995 4572 tunnel - ok
15:14:20.0025 4572 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:14:20.0035 4572 uagp35 - ok
15:14:20.0085 4572 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:14:20.0095 4572 udfs - ok
15:14:20.0115 4572 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:14:20.0135 4572 UI0Detect - ok
15:14:20.0165 4572 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:14:20.0175 4572 uliagpkx - ok
15:14:20.0205 4572 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:14:20.0205 4572 umbus - ok
15:14:20.0225 4572 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:14:20.0225 4572 UmPass - ok
15:14:20.0265 4572 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:14:20.0275 4572 upnphost - ok
15:14:20.0315 4572 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:14:20.0325 4572 usbaudio - ok
15:14:20.0365 4572 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:14:20.0375 4572 usbccgp - ok
15:14:20.0415 4572 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:14:20.0425 4572 usbcir - ok
15:14:20.0455 4572 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:14:20.0455 4572 usbehci - ok
15:14:20.0495 4572 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
15:14:20.0495 4572 usbfilter - ok
15:14:20.0535 4572 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:14:20.0545 4572 usbhub - ok
15:14:20.0585 4572 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
15:14:20.0585 4572 usbohci - ok
15:14:20.0595 4572 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:14:20.0605 4572 usbprint - ok
15:14:20.0635 4572 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:14:20.0635 4572 usbscan - ok
15:14:20.0655 4572 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:14:20.0655 4572 USBSTOR - ok
15:14:20.0675 4572 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:14:20.0675 4572 usbuhci - ok
15:14:20.0715 4572 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
15:14:20.0725 4572 usbvideo - ok
15:14:20.0745 4572 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:14:20.0755 4572 UxSms - ok
15:14:20.0785 4572 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:14:20.0785 4572 VaultSvc - ok
15:14:20.0815 4572 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:14:20.0825 4572 vdrvroot - ok
15:14:20.0905 4572 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:14:20.0915 4572 vds - ok
15:14:20.0925 4572 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:14:20.0925 4572 vga - ok
15:14:20.0945 4572 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:14:20.0945 4572 VgaSave - ok
15:14:20.0995 4572 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:14:21.0005 4572 vhdmp - ok
15:14:21.0015 4572 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:14:21.0025 4572 viaide - ok
15:14:21.0055 4572 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:14:21.0055 4572 volmgr - ok
15:14:21.0105 4572 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:14:21.0115 4572 volmgrx - ok
15:14:21.0175 4572 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:14:21.0175 4572 volsnap - ok
15:14:21.0215 4572 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:14:21.0225 4572 vsmraid - ok
15:14:21.0525 4572 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:14:21.0565 4572 VSS - ok
15:14:21.0735 4572 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:14:21.0735 4572 vwifibus - ok
15:14:21.0805 4572 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:14:21.0815 4572 W32Time - ok
15:14:21.0825 4572 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:14:21.0825 4572 WacomPen - ok
15:14:21.0855 4572 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:14:21.0865 4572 WANARP - ok
15:14:21.0865 4572 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:14:21.0865 4572 Wanarpv6 - ok
15:14:22.0065 4572 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:14:22.0085 4572 WatAdminSvc - ok
15:14:22.0265 4572 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:14:22.0285 4572 wbengine - ok
15:14:22.0415 4572 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:14:22.0425 4572 WbioSrvc - ok
15:14:22.0485 4572 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:14:22.0505 4572 wcncsvc - ok
15:14:22.0515 4572 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:14:22.0535 4572 WcsPlugInService - ok
15:14:22.0575 4572 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:14:22.0575 4572 Wd - ok
15:14:22.0645 4572 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:14:22.0655 4572 Wdf01000 - ok
15:14:22.0675 4572 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:14:22.0685 4572 WdiServiceHost - ok
15:14:22.0685 4572 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:14:22.0695 4572 WdiSystemHost - ok
15:14:22.0745 4572 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:14:22.0755 4572 WebClient - ok
15:14:22.0785 4572 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:14:22.0795 4572 Wecsvc - ok
15:14:22.0815 4572 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:14:22.0825 4572 wercplsupport - ok
15:14:22.0855 4572 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:14:22.0865 4572 WerSvc - ok
15:14:22.0915 4572 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:14:22.0915 4572 WfpLwf - ok
15:14:22.0925 4572 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:14:22.0925 4572 WIMMount - ok
15:14:22.0985 4572 WinDefend - ok
15:14:22.0995 4572 WinHttpAutoProxySvc - ok
15:14:23.0085 4572 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:14:23.0095 4572 Winmgmt - ok
15:14:23.0305 4572 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:14:23.0385 4572 WinRM - ok
15:14:23.0565 4572 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:14:23.0585 4572 WinUsb - ok
15:14:23.0725 4572 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:14:23.0785 4572 Wlansvc - ok
15:14:24.0187 4572 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:14:24.0227 4572 wlidsvc - ok
15:14:24.0357 4572 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:14:24.0357 4572 WmiAcpi - ok
15:14:24.0437 4572 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:14:24.0447 4572 wmiApSrv - ok
15:14:24.0467 4572 WMPNetworkSvc - ok
15:14:24.0507 4572 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:14:24.0517 4572 WPCSvc - ok
15:14:24.0557 4572 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:14:24.0567 4572 WPDBusEnum - ok
15:14:24.0587 4572 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:14:24.0587 4572 ws2ifsl - ok
15:14:24.0607 4572 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
15:14:24.0617 4572 wscsvc - ok
15:14:24.0627 4572 WSearch - ok
15:14:24.0877 4572 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:14:24.0907 4572 wuauserv - ok
15:14:25.0037 4572 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:14:25.0047 4572 WudfPf - ok
15:14:25.0077 4572 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:14:25.0087 4572 WUDFRd - ok
15:14:25.0127 4572 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:14:25.0137 4572 wudfsvc - ok
15:14:25.0187 4572 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:14:25.0207 4572 WwanSvc - ok
15:14:25.0247 4572 MBR (0x1B8) (65bf848e44e105340ccd97e0e434410b) \Device\Harddisk0\DR0
15:14:25.0607 4572 \Device\Harddisk0\DR0 - ok
15:14:25.0617 4572 Boot (0x1200) (c514a2af273f716150f4a7ebaf6705a8) \Device\Harddisk0\DR0\Partition0
15:14:25.0617 4572 \Device\Harddisk0\DR0\Partition0 - ok
15:14:25.0647 4572 Boot (0x1200) (bf0897344d3dc864bea6ae2a010490bc) \Device\Harddisk0\DR0\Partition1
15:14:25.0647 4572 \Device\Harddisk0\DR0\Partition1 - ok
15:14:25.0677 4572 Boot (0x1200) (f5829bbe54ef086e7448cabd2d8a84d4) \Device\Harddisk0\DR0\Partition2
15:14:25.0687 4572 \Device\Harddisk0\DR0\Partition2 - ok
15:14:25.0687 4572 ============================================================
15:14:25.0687 4572 Scan finished
15:14:25.0687 4572 ============================================================
15:14:25.0697 1912 Detected object count: 0
15:14:25.0697 1912 Actual detected object count: 0
15:15:13.0254 3996 ============================================================
15:15:13.0254 3996 Scan started
15:15:13.0254 3996 Mode: Manual; SigCheck; TDLFS;
15:15:13.0254 3996 ============================================================
15:15:13.0864 3996 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:15:13.0914 3996 1394ohci - ok
15:15:13.0954 3996 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:15:13.0964 3996 ACPI - ok
15:15:13.0994 3996 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:15:14.0014 3996 AcpiPmi - ok
15:15:14.0174 3996 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:15:14.0184 3996 AdobeARMservice - ok
15:15:14.0324 3996 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:15:14.0354 3996 AdobeFlashPlayerUpdateSvc - ok
15:15:14.0414 3996 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:15:14.0424 3996 adp94xx - ok
15:15:14.0464 3996 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:15:14.0484 3996 adpahci - ok
15:15:14.0514 3996 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:15:14.0524 3996 adpu320 - ok
15:15:14.0544 3996 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:15:14.0584 3996 AeLookupSvc - ok
15:15:14.0646 3996 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:15:14.0666 3996 AFD - ok
15:15:14.0696 3996 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:15:14.0706 3996 agp440 - ok
15:15:14.0726 3996 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:15:14.0816 3996 ALG - ok
15:15:14.0836 3996 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:15:14.0856 3996 aliide - ok
15:15:14.0886 3996 AMD External Events Utility (ca0d6c1390f4b3baf2a0a69d1a7f8332) C:\Windows\system32\atiesrxx.exe
15:15:14.0896 3996 AMD External Events Utility - ok
15:15:14.0916 3996 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:15:14.0926 3996 amdide - ok
15:15:14.0946 3996 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:15:14.0956 3996 AmdK8 - ok
15:15:15.0456 3996 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys
15:15:15.0546 3996 amdkmdag - ok
15:15:15.0706 3996 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys
15:15:15.0746 3996 amdkmdap - ok
15:15:15.0776 3996 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:15:15.0806 3996 AmdPPM - ok
15:15:15.0836 3996 amdsata (f747497a0ee5498f79b207f215b3d2d8) C:\Windows\system32\DRIVERS\amdsata.sys
15:15:15.0856 3996 amdsata - ok
15:15:15.0886 3996 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:15:15.0896 3996 amdsbs - ok
15:15:15.0906 3996 amdxata (2946d695e158615baaa16248e63c7adb) C:\Windows\system32\DRIVERS\amdxata.sys
15:15:15.0916 3996 amdxata - ok
15:15:15.0946 3996 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:15:15.0976 3996 AppID - ok
15:15:16.0006 3996 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:15:16.0046 3996 AppIDSvc - ok
15:15:16.0096 3996 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:15:16.0156 3996 Appinfo - ok
15:15:16.0246 3996 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:15:16.0266 3996 Apple Mobile Device - ok
15:15:16.0296 3996 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:15:16.0306 3996 arc - ok
15:15:16.0326 3996 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:15:16.0336 3996 arcsas - ok
15:15:16.0366 3996 aswFsBlk (df59b8e8df0bd2e0e303778a3806a17d) C:\Windows\system32\drivers\aswFsBlk.sys
15:15:16.0376 3996 aswFsBlk - ok
15:15:16.0406 3996 aswMonFlt (f8e6ab4f876feff69250f2e0c29ef004) C:\Windows\system32\drivers\aswMonFlt.sys
15:15:16.0416 3996 aswMonFlt - ok
15:15:16.0456 3996 aswRdr (aa92bc4bcba40ca3aa3ffd1be24f0c09) C:\Windows\System32\Drivers\aswrdr2.sys
15:15:16.0466 3996 aswRdr - ok
15:15:16.0556 3996 aswSnx (f06e230e1e8ca9437a6474b7b551cd37) C:\Windows\system32\drivers\aswSnx.sys
15:15:16.0576 3996 aswSnx - ok
15:15:16.0616 3996 aswSP (3610ca74a69e380424f0452dec5c1317) C:\Windows\system32\drivers\aswSP.sys
15:15:16.0626 3996 aswSP - ok
15:15:16.0646 3996 aswTdi (87de3e31cb0091d22351349869324065) C:\Windows\system32\drivers\aswTdi.sys
15:15:16.0656 3996 aswTdi - ok
15:15:16.0676 3996 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:15:16.0706 3996 AsyncMac - ok
15:15:16.0736 3996 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:15:16.0746 3996 atapi - ok
15:15:16.0766 3996 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
15:15:16.0776 3996 AtiPcie - ok
15:15:16.0846 3996 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:15:16.0896 3996 AudioEndpointBuilder - ok
15:15:16.0906 3996 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:15:16.0936 3996 AudioSrv - ok
15:15:17.0066 3996 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:15:17.0096 3996 avast! Antivirus - ok
15:15:17.0136 3996 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:15:17.0336 3996 AxInstSV - ok
15:15:17.0386 3996 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:15:17.0436 3996 b06bdrv - ok
15:15:17.0476 3996 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:15:17.0496 3996 b57nd60a - ok
15:15:17.0536 3996 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:15:17.0586 3996 BDESVC - ok
15:15:17.0596 3996 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:15:17.0626 3996 Beep - ok
15:15:17.0716 3996 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:15:17.0756 3996 BFE - ok
15:15:17.0766 3996 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:15:17.0786 3996 blbdrive - ok
15:15:17.0916 3996 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:15:17.0936 3996 Bonjour Service - ok
15:15:17.0976 3996 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:15:18.0006 3996 bowser - ok
15:15:18.0006 3996 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:15:18.0056 3996 BrFiltLo - ok
15:15:18.0066 3996 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:15:18.0086 3996 BrFiltUp - ok
15:15:18.0126 3996 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:15:18.0206 3996 BridgeMP - ok
15:15:18.0236 3996 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:15:18.0266 3996 Browser - ok
15:15:18.0296 3996 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:15:18.0326 3996 Brserid - ok
15:15:18.0336 3996 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:15:18.0356 3996 BrSerWdm - ok
15:15:18.0366 3996 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:15:18.0386 3996 BrUsbMdm - ok
15:15:18.0386 3996 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:15:18.0406 3996 BrUsbSer - ok
15:15:18.0416 3996 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:15:18.0446 3996 BTHMODEM - ok
15:15:18.0486 3996 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:15:18.0566 3996 bthserv - ok
15:15:18.0576 3996 catchme - ok
15:15:18.0596 3996 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:15:18.0646 3996 cdfs - ok
15:15:18.0686 3996 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:15:18.0706 3996 cdrom - ok
15:15:18.0756 3996 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:15:18.0786 3996 CertPropSvc - ok
15:15:18.0876 3996 CinemaNow Service (ea3333db9ab03106eec0d6d9d487ed01) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
15:15:18.0906 3996 CinemaNow Service - ok
15:15:18.0926 3996 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:15:18.0966 3996 circlass - ok
15:15:19.0016 3996 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:15:19.0026 3996 CLFS - ok
15:15:19.0096 3996 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:15:19.0116 3996 clr_optimization_v2.0.50727_32 - ok
15:15:19.0176 3996 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:15:19.0206 3996 clr_optimization_v2.0.50727_64 - ok
15:15:19.0276 3996 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:15:19.0296 3996 clr_optimization_v4.0.30319_32 - ok
15:15:19.0346 3996 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:15:19.0366 3996 clr_optimization_v4.0.30319_64 - ok
15:15:19.0376 3996 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:15:19.0396 3996 CmBatt - ok
15:15:19.0426 3996 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:15:19.0436 3996 cmdide - ok
15:15:19.0486 3996 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
15:15:19.0506 3996 CNG - ok
15:15:19.0526 3996 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:15:19.0536 3996 Compbatt - ok
15:15:19.0566 3996 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:15:19.0628 3996 CompositeBus - ok
15:15:19.0628 3996 COMSysApp - ok
15:15:19.0638 3996 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:15:19.0656 3996 crcdisk - ok
15:15:19.0700 3996 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
15:15:19.0730 3996 CryptSvc - ok
15:15:19.0800 3996 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:15:19.0840 3996 DcomLaunch - ok
15:15:19.0886 3996 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:15:19.0922 3996 defragsvc - ok
15:15:19.0952 3996 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:15:20.0002 3996 DfsC - ok
15:15:20.0052 3996 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:15:20.0092 3996 Dhcp - ok
15:15:20.0102 3996 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:15:20.0152 3996 discache - ok
15:15:20.0182 3996 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:15:20.0192 3996 Disk - ok
15:15:20.0232 3996 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:15:20.0312 3996 Dnscache - ok
15:15:20.0362 3996 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:15:20.0442 3996 dot3svc - ok
15:15:20.0482 3996 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:15:20.0532 3996 DPS - ok
15:15:20.0542 3996 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:15:20.0622 3996 drmkaud - ok
15:15:20.0732 3996 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:15:20.0772 3996 DXGKrnl - ok
15:15:20.0802 3996 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:15:20.0852 3996 EapHost - ok
15:15:21.0102 3996 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:15:21.0162 3996 ebdrv - ok
15:15:21.0312 3996 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:15:21.0352 3996 EFS - ok
15:15:21.0462 3996 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:15:21.0522 3996 ehRecvr - ok
15:15:21.0552 3996 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:15:21.0592 3996 ehSched - ok
15:15:21.0662 3996 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:15:21.0682 3996 elxstor - ok
15:15:21.0712 3996 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:15:21.0732 3996 ErrDev - ok
15:15:21.0792 3996 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:15:21.0832 3996 EventSystem - ok
15:15:21.0862 3996 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:15:21.0902 3996 exfat - ok
15:15:21.0922 3996 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:15:21.0952 3996 fastfat - ok
15:15:22.0042 3996 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:15:22.0082 3996 Fax - ok
15:15:22.0102 3996 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:15:22.0112 3996 fdc - ok
15:15:22.0132 3996 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:15:22.0162 3996 fdPHost - ok
15:15:22.0172 3996 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:15:22.0202 3996 FDResPub - ok
15:15:22.0222 3996 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:15:22.0232 3996 FileInfo - ok
15:15:22.0242 3996 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:15:22.0282 3996 Filetrace - ok
15:15:22.0282 3996 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:15:22.0302 3996 flpydisk - ok
15:15:22.0392 3996 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:15:22.0422 3996 FltMgr - ok
15:15:22.0552 3996 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:15:22.0622 3996 FontCache - ok
15:15:22.0682 3996 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:15:22.0712 3996 FontCache3.0.0.0 - ok
15:15:22.0732 3996 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:15:22.0742 3996 FsDepends - ok
15:15:22.0772 3996 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:15:22.0782 3996 Fs_Rec - ok
15:15:22.0822 3996 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:15:22.0842 3996 fvevol - ok
15:15:22.0872 3996 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:15:22.0882 3996 gagp30kx - ok
15:15:22.0912 3996 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:15:22.0922 3996 GEARAspiWDM - ok
15:15:23.0032 3996 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:15:23.0092 3996 gpsvc - ok
15:15:23.0172 3996 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:15:23.0202 3996 gusvc - ok
15:15:23.0222 3996 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:15:23.0252 3996 hcw85cir - ok
15:15:23.0312 3996 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:15:23.0352 3996 HdAudAddService - ok
15:15:23.0382 3996 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:15:23.0422 3996 HDAudBus - ok
15:15:23.0432 3996 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:15:23.0472 3996 HidBatt - ok
15:15:23.0472 3996 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:15:23.0502 3996 HidBth - ok
15:15:23.0542 3996 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:15:23.0552 3996 HidIr - ok
15:15:23.0582 3996 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:15:23.0632 3996 hidserv - ok
15:15:23.0682 3996 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:15:23.0712 3996 HidUsb - ok
15:15:23.0752 3996 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:15:23.0822 3996 hkmsvc - ok
15:15:23.0872 3996 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:15:23.0932 3996 HomeGroupListener - ok
15:15:23.0982 3996 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:15:24.0032 3996 HomeGroupProvider - ok
15:15:24.0102 3996 HP Support Assistant Service - ok
15:15:24.0112 3996 hpqwmiex - ok
15:15:24.0142 3996 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:15:24.0152 3996 HpSAMD - ok
15:15:24.0232 3996 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:15:24.0282 3996 HTTP - ok
15:15:24.0312 3996 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:15:24.0322 3996 hwpolicy - ok
15:15:24.0362 3996 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:15:24.0382 3996 i8042prt - ok
15:15:24.0442 3996 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:15:24.0452 3996 iaStorV - ok
15:15:24.0582 3996 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:15:24.0612 3996 idsvc - ok
15:15:24.0632 3996 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:15:24.0642 3996 iirsp - ok
15:15:24.0722 3996 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:15:24.0772 3996 IKEEXT - ok
15:15:24.0962 3996 IntcAzAudAddService (2b888bbdf6962e608a5e1a1d7a626adf) C:\Windows\system32\drivers\RTKVHD64.sys
15:15:24.0992 3996 IntcAzAudAddService - ok
15:15:25.0102 3996 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:15:25.0122 3996 intelide - ok
15:15:25.0132 3996 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:15:25.0162 3996 intelppm - ok
15:15:25.0192 3996 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:15:25.0252 3996 IPBusEnum - ok
15:15:25.0282 3996 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:15:25.0312 3996 IpFilterDriver - ok
15:15:25.0382 3996 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:15:25.0442 3996 iphlpsvc - ok
15:15:25.0492 3996 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:15:25.0522 3996 IPMIDRV - ok
15:15:25.0532 3996 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:15:25.0582 3996 IPNAT - ok
15:15:25.0712 3996 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
15:15:25.0762 3996 iPod Service - ok
15:15:25.0772 3996 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:15:25.0862 3996 IRENUM - ok
15:15:25.0892 3996 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:15:25.0902 3996 isapnp - ok
15:15:25.0952 3996 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:15:25.0972 3996 iScsiPrt - ok
15:15:25.0992 3996 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:15:26.0002 3996 kbdclass - ok
15:15:26.0032 3996 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:15:26.0062 3996 kbdhid - ok
15:15:26.0102 3996 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:15:26.0112 3996 KeyIso - ok
15:15:26.0162 3996 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
15:15:26.0182 3996 KSecDD - ok
15:15:26.0222 3996 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
15:15:26.0242 3996 KSecPkg - ok
15:15:26.0272 3996 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:15:26.0302 3996 ksthunk - ok
15:15:26.0352 3996 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:15:26.0402 3996 KtmRm - ok
15:15:26.0442 3996 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
15:15:26.0492 3996 LanmanServer - ok
15:15:26.0532 3996 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:15:26.0582 3996 LanmanWorkstation - ok
15:15:26.0662 3996 LightScribeService (7550d101bf49fdb1f92666a233ee36c4) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:15:26.0692 3996 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
15:15:26.0692 3996 LightScribeService - detected UnsignedFile.Multi.Generic (1)
15:15:26.0732 3996 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:15:26.0802 3996 lltdio - ok
15:15:26.0842 3996 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:15:26.0892 3996 lltdsvc - ok
15:15:26.0932 3996 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:15:26.0962 3996 lmhosts - ok
15:15:26.0982 3996 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:15:26.0992 3996 LSI_FC - ok
15:15:27.0022 3996 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:15:27.0032 3996 LSI_SAS - ok
15:15:27.0042 3996 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:15:27.0052 3996 LSI_SAS2 - ok
15:15:27.0072 3996 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:15:27.0082 3996 LSI_SCSI - ok
15:15:27.0102 3996 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:15:27.0162 3996 luafv - ok
15:15:27.0162 3996 lxcr_device - ok
15:15:27.0242 3996 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
15:15:27.0272 3996 McciCMService ( UnsignedFile.Multi.Generic ) - warning
15:15:27.0272 3996 McciCMService - detected UnsignedFile.Multi.Generic (1)
15:15:27.0382 3996 McciCMService64 (be3d584d7c021eb7d89166eecb83c341) C:\Program Files\Common Files\Motive\McciCMService.exe
15:15:27.0422 3996 McciCMService64 ( UnsignedFile.Multi.Generic ) - warning
15:15:27.0422 3996 McciCMService64 - detected UnsignedFile.Multi.Generic (1)
15:15:27.0452 3996 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:15:27.0492 3996 Mcx2Svc - ok
15:15:27.0502 3996 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:15:27.0522 3996 megasas - ok
15:15:27.0542 3996 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:15:27.0552 3996 MegaSR - ok
15:15:27.0572 3996 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:15:27.0612 3996 MMCSS - ok
15:15:27.0622 3996 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:15:27.0652 3996 Modem - ok
15:15:27.0672 3996 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:15:27.0702 3996 monitor - ok
15:15:27.0732 3996 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
15:15:27.0742 3996 mouclass - ok
15:15:27.0752 3996 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:15:27.0762 3996 mouhid - ok
15:15:27.0802 3996 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:15:27.0812 3996 mountmgr - ok
15:15:27.0852 3996 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:15:27.0902 3996 mpio - ok
15:15:27.0922 3996 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:15:27.0962 3996 mpsdrv - ok
15:15:28.0072 3996 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:15:28.0132 3996 MpsSvc - ok
15:15:28.0212 3996 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
15:15:28.0242 3996 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
15:15:28.0242 3996 MREMP50 - detected UnsignedFile.Multi.Generic (1)
15:15:28.0302 3996 MREMP50a64 - ok
15:15:28.0312 3996 MREMPR5 - ok
15:15:28.0322 3996 MRENDIS5 - ok
15:15:28.0342 3996 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
15:15:28.0352 3996 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
15:15:28.0352 3996 MRESP50 - detected UnsignedFile.Multi.Generic (1)
15:15:28.0362 3996 MRESP50a64 - ok
15:15:28.0402 3996 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:15:28.0442 3996 MRxDAV - ok
15:15:28.0482 3996 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:15:28.0512 3996 mrxsmb - ok
15:15:28.0562 3996 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:15:28.0592 3996 mrxsmb10 - ok
15:15:28.0625 3996 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:15:28.0661 3996 mrxsmb20 - ok
15:15:28.0697 3996 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:15:28.0707 3996 msahci - ok
15:15:28.0747 3996 MSCamSvc (a592a054d78750b4d73abaa4c94decdf) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
15:15:28.0767 3996 MSCamSvc - ok
15:15:28.0797 3996 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:15:28.0817 3996 msdsm - ok
15:15:28.0847 3996 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:15:28.0887 3996 MSDTC - ok
15:15:28.0927 3996 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:15:28.0987 3996 Msfs - ok
15:15:28.0997 3996 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:15:29.0037 3996 mshidkmdf - ok
15:15:29.0077 3996 MSHUSBVideo (55218f924e55fd2786ed40edf4ed79c3) C:\Windows\system32\Drivers\nx6000.sys
15:15:29.0107 3996 MSHUSBVideo - ok
15:15:29.0127 3996 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:15:29.0147 3996 msisadrv - ok
15:15:29.0177 3996 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:15:29.0227 3996 MSiSCSI - ok
15:15:29.0227 3996 msiserver - ok
15:15:29.0247 3996 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:15:29.0287 3996 MSKSSRV - ok
15:15:29.0297 3996 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:15:29.0347 3996 MSPCLOCK - ok
15:15:29.0357 3996 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:15:29.0397 3996 MSPQM - ok
15:15:29.0457 3996 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:15:29.0507 3996 MsRPC - ok
15:15:29.0517 3996 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:15:29.0527 3996 mssmbios - ok
15:15:29.0537 3996 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:15:29.0577 3996 MSTEE - ok
15:15:29.0587 3996 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:15:29.0597 3996 MTConfig - ok
15:15:29.0617 3996 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:15:29.0627 3996 Mup - ok
15:15:29.0687 3996 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:15:29.0747 3996 napagent - ok
15:15:29.0787 3996 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:15:29.0817 3996 NativeWifiP - ok
15:15:29.0897 3996 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:15:29.0917 3996 NDIS - ok
15:15:29.0937 3996 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:15:29.0967 3996 NdisCap - ok
15:15:29.0977 3996 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:15:30.0007 3996 NdisTapi - ok
15:15:30.0047 3996 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:15:30.0117 3996 Ndisuio - ok
15:15:30.0177 3996 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:15:30.0267 3996 NdisWan - ok
15:15:30.0287 3996 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:15:30.0317 3996 NDProxy - ok
15:15:30.0337 3996 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:15:30.0377 3996 NetBIOS - ok
15:15:30.0417 3996 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:15:30.0457 3996 NetBT - ok
15:15:30.0497 3996 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:15:30.0507 3996 Netlogon - ok
15:15:30.0557 3996 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:15:30.0607 3996 Netman - ok
15:15:30.0647 3996 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:15:30.0697 3996 netprofm - ok
15:15:30.0767 3996 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:15:30.0787 3996 NetTcpPortSharing - ok
15:15:30.0807 3996 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:15:30.0817 3996 nfrd960 - ok
15:15:30.0867 3996 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:15:30.0917 3996 NlaSvc - ok
15:15:30.0997 3996 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:15:31.0057 3996 Npfs - ok
15:15:31.0087 3996 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:15:31.0277 3996 nsi - ok
15:15:31.0317 3996 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:15:31.0357 3996 nsiproxy - ok
15:15:31.0497 3996 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:15:31.0527 3996 Ntfs - ok
15:15:31.0617 3996 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:15:31.0667 3996 Null - ok
15:15:31.0707 3996 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:15:31.0717 3996 nvraid - ok
15:15:31.0797 3996 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:15:31.0837 3996 nvstor - ok
15:15:31.0897 3996 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:15:31.0927 3996 nv_agp - ok
15:15:31.0967 3996 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:15:31.0997 3996 ohci1394 - ok
15:15:32.0087 3996 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:15:32.0127 3996 ose - ok
15:15:32.0607 3996 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:15:32.0737 3996 osppsvc - ok
15:15:32.0857 3996 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:15:32.0907 3996 p2pimsvc - ok
15:15:32.0937 3996 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:15:32.0967 3996 p2psvc - ok
15:15:33.0007 3996 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:15:33.0017 3996 Parport - ok
15:15:33.0047 3996 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:15:33.0067 3996 partmgr - ok
15:15:33.0107 3996 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:15:33.0137 3996 PcaSvc - ok
15:15:33.0177 3996 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:15:33.0187 3996 pci - ok
15:15:33.0217 3996 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:15:33.0237 3996 pciide - ok
15:15:33.0257 3996 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:15:33.0267 3996 pcmcia - ok
15:15:33.0277 3996 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:15:33.0287 3996 pcw - ok
15:15:33.0347 3996 pdfcDispatcher - ok
15:15:33.0427 3996 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:15:33.0517 3996 PEAUTH - ok
15:15:33.0597 3996 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:15:33.0617 3996 PerfHost - ok
15:15:33.0747 3996 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:15:33.0817 3996 pla - ok
15:15:33.0877 3996 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:15:33.0917 3996 PlugPlay - ok
15:15:33.0937 3996 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:15:33.0957 3996 PNRPAutoReg - ok
15:15:33.0997 3996 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:15:34.0007 3996 PNRPsvc - ok
15:15:34.0057 3996 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:15:34.0117 3996 PolicyAgent - ok
15:15:34.0147 3996 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:15:34.0187 3996 Power - ok
15:15:34.0237 3996 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:15:34.0317 3996 PptpMiniport - ok
15:15:34.0347 3996 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:15:34.0377 3996 Processor - ok
15:15:34.0417 3996 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
15:15:34.0497 3996 ProfSvc - ok
15:15:34.0527 3996 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:15:34.0547 3996 ProtectedStorage - ok
15:15:34.0587 3996 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:15:34.0637 3996 Psched - ok
15:15:34.0747 3996 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:15:34.0777 3996 ql2300 - ok
15:15:34.0857 3996 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:15:34.0867 3996 ql40xx - ok
15:15:34.0897 3996 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:15:34.0937 3996 QWAVE - ok
15:15:34.0947 3996 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:15:34.0977 3996 QWAVEdrv - ok
15:15:34.0977 3996 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:15:35.0007 3996 RasAcd - ok
15:15:35.0047 3996 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:15:35.0077 3996 RasAgileVpn - ok
15:15:35.0087 3996 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:15:35.0137 3996 RasAuto - ok
15:15:35.0167 3996 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:15:35.0217 3996 Rasl2tp - ok
15:15:35.0267 3996 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:15:35.0307 3996 RasMan - ok
15:15:35.0327 3996 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:15:35.0357 3996 RasPppoe - ok
15:15:35.0377 3996 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:15:35.0417 3996 RasSstp - ok
15:15:35.0467 3996 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:15:35.0507 3996 rdbss - ok
15:15:35.0517 3996 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:15:35.0537 3996 rdpbus - ok
15:15:35.0547 3996 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:15:35.0597 3996 RDPCDD - ok
15:15:35.0617 3996 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:15:35.0657 3996 RDPENCDD - ok
15:15:35.0697 3996 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:15:35.0727 3996 RDPREFMP - ok
15:15:35.0757 3996 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
15:15:35.0797 3996 RDPWD - ok
15:15:35.0847 3996 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:15:35.0867 3996 rdyboost - ok
15:15:35.0887 3996 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:15:35.0947 3996 RemoteAccess - ok
15:15:35.0987 3996 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:15:36.0017 3996 RemoteRegistry - ok
15:15:36.0027 3996 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:15:36.0057 3996 RpcEptMapper - ok
15:15:36.0077 3996 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:15:36.0117 3996 RpcLocator - ok
15:15:36.0207 3996 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
15:15:36.0257 3996 RpcSs - ok
15:15:36.0267 3996 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:15:36.0317 3996 rspndr - ok
15:15:36.0367 3996 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:15:36.0377 3996 RTL8167 - ok
15:15:36.0417 3996 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:15:36.0427 3996 SamSs - ok
15:15:36.0467 3996 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:15:36.0477 3996 sbp2port - ok
15:15:36.0507 3996 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:15:36.0557 3996 SCardSvr - ok
15:15:36.0587 3996 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:15:36.0627 3996 scfilter - ok
15:15:36.0767 3996 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:15:36.0867 3996 Schedule - ok
15:15:36.0917 3996 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:15:36.0967 3996 SCPolicySvc - ok
15:15:36.0997 3996 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:15:37.0027 3996 SDRSVC - ok
15:15:37.0067 3996 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:15:37.0097 3996 secdrv - ok
15:15:37.0127 3996 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:15:37.0177 3996 seclogon - ok
15:15:37.0207 3996 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
15:15:37.0237 3996 SENS - ok
15:15:37.0247 3996 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:15:37.0257 3996 SensrSvc - ok
15:15:37.0267 3996 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:15:37.0297 3996 Serenum - ok
15:15:37.0307 3996 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:15:37.0317 3996 Serial - ok
15:15:37.0347 3996 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:15:37.0377 3996 sermouse - ok
15:15:37.0407 3996 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:15:37.0457 3996 SessionEnv - ok
15:15:37.0487 3996 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:15:37.0537 3996 sffdisk - ok
15:15:37.0547 3996 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:15:37.0577 3996 sffp_mmc - ok
15:15:37.0577 3996 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:15:37.0609 3996 sffp_sd - ok
15:15:37.0619 3996 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:15:37.0629 3996 sfloppy - ok
15:15:37.0679 3996 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:15:37.0719 3996 SharedAccess - ok
15:15:37.0781 3996 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:15:37.0840 3996 ShellHWDetection - ok
15:15:37.0858 3996 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:15:37.0863 3996 SiSRaid2 - ok
15:15:37.0883 3996 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:15:37.0893 3996 SiSRaid4 - ok
15:15:37.0973 3996 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Program Files (x86)\Skype\Updater\Updater.exe
15:15:38.0013 3996 SkypeUpdate - ok
15:15:38.0033 3996 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:15:38.0083 3996 Smb - ok
15:15:38.0113 3996 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:15:38.0133 3996 SNMPTRAP - ok
15:15:38.0143 3996 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:15:38.0153 3996 spldr - ok
15:15:38.0203 3996 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:15:38.0233 3996 Spooler - ok
15:15:38.0543 3996 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:15:38.0643 3996 sppsvc - ok
15:15:38.0733 3996 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:15:38.0763 3996 sppuinotify - ok
15:15:38.0833 3996 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:15:38.0863 3996 srv - ok
15:15:38.0903 3996 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:15:38.0923 3996 srv2 - ok
15:15:38.0953 3996 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:15:38.0973 3996 srvnet - ok
15:15:38.0993 3996 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:15:39.0043 3996 SSDPSRV - ok
15:15:39.0063 3996 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:15:39.0103 3996 SstpSvc - ok
15:15:39.0123 3996 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:15:39.0133 3996 stexstor - ok
15:15:39.0193 3996 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:15:39.0223 3996 stisvc - ok
15:15:39.0253 3996 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:15:39.0263 3996 swenum - ok
15:15:39.0303 3996 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:15:39.0363 3996 swprv - ok
15:15:39.0523 3996 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:15:39.0573 3996 SysMain - ok
15:15:39.0713 3996 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:15:39.0783 3996 TabletInputService - ok
15:15:39.0833 3996 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:15:39.0903 3996 TapiSrv - ok
15:15:39.0913 3996 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:15:39.0963 3996 TBS - ok
15:15:40.0133 3996 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:15:40.0163 3996 Tcpip - ok
15:15:40.0373 3996 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:15:40.0403 3996 TCPIP6 - ok
15:15:40.0483 3996 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:15:40.0533 3996 tcpipreg - ok
15:15:40.0563 3996 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:15:40.0593 3996 TDPIPE - ok
15:15:40.0623 3996 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:15:40.0653 3996 TDTCP - ok
15:15:40.0683 3996 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:15:40.0713 3996 tdx - ok
15:15:40.0753 3996 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:15:40.0763 3996 TermDD - ok
15:15:40.0823 3996 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:15:40.0853 3996 TermService - ok
15:15:40.0883 3996 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:15:40.0923 3996 Themes - ok
15:15:40.0953 3996 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:15:40.0983 3996 THREADORDER - ok
15:15:41.0003 3996 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:15:41.0063 3996 TrkWks - ok
15:15:41.0133 3996 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:15:41.0203 3996 TrustedInstaller - ok
15:15:41.0233 3996 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:15:41.0273 3996 tssecsrv - ok
15:15:41.0303 3996 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:15:41.0353 3996 TsUsbFlt - ok
15:15:41.0383 3996 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:15:41.0433 3996 tunnel - ok
15:15:41.0463 3996 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:15:41.0473 3996 uagp35 - ok
15:15:41.0503 3996 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:15:41.0543 3996 udfs - ok
15:15:41.0553 3996 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:15:41.0573 3996 UI0Detect - ok
15:15:41.0603 3996 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:15:41.0613 3996 uliagpkx - ok
15:15:41.0643 3996 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:15:41.0653 3996 umbus - ok
15:15:41.0663 3996 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:15:41.0683 3996 UmPass - ok
15:15:41.0723 3996 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:15:41.0783 3996 upnphost - ok
15:15:41.0833 3996 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:15:41.0903 3996 usbaudio - ok
15:15:41.0953 3996 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:15:41.0973 3996 usbccgp - ok
15:15:42.0013 3996 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:15:42.0033 3996 usbcir - ok
15:15:42.0043 3996 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:15:42.0063 3996 usbehci - ok
15:15:42.0093 3996 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
15:15:42.0103 3996 usbfilter - ok
15:15:42.0133 3996 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:15:42.0173 3996 usbhub - ok
15:15:42.0223 3996 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
15:15:42.0273 3996 usbohci - ok
15:15:42.0283 3996 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:15:42.0323 3996 usbprint - ok
15:15:42.0353 3996 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:15:42.0383 3996 usbscan - ok
15:15:42.0393 3996 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:15:42.0423 3996 USBSTOR - ok
15:15:42.0433 3996 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:15:42.0453 3996 usbuhci - ok
15:15:42.0493 3996 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
15:15:42.0513 3996 usbvideo - ok
15:15:42.0543 3996 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:15:42.0593 3996 UxSms - ok
15:15:42.0623 3996 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:15:42.0633 3996 VaultSvc - ok
15:15:42.0663 3996 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:15:42.0673 3996 vdrvroot - ok
15:15:42.0743 3996 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:15:42.0783 3996 vds - ok
15:15:42.0803 3996 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:15:42.0823 3996 vga - ok
15:15:42.0843 3996 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:15:42.0873 3996 VgaSave - ok
15:15:42.0923 3996 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:15:42.0933 3996 vhdmp - ok
15:15:42.0953 3996 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:15:42.0963 3996 viaide - ok
15:15:42.0993 3996 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:15:43.0003 3996 volmgr - ok
15:15:43.0053 3996 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:15:43.0073 3996 volmgrx - ok
15:15:43.0123 3996 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:15:43.0143 3996 volsnap - ok
15:15:43.0163 3996 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:15:43.0173 3996 vsmraid - ok
15:15:43.0313 3996 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:15:43.0383 3996 VSS - ok
15:15:43.0493 3996 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:15:43.0553 3996 vwifibus - ok
15:15:43.0613 3996 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:15:43.0653 3996 W32Time - ok
15:15:43.0663 3996 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:15:43.0673 3996 WacomPen - ok
15:15:43.0693 3996 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:15:43.0733 3996 WANARP - ok
15:15:43.0733 3996 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:15:43.0763 3996 Wanarpv6 - ok
15:15:43.0893 3996 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:15:43.0913 3996 WatAdminSvc - ok
15:15:44.0053 3996 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:15:44.0163 3996 wbengine - ok
15:15:44.0293 3996 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:15:44.0333 3996 WbioSrvc - ok
15:15:44.0383 3996 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:15:44.0423 3996 wcncsvc - ok
15:15:44.0443 3996 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:15:44.0463 3996 WcsPlugInService - ok
15:15:44.0493 3996 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:15:44.0503 3996 Wd - ok
15:15:44.0553 3996 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:15:44.0583 3996 Wdf01000 - ok
15:15:44.0593 3996 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:15:44.0623 3996 WdiServiceHost - ok
15:15:44.0633 3996 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:15:44.0653 3996 WdiSystemHost - ok
15:15:44.0693 3996 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:15:44.0723 3996 WebClient - ok
15:15:44.0753 3996 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:15:44.0823 3996 Wecsvc - ok
15:15:44.0863 3996 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:15:44.0923 3996 wercplsupport - ok
15:15:44.0943 3996 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:15:44.0983 3996 WerSvc - ok
15:15:45.0033 3996 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:15:45.0063 3996 WfpLwf - ok
15:15:45.0083 3996 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:15:45.0093 3996 WIMMount - ok
15:15:45.0123 3996 WinDefend - ok
15:15:45.0133 3996 WinHttpAutoProxySvc - ok
15:15:45.0203 3996 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:15:45.0273 3996 Winmgmt - ok
15:15:45.0443 3996 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:15:45.0513 3996 WinRM - ok
15:15:45.0623 3996 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:15:45.0683 3996 WinUsb - ok
15:15:45.0773 3996 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:15:45.0823 3996 Wlansvc - ok
15:15:46.0073 3996 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:15:46.0113 3996 wlidsvc - ok
15:15:46.0203 3996 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:15:46.0213 3996 WmiAcpi - ok
15:15:46.0283 3996 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:15:46.0343 3996 wmiApSrv - ok
15:15:46.0363 3996 WMPNetworkSvc - ok
15:15:46.0383 3996 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:15:46.0413 3996 WPCSvc - ok
15:15:46.0453 3996 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:15:46.0473 3996 WPDBusEnum - ok
15:15:46.0493 3996 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:15:46.0533 3996 ws2ifsl - ok
15:15:46.0543 3996 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
15:15:46.0583 3996 wscsvc - ok
15:15:46.0583 3996 WSearch - ok
15:15:46.0786 3996 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:15:46.0836 3996 wuauserv - ok
15:15:46.0948 3996 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:15:46.0998 3996 WudfPf - ok
15:15:47.0028 3996 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:15:47.0078 3996 WUDFRd - ok
15:15:47.0118 3996 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:15:47.0158 3996 wudfsvc - ok
15:15:47.0178 3996 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:15:47.0218 3996 WwanSvc - ok
15:15:47.0248 3996 MBR (0x1B8) (65bf848e44e105340ccd97e0e434410b) \Device\Harddisk0\DR0
15:15:47.0698 3996 \Device\Harddisk0\DR0 - ok
15:15:47.0708 3996 Boot (0x1200) (c514a2af273f716150f4a7ebaf6705a8) \Device\Harddisk0\DR0\Partition0
15:15:47.0708 3996 \Device\Harddisk0\DR0\Partition0 - ok
15:15:47.0728 3996 Boot (0x1200) (bf0897344d3dc864bea6ae2a010490bc) \Device\Harddisk0\DR0\Partition1
15:15:47.0728 3996 \Device\Harddisk0\DR0\Partition1 - ok
15:15:47.0768 3996 Boot (0x1200) (f5829bbe54ef086e7448cabd2d8a84d4) \Device\Harddisk0\DR0\Partition2
15:15:47.0768 3996 \Device\Harddisk0\DR0\Partition2 - ok
15:15:47.0768 3996 ============================================================
15:15:47.0768 3996 Scan finished
15:15:47.0768 3996 ============================================================
15:15:47.0788 5028 Detected object count: 5
15:15:47.0788 5028 Actual detected object count: 5
15:16:51.0957 5028 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
15:16:51.0957 5028 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:16:51.0967 5028 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
15:16:51.0967 5028 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:16:51.0967 5028 McciCMService64 ( UnsignedFile.Multi.Generic ) - skipped by user
15:16:51.0967 5028 McciCMService64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:16:51.0967 5028 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
15:16:51.0967 5028 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:16:51.0967 5028 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
15:16:51.0967 5028 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:16:58.0430 4024 Deinitialize success

#5
Contrails12

Posted 05 August 2012 - 01:40 PM

Member

Topic Starter
Member
12 posts

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.05.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
wangtang :: WANGTANG-HP [administrator]

8/5/2012 3:21:31 PM
mbam-log-2012-08-05 (15-21-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200879
Time elapsed: 2 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#6
Contrails12

Posted 05 August 2012 - 01:53 PM

Member

Topic Starter
Member
12 posts

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 05/08/2012 3:48:35 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/08/2012 7:33:03 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The HP Support Assistant Service service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#7
Contrails12

Posted 05 August 2012 - 01:54 PM

Member

Topic Starter
Member
12 posts

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 05/08/2012 3:51:42 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 05/08/2012 7:47:15 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: iexplore.exe, version: 9.0.8112.16447, time stamp: 0x4fc9cd53 Faulting module name: msxml3.dll, version: 8.110.7601.17857, time stamp: 0x4fcee2f0 Exception code: 0xc0000005 Fault offset: 0x0002e64f Faulting process id: 0x11dc Faulting application start time: 0x01cd73431a6dea86 Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\msxml3.dll Report Id: 5b12a3ff-df36-11e1-9758-d48564c092f5

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 05/08/2012 7:31:02 PM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.

#8
Contrails12

Posted 05 August 2012 - 02:05 PM

Member

Topic Starter
Member
12 posts

OTL logfile created on: 05/08/2012 3:57:17 PM - Run 2
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\wangtang\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 50.08% Memory free
5.50 Gb Paging File | 3.32 Gb Available in Paging File | 60.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.01 Gb Total Space | 505.59 Gb Free Space | 86.57% Space Free | Partition Type: NTFS
Drive D: | 12.06 Gb Total Space | 1.48 Gb Free Space | 12.23% Space Free | Partition Type: NTFS

Computer Name: WANGTANG-HP | User Name: wangtang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/04 18:51:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\wangtang\Desktop\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/05/24 16:40:32 | 000,424,848 | ---- | M] () -- C:\Users\wangtang\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
PRC - [2012/05/10 14:13:12 | 000,149,248 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\wangtang\AppData\Local\Amazon\Cloud Drive\jre\bin\javaw.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/06/12 21:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/01/18 13:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2009/10/14 18:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2009/05/01 13:52:24 | 000,082,600 | ---- | M] (Lexmark International Inc.) -- C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe
PRC - [2009/05/01 13:52:22 | 000,291,496 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2400 Series\lxcrmon.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/24 16:40:32 | 000,424,848 | ---- | M] () -- C:\Users\wangtang\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/01/18 13:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MOD - [2009/05/01 13:52:22 | 000,291,496 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2400 Series\lxcrmon.exe
MOD - [2006/08/08 15:54:18 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2400 Series\lxcrscw.dll
MOD - [2006/05/25 16:20:44 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2400 Series\iptk.dll
MOD - [2005/12/29 11:34:22 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2400 Series\lxcrdrec.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010/05/11 11:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2006/12/11 12:12:22 | 000,566,192 | ---- | M] ( ) [On_Demand | Stopped] -- C:\Windows\SysNative\lxcrcoms.exe -- (lxcr_device)
SRV - [2012/08/03 12:33:09 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/06/12 21:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/14 18:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/11 12:12:06 | 000,537,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\Windows\SysWOW64\lxcrcoms.exe -- (lxcr_device)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/03 12:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 12:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 12:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 12:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 12:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/03 12:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/05/20 15:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/05/11 11:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/11 10:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 11:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/03/04 10:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/06 00:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/06 00:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/11/08 17:29:52 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/11/08 17:29:40 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {826C6A44-1A96-40F1-A185-3490539C6676}
IE:64bit: - HKLM\..\SearchScopes\{3BA3D337-67DE-4A79-BB13-5DC4382C3654}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{826C6A44-1A96-40F1-A185-3490539C6676}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{89A86127-0479-4E22-98F3-87BD0C62A2E0}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{A6623E09-2E4F-4AD8-AE58-9AF7546B9570}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {826C6A44-1A96-40F1-A185-3490539C6676}
IE - HKLM\..\SearchScopes\{3BA3D337-67DE-4A79-BB13-5DC4382C3654}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{826C6A44-1A96-40F1-A185-3490539C6676}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{89A86127-0479-4E22-98F3-87BD0C62A2E0}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{A6623E09-2E4F-4AD8-AE58-9AF7546B9570}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{5B078AF6-A2C6-4194-B078-3DA1B9B630B9}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searc}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....fr&d=2012-08-04 16:32:56&v=12.1.0.21&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

========== Chrome ==========

CHR - Extension: No name found = C:\Users\wangtang\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: No name found = C:\Users\wangtang\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: No name found = C:\Users\wangtang\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: No name found = C:\Users\wangtang\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: No name found = C:\Users\wangtang\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: No name found = C:\Users\wangtang\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.17.50_0\

O1 HOSTS File: ([2012/08/04 19:15:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [LXCRCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCRtime.DLL (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [lxcrmon.exe] C:\Program Files (x86)\Lexmark 2400 Series\lxcrmon.exe ()
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EzPrint] C:\Program Files (x86) (x86)\Lexmark 2400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [lxcrmon.exe] C:\Program Files (x86) (x86)\Lexmark 2400 Series\lxcrmon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Amazon Cloud Drive] C:\Users\wangtang\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...aploader_v6.cab (PopCapLoader Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2425B90-1496-4F9B-BCED-ABDF220FD239}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/05 15:20:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/05 15:20:43 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/05 15:20:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/05 15:19:50 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\wangtang\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/05 15:11:51 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\wangtang\Desktop\tdsskiller.exe
[2012/08/05 15:04:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/04 19:23:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/04 19:05:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/04 19:05:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/04 19:05:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/04 19:03:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/04 19:03:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/04 19:01:17 | 004,725,168 | R--- | C] (Swearware) -- C:\Users\wangtang\Desktop\ComboFix.exe
[2012/08/04 18:53:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/04 18:51:22 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\wangtang\Desktop\OTL.exe
[2012/08/04 17:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/08/04 17:47:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/08/04 17:47:29 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/08/04 17:44:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/08/04 17:44:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/08/04 17:43:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012/08/04 17:43:40 | 000,000,000 | R--D | C] -- C:\MSOCache
[2012/08/04 15:58:04 | 000,000,000 | ---D | C] -- C:\Users\wangtang\AppData\Roaming\AVG2012
[2012/08/04 15:56:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/08/04 15:55:01 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/08/04 15:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/08/04 15:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/08/04 13:23:56 | 000,000,000 | ---D | C] -- C:\Users\wangtang\AppData\Local\HuluDesktop
[2012/08/04 13:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/08/04 13:17:38 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/08/04 13:17:37 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/08/04 13:17:31 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/08/04 13:17:29 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/04 13:17:26 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/08/04 13:17:24 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/08/04 13:17:03 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/08/04 13:17:03 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/04 13:02:24 | 000,000,000 | ---D | C] -- C:\Users\wangtang\AppData\Roaming\NewspaperDirect
[2012/08/04 12:55:23 | 000,000,000 | ---D | C] -- C:\Users\wangtang\AppData\Roaming\Mozilla
[2012/08/04 12:37:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/08/04 12:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/08/04 12:35:33 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/08/04 12:35:33 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/08/04 12:35:07 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/04 12:35:07 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/04 12:32:45 | 000,000,000 | ---D | C] -- C:\Users\wangtang\Desktop\Computer Protection
[2012/08/04 12:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/07/27 12:11:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/07/27 12:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/07/27 12:11:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/07/27 12:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/07/27 11:56:10 | 000,000,000 | ---D | C] -- C:\Users\wangtang\Documents\Amazon MP3
[2012/07/27 11:56:10 | 000,000,000 | ---D | C] -- C:\Users\wangtang\AppData\Roaming\Amazon
[2012/07/27 11:54:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2012/07/14 01:11:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/07/13 22:28:13 | 000,000,000 | ---D | C] -- C:\Users\wangtang\AppData\Roaming\Malwarebytes
[2012/07/13 22:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/12 03:02:33 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/12 03:02:33 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/12 03:02:32 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/12 03:02:32 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/12 03:02:30 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/12 03:02:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/12 03:02:30 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/12 03:02:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/12 03:02:28 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/12 03:02:28 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/12 03:02:28 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/12 03:02:27 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/12 03:02:27 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/11 03:01:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/11 03:01:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/11 03:01:45 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/11 03:01:40 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/11 03:01:38 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/10 16:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\Google

========== Files - Modified Within 30 Days ==========

[2012/08/05 15:47:29 | 000,061,440 | ---- | M] ( ) -- C:\Users\wangtang\Desktop\VEW.exe
[2012/08/05 15:38:09 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/05 15:38:09 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/05 15:33:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/05 15:30:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/05 15:30:21 | 2214,027,264 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/05 15:20:44 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/05 15:19:59 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\wangtang\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/05 15:18:50 | 000,726,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/05 15:18:50 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/05 15:18:50 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/05 15:12:35 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\wangtang\Desktop\tdsskiller.exe
[2012/08/04 19:15:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/04 19:01:18 | 004,725,168 | R--- | M] (Swearware) -- C:\Users\wangtang\Desktop\ComboFix.exe
[2012/08/04 18:55:29 | 000,440,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/04 18:53:41 | 000,144,044 | ---- | M] () -- C:\Users\wangtang\Desktop\winsock2.reg
[2012/08/04 18:51:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\wangtang\Desktop\OTL.exe
[2012/08/04 16:08:45 | 000,027,520 | ---- | M] () -- C:\Users\wangtang\AppData\Local\dt.dat
[2012/08/04 13:17:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/08/04 12:35:00 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/04 12:35:00 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/03 12:33:09 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/03 12:33:09 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/30 16:02:33 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForwangtang.job
[2012/07/27 12:11:58 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/27 11:54:07 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk

========== Files Created - No Company Name ==========

[2012/08/05 15:47:24 | 000,061,440 | ---- | C] ( ) -- C:\Users\wangtang\Desktop\VEW.exe
[2012/08/05 15:20:44 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/04 19:05:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/04 19:05:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/04 19:05:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/04 19:05:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/04 19:05:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/04 18:53:41 | 000,144,044 | ---- | C] () -- C:\Users\wangtang\Desktop\winsock2.reg
[2012/08/04 16:08:45 | 000,027,520 | ---- | C] () -- C:\Users\wangtang\AppData\Local\dt.dat
[2012/07/27 12:11:58 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/27 11:54:07 | 000,002,217 | ---- | C] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk
[2012/05/07 11:32:56 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrinpa.dll
[2012/05/07 11:32:56 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcrcomx.dll
[2012/05/07 11:32:56 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCRinst.dll
[2012/05/07 11:32:55 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrusb1.dll
[2012/05/07 11:32:55 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrpmui.dll
[2012/05/07 11:32:55 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcriesc.dll
[2012/05/07 11:32:54 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrserv.dll
[2012/05/07 11:32:54 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrcomc.dll
[2012/05/07 11:32:54 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrlmpm.dll
[2012/05/07 11:32:54 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrcoms.exe
[2012/05/07 11:32:54 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrcomm.dll
[2012/05/07 11:32:54 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrih.exe
[2012/05/07 11:32:54 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrppls.exe
[2012/05/07 11:32:54 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrprox.dll
[2012/05/07 11:32:54 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrpplc.dll
[2012/01/31 05:40:06 | 000,000,000 | ---- | C] () -- C:\Users\wangtang\AppData\Local\{12FEB10C-9B2E-416A-AB03-C209D8B545A3}
[2012/01/11 14:17:53 | 000,002,048 | -HS- | C] () -- C:\Users\wangtang\AppData\Local\{27d5b302-6bb6-22ad-3f89-0a73dd86941d}\@
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/05/18 15:36:19 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/16 09:59:14 | 000,001,854 | ---- | C] () -- C:\Users\wangtang\AppData\Roaming\GhostObjGAFix.xml
[2011/03/28 12:50:51 | 000,004,608 | ---- | C] () -- C:\Users\wangtang\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/23 15:38:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/26 14:45:51 | 000,000,658 | ---- | C] () -- C:\Users\wangtang\wangtang - Shortcut.lnk
[2010/10/27 17:16:47 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/10/27 16:20:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:9033BDFB

< End of report >

#9
Contrails12

Posted 05 August 2012 - 02:07 PM

Member

Topic Starter
Member
12 posts

OTL Extras logfile created on: 05/08/2012 3:57:17 PM - Run 2
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\wangtang\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 50.08% Memory free
5.50 Gb Paging File | 3.32 Gb Available in Paging File | 60.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.01 Gb Total Space | 505.59 Gb Free Space | 86.57% Space Free | Partition Type: NTFS
Drive D: | 12.06 Gb Total Space | 1.48 Gb Free Space | 12.23% Space Free | Partition Type: NTFS

Computer Name: WANGTANG-HP | User Name: wangtang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{977BE781-8658-4CFA-A87B-7058770793AE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DFC9F700-1CDB-4E03-BBEB-9F84DE93F85C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | [email protected],-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | [email protected],-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | [email protected],-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | [email protected],-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5B08AF35-B699-4A44-BB89-3E51E70611E8}" = HP MediaSmart SmartMenu
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD9560A8-CB02-1F28-CB9C-487244A28A8B}" = ccc-utility64
"CCleaner" = CCleaner
"Lexmark 2400 Series" = Lexmark 2400 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F04B46-C21F-498F-8D52-7D0EAE4A71F3}" = Silhouette Studio
"{0412CCFF-BFAC-83D8-44FB-3BE60F05FCF8}" = Amazon MP3 Uploader
"{0655C185-FD48-5EBA-484A-CD530291F44D}" = CCC Help Hungarian
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0BF71387-5AFD-F71B-7353-3AEBD3E8F5F3}" = Catalyst Control Center Graphics Full Existing
"{0E1C256F-6B90-E5A5-F62E-5DAE1AEAE294}" = ccc-core-static
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0FE99481-4EF0-4EE3-AB82-FEEA47C9324F}" = Vickers Viking for FS2004
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1B01541D-B1B8-8B7E-E82B-70551A1AF961}" = CCC Help Chinese Standard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26070CDA-A7C5-2114-0533-38DE06C65E7F}" = CCC Help Polish
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{2726B6FF-D8F9-8F29-2A7D-8192AAE79D3F}" = Catalyst Control Center Localization All
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{304CF423-1CE8-49F4-8D2E-D780EFC3D7F3}" = Pan American Fokker FVIIb_3m for FSX or FS2004
"{3088B508-7EE1-EC64-4FFD-C4901378CE7D}" = CCC Help Russian
"{3778B802-8E2C-04B0-2C1B-7C2A8F981824}" = CCC Help Finnish
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{48CA048A-3C5B-391E-7FF0-F36F434CB1B6}" = CCC Help Thai
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C577751-2A67-450B-B689-B9E5A40E5E55}" = Martin M130 for FSX or FS2004
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight
"{52CD3425-C5E8-C49D-B776-AC85F018C0F6}" = Catalyst Control Center Graphics Previews Vista
"{597CE475-4F62-89EE-A81E-DB509DA0CBB2}" = CCC Help English
"{5E7A925A-CCE1-4ED5-A0DD-4A821A3F9BC2}" = Catalyst Control Center Core Implementation
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66209054-3985-4125-B0CB-C69F75D2F0D9}" = Amazon Cloud Drive
"{674DAE26-3C3C-2D20-1BB4-82B380142E78}" = CCC Help Greek
"{6A9EF47E-D49A-2EFC-20A1-A92DE7F826DF}" = CCC Help Czech
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A9C67EF-05A8-499F-56A2-C467A4FE6DEE}" = CCC Help Italian
"{7DA0C5CE-9817-CDB2-F061-F72D0CB6EEB3}" = CCC Help German
"{7DB63154-92A4-12AE-364F-DE9C7B459720}" = CCC Help Spanish
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2A81D8-AABF-673B-08BE-EF7A80295F14}" = CCC Help French
"{8DEAFD7A-8FAE-40A0-A856-C524C2F7B764}" = Fokker FXII for FSX or FS2004
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{981F6BCD-252E-6A64-9C6D-4E3B10B1B126}" = Catalyst Control Center InstallProxy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7CEA571-43AC-95FE-4F08-22C401FC2824}" = CCC Help Japanese
"{A826CCC4-C0BA-97B4-F1DB-E68CD45D1133}" = CCC Help Danish
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC9A3F48-8936-40CD-A0B2-7CFA76906143}" = Catalyst Control Center Graphics Full New
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B68D391C-32C6-798E-C78F-83C1797B162A}" = CCC Help Swedish
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BDDA1E1E-204E-4368-B0C2-737F16B76307}" = HP MediaSmart/TouchSmart Netflix
"{C41B33BC-90BB-4C11-B9E1-4E8B01A2E3E6}" = Short Solent for FS2004
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DC47D46D-8874-D83A-6612-9DA3175861B2}" = CCC Help Korean
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DF09BCD9-3556-77A6-8984-1CA95F8E1078}" = CCC Help Portuguese
"{E0DE2996-A443-5FEA-30B7-9395E0F3A7CC}" = CCC Help Chinese Traditional
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EC304E96-61ED-4836-8C46-636137645A13}" = Republic F-84G for FS2004
"{EDFA892D-594D-C921-35FF-B6E5CFD2487C}" = CCC Help Dutch
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F56BBEB1-E982-0A07-0004-1CBC8E5B534E}" = CCC Help Turkish
"{F600ED39-BA0C-A127-EAB7-057DF0A327E0}" = CCC Help Norwegian
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F84B7A2F-2328-A610-89F6-2CC78CF00FFE}" = Catalyst Control Center Graphics Light
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD806CE1-A3C1-4F9E-A1F5-3E68D6A873BF}" = Douglas DC-4 for FSX or FS2004
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Aerospatiale HH65A Dolphin V1.1" = Aerospatiale HH65A Dolphin V1.1
"AH Hurricane for Fs2004" = AH Hurricane for Fs2004
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"avast" = avast! Free Antivirus
"Cap-10B" = Cap-10B
"com.amazon.music.uploader" = Amazon MP3 Uploader
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight
"GFWL_{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight
"Gmax Mirage F1v2.5_is1" = Mirage F1v2.5
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"MplayerforWindows" = MplayerforWindows v2011-03-27
"Office14.SingleImage" = Microsoft Office Professional 2010
"PDF Complete" = PDF Complete Special Edition
"Picasa 3" = Picasa 3
"UAE F-16 CFT 2-Seater " = UAE F-16 CFT 2-Seater
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Mail" = att.net Internet Mail

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Groom Lake Scenery for FS2004" = Groom Lake Scenery for FS2004
"Navy JRB-4" = Navy JRB-4
"ThunderBolt 'Mania' - RELEASE v2.3 - P-47M-1" = ThunderBolt 'Mania' - RELEASE v2.3 - P-47M-1

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 05/08/2012 3:47:15 PM | Computer Name = wangtang-HP | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16447,
time stamp: 0x4fc9cd53 Faulting module name: msxml3.dll, version: 8.110.7601.17857,
time stamp: 0x4fcee2f0 Exception code: 0xc0000005 Fault offset: 0x0002e64f Faulting
process id: 0x11dc Faulting application start time: 0x01cd73431a6dea86 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\System32\msxml3.dll Report Id: 5b12a3ff-df36-11e1-9758-d48564c092f5

[ Hewlett-Packard Events ]
Error - 26/05/2012 10:46:04 AM | Computer Name = wangtang-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 2815 Ram Utilization: 50 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 26/05/2012 10:46:04 AM | Computer Name = wangtang-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 2815 Ram Utilization: 50 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 26/05/2012 5:51:50 PM | Computer Name = wangtang-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 2815 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 26/05/2012 5:51:53 PM | Computer Name = wangtang-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 2815 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 02/06/2012 5:17:51 PM | Computer Name = wangtang-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 2815 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 02/06/2012 5:17:51 PM | Computer Name = wangtang-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 2815 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 07/07/2012 6:04:03 PM | Computer Name = wangtang-HP | Source = hpsa_service.exe | ID = 2000
Description =

Error - 07/07/2012 6:24:05 PM | Computer Name = wangtang-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 07/07/2012 6:24:05 PM | Computer Name = wangtang-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 07/07/2012 6:24:05 PM | Computer Name = wangtang-HP | Source = HPSF.exe | ID = 4000
Description =

[ Media Center Events ]
Error - 01/02/2012 10:41:56 AM | Computer Name = wangtang-HP | Source = MCUpdate | ID = 0
Description = 9:41:55 AM - Failed to retrieve NetTV (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

Error - 01/02/2012 10:41:59 AM | Computer Name = wangtang-HP | Source = MCUpdate | ID = 0
Description = 9:41:58 AM - Failed to retrieve MCESpotlight (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 01/02/2012 10:42:02 AM | Computer Name = wangtang-HP | Source = MCUpdate | ID = 0
Description = 9:42:01 AM - Failed to retrieve MCEClientUX (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 01/02/2012 10:42:05 AM | Computer Name = wangtang-HP | Source = MCUpdate | ID = 0
Description = 9:42:04 AM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 01/02/2012 10:42:09 AM | Computer Name = wangtang-HP | Source = MCUpdate | ID = 0
Description = 9:42:07 AM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

Error - 01/02/2012 10:42:10 AM | Computer Name = wangtang-HP | Source = MCUpdate | ID = 0
Description = 9:42:10 AM - Failed to retrieve Broadband (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

Error - 01/02/2012 11:42:19 AM | Computer Name = wangtang-HP | Source = MCUpdate | ID = 0
Description = 10:42:19 AM - Error connecting to the internet. 10:42:19 AM - Unable
to contact server..

Error - 01/02/2012 11:42:25 AM | Computer Name = wangtang-HP | Source = MCUpdate | ID = 0
Description = 10:42:24 AM - Error connecting to the internet. 10:42:24 AM - Unable
to contact server..

Error - 01/02/2012 12:42:29 PM | Computer Name = wangtang-HP | Source = MCUpdate | ID = 0
Description = 11:42:29 AM - Error connecting to the internet. 11:42:29 AM - Unable
to contact server..

Error - 01/02/2012 12:42:35 PM | Computer Name = wangtang-HP | Source = MCUpdate | ID = 0
Description = 11:42:34 AM - Error connecting to the internet. 11:42:34 AM - Unable
to contact server..

[ System Events ]
Error - 05/08/2012 3:33:03 PM | Computer Name = wangtang-HP | Source = Service Control Manager | ID = 7000
Description = The HP Support Assistant Service service failed to start due to the
following error: %%2

< End of report >

#10
RKinner

Posted 05 August 2012 - 02:38 PM

Malware Expert

Expert
24,624 posts

I missed one of them but I don't think it's critical.

First let's reset the winsock2 stack:

copy the next 3 lines:

del C:\Users\wangtang\Desktop\winsock2.reg
reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters %userprofile%\Desktop\winsock2.reg
netsh winsock reset catalog

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear. Hit Enter. Close the command window and restart.

As before if you have trouble getting on the Internet then try right clicking on winsock2.reg and MERGE. You shouldn't need to tho.

Copy the text in the code box by highlighting and Ctrl + c


:files
C:\Windows\Installer\{27d5b302-6bb6-22ad-3f89-0a73dd86941d}
C:\Users\wangtang\AppData\Local\{27d5b302-6bb6-22ad-3f89-0a73dd86941d}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

:reg
[HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]
""="%systemroot%\system32\wbem\wbemess.dll"
[-HKCU\Software\Classes\clsid\{27d5b302-6bb6-22ad-3f89-0a73dd86941d}]

/md5start
iexplore.exe
msxml3.dll
services.exe
/md5stop

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

then Run Scan.

You should get one log Please copy and paste it.

Uninstall Java™ 6 Update 22 as it is obsolete and you have a newer version.

[ System Events ]
Error - 05/08/2012 3:33:03 PM | Computer Name = wangtang-HP | Source = Service Control Manager | ID = 7000
Description = The HP Support Assistant Service service failed to start due to the
following error: %%2

I don't see this in the services list in OTL but apparently it is not working. Right click on Computer and select Manage then Services and Applications then Services.
Find the HP Support Assistant Service and right click it and select Properties then change the Startup Type: to Disabled. Apply. Alternatively you can download a new version if you think you need it: http://h18021.www1.h...-assistant.html

Log: 'Application' Date/Time: 05/08/2012 7:31:02 PM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.

Don't think I have seen this one before but MS has a fix:

Try to do what they say under Resolve:
http://technet.micro...595(WS.10).aspx

#11
Contrails12

Posted 05 August 2012 - 04:45 PM

Member

Topic Starter
Member
12 posts

Error: Unable to interpret <:filesC:\Windows\Installer\{27d5b302-6bb6-22ad-3f89-0a73dd86941d}C:\Users\wangtang\AppData\Local\{27d5b302-6bb6-22ad-3f89-0a73dd86941d}C:\Windows\assembly\GAC_32\Desktop.iniC:\Windows\assembly\GAC_64\Desktop.ini:reg[HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32]""="%systemroot%\system32\wbem\wbemess.dll"[-HKCU\Software\Classes\clsid\{27d5b302-6bb6-22ad-3f89-0a73dd86941d}]> in the current context!

OTL by OldTimer - Version 3.2.56.0 log created on 08052012_183150

#12
Contrails12

Posted 05 August 2012 - 04:46 PM

Member

Topic Starter
Member
12 posts

OTL logfile created on: 05/08/2012 6:32:39 PM - Run 3
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\wangtang\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 58.64% Memory free
5.50 Gb Paging File | 3.40 Gb Available in Paging File | 61.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.01 Gb Total Space | 505.67 Gb Free Space | 86.59% Space Free | Partition Type: NTFS
Drive D: | 12.06 Gb Total Space | 1.48 Gb Free Space | 12.23% Space Free | Partition Type: NTFS

Computer Name: WANGTANG-HP | User Name: wangtang | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/04 18:51:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\wangtang\Desktop\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/05/24 16:40:32 | 000,424,848 | ---- | M] () -- C:\Users\wangtang\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
PRC - [2012/05/10 14:13:12 | 000,149,248 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\wangtang\AppData\Local\Amazon\Cloud Drive\jre\bin\javaw.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/06/12 21:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/01/18 13:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2009/10/14 18:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2009/05/01 13:52:24 | 000,082,600 | ---- | M] (Lexmark International Inc.) -- C:\Program Files (x86) (x86)\Lexmark 2400 Series\ezprint.exe
PRC - [2009/05/01 13:52:22 | 000,291,496 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2400 Series\lxcrmon.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/24 16:40:32 | 000,424,848 | ---- | M] () -- C:\Users\wangtang\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/01/18 13:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MOD - [2009/05/01 13:52:22 | 000,291,496 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2400 Series\lxcrmon.exe
MOD - [2006/08/08 15:54:18 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2400 Series\lxcrscw.dll
MOD - [2006/05/25 16:20:44 | 000,241,664 | ---- | M] () -- C:\Program Files (x86) (x86)\Lexmark 2400 Series\iptk.dll
MOD - [2005/12/29 11:34:22 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2400 Series\lxcrdrec.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010/05/11 11:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2006/12/11 12:12:22 | 000,566,192 | ---- | M] ( ) [On_Demand | Stopped] -- C:\Windows\SysNative\lxcrcoms.exe -- (lxcr_device)
SRV - [2012/08/03 12:33:09 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/06/12 21:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/14 18:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/11 12:12:06 | 000,537,520 | ---- | M] ( ) [On_Demand | Stopped] -- C:\Windows\SysWOW64\lxcrcoms.exe -- (lxcr_device)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/03 12:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 12:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 12:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 12:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 12:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/03 12:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/05/20 15:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/05/11 11:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/11 10:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 11:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/03/04 10:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/06 00:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/06 00:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/11/08 17:29:52 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/11/08 17:29:40 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {826C6A44-1A96-40F1-A185-3490539C6676}
IE:64bit: - HKLM\..\SearchScopes\{3BA3D337-67DE-4A79-BB13-5DC4382C3654}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{826C6A44-1A96-40F1-A185-3490539C6676}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{89A86127-0479-4E22-98F3-87BD0C62A2E0}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{A6623E09-2E4F-4AD8-AE58-9AF7546B9570}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {826C6A44-1A96-40F1-A185-3490539C6676}
IE - HKLM\..\SearchScopes\{3BA3D337-67DE-4A79-BB13-5DC4382C3654}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{826C6A44-1A96-40F1-A185-3490539C6676}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{89A86127-0479-4E22-98F3-87BD0C62A2E0}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{A6623E09-2E4F-4AD8-AE58-9AF7546B9570}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{5B078AF6-A2C6-4194-B078-3DA1B9B630B9}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searc}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....fr&d=2012-08-04 16:32:56&v=12.1.0.21&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

========== Chrome ==========

CHR - Extension: No name found = C:\Users\wangtang\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: No name found = C:\Users\wangtang\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: No name found = C:\Users\wangtang\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: No name found = C:\Users\wangtang\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: No name found = C:\Users\wangtang\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: No name found = C:\Users\wangtang\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.17.50_0\

O1 HOSTS File: ([2012/08/04 19:15:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [LXCRCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCRtime.DLL (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [lxcrmon.exe] C:\Program Files (x86)\Lexmark 2400 Series\lxcrmon.exe ()
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EzPrint] C:\Program Files (x86) (x86)\Lexmark 2400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [lxcrmon.exe] C:\Program Files (x86) (x86)\Lexmark 2400 Series\lxcrmon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Amazon Cloud Drive] C:\Users\wangtang\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...aploader_v6.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2425B90-1496-4F9B-BCED-ABDF220FD239}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/05 15:20:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/05 15:20:43 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/05 15:20:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/05 15:04:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/04 19:23:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/04 19:05:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/04 19:05:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/04 19:05:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/04 19:03:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/04 19:03:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/04 18:53:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/04 18:51:22 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\wangtang\Desktop\OTL.exe
[2012/08/04 17:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/08/04 17:47:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/08/04 17:47:29 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/08/04 17:44:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/08/04 17:44:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/08/04 17:43:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012/08/04 17:43:40 | 000,000,000 | R--D | C] -- C:\MSOCache
[2012/08/04 15:58:04 | 000,000,000 | ---D | C] -- C:\Users\wangtang\AppData\Roaming\AVG2012
[2012/08/04 15:55:01 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/08/04 15:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/08/04 15:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/08/04 13:23:56 | 000,000,000 | ---D | C] -- C:\Users\wangtang\AppData\Local\HuluDesktop
[2012/08/04 13:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/08/04 13:17:38 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/08/04 13:17:37 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/08/04 13:17:31 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/08/04 13:17:29 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/04 13:17:26 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/08/04 13:17:24 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/08/04 13:17:03 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/08/04 13:17:03 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/04 13:02:24 | 000,000,000 | ---D | C] -- C:\Users\wangtang\AppData\Roaming\NewspaperDirect
[2012/08/04 12:55:23 | 000,000,000 | ---D | C] -- C:\Users\wangtang\AppData\Roaming\Mozilla
[2012/08/04 12:37:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/08/04 12:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/08/04 12:35:33 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/08/04 12:35:33 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/08/04 12:35:07 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/04 12:35:07 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/04 12:32:45 | 000,000,000 | ---D | C] -- C:\Users\wangtang\Desktop\Computer Protection
[2012/08/04 12:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/07/27 12:11:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/07/27 12:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/07/27 12:11:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/07/27 12:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/07/27 11:56:10 | 000,000,000 | ---D | C] -- C:\Users\wangtang\Documents\Amazon MP3
[2012/07/27 11:56:10 | 000,000,000 | ---D | C] -- C:\Users\wangtang\AppData\Roaming\Amazon
[2012/07/27 11:54:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2012/07/14 01:11:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/07/13 22:28:13 | 000,000,000 | ---D | C] -- C:\Users\wangtang\AppData\Roaming\Malwarebytes
[2012/07/13 22:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/12 03:02:33 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/12 03:02:33 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/12 03:02:32 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/12 03:02:32 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/12 03:02:30 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/12 03:02:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/12 03:02:30 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/12 03:02:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/12 03:02:28 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/12 03:02:28 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/12 03:02:28 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/12 03:02:27 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/12 03:02:27 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/11 03:01:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/11 03:01:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/11 03:01:45 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/11 03:01:40 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/11 03:01:38 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/10 16:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\Google

========== Files - Modified Within 30 Days ==========

[2012/08/05 18:33:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/05 18:31:29 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/05 18:31:29 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/05 18:23:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/05 18:23:21 | 2214,027,264 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/05 18:22:05 | 000,260,728 | ---- | M] () -- C:\Users\wangtang\Desktop\winsock2.reg
[2012/08/05 15:18:50 | 000,726,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/05 15:18:50 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/05 15:18:50 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/04 19:15:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/04 18:55:29 | 000,440,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/04 18:51:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\wangtang\Desktop\OTL.exe
[2012/08/04 16:08:45 | 000,027,520 | ---- | M] () -- C:\Users\wangtang\AppData\Local\dt.dat
[2012/08/04 13:17:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/08/04 12:35:00 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/04 12:35:00 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/03 12:33:09 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/03 12:33:09 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/30 16:02:33 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForwangtang.job
[2012/07/27 12:11:58 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/27 11:54:07 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk

========== Files Created - No Company Name ==========

[2012/08/05 18:22:05 | 000,260,728 | ---- | C] () -- C:\Users\wangtang\Desktop\winsock2.reg
[2012/08/04 19:05:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/04 19:05:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/04 19:05:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/04 19:05:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/04 19:05:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/04 16:08:45 | 000,027,520 | ---- | C] () -- C:\Users\wangtang\AppData\Local\dt.dat
[2012/07/27 12:11:58 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/27 11:54:07 | 000,002,217 | ---- | C] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk
[2012/05/07 11:32:56 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrinpa.dll
[2012/05/07 11:32:56 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcrcomx.dll
[2012/05/07 11:32:56 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCRinst.dll
[2012/05/07 11:32:55 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrusb1.dll
[2012/05/07 11:32:55 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrpmui.dll
[2012/05/07 11:32:55 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcriesc.dll
[2012/05/07 11:32:54 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrserv.dll
[2012/05/07 11:32:54 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrcomc.dll
[2012/05/07 11:32:54 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrlmpm.dll
[2012/05/07 11:32:54 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrcoms.exe
[2012/05/07 11:32:54 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrcomm.dll
[2012/05/07 11:32:54 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrih.exe
[2012/05/07 11:32:54 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrppls.exe
[2012/05/07 11:32:54 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrprox.dll
[2012/05/07 11:32:54 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcrpplc.dll
[2012/01/31 05:40:06 | 000,000,000 | ---- | C] () -- C:\Users\wangtang\AppData\Local\{12FEB10C-9B2E-416A-AB03-C209D8B545A3}
[2012/01/11 14:17:53 | 000,002,048 | -HS- | C] () -- C:\Users\wangtang\AppData\Local\{27d5b302-6bb6-22ad-3f89-0a73dd86941d}\@
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/05/18 15:36:19 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/16 09:59:14 | 000,001,854 | ---- | C] () -- C:\Users\wangtang\AppData\Roaming\GhostObjGAFix.xml
[2011/03/28 12:50:51 | 000,004,608 | ---- | C] () -- C:\Users\wangtang\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/23 15:38:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/26 14:45:51 | 000,000,658 | ---- | C] () -- C:\Users\wangtang\wangtang - Shortcut.lnk
[2010/10/27 17:16:47 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/10/27 16:20:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== Custom Scans ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:9033BDFB

< End of report >

#13
RKinner

Posted 05 August 2012 - 07:39 PM

Malware Expert

Expert
24,624 posts

I'm not sure what happened with the first fix. It appears to have lost the carriage returns (Enters) between the lines. Try it again but this time after you paste in the fix, verify that it looks just like it did when you copied it. If not, go back in and hit Enter at the end of each line so that it does look right before hitting Run Fix. Then do the second one again.